fidzu : nerd

Comments

08 Jun 2026 1:06pm GMT

Comments

08 Jun 2026 12:57pm GMT

Comments

08 Jun 2026 12:25pm GMT

Most supply-chain attacks using Ruby's package hosting site "exploit a narrow window," according to a new blog post form Ruby core maintainer Hiroshi Shibata. So its packaging-managing Bundler tool now offers a filter that blocks new version until it's been public "for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window." The feature was designed in the open, drawing on how other ecosystems approach the same problem. It is opt-in, and complements rather than replaces existing defenses like mandatory 2FA and trusted publishing... Cooldown is unset by default, so a project without it keeps resolving to the newest versions.... Passing 0 disables cooldown for the run... Cooldown is most useful as one part of the wider security investment happening on rubygems.org. The registry now validates gem contents at push time and checks logins against Have I Been Pwned so that compromised passwords cannot be reused, work described in Protecting rubygems.org from the outside in. A dedicated team is running AI-assisted vulnerability scanning against the most critical gems, backed by Alpha Omega and Anthropic, and the direction of all of this is tracked on a public roadmap. Trusted publishing and mandatory 2FA already raise the bar for who can push a release in the first place.

Read more of this story at Slashdot.

08 Jun 2026 11:34am GMT

Machine learning has its limits-how is it being used?

08 Jun 2026 11:00am GMT

Firefox 153 lands a Vulkan Video decode path, giving NVIDIA Linux users a long-awaited route to GPU-assisted browser video playback.

08 Jun 2026 9:31am GMT

A burglar took a self-driving Waymo taxi to rob a San Francisco yoga studio this past January, reports TechCrunch - "and police have still not caught them." Even the police officer assigned to the case thought it would be easier to solve, notes The San Francisco Chronicle, since Waymos are outfitted with multiple high-definition cameras and require users to make accounts with their credit card numbers: It's common for officers to seek video footage of a crime from any of the Waymos, Teslas and other high-tech vehicles that record their surroundings. That information can be crucial for identifying suspects or creating a reliable timeline of events. At times, police will go so far as to obtain search warrants to tow the vehicle "witnesses" to ensure they don't lose valuable video evidence. In the Hot 8 Yoga burglary case, San Francisco police issued a search warrant that forced Waymo to turn over information on the account that ordered the ride and video footage from the white Jaguar that served as the getaway car, police records show. Faye said that he couldn't discuss certain details of the case, but that the Waymo user's account information didn't lead police to the suspect. In general, he said, it's not unusual for a criminal to order a service with stolen information or a burner phone. The video evidence didn't help much either, Faye said. He said that the company had not retained interior footage of the car by the time the search warrant was filed in April and that it had kept the faces seen outside the car blurred for privacy reasons... Waymo does not publicly disclose how long it retains video footage. The company blurs faces and license plates in the public-facing images it uses in a database designed for research.... Last year in Los Angeles, a person allegedly robbed a grocery store before hopping in a Waymo. Officers were able to chase down the vehicle after the suspect got inside, and the car pulled itself over after police turned on the car's emergency lights, according to Los Angeles-area news outlets. "Farah Issa, studio manager of Hot 8 Yoga, showed the Chronicle a copy of the surveillance video from her phone, noting how the Waymo dropped off the suspect and waited for him to finish the burglary before taking off again."

Read more of this story at Slashdot.

08 Jun 2026 7:34am GMT

Reuters reports: Several large data centers and crypto facilities planning to connect to the Texas power grid ahead of peak summer demand have failed key reliability tests, raising the risk of power outages just as electricity use hits its seasonal high, according to the state grid operator... Unlike traditional industrial customers, which tend to draw electricity steadily and predictably, data centers are engineered to cut their connection to the grid at the first sign of trouble to protect their equipment and keep services running. That makes them an unpredictable and potentially destabilizing force on grids already under pressure from rising demand. Four groups of unnamed large electricity users, including data centers, abruptly disconnected from the Texas grid during a test of how they would handle routine voltage disturbances, the Electric Reliability Council of Texas (ERCOT) said in a report dated May 21. When large customers abruptly cut their power use, it can knock the grid off balance and trigger wider outages. ERCOT, which manages electricity for most of Texas, said it reviewed about 20 gigawatts of large customers seeking to connect to the system, including eight projects totaling roughly 3.9 gigawatts aiming to start up before July 1. It said it identified four groups of large power users that could each trigger more than 5,000 megawatts of demand tripping under certain fault conditions, based on simulations of transmission system disturbances. Those abrupt drops in demand were equivalent to the electricity consumption of a large city such as Boston.

Read more of this story at Slashdot.

08 Jun 2026 4:34am GMT

Catch up on the latest Linux news: Linux Lite 8.0, KaOS 2026.06 RC, COSMIC 1.0.15, GNOME 50.2, Yay 12.6, XLibre Xserver 25.1.6, Ubuntu 26.10 to ship with GNOME 51, and more.

07 Jun 2026 9:47pm GMT

KaOS Dinit 2026.06 RC follows months of migration work, replacing systemd as init with a Dinit-based stack.

07 Jun 2026 9:06pm GMT

Head's true genius-and that of his character, Giles-lay in quietly filling in the gaps in every scene

07 Jun 2026 7:34pm GMT

How accurate does an AI system need to be?

07 Jun 2026 11:08am GMT