The Wall Street Journal reports that Rivian "just won a yearslong battle with car dealers in Washington state that threatens the model of how cars are sold." After fighting to sell its vehicles directly to buyers, Rivian threatened to take its case to voters with a ballot measure to permit direct sales. The dealers blinked. The state's dealer lobby not only dropped its opposition to a sales loophole for Rivian and rival EV-maker Lucid, but also encouraged lawmakers to approve one. The measure became law this month...

New auto entrants like Rivian, and Tesla before it, have spent years contending with long-established U.S. state laws that require new cars to be sold through independent franchised dealers. The auto startups — typically makers of EVs — argue that they can offer a better experience by selling directly to consumers, much as Apple sells iPhones through its own stores and online. Rivian CEO RJ Scaringe has said the company is committed to direct-only sales because it's more profitable and gives the company control over how its vehicles are sold, marketed and maintained. The Washington compromise riled traditional automakers, including General Motors, Ford and Toyota, which lobbied against it, arguing it unfairly advantages startups. A trade group representing the automakers called it discriminatory and argued the exception could one day open the door to Chinese EV makers...

German automaker Volkswagen is currently facing several lawsuits from dealers over its plan to sell new Scout vehicles directly to consumers. Dealers say independent franchises are vital to the car-buying process, creating competition between dealerships that keeps prices affordable for consumers, while providing valuable services such as repairs, warranty work and financing... Yet for Washington's dealers, the prospect of putting franchise laws up for a popular vote laid bare a tough reality: given the choice, many car buyers want the freedom to avoid dealerships. Rivian's polling, which the company shared with lawmakers, showed nearly 70% of respondents favored allowing direct sales when asked whether they would support manufacturers selling cars directly to consumers...

The fight comes at a critical time for Rivian, which is launching a new, more affordable SUV in a bid to make consistent profits amid a downturn in U.S. EV sales... Rivian is able to directly sell cars in roughly half of U.S. states, but a number of them limit how many locations the company can operate. They can't disclose the price, though. For that, customers must go online.
The article notes that "Following the win, Rivian executives are eyeing other states that, like Washington, ban direct sales but also allow ballot initiatives: Arkansas, Ohio, Oklahoma, Montana, Nebraska and South Dakota..." It adds that lawmakers (from both parties) in the state of Washington had said "they have long felt pulled between giving consumers more car-buying freedom and protecting dealers, essentially small-business owners who are vital to local economies — and politically powerful."

But an executive at the Washington State Auto Dealers Association said dealers supported this new law partly because it protects them by barring future automakers from selling directly in the state, and by requiring Rivian and Lucid to adhere to the same regulations that govern how dealers operate.

"It's time to charge for access," argues a new opinion piece at The Register. Begging billion-dollar companies to fund open source projects just isn't enough, writes long-time tech reporter Steven J. Vaughan-Nichols: Screw fair. Screw asking for dimes. You can't live off one-off charity donations... Depending on what people put in a tip jar is no way to fund anything of value... [A]ccording to a 2024 Tidelift maintainer report, 60 percent of open source maintainers are unpaid, and 60 percent have quit or considered quitting, largely due to burnout and lack of compensation. Oh, and of those getting paid, only 26 percent earn more than $1,000 a year for their work. They'd be better paid asking "Would you like fries with that?" at your local McDonald's...

Some organizations do support maintainers, for example, there's HeroDevs and its $20 million Open Source Sustainability Fund. Its mission is to pay maintainers of critical, often end-of-life open source components so they can keep shipping patches without burning out. Sentry's Open Source Pledge/Fund has given hundreds of thousands of dollars per year directly to maintainers of the packages Sentry depends on. Sentry is one of the few vendors that systematically maps its dependency tree and then actually cuts checks to the people maintaining that stack, as opposed to just talking about "giving back."

Sentry is on to something. We have the Linux Foundation to manage commercial open source projects, the Apache Foundation to oversee its various open source programs, the Open Source Initiative (OSI) to coordinate open source licenses, and many more for various specific projects. It's time we had an organization with the mission of ensuring that the top programmers and maintainers of valuable open source projects get a cut of the tech billionaire pie.

We must realign how businesses work with open source so that payment is no longer an optional charitable gift but a cost of doing business. To do that, we need an organization to create a viable, supportable path from big business to individual programmer. It's time for someone to step up and make this happen. Businesses, open source software, and maintainers will all be better off for it.
One possible future... Bruce Perens wrote the original Open Source definition in 1997, and now proposes a not-for-profit corporation developing "the Post Open Collection" of software, distributing its licensing fees to developers while providing services like user support, documentation, hardware-based authentication for developers, and even help with government compliance and lobbying.

In many rural areas, America's online shoppers can wait half a week or more for deliveries. But Amazon started a $4 billion "rural delivery push" last year, reports Bloomberg, and has now cut delivery times to under 24 hours for 1 in 5 rural and small-town households, with 48-hour delivery to 62% of rural households. The payoff could be huge. Rural shoppers in the US collectively spend $1 trillion a year on clothing, electronics, household goods and other items, representing about 20% of retail purchases excluding cars and gasoline, according to Morgan Stanley. Amazon aims to recondition those shoppers to expect quick delivery, which would play to its strengths and make the company top-of-mind for online purchases... "Rural America is often overlooked," said Sky Canaves, an analyst at EMarketer Inc. who tracks online sales. "This is the opportunity Amazon is trying to seize because e-commerce growth is getting harder to come by...."

Amazon's rural push will require a lot more rural business owners willing to make deliveries... Today, Amazon delivers more parcels overall than UPS and FedEx, which are both shedding workers and shrinking their delivery networks, including in rural areas. By picking up the slack, Amazon is expected to become the largest parcel carrier in the US — surpassing the postal service — in 2028, according to the shipping software company Pitney Bowes. Amazon currently delivers two of three orders itself. For rural shoppers, the most visible change will be fewer brown UPS trucks, fewer packages delivered by mail carriers and more small business owners pulling up in their minivans.
Amazon's relationship with America's postal service "has become rocky following a dispute over contract terms," notes the Wall Street Journal. But they also share an interesting calculation by Marc Wulfraat, president of MWPVL International, a supply-chain consultancy monitoring the e-commerce company's logistics network. . At Amazon's current pace of constructing 40 to 50 new delivery hubs each year, he estimates Amazon will be able to ship packages to every single U.S. ZIP Code within four years.

Apple unveiled new device-level age restrictions in the UK on Wednesday. "After downloading a new update, users will now have to confirm that they are 18 or older to access unrestricted features," reports Gizmodo.

"Users will be able to confirm their age with a credit card or by scanning an ID." For those underage or who have not confirmed their age, Apple will turn on Web Content Filter and Communication Safety, which will not only restrict access to certain apps or websites, but will also monitor messages, shared photo albums, AirDrop, and FaceTime calls for nudity. Apple didn't specify exactly which services and features are banned for under-18 users, but it will likely be in compliance with UK legislation...

The British government does not require Apple and other OS providers to institute device-level age checks, but it does restrict minor access to online pornography under the Online Safety Act, which passed in 2023. So far, that restriction has only been implemented at the website level, but UK officials have been worried about easy loopholes to evade the age restrictions, like VPNs.

The broader tech industry has been campaigning for some time to use device-level age checks instead in response to the rising tide of under-16 social media and internet bans around the world. Last month, in a landmark social media trial in California, Meta CEO Mark Zuckerberg also supported this idea, saying that conducting age verification "at the level of the phone is just a lot clearer than having every single app out there have to do this separately." Pornhub-operator Aylo had advocated for device-level restrictions in the UK as well, and even sent out letters to Apple, Google, and Microsoft in November asking for OS-level age verification...

The most obvious question: Could this be brought stateside?

It's FOSS interviewed a software engineer whose long-running open source contributions include Python code for the Arch Linux installer and maintaining packages for NixOS. But "a recent change he made to systemd has pushed him into the spotlight" after he'd added the optional birthDate field for systemd's user database: Critics saw it not merely as a technical addition, but as a symbolic capitulation to government overreach. A crack in the philosophical foundation of freedom that Linux is built on. What followed went far beyond civil disagreement. Dylan revealed that he faced harassment, doxxing, death threats, and a flood of hate mail. He was forced to disable issues and pull request tabs across his GitHub repositories...


Q: Should FOSS projects adapt to laws they fundamentally disagree with? Because these kinds of laws are certainly in conflict with what a lot of Linux users believe in.

A. Unfortunately, in a lot of cases, the answer is yes — at least for any distribution with corporate backing. The small independent distributions are much more flexible to refuse as a protest.

If we ignore regulations entirely, we risk Linux being something that companies are not willing to contribute to, and Linux may be shipped on less hardware. I'm talking about things like Valve and System76 (despite them very vocally hating these laws). That does not help us; it just lowers the quality of software contributions due to less investment in the platform and makes Linux less accessible to the average person. We need Linux and other free operating systems to remain a viable alternative to closed systems.

Q. Do you think regulations like these will reshape desktop Linux in the next 5-10 years where we might have "compliant Linux" and "Freedom-first Linux"?

A. Unfortunately, yes, to some degree this is likely. I imagine the split will be mostly along the lines of independent distributions and those with corporate backing.

We're already seeing it as far as which distributions plan on implementing some sort of age verification and which ones are not, and that sucks. I'd rather nobody have to deal with this mess at all, but this is the reality of things now. As I said in the previous response, the corporate-backed distributions really have no choice in the matter. Companies are notoriously risk-adverse, but something like Artix or Devuan? Those are small and independent enough where the individual maintainers may be willing to take on more risk.

I was actually thinking about what this would look like if we added it to [Linux system installer] Calamares and chatting about that with the maintainers before that thread got brigaded by bad actors posting personal information and throwing around insults. I completely support the freedom for the distro maintainers to choose their risk tolerance. If the distribution is based out of Ireland or something (like Linux Mint) without these silly laws in the jurisdiction the developer operates in, I think that we should leave it up to them to make a choice here.
They think the installer should have a date picker with a flag to disable it, and "We can even default it to off, and corporate distributions using Calamares or those not willing to take the risk could flip it on if they need to. That way if maintainers of the distributions do not wish to collect the birth date, they won't have to, and no forking is required to patch it out."

Linux kernel maintainer Greg Kroah-Hartman tells The Register that AI-driven code review has "really jumped" for Linux. "There must have been some inflection point somewhere with the tools..." "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now...."

For now, AI is showing up more as a reviewer and assistant than as a full author of Linux kernel code, but that line is starting to blur. Kroah-Hartman has already done his own experiments with AI-generated patches. "I did a really stupid prompt," he recounted. "I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right." Mind you, those working patches still needed human cleanup, better changelogs, and integration work, but they were far from useless. "The tools are good," he said. "We can't ignore this stuff. It's coming up, and it's getting better...." [H]e said that for "simple little error conditions, properly detecting error conditions," AI could already generate dozens of usable patches today.

The sudden increase in AI-generated reports and AI-assisted work has also spurred a parallel push to build AI into the kernel's own review infrastructure. A key piece of that is Sashiko, a tool originally developed at Google and now donated to the Linux Foundation.
Kroah-Hartman said some patches are being generated with AI now. "You have a little co-develop tag for that now. We're seeing some things for some new features, but we're seeing AI mostly being used in the review."

An anonymous reader quotes a report from Reuters: OpenAI's ChatGPT ads pilot in the United States has crossed the $100 million annualized revenue mark within six weeks of launch, a company spokesperson said on Thursday, pointing to robust early demand for the AI startup's nascent advertising business. [...] While roughly 85% of users are currently eligible to see ads, fewer than 20% are shown ads daily, with considerable room to grow ad monetization within the existing user pool, the spokesperson said.

"We're seeing no impact on consumer trust metrics, low dismissal rates of ads, and ongoing improvements in the relevance of ads as we learn from feedback," OpenAI said. The company plans to expand the test globally in additional countries in the coming weeks, including in Australia, New Zealand, and Canada. OpenAI has now expanded to over 600 advertisers, with nearly 80% of small- and medium-sized businesses signaling interest in ChatGPT ads, the spokesperson said. The ChatGPT maker is set to launch self-serve advertiser capabilities in April to broaden access and drive further growth. CEO Sam Altman announced plans to begin testing ads on ChatGPT back in January after previously rejecting the idea. "I kind of think of ads as like a last resort for us as a business model," Altman said in 2024.

Further reading: OpenAI CFO Says Annualized Revenue Crosses $20 Billion In 2025

UK startup Pulsar Fusion says it has achieved the first plasma ignition inside a nuclear fusion rocket engine prototype -- a huge step for space travel that could cut missions to Mars "from months-long journeys to just a few weeks," reports Euronews. From the report: Pulsar Fusion revealed the milestone during a live stream at Amazon's MARS Conference, hosted by Jeff Bezos in California this week, with CEO Richard Dinan calling it an "exceptional moment" for the company. The team successfully created plasma - an intensely hot, electrically charged state of matter, often described as the fourth state of matter - using electric and magnetic fields inside its experimental and early prototype "Sunbird fusion exhaust system." [...] The company now plans further testing of its Sunbird system to improve performance. Upcoming upgrades include more powerful superconducting magnets designed to better contain and control plasma.

An anonymous reader quotes a report from Ars Technica: AOMedia Video 1 (AV1) was invented by a group of technology companies to be an open, royalty-free alternative to other video codecs, like HEVC/H.265. But a lawsuit that Dolby Laboratories Inc. filed this week against Snap Inc. calls all that into question with claims of patent infringement. Numerous lawsuits are currently open in the US regarding the use of HEVC. Relevant patent holders, such as Nokia and InterDigital, have sued numerous hardware vendors and streaming service providers in pursuit of licensing fees for the use of patented technologies deemed essential to HEVC.

It's a touch rarer to see a lawsuit filed over the implementation of AV1. The Alliance for Open Media (AOMedia), whose members include Amazon, Apple, Google, Microsoft, Mozilla, and Netflix, says it developed AV1 "under a royalty-free patent policy (Alliance for Open Media Patent License 1.0)" and that the standard is "supported by high-quality reference implementations under a simple, permissive license (BSD 3-Clause Clear License)."

Yet, Dolby's lawsuit filed in the US District Court for the District of Delaware [PDF] alleges that AV1 leverages technologies that Dolby has patented and has not agreed to license for free and without receiving royalties. The filing reads: "[AOMedia] does not own all patents practiced by implementations of the AV1 codec. Rather, the AV1 specification was developed after many foundational video coding patents had already been filed, and AV1 incorporates technologies that are also present in HEVC. Those technologies are subject to existing third-party patent rights and associated licensing obligations." Dolby is seeking a jury trial, a declaration that Dolby isn't obligated to license the patents in questions under FRAND (fair, reasonable, and non-discriminatory) licensing obligations, and for the court to enjoin Snap from further "infringement."

CERN has confirmed it will host an expanded version of Open Research Europe, the EU-backed fee-free open access publishing platform that works to "keep knowledge in public hands." Research Professional News reports: A little over a year ago, 10 European research organizations announced that they would add their support to Open Research Europe, to broaden eligibility beyond only those researchers funded by the EU research program. Earlier this year, RPN reported that this group had expanded further and that Cern was set to host the broadened version of ORE, currently provided by the publisher F1000.

On March 26, Cern itself finally announced the news, saying it will "provide the technical and operational infrastructure" for the broader version. It said this will build on its "longstanding experience in developing and maintaining open science infrastructures and community-governed services." [...] In its own announcement, the Commission said ORE will have a budget of 17 million euros for 2026-31, with the EU providing 10 million euros.

Since it launched five years ago, ORE has published more than 1,200 articles. Cern said the platform is "expected to support a growing number of research outputs each year." Last month, experts told RPN they thought uptake of the increased eligibility will depend on how the newly participating national organizations engage with their communities. Eleven members of Science Europe, a group of major research funding and performing organizations, are part of the expansion.

BrianFagioli writes: Mozilla just teamed up with Mila, the Quebec Artificial Intelligence Institute, to push open source AI -- and it feels like a direct response to Big Tech tightening its grip on the space. Instead of relying on closed models, the goal here is to build "sovereign AI" that's more transparent, privacy-focused, and actually under the control of developers and even governments. They're starting with things like private memory for AI agents, which sounds niche but matters if you care about where your data goes. Big question is whether open source can realistically keep up with the billions being poured into proprietary AI, but at least someone's trying to give folks an alternative. "Canada has what it takes to lead on frontier AI that the world can actually trust: the research depth, the values, and the will to do it differently. The next frontier in AI isn't just capability, it is trustworthiness, and Canada is uniquely positioned to lead on both. This partnership is a concrete step in that direction. Open, trustworthy AI isn't a compromise on ambition. It's the higher bar," said Valerie Pisano, president and CEO of Mila.

Wikipedia has banned the use of generative AI to write or rewrite articles, saying it "often violates several of Wikipedia's core content policies." That said, editors may still use it for translation or light refinements as long as a human carefully checks the copy for accuracy. Engadget reports: Editors can use large language models (LLMs) to refine their own writing, but only if the copy is checked for accuracy. The policy states that this is because LLMs "can go beyond what you ask of them and change the meaning of the text such that it is not supported by the sources cited." Editors can also use LLMs to assist with language translation. However, they must be fluent enough in both languages to catch errors. Once again, the information must be checked for inaccuracies.

"My genuine hope is that this can spark a broader change. Empower communities on other platforms, and see this become a grassroots movement of users deciding whether AI should be welcome in their communities, and to what extent," Wikipedia administrator Chaotic Enby wrote. The administrator also called the policy a "pushback against enshittification and the forceful push of AI by so many companies in these last few years."

Ancient Slashdot reader wiredog writes: Tracy Kidder, author of "The Soul of a New Machine," has died at the age of 80. "The Soul of a New Machine" is about the people who designed and built the Data General Nova, one of the 32 bit superminis that were released in the 1980's just before the PC destroyed that industry. It was excerpted in The Atlantic.

"I'm going to a commune in Vermont and will deal with no unit of time shorter than a season."

The U.S. Postal Service plans to impose its first-ever fuel surcharge on packages (source paywalled; alternative source), adding an 8% fee starting in April as it struggles with rising fuel costs and ongoing financial pressure. The surcharge will not apply to letter mail and is currently expected to remain in place until January 2027. The Wall Street Journal reports: Other parcel carriers, including FedEx and United Parcel Service, have imposed fuel surcharges, as well as a basket of other surcharges and fees, for years. Both FedEx and UPS have dramatically raised their fuel surcharges in recent weeks as the price of oil has increased amid the turmoil in the Middle East. [...] The post office has been trying to increase the volume of packages it delivers. It previously differentiated itself from commercial carriers by saying that it doesn't apply residential, Saturday delivery or fuel or remote-delivery surcharges.

New submitter haroldbasset writes: Canada's Immigration Department rejected an applicant because the duties of her current job did not match the Canadian work experience she had claimed, but the Department's AI assistant had invented that work experience. She has been working in Canada as a health scientist -- she has a Ph.D. in the immunology of aging -- but the AI genius instead described her as "wiring and assembling control circuits, building control and robot panels, programming and troubleshooting." "It's believed to be the first time that the department explicitly referred to the use of generative AI to support application processing in immigration refusals," reports the Toronto Star. "The disclaimer also noted that all generated content was verified by an officer and that generative AI was not used to make or recommend a decision."

The applicant's lawyer was shocked "how any human being could make this decision." "Somehow, it hallucinated my client's job description," he said. "I would love to see what the officer saw. Something seriously went wrong here."

The applicant's refusal came just as Canada's Immigration Department released its first AI strategy, which frames artificial intelligence as a way to improve efficiency, service delivery, and program integrity. The department says it has long used digital tools like analytics and automation to flag fraud risks and triage applications, and is now also experimenting with generative AI for tasks such as research, summarizing, and analysis. In this case, however, the department insisted the decision was made by a human officer and that generative AI was not involved in the final decision.

A jury found Meta and YouTube negligent in a landmark social media addiction case, ruling that addictive design features such as infinite scroll and algorithmic recommendations harmed a young user and contributed to her mental health distress. The verdict awards $3 million in compensatory damages so far and could pave the way for more lawsuits seeking financial penalties and product changes across the social media industry. "Meta is responsible for 70 percent of that cost and YouTube for the remainder," notes The New York Times. "TikTok and Snap both settled with the plaintiff for undisclosed terms before the trial started." From the report: The bellwether case, which was brought by a now 20-year-old woman identified as K.G.M., had accused social media companies of creating products as addictive as cigarettes or digital casinos. K.G.M. sued Meta, which owns Instagram and Facebook, and Google's YouTube over features like infinite scroll and algorithmic recommendations that she claimed led to anxiety and depression.

The jury of seven women and five men will deliberate further to decide what further punitive damages the companies should pay for malice or fraud. The verdict in K.G.M.'s case -- one of thousands of lawsuits filed by teenagers, school districts and state attorneys general against Meta, YouTube, TikTok and Snap, which owns Snapchat -- was a major win for the plaintiffs. The finding validates a novel legal theory that social media sites or apps can cause personal injury. It is likely to factor into similar cases expected to go to trial this year, which could expose the internet giants to further financial damages and force changes to their products. The verdict also comes on the heels of a New Mexico jury ruling that found Meta liable for violating state law by failing to protect users of its apps from child predators.

Longtime Slashdot reader cusco writes: A private company in China has developed hypersonic missiles that cost the same as a Tesla Model X. This missile, the YKJ-1000, is being marketed for sale at a reported price of $99,000, and it's in mass production now after successful tests. That is far below what countries will spend to target and shoot down the missile if it's heading their way.

Besides the low cost, they can be launched from anywhere. The launcher looks like any one of the tens of millions of shipping containers floating around on the ocean, or sitting at ports, or riding along on trucks, or sitting on industrial lots. The launchers for these missiles are hiding in plain sight, in other words. Whatever tactical advantages great-power countries have in ballistics is going away, fast; 1,300 kilometers is 800 miles, and so the range is anything within 800 miles of wherever someone can send a shipping container. To keep the price down, the missile is reportedly using civilian-grade materials and widely available commercial parts, along with simpler manufacturing methods like die-casting. There are also broader savings from tapping mature supply chains and using China's large-scale civilian industrial base.

An anonymous reader quotes a report from Ars Technica: A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor -- and curiously a data wiper that targets Iranian machines. The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its skill in large-scale automation and integration of well-known attack techniques.

More recently, TeamPCP has waged a relentless campaign that uses continuously evolving malware to bring ever more systems under its control. Late last week, it compromised virtually all versions of the widely used Trivy vulnerability scanner in a supply-chain attack after gaining privileged access to the GitHub account of Aqua Security, the Trivy creator. Over the weekend, researchers said they observed TeamPCP spreading potent malware that was also worm-enabled, meaning it had the potential to spread to new machines automatically, with no interaction required of victims behind the keyboard. [...]

As the weekend progressed, CanisterWorm [as Aikido has named the malware] was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there's no indication yet that the worm caused actual damage to Iranian machines, but that there was "clear potential for large-scale impact if it achieves active spread." It's unclear what the motive is for TeamPCP. Aikido researcher Charlie Eriksen wrote: "While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal."

BrianFagioli writes: Canonical has joined the Rust Foundation as a Gold Member, signaling a deeper investment in the Rust programming language and its role in modern infrastructure. The company already maintains an up-to-date Rust toolchain for Ubuntu and has begun integrating Rust into parts of its stack, citing memory safety and reliability as key drivers. By joining at a higher tier, Canonical is not just adopting Rust but also stepping closer to its governance and long-term direction.

The move also highlights ongoing tensions in Rust's ecosystem. While Rust can reduce entire classes of bugs, it often depends heavily on external crates, which can introduce complexity and auditing challenges, especially in enterprise environments. Canonical appears aware of that tradeoff and is positioning itself to influence how the ecosystem evolves, as Rust continues to gain traction across Linux and beyond. "As the publisher of Ubuntu, we understand the critical role systems software plays in modern infrastructure, and we see Rust as one of the most important tools for building it securely and reliably. Joining the Rust Foundation at the Gold level allows us to engage more directly in language and ecosystem governance, while continuing to improve the developer experience for Rust on Ubuntu," said Jon Seager, VP Engineering at Canonical. "Of particular interest to Canonical is the security story behind the Rust package registry, crates.io, and minimizing the number of potentially unknown dependencies required to implement core concerns such as async support, HTTP handling, and cryptography -- especially in regulated environments."

An anonymous reader quotes a report from NPR: The Trump administration will pay $1 billion to a French company to walk away from two U.S. offshore wind leases as the administration ramps up its campaign against offshore wind and other renewable energy. TotalEnergies has agreed to what's essentially a refund of its leases for projects off the coasts of North Carolina and New York, and will invest the money in fossil fuel projects instead, the Department of Interior announced Monday.

The Trump administration has tried to halt offshore wind construction, but federal judges overturned those orders. Environmental groups denounced the TotalEnergies deal as an alternate way to block wind projects. President Donald Trump has gone all in on fossil fuels, which he says is the way to lower costs for families, increase reliability and help the U.S. maintain global leadership in artificial intelligence.

TotalEnergies pledged to not develop any new offshore wind projects in the United States. TotalEnergies CEO Patrick Pouyanne said in a statement that the company renounced offshore wind development in the United States in exchange for the reimbursement of the lease fees, "considering that the development of offshore wind projects is not in the country's interest." Pouyanne said the refunded lease fees will finance the construction of a liquefied natural gas plant in Texas and the development of its oil and gas activities, calling it a "more efficient use of capital" in the U.S. After it makes those investments, TotalEnergies will be reimbursed, up to the amount paid in lease purchases for offshore wind, according to the DOI.