fidzu : computers

Tech Times reports: Linux 7.2's merge window closed out a cleanup campaign on Friday that most kernel developers had stopped expecting to see end: the complete removal of strncpy(), a C string-copy function that the kernel's own documentation labels "actively dangerous," from every subsystem, driver, and architecture-specific file in the kernel source tree. The merge landed June 20, 2026. After around 362 commits spread across six years of incremental work, no call site using the function remained, and the function itself - including the last per-CPU-architecture optimized implementations - was struck from the source. The removal matters beyond housekeeping. strncpy() is a persistent source of a specific class of memory error: kernel buffers that contain sensitive data can leak bytes past an unterminated string boundary, a pattern that enables memory disclosure vulnerabilities. Eliminating the function from the tree removes that entire class from the kernel's attack surface - and, critically, makes strncpy() unavailable to any future contributor, turning a best-practice suggestion into an enforced policy. Phoronix notes it's replaced by five different functions: In place of strncpy, Linux kernel code should use strscpy() for NUL terminated destinations, strscpy_pad() for NUl-terminated destinations with zero-padding, strtomem_pad() for non-NUL-terminated fixed-width fields, memcpy_and_pad() for bounded copies with explicit padding, or memcpy() for known-length memory copies. "The reason five functions were needed," explains Tech Times, "is that different parts of the kernel were using strncpy() for five semantically distinct memory operations - each with a different intent, different termination requirement, and different padding behavior. " The original function obscured all of those differences under a single ambiguous name. The 362-commit campaign to replace it was, in effect, a codebase-wide audit that forced every call site to declare its actual intent in code That is an engineering outcome with lasting value: the kernel's string-handling semantics are now explicit where they were previously implicit, and future maintainers can read a function name and understand what a copy operation actually does.

Read more of this story at Slashdot.

21 Jun 2026 6:12pm GMT

At least three coal plants have been repeatedly cited for violating environmental regulations.

21 Jun 2026 5:49pm GMT

NBC News reports: A group of companies that specialize in tracking international shipments of sensitive technologies is backing a Capitol Hill bill that would require America's most powerful AI chips to incorporate stronger security mechanisms aimed at preventing the chips from reaching China and other adversaries. The letter, signed by six companies, says the Chip Security Act (CSA) would increase American chip companies' competitiveness and close key loopholes in the U.S. export control regime. The move clashes with claims from semiconductor lobbying groups that the requirements would constrain America's booming chip industry. Sent to congressional leadership Thursday morning and seen by NBC News, the dispatch instead argues that more robust security verification would assure chip customers and manufacturers that they are abiding by sensitive restrictions on chip sales. The companies argue that the boosted confidence will "lead to increased sales, faster export approvals, larger transactions, greater access to new markets, and more expansive chip deals." Despite U.S. export control laws banning sales of advanced AI chips to certain countries, including China, loopholes in current requirements have allowed billions of dollars' worth of America's best AI chips to be sold to entities in third-party countries that can then forward them to China. In just one case in March, the Justice Department charged three people with conspiring to forward $2.5 billion of AI chips to China. The CSA aims to address those loopholes, mandating that chip exporters better track where advanced chips are sent, via either bespoke location-verification hardware or software that can run on existing hardware. That, bill proponents claim, would ensure that sensitive chips could be sold to countries like Malaysia or Indonesia without fear of further transfer to China... Experts say that because chips perform the advanced computations required for frontier AI systems, cutting off access to the chips is crucial to prevent geopolitical rivals from using AI systems for military or economic purposes.

Read more of this story at Slashdot.

21 Jun 2026 4:34pm GMT

While the Rust Foundation has a Security Initiative to protect its ecosystem, "the threats have expanded," they announced this week, "and so has the kind of help maintainers need." Much of this comes back to a single shift: Automated tooling (much of it now built on large language models) has gotten good enough to surface real vulnerabilities in open source code quickly and at scale. That is useful, and several large Rust projects have already received and fixed credible issues found this way. The same tooling has also made it trivial to generate vulnerability reports that look plausible and are worthless. Maintainers across the ecosystem are losing real hours sorting these from the reports that matter, and the noise tends to bury the signal. So, with funding from the Alpha-Omega Project, the Rust Foundation is bringing on a full-time AI Security Engineer in Residence dedicated to the Rust ecosystem. This position is being funded with part of the $12.5M in open source security funding that the Linux Foundation announced in March. The role exists to take pressure off maintainers. The person in this position will use a mix of human-led and AI-assisted methods to proactively review Rust itself and the crates the ecosystem leans on most and help us separate real, exploitable issues from false positives and low-signal noise before anything reaches a maintainer... This role will run full-time for six months to start, with room to extend depending on what we learn and the funding available. Methods, playbooks, and prompts will be documented so the work doesn't end with the contract. We are grateful that Rust is not embarking on this work in isolation. Several other ecosystems have received parallel Alpha-Omega grants for the same kind of work (e.g., the PHP Foundation and the Drupal Association) and we plan to share tooling, triage practices, and what we learn rather than duplicating work A statement from Rust's new AI Security Engineer in Residence acknowledges that "One of our next challenges is the wave of bugs discovered by the next generation of AI-powered developer tools."

Read more of this story at Slashdot.

21 Jun 2026 3:34pm GMT

An eminently binge-able series that honors classic horror tropes while reinventing them in surprising ways

21 Jun 2026 10:00am GMT

Tests of age-verification technology show the risks of life-altering errors.

20 Jun 2026 11:15am GMT

I mean, this is preaching to the choir, but let's go anyway. I liked the UIs of the entire era from 3.0 to 2000, really. I'm mostly using Windows 2000 as an example here because it runs so well in QEMU/KVM and that allows me to easily take screenshots. Some of the following will sound absolutely trivial, but I think it's worth pointing out. ↫ movq.de blog Just a series of observations about how much better graphical user interfaces were back in the '90s and early 2000s. We've lost so many affordances based on both common sense and scientific study, and what we ended up with is a confusing, inconsistent mess. It doesn't really matter where you look - user interface design has deteriorated since the early 2000s, a decline that only accelerated thanks to the arrival of the iPhone, where consistency is a dirty word, and the web, where the advertising people took prominence over the design people. I just want my buttons to look like buttons man.

19 Jun 2026 8:21pm GMT

A fascinating novel approach by researchers at MIT, called Fractal, to study in-depth how processors actually work. A team at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) decided to build something different. Fractal, an operating system kernel written from the ground up, treats the hardware itself as the object of study. Its first major use, a deep look at branch predictors - a CPU's way of guessing what code to run next, before it knows for certain, so it doesn't have to waste time waiting to find out - inside Apple's M1 processor, has already turned up findings that prior work missed, including the first evidence that a class of speculative attack known as "Phantom" affects Apple Silicon. "We're using hardware in ways it wasn't designed for," says Joseph Ravichandran, the MIT PhD student in electrical engineering and computer science (EECS) who led the project. "It's not even obvious that this is a possible thing you could do with the hardware. But we found a way to pull all these different primitives off. It's like a microscope. If you've got a hand magnifying glass, you can see a little bit. But if you had an electron microscope, now we're really talking. That's what Fractal is. The electron microscope of operating systems." ↫ Rachel Gordon at MIT News While Fractal is small, its creators also added POSIX system calls, a C library, vim, GCC, a shell, and more. This way, it feels more familiar, and makes it easier for researchers to get started with the tool. Fractal is open source and hosted on GitHub, it has its own website, and there's a detailed research paper with more in-depth information.

19 Jun 2026 12:34pm GMT

Five years after releasing the Amiga 1000, Commodore was about to launch the Amiga 3000, their first real high-end Amiga. With a 68030 processor, on-board SCSI and a slightly updated graphics chipset, all in a sleek desktop case, the Amiga was truly ready for the era of professional 32-bit computing. But Moore's law wasn't the only thing thad had been pressuring Commodore since the release of the Amiga 1000: The desktop metaphor had matured even further, and the competition had been hard at work. IBM had launched OS/2, Windows 3.0 had turned Microsoft's offering from a proof of concept into something actually usable, and new players had entered the scene - among them NeXTStep, with its polished 3D look. It was time to bring AmigaOS, too, into the 1990s. ↫ Carl Svensson It's interesting - there's a lot of focus on the first version of the Amiga operating system and the third one, but you don't hear a lot about AmigaOS 2.x. It turns out this is rather odd, because as Svensson details, this version came with an absolute ton of changes and improvements, from an entirely new widget toolkit to a brand new file system, and so much more. The new widget toolkit and accompanying style guide also ensured that the operating system looked, felt, and behaved consistently. Remember when we cared about that? There's so much more cool features, though, like command history, line editing, universal clipboard support and more just for the CLI, as well as something called Commodities. These were tiny little programs managed from a central location, which didn't even need a GUI to work. Commodities included by default were things like ClickToFront, a focus-follows-mouse option, and more. Oh and of course, BASIC was replaced by ARexx. The list just keeps going, and you should really read Svensson's article.

18 Jun 2026 9:40pm GMT

Good morning from JetBrains Berlin office!

01 Jun 2026 12:00am GMT

Just trying to answer one simple question: What if the terminal was 3D?

11 May 2026 12:00am GMT

Break the pattern today or the loop will repeat tomorrow.

18 Apr 2026 12:00am GMT