This week the Ubuntu desktop's director of engineering announced they're bringing speech-to-text dictation to Ubuntu Desktop, aiming for an experience "that feels like a natural part of the desktop while respecting user privacy and running entirely on local hardware."

"Speech recognition has become a common feature on modern platforms, and we think it should be a first-class experience on Ubuntu Desktop as well."

More details from the blog It's FOSS: For Ubuntu 26.10, the initial version of Myna is expected to be a desktop dictation tool built around GNOME on Wayland with a push-to-talk mechanism gatekeeping when your microphone accepts input. Using it means holding a hotkey, speaking, and letting go. A small activity indicator shows while it is listening, and the transcribed text lands wherever the cursor was sitting when dictation started.

Recognition itself happens inside a sandboxed component called the Canonical Inference Snap, while a Speech Orchestrator manages the session and an Audio Adapter handles whatever the microphone picks up, denoising and chunking it before it ever reaches the model... Speech recognition will happen locally, and an internet connection is not needed once the appropriate model is installed... The audio data won't be sticking around either, being stored in a small in-memory buffer that gets discarded the moment the session ends. Features like dictation into password fields, wake words, continuous listening, voice assistants, voice commands, translation, speaker identification, and automatic language detection are all off the table...

You should also know that Canonical is looking for feedback before the specs for Myna are finalized, especially from people who already rely on dictation or assistive tools on Linux.

"A grassroots movement is forming among everyday tech workers who are demanding their companies develop and deploy AI responsibly," reports TechCrunch.

Hoping to leverage that discontent is a new super PAC called the Guardrails Alliance. The New York Times reports that it launched Thursday with backers that included tech employees and labor unions: Guardrails positions itself as a populist political movement that runs on small donations from people in the trenches of the AI boom. The PAC has about $5 million at its disposal today and planGuardrails will buy ads to support Alex Bores, a New York congressional candidate who became Leading the Future's first target and is running in the primaries next week. s to raise $15 million this cycle — small potatoes compared to deep-pocketed adversaries like Leading the Future, which has more than $100 million from tech leaders like OpenAI president Greg Brockman...

"This is not about matching [Leading the Future] dollar for dollar," [said the super PAC's co-founder, political operative Shaunna Thomas]. "What this vehicle is meant to do is be a political home for people who are concerned about the way the anti-regulation AI tech sector is trying to manipulate elections."
Meanwhile a former Netflix and Warner Bros. executive has launched the Alliance for Responsible Innovation in the Arts & Media, reports Variety, calling it an AI-focused content coalition that says it's dedicated to supporting "responsible and sustainable AI innovation and the importance of human creativity." The initial members of the coalition, announced Monday, include Disney, the New York Times, Adobe, Condé Nast, the Financial Times, ITV, Advance, BBC, Cambridge University Press & Assessment, U.K. publisher Reach and Wiley. Many of the coalition's members have either struck deals with AI companies or are developing their own AI tools... The group plans to argue for legal and policy guardrails around AI's usage, with its funding directed towards analyses, tools and services focused on advancing those initiatives...

One of the group's launch advisers is Damian Collins, OBE, who previously served as the U.K. Parliamentary Under-Secretary of State in the Department for Science, Innovation and Technology under prime ministers Boris Johnson and Liz Truss. "Using AI to break the law can never be an acceptable excuse," he said in a statement. "Laws around personal safety, intellectual property and financial crime still apply in the age of AI. This is why ARIAM has been created and why I'm proud to working with this necessary initiative."

The Society of Motion Picture and Television Engineers has published over 800 technical standards over the years (as a professional association for the media and entertainment industry).

But this week SMPTE "announced that its complete Standards catalog, the technical backbone behind everything from SDI and timecode to IP-based broadcast workflows, is now freely available to anyone in the global media technology community," reports the filmmaking news site CineD, arguing it's "one of the more meaningful structural shifts we have seen from a standards body in years" that could "reshape how smaller developers and educators engage with professional media technology." The move covers all published Standards, Recommended Practices, Engineering Guidelines and Registered Disclosure Documents, plus every future release, ending a long-standing model in which individual documents often sold for well over $100 each. For more than a century, SMPTE Standards have quietly governed how images and sound move through the production chain. If you have ever recorded timecode in the HH:MM:SS:FF format, routed a signal over 3G-SDI, or built a facility around the ST 2110 suite for media over IP, you have relied on SMPTE specifications, whether you knew it or not... Until now, accessing the actual text of those documents usually meant paying per file, a barrier that this announcement removes entirely... The latest releases are available through the Recently Published Documents page on the SMPTE website, with the complete archive reachable through the SMPTE Standards Library...

There is also a practical, behind-the-scenes story here. The open-access move is part of a broader modernization of how SMPTE develops and publishes Standards. Recent initiatives include adopting GitHub-based workflows for version control, issue tracking and automation, transitioning to structured HTML-based authoring, and implementing an integrated publishing pipeline that streamlines document creation, review, validation and release... The most consequential beneficiaries are arguably not the large members already inside the system, but the developers, integrators, educators and manufacturers who previously worked around the paywall... The practical upshot is that developers and emerging markets can build from accurate primary specifications rather than secondhand sources, which matters enormously when a single misread tolerance or metadata field can break compatibility down the line.

This also fits a wider pattern of the industry moving toward openness. We have previously covered moments like GoPro's decision to make its CineForm codec open source and release the SDK, a codec that SMPTE itself standardized in 2015 as an open standard for acquisition and post production. Lowering the cost of knowledge tends to widen the pool of people who can contribute to it, and a freely readable standards library is a significant step in that direction for an organization that has historically sat behind a per-document fee.
"This was a decision we did not make lightly," says SMPTE President Rich Welsh. But "For 110 years, SMPTE has evolved alongside the media technology industry, helping to drive change and innovation — and we're not stopping now." "Our industry is confronting transformative shifts, from IP-based workflows to AI authenticity and content provenance, and we find ourselves at another inflection point. We listened to our Members, Partners and the global Standards community, and the answer was clear: Interoperability is essential to the future of media. Now is the time to open the gates and ensure the next generation of media technology is built on a stronger, more accessible foundation."
Thanks to innocent_white_lamb (Slashdot reader #151,825) for sharing the news.

Ars Technica's senior security editor reports: Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers.

The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period... "The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure," Microsoft said Thursday. "Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor."

Microsoft said it observed Crypto Clipper spreading through .lnk file on a USB drive. These files store executable code. When an infected USB drive is plugged into a device, the code checks whether it is already installed on the machine. If it isn't, the malware downloads it through the Tor proxy. To better conceal evidence of the worm, the malware scans the infected USB drive and names the .lnk files with similar names... The stealer also replaces addresses it finds with ones belonging to attacker-controlled wallets. This allows the malware to divert payments to the attacker's pockets. Microsoft believes the purpose of the screenshots is to provide context that may be useful. "This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking," Microsoft said. "The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices."
Thanks to Slashdot reader joshuark for sharing the news.

The Free Software Foundation's GNU Savannah hosts thousands of free software projects — both GNU and non-GNU projects, including Drupal.

But in early May, security researchers from Hacktron.AI reported vulnerabilities and demonstrated an exploit, according to a new statement Friday from the FSF: We have been working with these researchers since their initial report, and have also addressed additional security issues they submitted. All reported issues have been patched thanks to the hard work of GNU and FSF volunteers, as well as FSF staff. After thorough review, we have found no reason to believe that sensitive project data or credentials were accessed, nor that there has been any compromise of Savannah's software supply chain.

Nevertheless, we take the security of the GNU system, the tools which make it possible, and the projects we host very seriously. This body of software has become essential to millions (if not billions) of users around the world. We are therefore taking additional precautionary steps. Though the initial security issue was reported to us in early May, the vulnerabilities were discovered in software that was published approximately two years prior. We will be communicating directly with Savannah-hosted projects about steps they can take to review and strengthen the security of their projects.

We have also communicated with the other Savane instances we're aware of to assist their review of their own environments, and take any steps needed to help protect their users... This statement is intended as an initial notice. We expect to publish a report on the incident within 30 days.
Hacktron.AI bills itself as "Your AI teammate for security." Its web page notes that its investors include Meta, DeepMind, and Perplexity.

An anonymous reader quotes a report from NPR: Student loan borrowers who enroll in automatic payments will get a much bigger discount on interest starting July 1, the U.S. Department of Education says. Auto pay has long offered a modest discount off borrowers' interest rate -- .25 percentage points -- but after millions of borrowers opted out during the long COVID repayment pause, with some making no payments for years, the nation's student debt portfolio swelled to $1.7 trillion. On Thursday, the department said it will temporarily increase its auto pay interest rate discount to one full percentage point. Practically, that means an undergraduate borrower with a loan at the current 6.39% would see their interest rate drop temporarily to 5.39%. The rate cut will last for two years, from July 1, 2026 through June 30, 2028. Borrowers already enrolled in auto pay do not need to act. They will automatically receive the rate cut. [...] The department says borrowers will have until Sept. 30 to sign up for auto pay and qualify for the two-year interest discount.

Norway will largely prohibit generative AI use for elementary kids ages 6 to 13 beginning with the new school year, while allowing limited, teacher-supervised use for older students. The government says the restrictions are intended to prevent children from skipping foundational reading, writing, and mathematics skills amid declining test scores. Reuters reports: Facing a broad decline in education test scores, the government in 2024 banned smartphones from schools and has given teachers back more powers to enforce discipline in the classroom. Using AI increases the risk that young children skip important steps in their education, Prime Minister Jonas Gahr Stoere told a press conference on Friday. "The most important thing in school is that our children learn to read, write and do mathematics," Stoere said, adding that the new standards will be imposed from the new school year beginning in late August.

Pupils from first through seventh grade, aged 6 to 13, should as a general rule not be using AI, while those in lower secondary school, aged 14 to 16, can cautiously adopt tools under teachers' supervision, the government said. In upper secondary education, from ages 17 to 19, students should learn to use AI appropriately so that they are prepared for further education and work, it added. In a related statement, the Norwegian government also said it would propose legislation to fund the use of more books in classrooms, reversing the trend towards computer tablets.

An anonymous reader quotes a report from Wired: A report from Canada's Transportation Safety Board has highlighted regulatory failures that allowed OceanGate's unregistered, unflagged, and uncertified Titan submersible to operate out St. John's, Newfoundland, for years before it imploded on a tourist trip to the wreck of the Titanic in 2023. "When it came to the Titan, critical information existed across multiple federal government organizations, but no one was responsible for connecting the dots," says TBS chair Yoan Marier in a statement. "Without a complete picture of the operation, the Titan continued to operate in Canada without regulatory oversight." [...] As OceanGate continued to operate from St. John's in 2021 and 2022, the Titan made successful dives to the Titanic and several sites within Canadian waters. The company eventually interacted with a total of 10 Canadian federal agencies, including Parks Canada, the Department of National Defense, and the Royal Canadian Mounted Police. But the company's operations were never directly reported to the team responsible for marine safety. "In terms of the actual people that were responsible for marine oversight, their focus was on the Canadian support vessel," says TSB investigator Jason Melvin.

While TSB investigators did not have access to the wreckage of the Titan itself, which remains with the US Coast Guard, they did analyze portions of the carbon fiber left over from its manufacture. They calculated that a hull made to OceanGate's exact specifications might have been able to make hundreds of millions of dives to Titanic depths before failing. However, the composite samples as built had porosity and waviness between layers and were ground down in a way that might have introduced defects. When the TSB tested the compressive strength of the carbon fiber, it indicated the material could fail in as few as 30 deep dives. [...] The TSB is recommending increased oversight of the riskiest vessels and improvements in information sharing between departments, and is requiring that all human-occupied submersibles be subject to international construction and safety standards.

An anonymous reader quotes a report from The Guardian: In May, the federal government announced without warning that it would take apart a network of ocean monitoring systems that it had spent over $350 million to build. No reason was given for the decision to shut down the Ocean Observatories Initiative (OOI), but suspicion immediately focused on the network's role in tracking climate change. But the OOI also provides data that's useful for weather forecasting and fisheries management, leading to widespread opposition. Today, it appears that the opposition has won, as the government will announce that it's reversing the decision. The big remaining question is how much damage the OOI took during the intervening month.

[...] The OOI is a federally supported resource that provides ocean data for use by academic researchers, government planners, and private companies. It consists of arrays of monitoring systems in several locations in both the Atlantic and Pacific Oceans that can track things like currents, salinity, chemical levels, temperatures, and tectonic activity. (There are over 100 individual entries on the page that display the data gathered by the system.) Obviously, there are many potential uses of that data. The fact that it has been gathered continuously for a decade means it can help track changes in how carbon dioxide and heat enter the oceans. This is probably what made it a target for the climate change denialists who helped set the Trump administration's policy.

Those policymakers are perfectly happy to annoy people with environmental concerns, but they apparently neglected to consider how upset everyone else would be about losing access to the other data. The ensuing public backlash led the Senate on Wednesday to unanimously agree with a measure that would block the government from taking down the OOI. Today's decision may indicate that the administration recognized it had gotten itself into a fight it knew it was losing. The National Science Foundation formally announced the decision, stating: "effective immediately, [it] will not proceed with further removal or descoping of equipment from the remaining arrays and will continue operations including planned maintenance." The agency added that it "appreciates the concerns raised by the range of stakeholders that have informed us they rely on data" from the OOI.

The NSF also said it would "issue a Dear Colleague Letter to collect input from stakeholders and convene an expert panel to assess observational needs, evaluate available data sources, consider responses ... and help the agency identify a sustainable path for NSF's ocean observing systems."

California's proposed "billionaire tax" has gathered enough signatures to qualify for the November ballot, setting up a major fight between labor unions and some of Silicon Valley's richest figures. From the report: The California Billionaire Tax Act, colloquially known as the billionaire tax, would levy a one-time 5% tax on any California resident worth more than $1bn. The proposal is backed by the Service Employees International Union-United Healthcare Workers West as a means of funding California's strained healthcare and education programs. The proposal has become one of the state's biggest political flashpoints as it gained momentum throughout the year, with prominent billionaires, such as the Google co-founder Larry Page, making moves to cut ties with the state and Newsom vowing to block it from going to a vote. Although it has gained enough signatures for the ballot, the groups backing the measure have until June 25 to decide whether to move forward or potentially strike a deal with the state.

While unions backing the group have framed the proposal as a way of getting the ultra-rich to pay their fair share, many of the state's tech elites have condemned the tax and spent millions attempting to crush it. The Google co-founder Sergey Brin has spent $82m alone on efforts to fight the tax, while joining other Silicon Valley billionaires in declaring he will leave California if it goes through. The Palantir co-founder Peter Thiel, crypto billionaire Chris Larsen and Ring founder James Siminoff are among the other tech moguls who have made huge political donations to groups opposing the tax. California has the most billionaires out of any state, many of whom have increased their wealth in recent years amid the AI boom.

An anonymous reader quotes a report from the Associated Press: As artificial intelligence companies reshape the economy and race toward trillion-dollar valuations, Sen. Bernie Sanders is proposing a sweeping transfer of wealth and power from the industry to the American public. The legislation, shown first to The Associated Press, would create a sovereign wealth fund overseen by an independent commission and financed through a one-time 50% tax on the stock of the largest AI companies. Sanders estimates that the tax would create a nearly $7 trillion fund that would generate hundreds of billions of dollars annually in direct payments to Americans and programs such as health care, education and housing.

[...] The 50% tax would apply to AI companies that reach $200 million in annual AI sales. Any new AI company that reaches that benchmark would also be subject to the tax. It would create a sovereign wealth fund -- similar to those used by countries around the world and some U.S. states -- that Sanders estimates would be worth around $7 trillion. Unlike a traditional tax, the proposal would require companies to transfer stock rather than cash, effectively making the American public a major shareholder in the country's largest AI firms.

A seven-person independent commission -- nominated by the president and confirmed by the Senate -- would manage the fund and use its voting shares "to block decisions that hurt the American people and to push for policies that help them," the bill summary says. Sanders proposes that a 5% annual dividend from the fund would provide direct payments of more than $1,000 to every American. If companies grow, the gains would be used for public goods such as education, housing and health care. Sanders argues taxpayers would not bear the losses if AI company valuations decline. "We're not going to lose any money, even if there is a bust in the bubble," Sanders said. The commission would be directed to "to block decisions that hurt the American people and to push for policies that help them," according to the summary. "The benefits cannot simply go to the handful of wealthy corporations. They will be shared by the American people," the independent Vermont senator said in an interview Wednesday. "The public has got to have a significant seat at the table to make sure that terrible things do not happen to ordinary people, and that in fact, AI benefits ordinary people, not hurts them," Sanders said.

Security researcher Justin O'Leary says Google initially accepted his Config Connector privilege-escalation report as a high-priority, high-severity bug, then denied a bounty by declaring the behavior "working as intended." According to The Register, a Google rep initially praised O'Leary's report with a "Nice catch!" before the cloud giant reversed course, declaring that no vulnerability existed and therefore no fix or reward was warranted. "The bug report, however, is still marked high-priority and accepted," the publication notes. The alleged flaw, dubbed ConfigConfusion, could let a Kubernetes namespace user exploit an overprivileged service account to become a GCP organization owner with only a few lines of YAML and little apparent audit visibility. O'Leary details the incident in a blog post. The Register reports: According to O'Leary, Config Connector doesn't perform an authorization check, and this allows any Config Connector service account with org-level permissions to bypass Identity and Access Management (IAM) authorization and gain the highest level of control (roles/owner) to an entire GCP Organization -- the root node of all of a company's resources within Google Cloud. On March 27, a Google security engineer accepted O'Leary's report and told him: "Nice catch!" The employee said that they filed a bug based on O'Leary's report with the relevant product team and assured him the Chocolate Factory's security squad would work with relevant Google Cloud people to fix the flaw. "We'll work with the product team to ensure this issue is address. We'll let you know when the issue was fixed," the engineer said. "In the meantime, review the payment option selected in your bughunters.google.com profile."

Google assigned the bug P1 priority and S1 severity, signifying a flaw worthy of urgent repair because it affects a large percentage of users and can disrupt core organizational functions. "I figured that was the end of that," O'Leary said in a phone interview with The Register. Eleven days later, on April 7, he received a new message from a Google Security Bot reversing the earlier decision. The Reg viewed the email, and O'Leary included a screenshot in his Thursday writeup. The message said that the Cloud Vulnerability Reward Program panel decided that the "security impact of this issue does not meet the criteria to qualify for a reward."

After reviewing the bug report, Google determined the software "is working as intended," the message continued. It also noted that the program's decision not to pay a bounty "does not mean that the product team won't fix the issue." Nearly three months later, the case remains P1/S1 with the status "in progress (accepted)." Google hasn't assigned a CVE or issued a fix. O'Leary didn't receive any reward for his research. [...] "This is a pattern," O'Leary told [The Register]. "This is just how these trillion-dollar companies deal with people like me. In my day job, we use GKE, and it's incredibly frustrating on my end, when I find a critical vulnerability in the system that's being widely used, and I can't even get the vendor to patch their own stuff." A Google spokesperson told The Register: "The issue reported does not qualify for a reward because the GCP IAM authorization bypass is only exploitable if an attacker has access to a Config Connector Service Account that's been granted the Organization Admin role by the organization (i.e., it is privileged). Additionally, an attacker would first need to gain entry to an organization's environment (e.g., an exposed container) in order to leverage the privileged Config Connector instance and execute commands with administrative authority, such as the IAM bypass. Granting this level of access to the Config Connector Service Account goes against Google Cloud's publicly shared best practices and the principle of least privilege."

An anonymous reader quotes a report from MacRumors: Apple is raising its prices to offset the high cost of memory and storage, CEO Tim Cook told The Wall Street Journal. Apple is no longer able to absorb the increased prices and will need to pass some of the cost on to consumers. "Unfortunately, price increases are unavoidable," said Cook. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable."

Growing demand for memory and storage chips from AI companies has led to chip shortages and higher costs. The Wall Street Journal suggests Apple will need to increase device costs "substantially" to maintain its current profit margins given the cost of memory chips and SSDs. Research firm TechInsights claims Apple will need to make the iPhone 18 Pro around $270 more expensive to keep its existing profit margin.

Apple is struggling more with memory chips, but storage chips are also an issue. "There's less supply at a time when consumers want devices and the memory guys are passing along huge price increases," Cook told The Wall Street Journal. Cook said Apple will use its cash to increase memory supply, but he did not give details on what that means. Apple does not plan to create its own memory and storage factories. "We can't do everything," Cook said. "We know what we're good at." Cook likened the memory shortages to a hundred-year flood. "I've never seen anything like it in any area in over 40 years," he said.

Further reading: Smartphone Market To Shrink 15% This Year Due To Memory Crisis

Longtime Slashdot reader schwit1 shares a report from PetaPixel: China dominates the consumer drone market, so it is perhaps surprising that it is no longer possible to fly or even purchase a drone in Beijing. The new law that passed last month makes it illegal to buy, rent, or fly a drone without prior approval from the authorities. Users must also complete an online training session and pass a test on drone regulations. Under the new rules, drone users are also not allowed to repair or replace their drones in Beijing. Not only that, but a drone in a repair shop must be picked up in-person, rather than sent back by delivery.

The BBC reports that drones must now be registered before being brought into and out of the Chinese capital. "I have to apply for permission for each flight, which is very inconvenient," drone enthusiast Steven Wang tells CNN. "And starting this year, the wait time is getting longer, and the reasons for rejection are becoming more vague." Despite China being the birthplace of the consumer drone industry, it is increasingly difficult for hobbyists to fly there. Beijing authorities say that the rules are made to "strengthen the management of unmanned aerial vehicles" and "safeguard the security of the capital."

Longtime Slashdot reader schwit1 shares a report from Autoblog: For years, the Chinese auto industry has employed a hostile price war to kneecap global competitors. Armed with massive state subsidies, cheap raw materials, and an aggressive "scale-first" business model, Chinese automakers flooded the market with electric vehicles priced so low that legacy manufacturers stood no chance to compete. How did they do it? Simple, they couldn't. They did it anyway. Reports from CarNewsChina show that Chinese automakers have been selling vehicles at a loss until a recent law passed by the Chinese government banned below-cost sales of new vehicles. During the ongoing sales slump in China caused by rolled-back subsidies and direct government intervention banning below-cost sales, the truth behind the rapid expansion of the Chinese auto industry has been exposed. "By the first quarter of 2026, China captured 32 percent of the global auto market, with its New Energy Vehicles (NEVs) controlling an incredible 61 percent of global share," the report notes. Yet that dominance has come at a steep cost: throughout 2025, "the profit margin for China's auto industry plunged to 4.4 percent and dropped further to a historic low of 3.2 percent in early 2026."

"Gross profit, not net profit, per vehicle, plummeted to a mere $2,000. We can expect the net figure to be loss-making." Autoblog adds: "Data shows over 70 percent of Chinese car sales were loss-making. This left more than half of the country's auto industry in the red. Great Wall Motor (GWM) even saw net profits drop 17 percent despite steady revenue growth."

China's EV price war has now hit a wall. New regulations are discouraging below-cost sales, rising material costs are forcing automakers to cut discounts and raise prices, and reduced tax incentives are weakening domestic demand. To sustain growth, manufacturers are increasingly turning to exports.