"Recent attacks show that hackers keep using the same tricks to sneak bad code into popular software registries," writes long-time Slashdot reader selinux geek, suggesting that "the real problem is how these registries are built, making these attacks likely to keep happening." After all, npm wasn't the only software library hit by a supply chain attack, argues the Linux Security blog. "PyPI and Docker Hub both faced their own compromises in 2025, and the overlaps are impossible to ignore." Phishing has always been the low-hanging fruit. In 2025, it wasn't just effective once — it was the entry point for multiple registry breaches, all occurring close together in different ecosystems... The real problem isn't that phishing happened. It's that there weren't enough safeguards to blunt the impact. One stolen password shouldn't be all it takes to poison an entire ecosystem. Yet in 2025, that's exactly how it played out...

Even if every maintainer spotted every lure, registries left gaps that attackers could walk through without much effort. The problem wasn't social engineering this time. It was how little verification stood between an attacker and the "publish" button. Weak authentication and missing provenance were the quiet enablers in 2025... Sometimes the registry itself offers the path in. When the failure is at the registry level, admins don't get an alert, a log entry, or any hint that something went wrong. That's what makes it so dangerous. The compromise appears to be a normal update until it reaches the downstream system... It shifts the risk from human error to systemic design.

And once that weakly authenticated code gets in, it doesn't always go away quickly, which leads straight into the persistence problem... Once an artifact is published, it spreads into mirrors, caches, and derivative builds. Removing the original upload doesn't erase all the copies... From our perspective at LinuxSecurity, this isn't about slow cleanup; it's about architecture. Registries have no universally reliable kill switch once trust is broken. Even after removal, poisoned base images replicate across mirrors, caches, and derivative builds, meaning developers may keep pulling them in long after the registry itself is "clean."
The article condlues that "To us at LinuxSecurity, the real vulnerability isn't phishing emails or stolen tokens — it's the way registries are built. They distribute code without embedding security guarantees. That design ensures supply chain attacks won't be rare anomalies, but recurring events."BR>
So in a world where "the only safe assumption is that the code you consume may already be compromised," they argue, developers should look to controls they can enforce themselves:

• Verify artifacts with signatures or provenance tools.
• Pin dependencies to specific, trusted versions.
• Generate and track SBOMs so you know exactly what's in your stack.
• Scan continuously, not just at the point of install.

"A group of researchers from the University of California, Irvine, have developed a way to use the sensors in high-quality optical mice to capture subtle vibrations and convert them into audible data," reports Tom's Hardware: [T]he high polling rate and sensitivity of high-performance optical mice pick up acoustic vibrations from the surface where they sit. By running the raw data through signal processing and machine learning techniques, the team could hear what the user was saying through their desk. Mouse sensors with a 20,000 DPI or higher are vulnerable to this attack. And with the best gaming mice becoming more affordable annually, even relatively affordable peripherals are at risk....

[T]his compromise does not necessarily mean a complicated virus installed through a backdoor — it can be as simple as an infected FOSS that requires high-frequency mouse data, like creative apps or video games. This means it's not unusual for the software to gather this data. From there, the collected raw data can be extracted from the target computer and processed off-site. "With only a vulnerable mouse, and a victim's computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and extract audio waveforms," the researchers state.
The researchers created a video with raw audio samples from various stages in their pipeline on an accompanying web site where they calculate that "the majority of human speech" falls in a frequency range detectable by their pipeline. While the collected signal "is low-quality and suffers from non-uniform sampling, a non-linear frequency response, and extreme quantization," the researchers augment it with "successive signal processing and machine learning techniques to overcome these challenges and achieve intelligible reconstruction of user speech."

They've titled their paper Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors. The paper's conclusion? "The increasing precision of optical mouse sensors has enhanced user interface performance but also made them vulnerable to side-channel attacks exploiting their sensitivity."

Thanks to Slashdot reader jjslash for sharing the article.

Currently DNA synthesis companies "deploy biosecurity software designed to guard against nefarious activity," reports the Washington Post, "by flagging proteins of concern — for example, known toxins or components of pathogens." But Microsoft researchers discovered "up to 100 percent" of AI-generated ricin-like proteins evaded detection — and worked with a group of leading industry scientists and biosecurity experts to design a patch. Microsoft's chief science officer called it "a Windows update model for the planet.

"We will continue to stay on it and send out patches as needed, and also define the research processes and best practices moving forward to stay ahead of the curve as best we can."

But is that enough? Outside biosecurity experts applauded the study and the patch, but said that this is not an area where one single approach to biosecurity is sufficient. "What's happening with AI-related science is that the front edge of the technology is accelerating much faster than the back end ... in managing the risks," said David Relman, a microbiologist at Stanford University School of Medicine. "It's not just that we have a gap — we have a rapidly widening gap, as we speak. Every minute we sit here talking about what we need to do about the things that were just released, we're already getting further behind."
The Washington Post notes not every company deploys biosecurity software. But "A different approach, biosecurity experts say, is to ensure AI software itself is imbued with safeguards before digital ideas are at the cusp of being brought into labs for research and experimentation." "The only surefire way to avoid problems is to log all DNA synthesis, so if there is a worrisome new virus or other biological agent, the sequence can be cross-referenced with the logged DNA database to see where it came from," David Baker, who shared the Nobel Prize in chemistry for his work on proteins, said in an email.

From 10 a.m. to 7 p.m. today (EDT), the Free Software Foundation celebrates its 40th anniversary with an online and in-person event. "We will broadcast the talks and workshops via a fully free software livestream on fsf.org/live," according to the FSF's official "FSF40 Celebration" page. "Everyone will be able to join the discussion via the #fsf40 IRC channel on Libera.Chat."

"4 decades, 4 freedoms, 4 all users" is the event's slogan.

And during the ceremony, a 40th-anniversary cake was sliced by newly-elected FSF president Ian Kelling (who was unanimously confirmed by FSF board members): Kelling, age 43, has held the role of a board member and a voting member since March 2021. The board said of Kelling's confirmation: "His hands-on technical experience resulting from his position as the organization's senior systems administrator proved invaluable for his work on the board of directors... He has the technical knowledge to speak with authority on most free software issues, and he has a strong connection with the community as an active speaker and blogger."

Kelling earned a bachelor's degree in computer science and is a continuous user, developer, and advocate for free software. His personal commitment to complete software freedom has been shaped by his past experiences working as a software developer for proprietary software companies while using, learning, and contributing to GNU/Linux on his own time.

"Ian has shown good judgment on the board, and a firm commitment to the free software movement," FSF founder and Chief GNUisance Richard Stallman said. Outgoing FSF President and long-time board member Geoff Knauth added: "Since joining the board in 2021, Ian has shown a clear understanding of the free software philosophy in today's technology, and a strong vision. He recognizes threats in upcoming technologies, promotes transparency, has played a significant role in designing and implementing the new board recruitment processes, and has always adhered to ethical principles. He has also given me valuable advice at critical moments, for which I am very grateful..."

Kelling will continue to fill the role of senior systems administrator for the FSF, which he has held since 2017, where he leads the FSF's tech team under the direction of Zoë Kooyman, executive director of the FSF. True to the FSF's tradition for this role, he takes on the governance role as a volunteer.
Upcoming on the livestream:

• Free Software Foundation trivia
• LibreLocal group lightning talks
• A panel with the FSF, Electronic Frontier Foundation (EFF) , F-Droid, and Sugar Labs

Long-time Slashdot reader theodp writes: CBS News has a TL;DR video report, but Jeremy Stern's earlier epic Class Dismissed [at Collosus.com] offers a deep dive into Alpha School, "the teacherless, homeworkless, K-12 private school in Austin, Texas, where students have been testing in the top 0.1% nationally by self-directing coursework with AI tutoring apps for two hours a day.

Alpha students are incentivized to complete coursework to "mastery-level" (i.e., scoring over 90%) in only two hours via a mix of various material and immaterial rewards, including the right to spend the other four hours of the school day in 'workshops,' learning things like how to run an Airbnb or food truck, manage a brokerage account or Broadway production, or build a business or drone."

Founder MacKenzie Larson's dream that "kids must love school so much they don't want to go on vacation" drew the attention of — and investments of money and time from — mysterious tech billionaire Joe Liemandt, who sent his own kids to Larson's school and now aims to bring the experience to rest of the world. "When GenAI hit in 2022," Liemandt said, "I took a billion dollars out of my software company. I said, 'Okay, we're going to be able to take MacKenzie's 2x in 2 hours groundwork and get it out to a billion kids.' It's going to cost more than that, but I could start to figure it out. It's going to happen. There's going to be a tablet that costs less than $1,000 that is going to teach every kid on this planet everything they need to know in two hours a day and they're going to love it.

"I really do think we can transform education for everybody in the world. So that's my next 20 years. I literally wake up now and I'm like, I'm the luckiest guy in the world. I will work 7 by 24 for the next 20 years to fricking do this. The greatest 20 years of my life are right ahead of me. I don't think I'm going to lose. We're going to win."

Of course, Stern writes at Collosus.com, there will be questions about this model of schooling, but asks: "Suppose that from kindergarten through 12th grade, your child's teachers were, in essence, stacks of machines. Suppose those machines unlocked more of your child's academic potential than you knew was possible, and made them love school. Suppose the schooling they loved involved vision monitoring and personal data capture. Suppose that surveillance architecture enabled them to outperform your wildest expectations on standardized tests, and in turn gave them self-confidence and self-esteem, and made their own innate potential seem limitless.... Suppose poor kids had a reason to believe and a way to show they're just as academically capable as rich kids, and that every student on Earth could test in what we now consider the top 10%. Suppose it allowed them to spend two-thirds of their school day on their own interests and passions. Suppose your child's deep love of school minted a new class of education billionaires.

"If you shrink from such a future, by which principle would you justify stifling it?"

The food delivery robots that arrived in Atlanta in June "are not our friends," argues a headline at CNN.

The four-wheeled Serve Robotics machines "get confused at crosswalks. They move with the speed and caution of a first-time driver, stilted and shy, until they suddenly speed up without warning. Their four wheels look like they were made for off-roading, but they still get stuck in the cracks of craggy sidewalks. Most times I see the bots, they aren't moving at all... " Cyclists swerve to avoid them like any other obstacle in the road. Patrons of Shake Shack (a national partner of Serve) weave around the mess of robots parked in front of the restaurant to make their way inside and place orders on iPads... The dawn of everyday, "friendly" robots may be here, but they haven't proven themselves useful — or trustworthy — yet. "People think they are your friends, but they're actually cameras and microphones of corporations," said Joanna Bryson, a longtime AI scholar and professor of ethics and technology at the Hertie School in Berlin. "You're right to be nervous..."

When robots show up in a city, it's often not because the residents of said city actively wanted them there or had a say in their arrival said Edward Ongweso Jr. [a researcher at the Security in Context initiative, a tech journalist and self-proclaimed "decelerationist" urging a slower rollout for Silicon Valley tech pioneers and civic leaders embracing untested and unregulated technology]... "They're being rolled out without any sort of input from people, and as a result, in ways that are annoying and inconvenient," Ongweso Jr. said. "I suspect that people would feel a lot differently if they had a choice ... 'what kind of robots are we interested in rolling out in our homes, in our workplaces, on our college campuses or in our communities?'"

Delivery robots aren't unique to Atlanta. AI-driven companies including Avride and Coco Robotics have sent fleets of delivery robots to big cities like Chicago, Dallas and Jersey City, as well as sleepy college towns... "They're popping up everywhere," Ongweso Jr. continued, "because there's sort of a realization that you have to convince people to view them as inevitable. The way to do that is to just push it into as many places as possible, and have these spectacle demonstrations, get some friendly coverage, try to figure out the ways in which you're selling this as the only alternative.... If you humanize it, you're more willing to entertain it and rationalize it being in your area — 'That's just Jeffrey,' or whatever they name it — instead of seeing it for what it is, which is a bunch of investors privately encroaching on a community or workplace," Ongweso Jr. said. "It's not the future. It's a business model."
Serve Robotics CEO Ali Kashani told CNN their goal in Atlanta was reducing traffic — and that the robots' average delivery distance there was under a mile, taking about 18 minutes per delivery.

Serve Robotics has also launched their robots in Chicago, Los Angeles, Miami, Dallas-Fort Worth and Atlanta, according to the site Robotics 247, as part of an ongoing collaboration with Uber Eats. (Although after the robots launched in Los Angeles, a man in a mobility scooter complained the slow-moving robot swerved in front of him.) And "residents of other cities have had to rescue them when they've been felled by weather," reports CNN.

CNN also spoke to Dylan Losey, an assistant professor of mechanical engineering at Virginia Tech who studies human-robot interaction, who notes that the robots' AI algorithms are "completely unregulated... We don't know if a third party has checked the hardware and software and deemed the system 'safe' — in part because what it means for these systems to be 'safe' is not fully understood or standardized." (CNN's reporter adds that "the last time I got close to a bot, to peer down at a flier someone left on top of it, it revved at me loudly. Perhaps they can sense a hater.")

But Serve's CEO says there's one crucial way robot delivery will be cheaper than humans. "You don't have to tip the robots."

"A small number of researchers are making real progress trying to create computers out of living cells," reports the BBC: Among those leading the way are a group of scientists in Switzerland, who I went to meet. One day, they hope we could see data centres full of "living" servers which replicate aspects of how artificial intelligence (AI) learns — and could use a fraction of the energy of current methods.

That is the vision of Dr Fred Jordan, co-founder of the FinalSpark lab I visited. We are all used to the ideas of hardware and software in the computers we currently use. The somewhat eyebrow-raising term Dr Jordan and others in the field use to refer to what they are creating is "wetware". In simple terms, it involves creating neurons which are developed into clusters called organoids, which in turn can be attached to electrodes — at which point the process of trying to use them like mini-computers can begin...

For FinalSpark, the process begins with stem cells derived from human skin cells, which they buy from a clinic in Japan. The actual donors are anonymous... In the lab, FinalSpark's cellular biologist Dr Flora Brozzi handed me a dish containing several small white orbs. Each little sphere is essentially a tiny, lab-grown mini-brain, made out of living stem cells which have been cultured to become clusters of neurons and supporting cells — these are the "organoids"... After undergoing a process which can last several months, the organoids are ready to be attached to an electrode and then prompted to respond to simple keyboard commands... Electrical stimulations are important first steps towards the team's bigger goal of triggering learning in the biocomputer's neurons so they can eventually adapt to perform tasks...

FinalSpark are not the only scientists working in the biocomputing space. Australian firm Cortical Labs announced in 2022 that it had managed to get artificial neurons to play the early computer game Pong. In the US, researchers at Johns Hopkins University are also building "mini-brains" to study how they process information — but in the context of drug development for neurological conditions like Alzheimer's and autism.
Thanks to long-time Slashdot reader fjo3 for sharing the news.

An anonymous reader quotes a report from TechCrunch: Google is bringing its AI coding agent Jules deeper into developer workflows with a new command-line interface and public API, allowing it to plug into terminals, CI/CD systems, and tools like Slack -- as competition intensifies among tech companies to own the future of software development and make coding more of an AI-assisted task.

Until now, Jules -- Google's asynchronous coding agent -- was only accessible via its website and GitHub. On Thursday, the company introduced Jules Tools, a command-line interface that brings Jules directly into the developer's terminal. The CLI lets developers interact with the agent using commands, streamlining workflows by eliminating the need to switch between the web interface and GitHub. It allows them to stay within their environment while delegating coding tasks and validating results. "We want to reduce context switching for developers as much as possible," Kathy Korevec, director of product at Google Labs, told TechCrunch.

Jules differs from Gemini CLI in that it focuses on "scoped," independent tasks rather than requiring iterative collaboration. Once a user approves a plan, Jules executes it autonomously, while the CLI needs more step-by-step guidance. Jules also has a public API for workflow and IDE integration, plus features like memory, a stacked diff viewer, PR comment handling, and image uploads -- capabilities not present in the CLI. Gemini CLI is limited to terminals and CI/CD pipelines and is better suited for exploratory, highly interactive use.

An anonymous reader shares a report from The Verge: Microsoft is getting ready to announce an ad-supported version of Xbox Cloud Gaming. Sources familiar with Microsoft's plans tell The Verge that the software maker has started testing ad-supported games streaming internally, allowing employees to play select titles free without a Game Pass subscription.

I understand that the free ad-supported version of Xbox Cloud Gaming will include the ability to stream some games you own, as well as eligible Free Play Days titles, which let Xbox players try games over a weekend. You'll also be able to stream Xbox Retro Classics games. Sources tell me the internal testing includes around two minutes of preroll ads before a game is available to stream for free through Xbox Cloud Gaming. [...] The ad-supported Xbox Cloud Gaming version will be available on PC, Xbox consoles, handheld devices, and via the web.

No automaker has matched Tesla's ability to deliver over-the-air software updates despite years of effort and billions in spending. Tesla introduced the technology in 2012 and issued 42 updates within six months, Jean-Marie Lapeyre, Capgemini's chief technology officer for automotive, told WIRED. Other automakers ship updates "maybe once a year," Lapeyre said.

General Motors actually introduced OTA functionality first in 2010, two years before Tesla, but limited it to the OnStar telematics system. Traditional automakers treat software as one bolt-on component among many. Tesla and other digital-native brands like Rivian, Lucid and Chinese companies including BYD and Xpeng treat it as central. There are now 69 million OTA-capable vehicles in the United States, S&P Global estimates. More than 13 million vehicles were recalled in 2024 due to software-related issues, a 35 percent increase over the prior year. OTA updates cost automakers $66.50 per vehicle for each gigabyte of data, Harman Automotive estimates.

An anonymous reader quotes a report from MIT Technology Review: A team at Microsoft says it used artificial intelligence to discover a "zero day" vulnerability in the biosecurity systems used to prevent the misuse of DNA. These screening systems are designed to stop people from purchasing genetic sequences that could be used to create deadly toxins or pathogens. But now researchers led by Microsoft's chief scientist, Eric Horvitz, says they have figured out how to bypass the protections in a way previously unknown to defenders.The team described its work today in the journalScience.

Horvitz and his team focused on generative AI algorithms that propose new protein shapes. These types of programs are already fueling the hunt for new drugs at well-funded startups like Generate Biomedicines and Isomorphic Labs, a spinout of Google. The problem is that such systems are potentially "dual use." They can use their training sets to generate both beneficial molecules and harmful ones. Microsoft says it began a "red-teaming" test of AI's dual-use potential in 2023 in order to determine whether "adversarial AI protein design" could help bioterrorists manufacture harmful proteins.

The safeguard that Microsoft attacked is what's known as biosecurity screening software. To manufacture a protein, researchers typically need to order a corresponding DNA sequence from a commercial vendor, which they can then install in a cell. Those vendors use screening software to compare incoming orders with known toxins or pathogens. A close match will set off an alert. To design its attack, Microsoft used several generative protein models (including its own, called EvoDiff) to redesign toxins -- changing their structure in a way that let them slip past screening software but was predicted to keep their deadly function intact. "This finding, combined with rapid advances in AI-enabled biological modeling, demonstrates the clear and urgent need for enhanced nucleic acid synthesis screening procedures coupled with a reliable enforcement and verification mechanism," says Dean Ball, a fellow at the Foundation for American Innovation, a think tank in San Francisco.

alternative_right shares a report from the Smoking Gun: Minutes after vandalizing 17 cars in a Missouri college parking lot, a 19-year-old sophomore had a lengthy ChatGPT conversation during which he confessed to the crime, asked about the possibility of getting caught, and wondered, "is there any way they could know it was me," according to a police probable cause statement. Ryan Schaefer was arrested yesterday and charged with felony property damage for a rampage early Sunday at a Missouri State University parking lot. Investigators allege that Schaefer shattered car windows, ripped off side mirrors, dented hoods, and broke windshield wipers during the 3 AM spree.

When confronted with surveillance footage and other evidence, Schaefer said that he could see the resemblance between the suspect and himself. At that point, Schaefer reportedly consented to a search of his iPhone. A subsequent review of the device revealed location data placing Schaefer "at or near the scene of the crime," as well as a "troubling dialogue exchange this defendant seems to have had with artificial intelligence software installed on his phone," prosecutors reported. The incriminating ChatGPT conversation can be found here.

Tech companies are struggling to fill AI-specialized roles despite a surplus of available tech talent. U.S. colleges more than doubled the number of computer science degrees awarded between 2013 and 2022. Major layoffs at Google, Meta, and Amazon flooded the job market. The Bureau of Labor Statistics predicts businesses will employ 6% fewer computer programmers in 2034 than last year. The disconnect stems from companies seeking workers with specific AI expertise.

Runway CEO Cristobal Valenzuela estimates only hundreds of people worldwide possess the skills to train complex AI models. His company advertises base salaries up to $490,000 for a director of machine learning. Daniel Park's startup Pickle offers up to $500,000 base salary and expects candidates willing to work seven days a week. The WSJ story includes the example of one James Strawn, who was laid off from Adobe over the summer after 25 years as a senior software quality-assurance engineer. The 55-year-old has had one interview since his layoff. Matt Massucci, CEO of recruiting firm Hirewell, told the publication companies can automate some low-level engineering tasks and redirect that money to high-end talent.

An anonymous reader quotes a report from Wired: Thinking Machines Lab,a heavily funded startup cofounded by prominent researchers from OpenAI, has revealed its first product -- a tool called Tinker that automates the creation of custom frontier AI models. "We believe [Tinker] will help empower researchers and developers to experiment with models and will make frontier capabilities much more accessible to all people," said Mira Murati, cofounder and CEO of Thinking Machines, in an interview with WIRED ahead of the announcement.

Big companies and academic labs already fine-tune open source AI models to create new variants that are optimized for specific tasks, like solving math problems, drafting legal agreements, or answering medical questions. Typically, this work involves acquiring and managing clusters of GPUs and using various software tools to ensure that large-scale training runs are stable and efficient. Tinker promises to allow more businesses, researchers, and even hobbyists to fine-tune their own AI models by automating much of this work.

Essentially, the team is betting that helping people fine-tune frontier models will be the next big thing in AI. And there's reason to believe they might be right. Thinking Machines Lab is helmed by researchers who played a core role in the creation of ChatGPT. And, compared to similar tools on the market, Tinker is more powerful and user friendly, according to beta testers I spoke with. Murati says that Thinking Machines Lab hopes to demystify the work involved in tuning the world's most powerful AI models and make it possible for more people to explore the outer limits of AI. "We're making what is otherwise a frontier capability accessible to all, and that is completely game-changing," she says. "There are a ton of smart people out there, and we need as many smart people as possible to do frontier AI research." "There's a bunch of secret magic, but we give people full control over the training loop," OpenAI veteran John Schulman says. "We abstract away the distributed training details, but we still give people full control over the data and the algorithms."

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

Microsoft is promoting Judson Althoff, currently executive vice president and chief commercial officer at Microsoft, to a new role as CEO of its commercial business. From a report: It's the latest shakeup inside the company, as Microsoft navigates what CEO Satya Nadella calls a "tectonic AI platform shift." It's also a move that will allow Nadella to focus on more technical work at Microsoft, while still remaining overall CEO.

In an internal memo to employees today, Nadella announced Althoff's promotion and said it's linked with the need for Microsoft to reinvent itself in the AI era and "bring together sales, marketing, operations, and engineering to drive growth and strengthen our position as the partner of choice for AI transformation." Althoff has led Microsoft's global sales organization for the past nine years, helping the company build out its Microsoft Customer and Partner Solutions (MCAPS) division. He will now also be responsible for the operations and marketing teams that help sell Microsoft's software and services to businesses, but not the engineering teams that help build them.

Independent UK bookshops will now be able to sell ebooks via a new platform (Bookshop.org's expansion), keeping 100% of profits and offering a non-Amazon way to reach digital readers. "Bookshops now have an additional tool in their fight against Amazon," said Nicole Vanderbilt, managing director of Bookshop.org UK. "Digital readers don't depend on Amazon's monopoly any more, now that they can find ebooks at the same price on Bookshop.org." The Guardian reports: Bookshop.org launched in the UK in November 2020 as a platform for independent bookshops to sell physical books. Bookshops receive 30% of the cover price from each sale they generate; so far, the UK site has generated 4.5 million pounds for independent bookshops. Customers will also now be able to buy ebooks through a bookshop of their choice. Profits from orders without a specified bookshop will be added to a shared pool, which will be distributed among all participating bookshops on the platform. [...]

The platform will launch with a catalogue of more than a million ebooks from all major publishers. It will be available online via a web browser and through the Bookshop.org apps on Apple and Android. "Due to Amazon's proprietary digital rights management [DRM] software and publishers' DRM requirements, it's not currently possible to buy DRM-protected ebooks from Bookshop.org or local bookshops and read them on your Kindle," said Bookshop.org. However, the site is working with the e-reader company Kobo to support Kobo devices "later this year," and longer term would "love to offer our own eInk device."

Amazon today announced three new Kindle Scribe models, its e ink-featuring tables designed for note-taking and reading. The lineup includes the standard Kindle Scribe and a version without a front light alongside the Kindle Scribe Colorsoft. The new devices feature an 11-inch glare-free E Ink screen compared to the 10.2-inch display on previous models.

Amazon has reduced the weight to 400 grams from 433 grams and made the devices 5.4mm thin. The company added a quad-core processor and additional memory to deliver writing and page turns that are 40% faster than earlier versions. The Colorsoft model uses custom-built display technology to offer 10 pen colors and five highlighter colors. Amazon redesigned the software to include AI-powered notebook search and summaries. The devices will support Google Drive and Microsoft OneDrive for document access and allow users to export notes as editable text to OneNote. The standard Kindle Scribe will start at $499.99 and the Colorsoft at $629.99 when they become available later this year. The version without a front light will cost $429.99 and arrive early next year.

The FCC mistakenly published a 163-page PDF containing detailed schematics for Apple's upcoming iPhone 16e, despite Apple explicitly requesting indefinite confidentiality to protect trade secrets. AppleInsider reports: A cover letter is also distributed alongside the schematics, addressed to the FCC and dated September 16, 2024. The letter from Apple is a request for the confidential treatment of documents that are filed with the FCC. [...] The letter from Apple requests a series of documents are withheld from public viewing "indefinitely." The justification is that they contain "confidential and proprietary trade secrets" that are not disclosed to the public post-release, due to giving competitors an "unfair advantage."

The list of documents, Apple states, includes: Block Diagrams, Electrical Schematic Diagrams, Technical Descriptions, Product Specifications, Antenna Locations, Tune-Up Procedure, and Software Security Description. Other documents, such as external and internal photographs, shots of the test setup, and the user manual, are deemed to be less damaging and have "short-term confidentiality" requirements. In those cases, Apple asks for short-term confidentiality for 180 days after the equipment authorization is granted by the FCC.

An anonymous reader shares a report: You've probably heard of vibe coding -- novices writing apps by creating a simple AI prompt -- but now Microsoft wants to introduce a similar thing for its Office apps. The software maker is launching a new Agent Mode in Excel and Word that can generate complex spreadsheets and documents with just a prompt. A new Office Agent in Copilot chat, powered by Anthropic models, is also launching today that can create PowerPoint presentations and Word documents from a "vibe working" chatbot.

[...] Agent Mode essentially takes a complex task and breaks it down with planning and reasoning that you can follow. It then uses OpenAI's GPT-5 model to break down each step of document creation into an agentic task and execute it. It's like watching an automated macro in real time, showing everything it's doing in the sidebar.