Efforts to add Rust code to the Linux kernel has suffered a setback as one of the maintainers of the Rust for Linux project has stepped down -- citing frustration with "nontechnical nonsense," according to The Register: Wedson Almeida Filho, a software engineer at Microsoft who has overseen the Rust for Linux project, announced his resignation in a message to the Linux kernel development mailing list. "I am retiring from the project," Filho declared. "After almost four years, I find myself lacking the energy and enthusiasm I once had to respond to some of the nontechnical nonsense, so it's best to leave it up to those who still have it in them."

[...] Memory safety bugs are regularly cited as the major source of serious software vulnerabilities by organizations overseeing large projects written in C and C++. So in recent years there's been a concerted push from large developers like Microsoft and Google, as well as from government entities like the US Cybersecurity and Infrastructure Security Agency, to use memory-safe programming languages -- among them Rust. Discussions about adding Rust to Linux date back to 2020 and were realized in late 2022 with the release of Linux 6.1. "I truly believe the future of kernels is with memory-safe languages," Filho's note continued. "I am no visionary but if Linux doesn't internalize this, I'm afraid some other kernel will do to it what it did to Unix."

Google executive James Manyika has warned that AI's impact on productivity is not guaranteed [Editor's note: the link may be paywalled], despite predictions of trillion-dollar economic potential. From the report: "Right now, everyone from my old colleagues at McKinsey Global Institute to Goldman Sachs are putting out these extraordinary economic potential numbers -- in the trillions -- [but] it's going to take a whole bunch of actions, innovations, investments, even enabling policy ...The productivity gains are not guaranteed. They're going to take a lot of work." In 1987 economist Robert Solow remarked that the computer age was visible everywhere except in the productivity statistics. "We could have a version of that -- where we see this technology everywhere, on our phones, in all these chatbots, but it's done nothing to transform the economy in that real fundamental way."

The use of generative AI to draft software code is not enough. "In the US, the tech sector is about 4 per cent of the labour force. Even if the entire tech sector adopted it 100 per cent, it doesn't matter from a labour productivity standpoint." Instead the answer lies with "very large sectors" such as healthcare and retail. Former British prime minister Sir Tony Blair has said that people "will have an AI nurse, probably an AI doctor, just as you'll have an AI tutor." Manyika is less dramatic: "In most of those cases, those professions will be assisted by AI. I don't think any of those occupations are going to be replaced by AI, not in any conceivable future."

Slashdot covered shrinkwrap licenses on software back in 2000 and 2002. But now ewhac (Slashdot reader #5,844) writes: The user Wraithe on the Mastodon network is reporting that a bottle of Vital Proteins(TM) collagen peptides purchased at Costco came with a shrinkwrap contract. Collagen peptides are often used as an anti-aging nutritional supplement. The top of the Vital Proteins bottle has a pull-to-open seal. Printed on the seal is the following: "Read This: By opening and using this product, you agree to be bound by our Terms and Conditions, fully set forth at vitalproteins.com/tc, which includes a mandatory arbitration agreement. If you do not agree to be bound, please return this product immediately."

So-called "shrinkwrap contracts" have been the subject of controversy and derision for decades since their first widespread appearance in the 1970's, attempting to alter the terms of sale after the fact, impose unethical and onerous restrictions on the purchaser, and absolving the vendor of all liability. Most such contracts appear on items involving copyrighted works (computer software, or any item containing computer software). The alleged "validity" of such contracts supposedly proceeds from the (alleged) need that the item requires a copyright license from the vendor to use (because the right to use/read/listen/view/execute is somehow not concomitant with purchase), and that the shrinkwrap contract furnishes such license.

The application of such a contract to a good where copyright has no scope, however, is something new. The alleged contract itself governs consumers' use of, "the VitalProteins.com website and any other applications, content, products, and services (collectively, the "Service")...," contains the usual we're-not-responsible-for-anything indemnification paragraph, and unilaterally removes your right to seek redress in court of law and imposes binding arbitration involving any disputes that may arise between the consumer and the company. Indeed, the arbitration clause is the first numbered section in the alleged contract.
The same contract has been spotted by numerous others — including someone who posted about it on Reddit two years ago. ("When I opened it, encountered a vacuum seal with the following 'READ THIS: by opening and using this product, you agree to...'") But the same verbiage still appears in online listings today for the product from Albertsons, Walgreens, and CVS.

Shrinkwrap contracts. They're not just for software any more...

Politico reports U.S. states have no uniform way of policing the use of overseas subcontractors in election technology, "let alone to understand which individual software components make up a piece of code."

For example, to replace New Hampshire's old voter registration database, state election officials "turned to one of the best — and only — choices on the market," Politico: "a small, Connecticut-based IT firm that was just getting into election software." But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.

The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain. The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia ["probably by accident," they write later] and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it... New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.

None of the findings amounted to evidence of wrongdoing, the officials said, and the company resolved the issues before the new database came into use ahead of the presidential vote this spring. This was "a disaster averted," said the person familiar with the probe, citing the risk that hackers could have exploited the first two issues to surreptitiously edit the state's voter rolls, or use them and the presence of the Ukrainian national anthem to stoke election conspiracies. [Though WSD only maintains one other state's voter registration database — Vermont] the supply-chain scare in New Hampshire — which has not been reported before — underscores a broader vulnerability in the U.S. election system, POLITICO found during a six-month-long investigation: There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources and expertise.

The technology vendors who build software used on Election Day face razor-thin profit margins in a market that is unforgiving commercially and toxic politically. That provides little room for needed investments in security, POLITICO found. It also leaves states with minimal leverage over underperforming vendors, who provide them with everything from software to check in Americans at their polling stations to voting machines and election night reporting systems. Many states lack a uniform or rigorous system to verify what goes into software used on Election Day and whether it is secure.
The article also points out that many state and federal election officials "insist there has been significant progress" since 2016, with more regular state-federal communication. "The Cybersecurity and Infrastructure Security Agency, now the lead federal agency on election security, didn't even exist back then.

"Perhaps most importantly, more than 95% of U.S. voters now vote by hand or on machines that leave some type of paper trail, which officials can audit after Election Day."

More than 25,000 Python developers from nearly 200 countries took the 7th annual Python Developers Survey between November 2023 and February 2024, with 85% saying Python was their main language.

Some interesting findings:

• Though Python 2 reached "end-of-life" status in April of 2020, last year's survey found 7% of respondents were still using Python 2. This year's survey found that number has finally dropped... to 6%.
  
  "Almost half of Python 2 holdouts are under 21 years old," the survey results point out, "and a third are students. Perhaps courses are still using Python 2?"

• Meanwhile, 73% are using one of the last three versions of Python (3.10, 3.11, or 3.12)

• "The share of developers using Linux as their development environment has decreased through the years: compared with 2021, it's dropped by 8 percentage points." [The graphic is a little confusing, showing 55% using Linux, 55% using Windows, 29% on MacOS, 2% on BSD, and 1% on "Other."]

• Visual Studio Code is the most popular IDE (22%), followed by Jupyter Notebook (20%) and Vim (17%). The next-most popular IDEs were PyCharm Community Edition (13%), JupyterLab (12%), NotePad++ (11%) and Sublime Text (9%). Interestingly, just 23% of the 25,000 respondents said they only used one IDE, with 38% saying they used two, 21% using three, and 19% using four or more. [The annual survey is a collaboration between the Python Software Foundation and JetBrains.]

• 37% said they'd contributed to open-source projects within the last year. (77% of those contributed code, while 38% contributed documentation, 35% contributed governance/leadership/maintainer duties, and 33% contributed tests...)

• For "age range," nearly one-third (32%) said 21-29 (with another 8% choosing 18-20). Another 33% said 30-39, while 16% said 40-49, 7% said 50-59, and 3% chose "60 or older."
  
  49% of respondents said they had less than two years of programming experience, with 33% saying "less than 1 year" and 16% saying "1-2 years." (34% of developers also said they practiced collaborative development.)

And here's how the 25,000 developers answered the question: how long have you been programming in Python?

• Less than 1 year: 25%
• 1-2 years: 16%
• 3-5 years: 26%
• 6-10 years: 19%
• 11+ years: 13%

So what are they doing with Python? Among those who'd said Python was their main language:

• Data analysis: 44%
• Web development: 44%
• Machine learning: 34%
• Data engineering: 28%
• Academic research: 26%
• DevOps / Systems administration / Writing automation scripts 26%
• Programming of web parsers / scrapers / crawlers: 25%

62% were "fully employed by a company," while the next-largest category was "student" (12%) with another 5% in "working student". There were also categories for "self-employed" (6%), "freelancer" (another 6%), and "partially employed by a company" (4%). Another 4% said they were unemployed.

In other news, the Python Software Foundation board has also "decided to invest more in connecting and serving the global Python community" by hosting monthly "office hours" on their Discord channel.

CSO Online reports that North Korea "is actively infiltrating Western companies using skilled IT workers who use fake identities to pose as remote workers with foreign companies, typically but not exclusively in the U.S."

Slashdot reader snydeq shares their report, which urges information security officers "to carry out tighter vetting of new hires to ward off potential 'moles' — who are increasingly finding their way onto company payrolls and into their IT systems." The schemes are part of illicit revenue generation efforts by the North Korean regime, which faces financial sanctions over its nuclear weapons program, as well as a component of the country's cyberespionage activities.

The U.S. Treasury department first warned about the tactic in 2022. Thosands of highly skilled IT workers are taking advantage of the demand for software developers to obtain freelance contracts from clients around the world, including in North America, Europe, and East Asia. "Although DPRK [North Korean] IT workers normally engage in IT work distinct from malicious cyber activity, they have used the privileged access gained as contractors to enable the DPRK's malicious cyber intrusions," the Treasury department warned... North Korean IT workers present themselves as South Korean, Chinese, Japanese, or Eastern European, and as U.S.-based teleworkers. In some cases, DPRK IT workers further obfuscate their identities by creating arrangements with third-party subcontractors.

Christina Chapman, a resident of Arizona, faces fraud charges over an elaborate scheme that allegedly allowed North Korean IT workers to pose as U.S. citizens and residents using stolen identities to obtain jobs at more than 300 U.S. companies. U.S. payment platforms and online job site accounts were abused to secure jobs at more than 300 companies, including a major TV network, a car manufacturer, a Silicon Valley technology firm, and an aerospace company... According to a U.S. Department of Justice indictment, unsealed in May 2024, Chapman ran a "laptop farm," hosting the overseas IT workers' computers inside her home so it appeared that the computers were located in the U.S. The 49-year-old received and forged payroll checks, and she laundered direct debit payments for salaries through bank accounts under her control. Many of the overseas workers in her cell were from North Korea, according to prosecutors. An estimated $6.8 million were paid for the work, much of which was falsely reported to tax authorities under the name of 60 real U.S. citizens whose identities were either stolen or borrowed...

Ukrainian national Oleksandr Didenko, 27, of Kyiv, was separately charged over a years-long scheme to create fake accounts at U.S. IT job search platforms and with U.S.-based money service transmitters. "Didenko sold the accounts to overseas IT workers, some of whom he believed were North Korean, and the overseas IT workers used the false identities to apply for jobs with unsuspecting companies," according to the U.S. Department of Justice. Didenko, who was arrested in Poland in May, faces U.S. extradition proceedings...

How this type of malfeasance plays out from the perspective of a targeted firm was revealed by security awareness vendor KnowBe4's candid admission in July that it unknowingly hired a North Korean IT spy... A growing and substantial body of evidence suggests KnowBe4 is but one of many organizations targeted by illicit North Korean IT workers. Last November security vendor Palo Alto reported that North Korean threat actors are actively seeking employment with organizations based in the U.S. and other parts of the world...

Mandiant, the Google-owned threat intel firm, reported last year that "thousands of highly skilled IT workers from North Korea" are hunting work. More recently, CrowdStrike reported that a North Korean group it dubbed "Famous Chollima" infiltrated more than 100 companies with imposter IT pros.
The article notes the infiltrators use chatbots to tailor the perfect resume "and further leverage AI-created deepfakes to pose as real people." And the article includes this quote from a former intelligence analyst for the U.S. Air Force turned cybersecurity strategist at Sysdig. "In some cases, they may try to get jobs at tech companies in order to steal their intellectual property before using it to create their own knock-off technologies."

The article closes with its suggested "countermeasures," including live video-chats with prospective remote-work applicants — and confirming an applicant's home address.

When Amazon releases its revamped AI Alexa update in October, it'll be powered by Anthropic's Claude AI models due to performance issues with its in-house AI. Reuters reports: Amazon plans to charge $5 to $10 a month for its new "Remarkable" version of Alexa as it will use powerful generative AI to answer complex queries, while still offering the "Classic" voice assistant for free, Reuters reported in June. But initial versions of the new Alexa using in-house software simply struggled for words, sometimes taking six or seven seconds to acknowledge a prompt and reply, one of the people said. That's why Amazon turned to Claude, an AI chatbot developed by startup Anthropic, as it performed better than the online retail giant's own AI models, the people said.

"Amazon uses many different technologies to power Alexa," a company spokeswoman said in a statement in response to detailed Reuters questions for this story. "When it comes to machine learning models, we start with those built by Amazon, but we have used, and will continue to use, a variety of different models - including (Amazon AI model) Titan and future Amazon models, as well as those from partners - to build the best experience for customers," the spokeswoman said. Amazon has typically eschewed relying on technology it hasn't developed in-house so it can ensure it has full control of the user experience, data collection and direct relationships with customers.

Pakistani businesses say internet disruptions this month have harmed their businesses [non-paywalled link] and unsettled investors at a time when the country is counting on the information technology sector to help break a cycle of economic crises and bailouts. From a report: The warnings from executives, investors and a leading IT organisation come as internet watchdogs have reported a marked slowdown in connection speeds and service interruptions to applications such as WhatsApp, the Meta-owned messaging platform that is widely used in the country. Nadeem Elahi, managing director for TRG, a venture capital firm that operates Pakistan's biggest outsourcing services provider, said internet connectivity was "by far the worst it has been in the last 12 months."

"If we want to be a global business processing operation destination, then 100 per cent reliable connectivity is essential for customers," he said, estimating that the quality of connection had degraded by 30 to 40 per cent. Technology is one of Pakistan's few standout sectors, and Islamabad is relying on software developers and IT freelancers to help lift the country out of a chronic foreign exchange rut that has sent it to the IMF for support two dozen times. IT exports rose 24 per cent to $3.2bn, an all-time high, in the 12 months to the end of June, according to the State Bank of Pakistan.

A new study of broadband reliability finds a top-two finish that you might not expect from recent surveys of ISP customer satisfaction: Charter's Spectrum and Comcast's Xfinity, the two largest cable operators in the US. From a report: Opensignal's report, published Thursday, draws on software telemetry collected from April 1 through June 29 of downtime, consistency of service, and how well a provider meets basic thresholds for speed, latency, and other core performance metrics. Spectrum comes in first with a "Reliability Experience" score of 741 out of 1,000, followed by Xfinity with 710, Verizon with 625, AT&T with 546, and T-Mobile with 525. Opensignal chose those five companies to study because each passes more than a third of US homes.

But while Comcast and Charter employ the same basic cable architecture except for a few fiber-to-the-home pockets, Verizon and AT&T have mixed networks. That includes extensive and growing fiber service but also fixed 4G and 5G wireless from Verizon and hybrid-fiber broadband from AT&T, both of which lack fiber's speed and capacity advantages, plus obsolete DSL connectivity. T-Mobile's home connectivity, meanwhile, is almost exclusively fixed wireless.

An anonymous reader quotes a report from Ars Technica: Too often, new tech product or service launches seem like solutions in search of a problem, but not this one: ESPN is launching software that lets you figure out just where you can watch the specific game you want to see amid an overcomplicated web of streaming services, cable channels, and arcane licensing agreements. Every sports fan is all too familiar with today's convoluted streaming schedules. Launching today on ESPN.com and the various ESPN mobile and streaming device apps, the new guide offers various views, including one that lists all the sporting events in a single day and a search function, among other things. You can also flag favorite sports or teams to customize those views.

"At the core of Where to Watch is an event database created and managed by the ESPN Stats and Information Group (SIG), which aggregates ESPN and partner data feeds along with originally sourced information and programming details from more than 250 media sources, including television networks and streaming platforms," ESPN's press release says. ESPN previously offered browsable lists of games like this, but it didn't identify where you could actually watch all the games. There's no guarantee that you'll have access to the services needed to watch the games in the list, though. Those of us who cut the cable cord long ago know that some games -- especially those local to your city -- are unavailable without cable.

Data from giant project show how withdrawn research propagates through the literature. Nature: In January, a review paper about ways to detect human illnesses by examining the eye appeared in a conference proceedings published by the Institute of Electrical and Electronics Engineers (IEEE) in New York City. But neither its authors nor its editors noticed that 60% of the papers it cited had already been retracted. The case is one of the most extreme spotted by a giant project to find papers whose results might be in question because they cite retracted or problematic research. The project's creator, computer scientist Guillaume Cabanac at the University of Toulouse in France, shared his data with Nature's news team, which analysed it to find the papers that most heavily cite retracted work yet haven't themselves been withdrawn.

"We are not accusing anybody of doing something wrong. We are just observing that in some bibliographies, the references have been retracted or withdrawn, meaning that the paper may be unreliable," Cabanac says. He calls his tool a Feet of Clay Detector, referring to an analogy, originally from the Bible, about statues or edifices that collapse because of their weak clay foundations. The IEEE paper is the second-highest on the list assembled by Nature, with 18 of the 30 studies it cites withdrawn. Its authors didn't respond to requests for comment, but IEEE integrity director Luigi Longobardi says that the publisher didn't know about the issue until Nature asked, and that it is investigating. Cabanac, a research-integrity sleuth, has already created software to flag thousands of problematic papers in the literature for issues such as computer-written text or disguised plagiarism. He hopes that his latest detector, which he has been developing over the past two years and describes this week in a Comment article in Nature, will provide another way to stop bad research propagating through the scientific literature -- some of it fake work created by 'papermill' firms.

Microsoft is to discontinue the Microsoft Action Pack and Microsoft Learning Pack on January 21, 2025, sending partners off to potentially pricier and cloudier options. From a report: The Action Pack and Learning Pack, alongside Silver or Gold Membership, gave Microsoft partners access to many on-premises licenses for the company's software. The company's recommended replacements, Partner Success Core Benefits and Partner Success Expanded, abandon those benefits in favor of cloud services. According to Microsoft, it is "evolving the partner benefits offerings to provide partners with the tools and support they need to continue to lead the way in the shifting tech landscape."

Or cutting back on some things in favor of others. After all, it would never do to have all that software running on-premises when Microsoft has a perfectly good cloud ready to take on partner workloads. A Register reader affected by the change told us: "The first impact for us will be cost. We'll need to go from Action Pack ($515 + VAT) to Partner Success Core ($970 + VAT). Secondly, the benefits appear to have moved all online. "That's not a problem for day-to-day operations but it will make it harder when trying to recreate a customer environment with legacy software."

An anonymous reader quotes a report from Ars Technica: The Open Source Initiative (OSI) recently unveiled its latest draft definition for "open source AI," aiming to clarify the ambiguous use of the term in the fast-moving field. The move comes as some companies like Meta release trained AI language model weights and code with usage restrictions while using the "open source" label. This has sparked intense debates among free-software advocates about what truly constitutes "open source" in the context of AI. For instance, Meta's Llama 3 model, while freely available, doesn't meet the traditional open source criteria as defined by the OSI for software because it imposes license restrictions on usage due to company size or what type of content is produced with the model. The AI image generator Flux is another "open" model that is not truly open source. Because of this type of ambiguity, we've typically described AI models that include code or weights with restrictions or lack accompanying training data with alternative terms like "open-weights" or "source-available."

To address the issue formally, the OSI -- which is well-known for its advocacy for open software standards -- has assembled a group of about 70 participants, including researchers, lawyers, policymakers, and activists. Representatives from major tech companies like Meta, Google, and Amazon also joined the effort. The group's current draft (version 0.0.9) definition of open source AI emphasizes "four fundamental freedoms" reminiscent of those defining free software: giving users of the AI system permission to use it for any purpose without permission, study how it works, modify it for any purpose, and share with or without modifications. [...] OSI's project timeline indicates that a stable version of the "open source AI" definition is expected to be announced in October at the All Things Open 2024 event in Raleigh, North Carolina.

Microsoft has decided to donate the Mono Project to the developers of Wine, FOSS that allows Windows applications to run on Unix-like operating systems. "Mono is a software platform designed to allow developers to easily create cross platform applications," notes GameOnLinux's Liam Dawe. "It is an open source implementation of Microsoft's .NET Framework based on the ECMA standards for C# and the Common Language Runtime."

"Wine already makes use of Mono and this move makes sense with Microsoft focusing on open-source .NET and other efforts," adds Phoronix's Michael Larabel. "Formally handing over control of the upstream Mono project to WineHQ is a nice move by Microsoft rather than just letting the upstream Mono die off or otherwise forked." Microsoft's Jeff Schwartz announced the move on the Mono website and in a GitHub post: The Mono Project (mono/mono) ('original mono') has been an important part of the .NET ecosystem since it was launched in 2001. Microsoft became the steward of the Mono Project when it acquired Xamarin in 2016. The last major release of the Mono Project was in July 2019, with minor patch releases since that time. The last patch release was February 2024. We are happy to announce that the WineHQ organization will be taking over as the stewards of the Mono Project upstream at wine-mono / Mono - GitLab (winehq.org). Source code in existing mono/mono and other repos will remain available, although repos may be archived. Binaries will remain available for up to four years.

Microsoft maintains a modern fork of Mono runtime in the dotnet/runtime repo and has been progressively moving workloads to that fork. That work is now complete, and we recommend that active Mono users and maintainers of Mono-based app frameworks migrate to .NET which includes work from this fork. We want to recognize that the Mono Project was the first .NET implementation on Android, iOS, Linux, and other operating systems. The Mono Project was a trailblazer for the .NET platform across many operating systems. It helped make cross-platform .NET a reality and enabled .NET in many new places and we appreciate the work of those who came before us.

Thank you to all the Mono developers!

The state-sponsored Chinese hacking campaign known as Volt Typhoon is exploiting a bug in a California-based startup to hack American and Indian internet companies, according to security researchers. From a report: Volt Typhoon has breached four US firms, including internet service providers, and another in India through a vulnerability in a Versa Networks server product, according to Lumen's unit Black Lotus Labs. Their assessment, much of which was published in a blog post on Tuesday, found with "moderate confidence" that Volt Typhoon was behind the breaches of unpatched Versa systems and said exploitation was likely ongoing.

Versa, which makes software that manages network configurations and has attracted investment from Blackrock and Sequoia Capital, announced the bug last week and offered a patch and other mitigations. The revelation will add to concerns over the susceptibility of US critical infrastructure to cyberattacks. The US this year accused Volt Typhoon of infiltrating networks that operate critical US services, including some of the country's water facilities, power grid and communications sectors, in order to cause disruptions during a future crisis, such as an invasion of Taiwan.

An anonymous reader shares a report: The sudden resignation of a high-profile Intel board member came after differences with CEO Pat Gelsinger and other directors over what the director considered the U.S. company's bloated workforce, risk-averse culture and lagging artificial intelligence strategy, according to three sources familiar with the matter. Lip-Bu Tan, a semiconductor industry veteran, had said he was leaving the board because of a personal decision to "reprioritize various commitments" and that he remained "supportive of the company and its important work," in a regulatory filing on Thursday.

The former CEO of chip-software company Cadence Design joined Intel's board two years ago as part of a plan to restore Intel's place as the leading global chipmaker. The board expanded Tan's responsibilities in October 2023, authorizing him to oversee manufacturing operations. Over time, Tan grew frustrated by the company's large workforce, its approach to contract manufacturing and Intel's risk-averse and bureaucratic culture, according to the sources, who were not authorized to speak publicly. The circumstances around Tan's exit have not previously been reported. The departure of the industry veteran, who is well-regarded by investors, over Intel's strategy illustrates the uncertainty of its turnaround efforts. Tan leaves as the company endures one of the bleakest periods in its five-decade history that has left it vulnerable to a potential activist shareholder attack, former executives said. Intel has hired investment bank Morgan Stanley to prepare a defense, according to sources familiar with the matter, confirming an earlier report.

theodp writes: Typos happen to the best of us, but spelling still counts when it comes to software development. So, it's kind of surprising to see that both Amazon CEO Andy Jassy and former AWS CEO Adam Selipsky failed to notice an embarrassing typo in a demo video they offered to their millions of followers on social media as evidence of Amazon Q AI's Java upgrade capabilities, which Amazon has been trumpeting for months in SEC filings, shareholder communication, and Amazon's latest earnings call with Wall Street analysts.

Just 37 seconds into the demo of the software that Amazon says saved it 4,500 developer-years of work and provided an additional $260M in annualized efficiency gains, Amazon Q kicks off the Java upgrade conversation by saying, "I can help you upgrade your Jave [sic] 8 and 11 codebases to Java 17." The embarrassing misspelling did prompt Twitter user @archo5dev to alert Jassy to the typo, but there's been no response yet from Jassy, who boasted that Amazon developers were unable to find any mistakes in Q's work in "79% of the auto-generated code reviews."

It's probably worth noting that both Jassy and Selipsky opted to showcase a drop-dead simple demo of Amazon Q Code Transformation rather than some of the lengthier and less-magical demos of the product.

Long-time Slashdot reader theodp shared this anecdote about Amazon's GenAI assistant for software development, Amazon Q: On Thursday, Amazon CEO Andy Jassy took to Twitter to boast that using Amazon Q to do Java upgrades has already saved Amazon from having to pay for 4,500 developer-years of work. ("Yes, that number is crazy but, real," writes Jassy). And Jassy says it also provided Amazon with an additional $260M in annualized efficiency gains from enhanced security and reduced infrastructure costs.

"Our developers shipped 79% of the auto-generated code reviews without any additional changes," Jassy explained. "This is a great example of how large-scale enterprises can gain significant efficiencies in foundational software hygiene work by leveraging Amazon Q."

Jassy — who FORTUNE reported had no formal training in computer science — also touted Amazon Q's Java upgrade prowess in his Letter to Shareholders earlier this year, as has Amazon in its recent SEC filings ("today, developers can save months using Q to move from older versions of Java to newer, more secure and capable ones; in the near future, Q will help developers transform their .net code as well"). Earlier this week, Business Insider reported on a leaked recording of a fireside chat in which AWS CEO Matt Garman predicted a paradigm shift in coding as a career in the foreseeable future with the prevalence of AI. According to Garman, "If you go forward 24 months from now, or some amount of time — I can't exactly predict where it is — it's possible that most developers are not coding."

Microsoft will meet with CrowdStrike and other security companies" on September 10, reports CNBC, to "discuss ways to evolve" the industry after a faulty CrowdStrike software update in July caused millions of Windows computers to crash: [An anonymous Microsoft executive] said participants at the Windows Endpoint Security Ecosystem Summit will explore the possibility of having applications rely more on a part of Windows called user mode instead of the more privileged kernel mode... Attendees at Microsoft's September 10 event will also discuss the adoption of eBPF technology, which checks if programs will run without triggering system crashes, and memory-safe programming languages such as Rust, the executive said.
Wednesday Crowdstrike argued no cybersecurity vendor could "technically" guarantee their software wouldn't cause a similar incident.

On a possibly related note, long-time Slashdot reader 278MorkandMindy shares their own thoughts: The "year of the Linux desktop" is always just around the corner, somewhat like nuclear fusion. Will Windows 11, with its general advert and telemetry BS, along with the recall feature, FINALLY push "somewhat computer literate" types like myself onto Linux?

Reuters reports that the Iranian hacking team which compromised the campaign of U.S. presidential candidate Donald Trump "is known for placing surveillance software on the mobile phones of its victims, enabling them to record calls, steal texts and silently turn on cameras and microphones, according to researchers and experts who follow the group." Known as APT42 or CharmingKitten by the cybersecurity research community, the accused Iranian hackers are widely believed to be associated with an intelligence division inside Iran's military, known as the Intelligence Organization of the Islamic Revolutionary Guard Corps or IRGC-IO. Their appearance in the U.S. election is noteworthy, sources told Reuters, because of their invasive espionage approach against high-value targets in Washington and Israel. "What makes (APT42) incredibly dangerous is this idea that they are an organization that has a history of physically targeting people of interest," said John Hultquist, chief analyst with U.S. cybersecurity firm Mandiant, who referenced past research that found the group surveilling the cell phones of Iranian activists and protesters... Hultquist said the hackers commonly use mobile malware that allows them to "record phone calls, room audio recordings, pilfer SMS (text) inboxes, take images off of a machine," and gather geolocation data...

APT42 also commonly impersonates journalists and Washington think tanks in complex, email-based social engineering operations that aim to lure their targeting into opening booby-trapped messages, which let them takeover systems. The group's "credential phishing campaigns are highly targeted and well-researched; the group typically targets a small number of individuals," said Josh Miller, a threat analyst with email security company Proofpoint. They often target anti-Iran activists, reporters with access to sources inside Iran, Middle Eastern academics and foreign-policy advisers. This has included the hacking of western government officials and American defense contractors. For example, in 2018, the hackers targeted nuclear workers and U.S. Treasury department officials around the time the United States formally withdrew from the Joint Comprehensive Plan of Action (JCPOA), said Allison Wikoff, a senior cyber intelligence analyst with professional services company PricewaterhouseCoopers.
"APT42 is still actively targeting campaign officials and former Trump administration figures critical of Iran, according to a blog post by Google's cybersecurity research team."