An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised.

Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool.

Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."

UK Prime Minister Keir Starmer has given Apple, Google, and other tech firms until September to introduce device-level protections that prevent children from taking, sharing, or viewing explicit images. "If businesses do not comply within three months, legislation will be brought forward requiring the protection to be added to all phones and tablets sold in the UK," reports The Guardian. "Tech firms that fail to do so could face fines, and their senior managers could be made criminally liable." From the report: "Today, I am calling on tech companies operating in this country to introduce vice controls that prevent children from sending and receiving sexually explicit images. Because this is not an impossible challenge," he said. "If they choose not, then we will act and we will change the law." [...] Under the changes, sexual predators will be prevented from being able to exploit and abuse victims through their devices, and children stopped from being able to access pornography, the Home Office said. Adults will still be able to take, share or view nude content once they have verified their age.

In the Commons, Melanie Ward, the Labour MP for Cowdenbeath and Kirkcaldy, said: "It's time to stop asking social media companies to make their products safe, and instead time to start requiring them to do so through regulation." Clive Efford, the Labour MP for Eltham and Chislehurst, said the "sociopaths" running social media platforms had no concern for the welfare of children. "The only message that they're going to listen to is if there's legislation put before this house that is going to act and send a clear message to them." The proposal is designed to sit alongside the Online Safety Act, which requires companies to have processes for removing material that is illegal or harmful to children.

An anonymous reader quotes a report from The Guardian: The world's oceans are under "severe and accelerating" pressure from human activities, with the rate of sea-level rise double that of a decade ago, according to a damning assessment from the United Nations. The "intensifying" stressors, which include pollution and large-scale industrial fishing, are cumulative, said the report, resulting in widespread biodiversity loss and putting ocean systems under "severe strain."

The UN's third World Ocean Assessment, which reflects the work of nearly 600 scientists from 86 countries, looked at the oceans' health from 2021-25. The previous report, that covered up to 2018, found persistent degradation of the marine environment. Five years on, scientists know more about the cumulative impacts of anthropogenic pressures on the ocean, and the latest report shows just how much of the damage has been done in the past few years. The scientists' key findings include:

- Sea levels continue to rise at an increasing rate, from 2mm a year prior to 2015 to 4.3mm a year in 2023.
- 16% of the increase in global ocean heat since 1955 occurred after 2018.
- The greatest relative warming has been observed in the Atlantic Ocean and the southern parts of the Indian and Pacific Oceans.
- Large gaps in knowledge persist -- with only 27% of the ocean floor mapped by 2025, deep-sea ecosystems remain poorly understood. Lukas Meus, Greenpeace's global ocean campaigner, said: "We are calling on governments to create fully protected ocean sanctuaries that will close vast areas of the ocean off from extractive human activities. Governments have promised to protect 30% of the world's ocean by 2030 -- the minimum scientists say we need for the ocean to be able to recover."

OpenAI has confidentially filed for an IPO, "setting it up for what may be the most highly anticipated market debut in recent history and a massive payday for early investors," reports CNN. The decision follows recent IPO announcements from Anthropic and SpaceX. From the report: OpenAI said it has not decided on timing yet. And because the filing is confidential, it's not yet clear how many shares the company plans to sell or at what price. "It may be a while because there are things we want to do that are likely easier as a private company," it said in a post on its newsroom page. But the company said the filing "gives us the option to go public sooner if that ends up being best."

The transition to a public company will give Wall Street a window into OpenAI's finances as the company pours billions into AI infrastructure and computing resources. Investors dumped tech stocks last week as they questioned whether a recent run-up in those shares had gone too far. OpenAI was last valued at $852 billion after raising $122 billion in March, but it's faced pressure to demonstrate it can generate the cash to match that valuation.

Firefox has merged initial support for Vulkan Video decoding, giving the browser a more cross-platform path for GPU-accelerated video playback beyond Linux's long-running reliance on VA-API. Phoronix reports: Firefox on Linux has long been focused on the Video Acceleration API (VA-API) that isn't universally supported by Linux graphics drivers. This has left to efforts like NVIDIA-VAAPI-Driver to layer VA-API atop NVIDIA NVDEC interfaces to enjoy GPU-accelerated video playback in Firefox. Smaller Arm/embedded graphics drivers also have been largely left out of the game in the VA-API space. But with Vulkan Video we are beginning to see more adoption and in a cross-platform manner.

[...] The Firefox 153 release due out in July will have Vulkan Video decoding support available. The Vulkan Video activity in Firefox Git culminated this week with the work of NVIDIA engineer Tymur Boiko and Red Hat's Martin Stransky. Firefox 153.0 is expected for release on 21 July with this Vulkan Video support assuming no last minute issues.

Reuters reports: Several large data centers and crypto facilities planning to connect to the Texas power grid ahead of peak summer demand have failed key reliability tests, raising the risk of power outages just as electricity use hits its seasonal high, according to the state grid operator... Unlike traditional industrial customers, which tend to draw electricity steadily and predictably, data centers are engineered to cut their connection to the grid at the first sign of trouble to protect their equipment and keep services running. That makes them an unpredictable and potentially destabilizing force on grids already under pressure from rising demand. Four groups of unnamed large electricity users, including data centers, abruptly disconnected from the Texas grid during a test of how they would handle routine voltage disturbances, the Electric Reliability Council of Texas (ERCOT) said in a report dated May 21.

When large customers abruptly cut their power use, it can knock the grid off balance and trigger wider outages. ERCOT, which manages electricity for most of Texas, said it reviewed about 20 gigawatts of large customers seeking to connect to the system, including eight projects totaling roughly 3.9 gigawatts aiming to start up before July 1. It said it identified four groups of large power users that could each trigger more than 5,000 megawatts of demand tripping under certain fault conditions, based on simulations of transmission system disturbances. Those abrupt drops in demand were equivalent to the electricity consumption of a large city such as Boston.

U.S. Senator Bernie Sanders announced a plan for the public to take a 50% ownership stake in AI companies, remembers the Associated Press.

And then OpenAI's Sam Altman "told Sanders that he, too, wants the public to have equity in AI companies." Though the CEO said he couldn't support Sanders' threshold of 50%, he nonetheless wanted to work with him to advocate for the general idea, according to people with knowledge of the conversation. The nearly hourlong meeting in Sanders' Senate office this week, held at Altman's request, highlighted the inherent tension between AI powerhouses and policymakers as Americans are increasingly asked to accept the costs of the AI boom even as they remain unconvinced of its direct benefits.

Yet it's also creating odd political bedfellows fueled by populism as politicians from Sanders to President Donald Trump embrace giving the public a stake in AI's growth. Speaking to reporters on Air Force One on Friday, Trump described a potential partnership "where the American people can benefit from the success of AI" and said executives from leading AI companies will visit the White House, "probably next week," to discuss the idea.
The article points out that Altman also met with congressional leaders from both of America's political parties.

Ars Technica shares some anecdotes from Steve Jobs in Exile, a new book released last month: [Author Geoffrey] Cain reminds us, in stunning detail, that Jobs' "exile" era at NeXT was not only critical to his evolution as a man and an entrepreneur, but that it mattered for the rest of us, too. The technological innovations that came out of NeXT — notably, the NeXTSTEP OS — continue to live on in what we now call both macOS and iOS. As Cain puts it, "NeXTSTEP was Steve's attempt to make Unix taste sweet...."

[W]hile many tech nerds know that Tim Berners-Lee created the first World Wide Web server on a NeXT machine while working in Switzerland in 1990, few know that NeXT employees were wary of bringing the news to Jobs. Why? They feared his wrath "and that he would dismiss [the web] as 'shit.'" (In another timeline, NeXT might itself have capitalized on this world-changing innovation....)

Perhaps one of the wildest anecdotes that Cain uncovered was how one voicemail changed computer history forever. In 1996, when Apple was solidly in its mediocre Performa era — and considering buying BeOS as the basis for its new operating system — a mid-level NeXT product manager asked aloud, "Why don't we just frickin' call Apple?" (NeXT was also struggling during this period.) And so someone did. As Cain writes:

Garrett left the group of managers, walked back to his office, and took a risk. He picked up his designer phone and called the head of software at Apple. He left what he described as "one of my more inspired sales pitches" on the man's voicemail, explaining why Apple should be looking at NeXT instead of Be... In any other universe, Garrett's call might have gotten him fired. But in this timeline, it worked out. And thanks to him, Steve [Jobs] was about to enter Apple's airspace once again.
Thanks to long-time Slashdot reader destinyland for sharing the article.

The University of California at Berkeley discovered the percentage of failing grades in multiple CS classes this spring "is significantly higher than past semesters," reports the campus's student newspaper.

"Instructors point to students' increased reliance on AI, lack of mathematical preparedness and understaffing as potential contributing factors." According to [coursework platform] Berkeleytime, 35.3% of CS 10 students and 10.6% of CS 61A students received F's in spring 2026. In spring 2025 and spring 2024, the percentage of F's did not exceed 10% for either class. The electrical engineering and computer sciences department's grading guidelines state that 7% of students in lower division courses, including CS 10 and CS 61A, should receive D's and F's...

[UC Berkeley teaching professor Dan Garcia, who taught both classes] believes the "primary driver" of these abnormally high failing rates is due to a "vast increase in academic dishonesty" due to students' usage of large language models, such as Claude, ChatGPT and Google Gemini. "Some of the numbers that you saw from the number of students who receive failing grades were because we caught them (cheating) and prosecuted them and are sending their cases to the Center for Student Conduct," Garcia said. "But in other cases, it's students who are leaning a little too hard on LLMs to do their work for them, and then at exam time just really aren't ready." According to Garcia, nearly 30 students in CS 10 were "caught cheating on take-home exams" in spring 2026...

In addition to overreliance on AI, Garcia also pointed out that many students are underprepared mathematically, a concern echoed by campus associate teaching professor Gireeja Ranade. Ranade noticed a similar lack of prerequisite mathematical skills in her spring 2026 EECS 127 class, "Optimization Models in Engineering," which she described as "differently challenging" to teach this semester. The class saw a 16.8% F rate, far higher than the 5% of D's and F's that the EECS department describes as "typical" for an upper division course...

Both Garcia and Ranade have joined more than 1,300 UC faculty in signing a petition calling for the reinstatement of ACT and SAT standardized testing scores for STEM admissions in the UC system.
Thanks to long-time Slashdot reader theodp for sharing the article.

Friday the Open Source Initiative welcomed the EU's new tech sovereignty package, noting that "over a third of the 29-page document is devoted to Open Source."

The nonprofit OSI — maintainers of the Open Source definition — submitted their official feedback in February, and notes that "many" of their key requests were addressed, "as well as some exciting new announcements!" One of the biggest barriers to Open Source adoption has been public procurement. Too often, tenders have been designed around proprietary solutions, ignoring the benefits of Open Source and locking public institutions into closed ecosystems. The OSI called for procurement rules that prioritize interoperability, reusability, and vendor independence. The package takes a major step forward in this area. The EU pledges to make the public sector an anchor consumer for Open Source solutions. The Commission plans to reform procurement rules to remove barriers for Open Source, provide better guidance to EU countries on procurement criteria to avoid excluding Open Source, and uphold the "public money, public code" principle when procuring software development. Both proposals align with the OSI's feedback. The next critical step is the EU's public procurement law reform. The OSI will continue advocating to ensure these pledges translate into action.

Beyond procurement, the OSI highlighted challenges faced by Open Source communities in Europe, particularly difficulties accessing investment and expertise to commercialize and scale projects. The Commission has responded by committing to ensure Open Source companies are considered for funding under the European Competitiveness Fund (ECF). It also plans to create "Open Source business accelerators" that will offer mentorship, training, legal and licensing consulting, and business development support, including marketing. Additionally, the Commission will work to raise industry awareness of Open Source solutions by leveraging the EU's existing business support networks. These measures directly address the OSI's concerns and could significantly boost the Open Source ecosystem in Europe...

[I]n our feedback, we called for the continuation of the Next Generation Internet (NGI) initiative that has funded many Open Source projects, and for the creation of a European Sovereign Tech Fund to fund ongoing maintenance and features development to meet the EU's needs. We also highlighted the need to mainstream Open Source in other funding opportunities (like the €100bn+ Horizon Europe programme). The Commission's strategy addresses these requests. The NGI will be scaled up under the new name "Open Internet Stack." A new Open Source Maintenance Instrument will fund the "maintenance and security upkeep of essential components." The Commission will also create a list of critical and security-relevant Open Source dependencies to inform funding decisions and promote Open Source solutions as the default approach in Horizon Europe funding.
Friday's announcement from the Open Source Initiative notes that the EU is already leading by example in Open Source adoption. It applauds the EU for "deploying a Matrix-based communications system and the openDesk collaboration environment internally, trialing an alternative operating system to replace Windows, which is currently widely used in EU institutions, and expanding its presence on the Fediverse, with Commissioners and key departments already joining the EU's Mastodon server.'

The Ladybird browser isn't opposed to AI coding tools, but it's just brought a new change to their code-contributing policies.

February 23: "Ladybird adopts Rust, with help from AI." Our first target was LibJS , Ladybirdâ(TM)s JavaScript engine... I used Claude Code and Codex for the translation. This was human-directed, not autonomous code generation. I decided what to port, in what order, and what the Rust code should look like. It was hundreds of small prompts, steering the agents where things needed to go... The requirement from the start was byte-for-byte identical output from both pipelines. The result was about 25,000 lines of Rust, and the entire port took about two weeks. The same work would have taken me multiple months to do by hand.
June 5 (Friday): We will no longer accept public pull requests... A pull request no longer tells us as much as it used to about the person submitting it. A substantial patch used to imply substantial effort, and that effort was a reasonable proxy for good faith. That assumption no longer holds....

We have already seen patient, well-resourced campaigns in open source to earn maintainer trust and abuse it. What has changed is how much faster and cheaper it has become to produce work that looks like a serious contribution... Whether code was typed by hand is beside the point. What matters is who is responsible for it once it enters the browser. Ladybird is becoming a browser for real users. The people introducing changes to it must be the people who decide those changes belong in the project, and who will answer for the consequences.

As part of this change, we will close all currently open public pull requests. We are grateful for the work people put into them, but keeping the existing queue open would keep that contribution path open in practice. There is no perfect time to make this change, so we are making it now. Going forward, pull requests will only be available to project maintainers. There will not be a separate process for submitting patches by other means. We do not want to create a shadow contribution system through issues, comments, email, or forks...

Outside involvement still matters: clear bug reports, reductions, website testing, standards discussion, design discussion, security reports, and technical feedback all help move the project forward. This is the right change for Ladybird now. We are preparing to ship a browser to real users, and our development process has to match that responsibility.

A security researcher says evidence suggests the U.S. military has been using an obscure GPS message field for nearly 20 years to broadcast encrypted key-distribution data, effectively turning GPS satellites into a global "numbers station." The hidden-looking 176-bit messages appear tied to the Pentagon's Over-the-Air Distribution system for remotely updating cryptographic keys, meaning ordinary GPS receivers may have been receiving the traffic all along without anyone outside the military noticing. The findings have been detailed by Steven Murdoch, an information security expert, in a new article in Inside GNSS. 404 Media reports: [...] From the beginning, he suspected that the subframe field contained encrypted transmissions because the data was so random. "Random data is actually very unusual to get in nature," Murdoch said. "If you see it, either it's been carefully designed to be random -- but then, why is someone sending out random data? -- or it's encrypted data. I thought encrypted data is by far the most likely explanation." He returned to the subframe on and off over the years, and solicited guesses about its content on Stack Exchange in 2023. Ahmed Kamruddin, a master's student at UCL, developed the project further in 2025. Then, this year, Murdoch put the last pieces of the puzzle together over several weeks by analyzing open archive Global Navigation Satellite System (GNSS) recordings collected since 2007 and kept by GFZ Helmholtz Centre for Geosciences.

This dataset included more than 12 million observations of Subframe 4, Page 17, yielding 3,994 unique 176-bit messages. Within this corpus, Murdoch pinpointed key-repeating "sentinels" including a pattern that appeared in February 2010 and was broadcast on and off across dozens of satellites for more than a decade. Murdoch discovered that this particular sentinel was transmitted by all 31 operational satellites within a window of a few hours on May 26, 2011, potentially heralding the activation of a new operational system. He confirmed that this timeline coincided with the rollout of the military's Over-the-Air Distribution (OTAD) and the Over-the-Air Rekeying (OTAR) by cross-referencing declassified documents, including a 2015 presentation about the dates of the operation.

"There was a perfect match between the timeline and that presentation and the change points that were automatically identified from the data," Murdoch said. "That was the smoking gun that made me think: This is what it's for." These automated systems replaced the cumbersome manual distribution of cryptographic keying material, allowing military GPS receivers around the world to be rekeyed remotely through satellite broadcasts rather than through onsite procedures. For the next 11 years, this expansive rekeying operation was overlooked in public GPS data. In 2022, the system entered a new phase, according to Murdoch's analysis. The shift was characterized by a slowing in the message rotation rate. Later, in December 2023, broadcasts carrying a distinctive "TEXT" prefix emerged then gradually spread across the constellation.

Murdoch isn't sure what explains the recent transition, though it could be a possible modernization of the infrastructure or the introduction of a new protocol. But to him, the bigger takeaway is that the signals were always available for anyone willing to take a closer look, a discovery that suggests that there could be more revelations hidden for the cryptographically curious among us. "Every receiver in the world decodes Subframe 4, Page 17," Murdoch said in his new article. "Almost none of them have ever looked at it. The lesson generalizes: There is more to learn from the bytes already arriving at our antennas than from the bytes we wish were specified differently. The data are publicly available. The signal is overhead, twice a day, every day."

An anonymous reader quotes a report from Techdirt: Earlier this year Nieman Lab broke the story that major news publishers, including The New York Times, The Guardian, and USA Today Co., had started blocking the Internet Archive for fear that AI companies might scrape the nonprofit's repositories for training data. As one of the last bastions of archival history, that is, in case you're not aware, not very good for the public interest. Four months later and Nieman Lab now notes that the number of news outlets blocking the archive has soared to around 340 organizations:

"Our new analysis shows that more than 340 local news sites across the United States are now limiting the Internet Archive's ability to access and preserve their stories. Many sites in our sample are owned by five of the seven largest local news publishers in the country: USA Today Co., McClatchy, Advance Local, MediaNews Group, and Tribune Publishing. The latter two are both subsidiaries of the "vulture hedge fund" Alden Global Capital."

[...] Regardless of motivation, hiding whatever local news remains behind paywalls, then blocking it from the Internet Archive, in turn makes it harder for everyone else to do real journalism that relies on the historical record, local journalists tell Nieman Lab: "I cover news within a larger news desert in New York's Rockland, Sullivan, and Rockland counties. This means I need to heavily rely on archival data of old news articles from now deceased, or zombie-fied, media outlets," wrote B.J. Mendelson, the editor of The Monroe Gazette newsletter, in one recent petition signed by over 200 journalists. "Without the Internet Archive, my [work] would be incredibly difficult to do." The Internet Archive says it is listening to the concerns raised by local news outlets, while also partnering with journalism groups to train hundreds of newsrooms on archival preservation: "In December, the Internet Archive partnered with the Poynter Institute and Investigative Reporters and Editors to train a cohort of 33 local and national news outlets on how to develop and implement an archiving strategy. The initiative, funded through a Press Forward grant, aims to train 300 newsrooms in digital preservation and in using the Internet Archive's services by the end of 2027."

The UK's Government Digital Service is replacing Stripe with Dutch payments provider Adyen for many GOV.UK Pay transactions, including local authorities, police forces, and armed forces units. The three-year deal covers about 1,000 services and is meant to make payments more flexible while keeping the user experience largely unchanged. The Register reports: According to the tender notice published in February 2025, the contract covers around 17 percent of payments made through GOV.UK Pay but more than 70 percent of its organizations and includes the only option allowing users to start taking payments within one working day. At that point the contract had an estimated maximum value of £49 million, although with no guarantees over volume.

In a blogpost about the contract award on 2 June, GDS said it will migrate around 1,000 services to the new supplier. "We will make migration as straightforward as possible while complying with Know Your Customer legislation that protects everyone from fraud," wrote Alan Maddrell, senior content designer for the service. "Most importantly, there will be no discernible difference for paying users and no loss in functionality."

He added that the change of supplier will help introduce new options including pay by bank, which transfers money directly between bank accounts using open banking services and avoids the need to type in card details. GDS will continue to use WorldPay to process payments for central government, linked organizations and NHS bodies.

Longtime Slashdot reader Elektroschock writes: The American Business Software Alliance (BSA) does not consider mandatory open-source licensing to be an appropriate indicator of sovereignty. This is among the "pointed messages" they sent to the French government consultation (closed) today. "What protects Europe is the ability to govern, audit, and mitigate risk, not where a company files its corporate papers," said Thomas Boue of BSA. "Criteria of this kind raise costs, reduce access to best-in-class security solutions, and risk conflicting with the EU's international trade commitments."