04 Jul 2026

feedHacker News

Agentic coding notes from Galapogos Island

Comments

04 Jul 2026 4:37am GMT

Maybe you should learn something

Comments

04 Jul 2026 3:36am GMT

Synthesis is harder than analysis

Comments

04 Jul 2026 2:45am GMT

feedSlashdot

Alibaba To Ban Claude Code In Workplace Over Alleged Backdoor Risks

Alibaba has reportedly banned employees from using Anthropic's Claude Code and directed them to its own Qoder platform amid a growing dispute over features that can help identify China-linked users. Reuters reports: The ban is part of a deepening spat between the two companies after Anthropic accused Alibaba of illicitly extracting its Claude AI model capabilities -- a dispute that highlights the frantic race between the U.S. and China to take the lead in artificial intelligence. [...] Anthropic said last month that it had suffered a strike by Alibaba, which it described as a "distillation" effort that involves training a less capable model on the outputs of a stronger one. The distillation helps accelerate China's ability to reach Anthropic's advanced Mythos Preview capabilities, it said in a letter seen by Reuters that was sent to two U.S. senators. Alibaba's ban comes just days after developers said Claude Code contained mechanisms that inspected user environments, including timezone and proxy-related information, and inserted subtle markers into prompts sent to Anthropic's servers. An Anthropic employee wrote on Tuesday on X that the feature was "an experiment we launched in March" intended to prevent account abuse by unauthorized resellers and protect against model distillation. The person who spoke to Reuters about Alibaba's ban said that Anthropic's restrictions targeting China were difficult to enforce on individual users who can deploy servers in the United States and make traffic appear as if it originated there. But companies were more aware of legal and compliance risks, the person added.

Read more of this story at Slashdot.

04 Jul 2026 2:00am GMT

03 Jul 2026

feedLinuxiac

Woodpecker CI 3.16 Adds Workflow Concurrency Limits, Unix Socket Support

Woodpecker CI 3.16 Adds Workflow Concurrency Limits, Unix Socket Support

Woodpecker CI 3.16.0 lands with workflow concurrency limits, Unix socket support, Prometheus metrics, Kubernetes improvements, and security hardening.

03 Jul 2026 9:38pm GMT

feedSlashdot

Valve Open-Sources Steam Machine's E-Ink Display

Valve has open-sourced the design for a customizable e-ink front panel for the Steam Machine, dubbed the "Inkterface." "All of it is available on their GitLab under the MIT license, which goes over everything you need to make your own and stick it on the front of your fancy new Steam Machine," reports GamingOnLinux. From the report: They're now calling it the "Inkterface" and there's a good few things you'll need to make it including: 1 x Adafruit ESP32 Feather with 2MB PSRAM. 1 x Adafruit eInk Breakout Friend. 1 x Adafruit 5.83" Monochrome eInk Panel. 13 x M2.5 x 5mm Pan Head Machine Screws. 4 x 1/4" x 1/4" x 3/16" Stepped Magnet SB443-OUT. Valve even provided a video on the GitLab showing it being put together [...].

Read more of this story at Slashdot.

03 Jul 2026 8:00pm GMT

feedLinuxiac

GNU Guix Package Manager Hit by Four Security Flaws

GNU Guix Package Manager Hit by Four Security Flaws

The Guix team urges users to upgrade after vulnerabilities were found in its substitute handling and channel update mechanisms.

03 Jul 2026 6:18pm GMT

feedSlashdot

New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy

An anonymous reader quotes a report from Ars Technica: Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server. [...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on." If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.

Read more of this story at Slashdot.

03 Jul 2026 3:00pm GMT

feedArs Technica

Rocket Report: Indian startup nears first launch; SpaceX's millenary milestone

NASA awarded Rocket Lab deals for three dedicated launches using the company's Electron rocket.

03 Jul 2026 1:55pm GMT

feedLinuxiac

Linux Tops 2026 CVE Charts, Greg KH Says That’s a Good Thing

Linux Tops 2026 CVE Charts, Greg KH Says That’s a Good Thing

Greg Kroah-Hartman says Linux leads CVE counts for the first half of 2026, arguing the numbers reflect responsible reporting, not poor security.

03 Jul 2026 1:39pm GMT

feedArs Technica

Inside the Luddite festival harnessing Gen Z’s rage against Big Tech

New York City's Summer of Ludd festival is teaching people how to live offline.

03 Jul 2026 12:00pm GMT

Despite the darkness, I still see signs of hope in America

It's difficult to pinpoint the moment in my life where America started to lose the plot.

03 Jul 2026 11:30am GMT