Researchers from Inria and Microsoft have developed a system to automatically convert specific types of C programming code into memory-safe Rust code, addressing growing cybersecurity concerns about memory vulnerabilities in software systems.

The technique, detailed in a new paper, requires programmers to use a restricted version of C called "Mini-C" that excludes features like pointer arithmetic. The researchers successfully tested their conversion system on two major code libraries, including the 80,000-line HACL* cryptographic library. Parts of the converted code have already been integrated into Mozilla's NSS and OpenSSH security systems, according to the researchers. Memory safety errors account for 76% of Android vulnerabilities in 2019.

Xiaomi has further restricted bootloader unlocking to just one device per user per year, significantly hindering custom ROM development and reinforcing user dependence on its proprietary HyperOS ecosystem. Android Police reports: Roughly a year ago, Xiaomi introduced a policy limiting users to three unlocked devices per account, providing only a limited time window for unlocking, and demanding waiting periods before doing so. It's now gone even further, limiting users to unlocking the bootloader of just a single device throughout the year. Unlocking the bootloader changes the way a phone works by preventing automated software updates, among other things, and isn't a good idea for most users. Power users love it for complete customization of their devices, and unlocked bootloaders are critical to the creation and installation of privately developed operating systems, or custom ROMs.

Custom ROMs usually (but not always) derive from pre-existing OSs like Android or Xiaomi's HyperOS. To write operating software that works on a certain device, you need to develop it on that specific device. Consequently, individuals and teams throughout the enthusiast phone sphere constantly add to their collections of bootloader-unlocked phones. The new unlocking restrictions could place undue hardship on resource-limited development teams, reducing the number of custom ROMs produced moving forward. Xiaomi first tightened restrictions roughly a year ago, following the enforcement of a Chinese law requiring certain pre-installed software behaviors. But Xiaomi's business plan and sales models indicate a couple of other motivations for insisting users stick with its first-party HyperOS. Some of the motives include preventing scalping, avoiding accidental bricking, and preserving advertising-driven revenue. However, these measures come at the cost of user freedom and may stifle innovation within the enthusiast developer community.

Samsung is set to debut its new Odyssey 3D monitor at CES 2025, reviving the glasses-free 3D experience that manufacturers pushed on consumers over a decade ago. While details remain limited, the monitor reportedly utilizes a lenticular lens, stereo cameras, and AI to convert 2D content into lifelike 3D visuals, with a focus on appealing to gamers for broader adoption. Ars Technica reports: According to the South Korean company's announcement, the monitor's use of a lenticular lens that is "attached to the front of the panel and its front stereo camera" means that you don't have to wear glasses to access the monitor's "customizable 3D experience." Lenticular lenses direct different images to each eye to make images look three-dimensional. This is a notable advancement from the first 3D monitor that Samsung released in 2009. That display used Nvidia software and Nvidia shutter glasses to allow users to toggle between a 2D view and a 3D view through a few button presses and supported content.

Another advancement is the Odyssey 3D's claimed ability to use artificial intelligence "to analyze and convert 2D video into 3D." We've recently seen similar technology from brands like Acer, which announced portable monitors in 2022 and then announced laptops that could convert 2D content into stereoscopic 3D in 2023. Those displays also relied on AI, as well as a specialized optical lens and a pair of eye-tracking cameras, to create the effect. But unlike Acer's portable monitors, Samsung claims that its monitor can make 2D content look like 3D even if that content doesn't officially support 3D. [...] Interestingly, Samsung's announcement today only mentioned the release of a 27-inch, 4K resolution 3D monitor, despite Samsung teasing a 37-inch version in August. It's possible that the larger version didn't work as well and/or that demand for the larger size would be too small, considering the high price and limited demand implications of a glasses-free 3D monitor aimed at gamers. Further reading: Samsung, Asus, MSI Unveil First 27-inch 4K OLED 240Hz Gaming Monitors

An anonymous reader quotes a report from The Record: Cybersecurity researchers have uncovered dozens of attacks that involve malicious updates for Chrome browser extensions, one week after a security firm was compromised in a similar incident. As of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence (AI) tools and virtual private networks (VPNs), according to a report by ExtensionTotal, a platform that analyzes extensions listed on various marketplaces and public registries. These extensions, collectively used by roughly 2.6 million people, include third-party tools such as ChatGPT for Google Meet, Bard AI Chat, YesCaptcha Assistant, VPNCity and Internxt VPN. Some of the affected companies have already addressed the issue by removing the compromised extensions from the store or updating them, according to ExtensionTotal's analysis. [...]

It remains unclear whether all the compromised extensions are linked to the same threat actor. Security researchers warn that browser extensions "shouldn't be treated lightly," as they have deep access to browser data, including authenticated sessions and sensitive information. Extensions are also easy to update and often not subjected to the same scrutiny as traditional software. ExtensionTotal recommends that organizations use only pre-approved versions of extensions and ensure they remain unchanged and protected from malicious automatic updates. "Even when we trust the developer of an extension, it's crucial to remember that every version could be entirely different from the previous one," researchers said. "If the extension developer is compromised, the users are effectively compromised as well -- almost instantly."

Former Microsoft designer Sergey Kisselev has shared previously unseen concepts for Windows 11 dynamic wallpapers, intended for educational devices. The animated backgrounds were designed to complement Windows 11's centered interface but never shipped with the operating system's 23H2 update as initially planned.

The U.S. Commerce Department said on Thursday it is considering new rules that would impose restrictions on Chinese drones that would restrict or ban them in the United States citing national security concerns. From a report: The department said it was seeking public comments by March 4 on potential rules to safeguard the supply chain for drones, saying threats from China and Russia "may offer our adversaries the ability to remotely access and manipulate these devices, exposing sensitive U.S. data."

China accounts for the vast majority of U.S. commercial drone sales. In September, Commerce Secretary Gina Raimondo said the department could impose restrictions similar to those that would effectively ban Chinese vehicles from the United States and the focus will be on drones with Chinese and Russian equipment, chips and software. She told Reuters in November she hopes to finalize the rules on Chinese vehicles by Jan. 20. A decision to write new rules restricting or banning Chinese drones will be made by the administration of President-elect Donald Trump, who takes over on Jan. 20.

MicroStrategy has transformed into a "bitcoin treasury company," investing billions in bitcoin through debt and equity issuance, driving its stock price up nearly 400% in 2024 despite declining software revenues and heightened financial risks. The Guardian reports: In the summer of 2020, as the Covid-19 pandemic upended economies around the world, an obscure U.S. software firm decided to diversify. MicroStrategy, whose head office is situated next to a shopping mall and metro station in Tysons Corner, Virginia, had decided the steady business of "software as a service" was not racy enough. Instead, it would branch out by investing up to $250 million in alternative assets -- "stocks, bonds, commodities such as gold, digital assets such as bitcoin or other asset types." Less than five years later, that bitcoin side hustle has gone stratospheric. MicroStrategy's share price has swollen twentyfold, lifting its market capitalization to almost $75 billion and catapulting the stock into the Nasdaq 100 index of top technology shares.

Nvidia has completed its acquisition of Run:ai, a provider of GPU cloud orchestration software for AI workloads, and announced plans to open-source the platform. The deal, valued at $700 million, brings the Israel-based startup under Nvidia's umbrella after their collaboration since 2020.

Run:ai's software helps enterprises manage and schedule Nvidia GPU resources for AI applications across cloud and on-premises environments. Founded in 2018, the company's platform currently supports only Nvidia GPUs, but open-sourcing will enable expansion to other AI ecosystems, according to founders Omri Geller and Ronen Dar. The acquisition strengthens Nvidia's software portfolio as the company, now valued at $3.56 trillion, expands beyond its core graphics chip business into AI infrastructure management.

An anonymous reader shares a report: Nvidia is betting on robotics as its next big driver of growth, as the world's most valuable semiconductor company faces increasing competition in its core AI chipmaking business. The US tech group, best known for the infrastructure that has underpinned the AI boom, is set to launch its latest generation of compact computers for humanoid robots [non-paywalled link] -- dubbed Jetson Thor -- in the first half of 2025.

Nvidia is positioning itself to be the leading platform for what the tech group believes is an imminent robotics revolution. The company sells a "full stack" solution, from the layers of software for training AI-powered robots to the chips that go into them. [...] Talla said a shift in the robotics market is being driven by two technological breakthroughs: the explosion of generative AI models and the ability to train robots on these foundational models using simulated environments. The latter has been a particularly significant development as it helps solve what roboticists call the "Sim-to-Real gap," ensuring robots trained in virtual environments can operate effectively in the real world, he said.

NPR remembers when the world "prepared for the impending global meltdown" that might've been, on December 31, 1999 — and the possible bug known as Y2K: The Clinton administration said that preparing the U.S. for Y2K was probably "the single largest technology management challenge in history." The bug threatened a cascade of potential disruptions — blackouts, medical equipment failures, banks shutting down, travel screeching to a halt — if the systems and software that helped keep society functioning no longer knew what year it was... Computer specialist and grassroots organizer Paloma O'Riley compared the scale and urgency of Y2K prep to telling somebody to change out a rivet on the Golden Gate Bridge. Changing out just one rivet is simple, but "if you suddenly tell this person he now has to change out all the rivets on the bridge and he has only 24 hours to do it in — that's a problem," O'Riley told reporter Jason Beaubien in 1998....

The date switchover rattled a swath of vital tech, including Wall Street trading systems, power plants and tools used in air traffic control. The Federal Aviation Administration put its systems through stress tests and mock scenarios as 2000 drew closer. "Twenty-three million lines of code in the air traffic control system did seem a little more daunting, I will say, than I had probably anticipated," FAA Administrator Jane Garvey told NPR in 1998. Ultimately there were no systemwide aviation breakdowns, but airlines were put on a Y2K alert....

Some financial analysts remained skeptical Y2K would come and go with minimal disruption. But by November 1999 the Federal Reserve said it was confident the U.S. economy would weather the big switch. "Federal banking agencies have been visited and inspected. Every bank in the United States, which includes probably 9,000 to 10,000 institutions, over 99% received a satisfactory rating," Fed Board Governor Edward Kelley said at the time.
The article also remembers a California programmer who bought a mobile home, a propane generator, and a year's supply of dehydrated food. (They were also considering buying a handgun — and converting his bank savings into gold, silver, and cash.) And "Dozens of communities across the U.S. formed Y2K preparedness groups to stave off unnecessary panic..."

But the article concludes that "the aggressive planning and recalibration paid off. Humanity passed into the year 2000 without pandemonium..."

And "People like Jack Pentes of Charlotte, N.C., were left to figure out what to do with their emergency stockpiles."

Long-time Slashdot reader schwit1 writes: The Dubai-based startup LEAP71, focused on using AI software to quickly develop rocket engine designs it can then 3D print, has successfully test fired a prototype aerospike engine on December 18, 2024 during a static fire test campaign conducted in the United Kingdom.
Along the way they tackled a problem with bell-shaped rocket nozzles, writes New Atlas. "A rocket that works very well on liftoff will work less well as it rises in the atmosphere and the air pressure decreases. This is why second- and third-stage rocket engines are different from those of the first stage." Ideally, engineers want an engine that can adjust itself automatically to changes in air pressure. An aerospike does this by shaping the engine into a spike or plug with a curve like that of the inside of a rocket bell. As the combustion gases flow from the engine over the spike, the curve acts as one side of the bell and the surrounding air as the outside curve. As the air pressure changes, so does the shape of the virtual bell. There have been a number of aerospike engines developed since the 1950s and one has actually gone airborne, but there's still a long way to go when it comes to turning a promising idea into a practical space engine.

LEAP 71's contribution to the effort is to apply its Noyron Large Computational Engineering Model to the problem. It's an AI programmed and trained by aerospace experts to take a given set of input parameters and use them to create a design that meets those parameters by inferring physical interactions of various factors, including thermal behaviors and projected performance. The results of this are then fed back into the AI model to fine tune it as it presents computed performance parameters, the geometry of the engine, the parameters of the manufacturing process, and other details.
"Despite their clear advantages, Aerospikes are not used in space access today," LEAP 71's co-founder said in a statement. "We want to change that. Noyron allows us to radically cut the time we need to re-engineer and iterate after a test and enables us to converge rapidly on an optimal design."

Aerospikes "are more compact and significantly more efficient across various atmospheric pressures, including the vacuum of space," the company said this week — announcing the successful hot-firing of their Aerospike engine, and calling it "one of the most advanced and elusive rocket engines ever created..." By leveraging the power of Noyron's computational AI, the thruster was developed in a matter of weeks, manufactured as a monolithic piece of copper through industrial 3D printing, and put on the test stand, where it worked successfully on the first attempt...

The Aerospike was fired on December 18th, 2024, as part of a four-engines-in-four-days campaign conducted by LEAPâ71 at Airborne Engineering in Westcott, UK. The company will process the collected data to fine-tune Noyron for the next iteration of engines and continue testing in 2025, with the goal of making Aerospikes a viable option for modern spacecraft.

A Linux Foundation project focused on understanding the health of the open source community just studied the outcomes for three projects that switched to "more restrictive" licenses and then faced community forks.

The data science director for the project — known as Community Health Analytics in Open Source Software (or CHAOSS) — is also an OpenUK board member, and describes the outcomes for OpenSearch, Redis with fork Valkey, and Terraform: The relicensed project (Redis) had significant numbers of contributors who were not employed by the company, and the fork (Valkey) was created by those existing contributors as a foundation project... The Redis project differs from Elasticsearch and Terraform in the number of contributions to the Redis repository from people who were not employees of Redis. In the year leading up to the relicense, when Redis was still open source, there were substantial contributions from employees of other companies: Twice as many non-Redis employees made five or more commits, and about a dozen employees of other companies made almost twice as many commits as Redis employees made.

In the six months after the relicense, all of the external contributors from companies (including Amazon, Alibaba, Tencent, Huawei and Ericsson) who contributed over five commits to the Redis project in the year prior to the relicense stopped contributing. In sum, Redis had strong organizational diversity before the relicense, but only Redis employees made significant contributions afterward.

Valkey was forked from Redis 7.2.4 on March 28, 2024, as a Linux Foundation project under the BSD-3 license. The fork was driven by a group of people who previously contributed to Redis with public support from their employers. Within its first six months, the Valkey repository had 29 contributors employed at 10 companies, and 18 of those people previously contributed to Redis. Valkey has a diverse set of contributors from various companies, with Amazon having the most contributors.
The results weren't always so clear-cut. Because Terraform always had very few contributors outside of the company, "there was no substantial impact on the contributor community from the relicensing event..." (Although the OpenTofu fork — a Linux Foundation project — had 31 people at 11 organizations who made five or more contributions.)

And both before and after Elasticsearch's relicensing, most contributors were Elastic employees, so "the 2021 relicense had little to no impact on contributors." (But the OpenSearch fork — transferred in September to the Linux Foundation — shows a more varied contributor base, with just 63% of additions and 64% of deletions coming from Amazon employees who made 10 or more commits. Six people who didn't work for Amazon made 10 or more commits, making up 11% of additions and 13% of deletions.")

So "Looking at all of these projects together, we see that the forks from relicensed projects tend to have more organizational diversity than the original projects," they conclude, adding that in general "projects with greater organizational diversity tend to be more sustainable..."

"You can dive into the details about these six projects in the paper, presentation and data we shared at the recent OpenForum Academy Symposium.

A new report reveals that the VW Group left sensitive data for 800,000 electric vehicles from Audi, VW, Seat, and Skoda poorly secured on an Amazon cloud, exposing precise GPS locations, battery statuses, and user habits for months. Carscoops reports: It gets worse. A more tech-savvy user could reportedly connect vehicles to their owners' personal credentials, thanks to additional data accessible through VW Group's online services Crucially, in 466,000 of the 800,000 cases, the location data was so precise that anyone with access could create a detailed profile of each owner's daily habits. As reported by Spiegel, the massive list of affected owners isn't just a who's-who of regular folks. It includes German politicians, entrepreneurs, Hamburg police officers (the entire EV fleet, no less), and even suspected intelligence service employees. Yes, even spies may have been caught up in this digital debacle.

This glaring error originated from Cariad, a VW Group company that focuses on software, due to an error that occurred in the summer of 2024. An anonymous whistleblower used freely accessible software to dig up the sensitive information and promptly alerted Chaos Computer Club (CCC), Europe's largest hacker association. CCC wasted no time contacting Lower Saxony's State Data Protection Officer, the Federal Ministry of the Interior, and other security bodies. They also gave VW Group and Cariad 30 days to address the issue before going public. According to CCC, Cariad's technical team "responded quickly, thoroughly and responsibly," blocking unauthorized access to its customers' data.

President Biden on Monday signed the SHARE IT Act (H.R. 9566) into law, mandating federal agencies share custom-developed code with each other to prevent duplicative software development contracts and reduce the $12 billion annual government software expenditure. The law requires agencies to publicly list metadata about custom code, establish sharing policies, and align development with best practices while exempting classified, national security, and privacy-sensitive code. FedScoop reports: Under the law, agency chief information officers are required to develop policies within 180 days of enactment that implement the act. Those policies need to ensure that custom-developed code aligns with best practices, establish a process for making the metadata for custom code publicly available, and outline a standardized reporting process. Per the new law, metadata includes information about whether custom code was developed under a contract or shared in a repository, the contract number, and a hyperlink to the repository where the code was shared. The legislation also has industry support. Stan Shepard, Atlassian's general counsel, said that the company shares "the belief that greater collaboration and sharing of custom code will promote openness, efficiency, and innovation across the federal enterprise."

The Federal Trade Commission has launched a broad antitrust investigation into Microsoft's business practices, focusing on how the company bundles its Office products with cybersecurity and cloud computing services.

The probe follows ProPublica reporting that revealed Microsoft offered free temporary upgrades of federal agencies' software licenses to include advanced cybersecurity features, leading to long-term contracts once the trial period ended. The strategy helped Microsoft expand its government business while displacing competitors in both cybersecurity and cloud computing markets.

The investigation includes scrutiny of Microsoft's identity management product Entra ID, formerly Azure Active Directory. The FTC has issued a civil investigative demand compelling the company to turn over information. The probe represents one of FTC Chair Lina Khan's final moves before leadership changes under the Biden administration. Microsoft confirmed receiving the demand but called it "broad, wide ranging, and requests things that are out of the realm of possibility to even be logical."

Apple's $3,499 Vision Pro headset has failed to gain widespread adoption despite advanced technology, with consumers preferring discreet wearables like smartwatches. The Verge: Nearly a year from launch, though, Apple hasn't done enough to demonstrate why the Vision Pro should be a potential showcase of the future of computing. It's taking a long time to put together its immersive content library, and while those are great demonstrations of what's possible, the videos have been short and isolating. There aren't many great games, either.

Yes, Apple keeps adding cool new software features. The wide and ultra widescreen settings for using a Mac display seem exceptionally useful. But those are pretty specific options for pretty specific use cases. There still isn't an immediate, obvious reason to buy a Vision Pro the way there usually is with the company's newest iPhones and Macs. If I bought a Vision Pro today, I wouldn't know what to do with it besides give myself a bigger Mac screen or watch movies, and I don't think either of those are worth the exorbitant price.

Microsoft has integrated its AI assistant Copilot into Microsoft 365 subscriptions in Australia and Southeast Asia, simultaneously raising prices for all users. The move forces customers to pay for AI features regardless of interest, prompting complaints about intrusive pop-ups and price hikes, WSJ reports. From the report: Some users said on social media that Copilot pop-ups reminded them of Clippy, Microsoft's widely derided Office helper from the late 1990s, that would frequently offer unsolicited help.

[...] The change demonstrates the lengths to which Microsoft is going to try to profit from its huge investments in AI. Copilot, which is built with technology from OpenAI, is a key part of Chief Executive Satya Nadella's plan to keep expanding Microsoft's software business for consumer and corporate customers.

An anonymous reader shares a report: Microsoft has published a year in review for its Edge browser and talked up AI-powered chats while lightly skipping over the software's stagnating market share. The company had some big numbers to share. There had been over 10 billion AI-powered chats with Copilot from inside the Edge browser window (although it did not disclose how many chats were customers asking how to install Chrome). Some 38 trillion characters had been auto-translated. Seven trillion megabytes of PC memory had been saved through the use of sleeping tabs.

However, are those numbers actually as big as they seem? What Microsoft did not say is how little Edge has moved the needle on market share in 2024. Strangely, the company did not share raw usage information. Yet, a look at Statcounter's figures for browser desktop market share showed Edge with 11.9 percent of the market in December 2023 and reaching 12.87 percent by November 2024 -- an increase of less than 1 percent. The market leader, Google's Chrome browser, went from 65.23 percent to 66.33 percent in the same period. That's only slightly more than 1 percent, but it still maintains its dominance.

Software development is entering an "autopilot era" with AI coding assistants, but the industry needs to prepare for full autonomy, argues former Salesforce co-CEO Bret Taylor. Drawing parallels with self-driving cars, he suggests the role of software engineers will evolve from code authors to operators of code-generating machines. Taylor, a board member of OpenAI and who once rewrote Google Maps over a weekend, calls for new programming systems, languages, and verification methods to ensure AI-generated code remains robust and secure. From his post: In the Autonomous Era of software engineering, the role of a software engineer will likely transform from being the author of computer code to being the operator of a code generating machine. What is a computer programming system built natively for that workflow?

If generating code is no longer a limiting factor, what types of programming languages should we build?

If a computer is generating most code, how do we make it easy for a software engineer to verify it does what they intend? What is the role of programming language design (e.g., what Rust did for memory safety)? What is the role of formal verification? What is the role of tests, CI/CD, and development workflows?

Today, a software engineer's primary desktop is their editor. What is the Mission Control for a software engineer in the era of autonomous development?

An anonymous reader quotes a report from Tom's Hardware: Although Samsung Foundry is a major chip contract manufacturer, the South Korean government mulls creating a government-funded contract chipmaker tentatively called Korea Semiconductor Manufacturing Company, KSMC, reports The Korea Biz Wire. Industry experts and academics have proposed the initiative.

The Semiconductor Industry Association's Ahn Ki-hyun called for a long-term government investment. Experts project that an investment of KRW 20 trillion ($13.9 billion) in KSMC could result in economic gains of KRW 300 trillion ($208.7 billion) by 2045. However, the big question is whether $13.9 billion is enough to establish a chipmaker. Another concern about publicly funded corporations like KSMC is whether they could develop advanced manufacturing technologies and land enough orders from clients to be profitable. It turns out that in addition to semiconductor makers, Korea needs more fabless software developers.

The proposal was introduced during a seminar hosted by the National Academy of Engineering of Korea (NAEK). The plan aims to address structural weaknesses in the industry, such as an over-reliance on Samsung's advanced nodes under 10nm amid the lack of mature process technologies. Smaller system semiconductor firms struggle to thrive as Korea lacks manufacturing diversity, as seen in Taiwan, where companies like UMC and PSMC that focus on mature and specialty nodes complement TSMC's advanced process technologies.