An anonymous reader quotes a report from Ars Technica: California's "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act" (a.k.a. SB-1047) has led to a flurry of headlines and debate concerning the overall "safety" of large artificial intelligence models. But critics are concerned that the bill's overblown focus on existential threats by future AI models could severely limit research and development for more prosaic, non-threatening AI uses today. SB-1047, introduced by State Senator Scott Wiener, passed the California Senate in May with a 32-1 vote and seems well positioned for a final vote in the State Assembly in August. The text of the bill requires companies behind sufficiently large AI models (currently set at $100 million in training costs and the rough computing power implied by those costs today) to put testing procedures and systems in place to prevent and respond to "safety incidents." The bill lays out a legalistic definition of those safety incidents that in turn focuses on defining a set of "critical harms" that an AI system might enable. That includes harms leading to "mass casualties or at least $500 million of damage," such as "the creation or use of chemical, biological, radiological, or nuclear weapon" (hello, Skynet?) or "precise instructions for conducting a cyberattack... on critical infrastructure." The bill also alludes to "other grave harms to public safety and security that are of comparable severity" to those laid out explicitly. An AI model's creator can't be held liable for harm caused through the sharing of "publicly accessible" information from outside the model -- simply asking an LLM to summarize The Anarchist's Cookbook probably wouldn't put it in violation of the law, for instance. Instead, the bill seems most concerned with future AIs that could come up with "novel threats to public safety and security." More than a human using an AI to brainstorm harmful ideas, SB-1047 focuses on the idea of an AI "autonomously engaging in behavior other than at the request of a user" while acting "with limited human oversight, intervention, or supervision." To prevent this straight-out-of-science-fiction eventuality, anyone training a sufficiently large model must "implement the capability to promptly enact a full shutdown" and have policies in place for when such a shutdown would be enacted, among other precautions and tests. The bill also focuses at points on AI actions that would require "intent, recklessness, or gross negligence" if performed by a human, suggesting a degree of agency that does not exist in today's large language models. The bill's supporters include AI experts Geoffrey Hinton and Yoshua Bengio, who believe the bill is a necessary precaution against potential catastrophic AI risks. Bill critics include tech policy expert Nirit Weiss-Blatt and AI community voice Daniel Jeffries. They argue that the bill is based on science fiction fears and could harm technological advancement. Ars Technica contributor Timothy Lee and Meta's Yann LeCun say that the bill's regulations could hinder "open weight" AI models and innovation in AI research. Instead, some experts suggest a better approach would be to focus on regulating harmful AI applications rather than the technology itself -- for example, outlawing nonconsensual deepfake pornography and improving AI safety research.

Read more of this story at Slashdot.

"Deepfake scams are becoming more prolific and their quality will only improve over time," writes longtime Slashdot reader smooth wombat. "However, one question can stop them dead in their tracks. Such was the case with Ferrari earlier this month when a suspicious executive saved the company from being the latest victim." From a report: It all began with a series of WhatsApp messages from someone posing as Ferrari's CEO [Benedetto Vigna]. The messages, seeking urgent help with a supposed classified acquisition, came from a different number but featured a profile picture of Vigna standing in front of the Ferrari emblem. As reported by Bloomberg, one of the messages read: "Hey, did you hear about the big acquisition we're planning? I could need your help." The scammer continued, "Be ready to sign the Non-Disclosure Agreement our lawyer will send you ASAP." The message concluded with a sense of urgency: "Italy's market regulator and Milan stock exchange have already been informed. Maintain utmost discretion." Following the text messages, the executive received a phone call featuring a convincing impersonation of Vigna's voice, complete with the CEO's signature southern Italian accent. The caller claimed to be using a different number due to the sensitive nature of the matter and then requested the executive execute an "unspecified currency hedge transaction." The oddball money request, coupled with some "slight mechanical intonations" during the call, raised red flags for the Ferrari executive. He retorted, "Sorry, Benedetto, but I need to verify your identity," and quizzed the CEO on a book he had recommended days earlier. Unsurprisingly, the impersonator flubbed the answer and ended the call in a hurry.

Read more of this story at Slashdot.

Following in the footsteps of competitors Netflix and Disney+, Apple is reportedly working on bringing advertisements to Apple TV+ through an ad-supported tier. MacRumors reports: Apple has apparently been in discussions with the UK's Broadcaster's Audience Research Board (BARB) to explore the necessary data collection techniques for monitoring advertising results. Currently, BARB provides viewing statistics for major UK networks including the BBC, ITV, Channel 4, and Sky, as well as Apple TV+ programming. While BARB already monitors viewing time for Apple TV+ content, additional techniques are required to track advertising metrics accurately. This data is vital for advertisers to assess the reach and impact of their campaigns on the platform. In addition to the UK, Apple has also reportedly held similar discussions with ratings organizations in the United States. Apple has already included limited advertising in its live sports events, such as last year's Major League Soccer coverage, where ads were incorporated even for Season Pass holders. It is also notable that in March Apple hired Joseph Cady, a former advertising executive from NBCUniversal, to bolster its video advertising team.

Read more of this story at Slashdot.

In a Washington Post op-ed last week, OpenAI CEO Sam Altman emphasized the urgent need for the U.S. and its allies to lead the development of "democratic AI" to counter the rise of "authoritarian AI" models (source paywalled; alternative source). He outlined four key steps for this effort: enhancing security measures, expanding AI infrastructure, creating commercial diplomacy policies, and establishing global norms for AI development and deployment. Fortune reports: He noted that Russian President Vladimir Putin has said the winner of the AI race will "become the ruler of the world" and that China plans to lead the world in AI by 2030. Not only will such regimes use AI to perpetuate their own hold on power, but they can also use the technology to threaten others, Altman warned. If authoritarians grab the lead in AI, they could force companies in the U.S. and elsewhere to share user data and use the technology to develop next-generation cyberweapons, he said. [...] "While identifying the right decision-making body is important, the bottom line is that democratic AI has a lead over authoritarian AI because our political system has empowered U.S. companies, entrepreneurs and academics to research, innovate and build," Altman said. Unless the democratic vision prevails, the world won't be cause to maximize the technology's benefits and minimize its risks, he added. "If we want a more democratic world, history tells us our only choice is to develop an AI strategy that will help create it, and that the nations and technologists who have a lead have a responsibility to make that choice -- now."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: A number of fiber optic cables carrying broadband service across France were cut overnight in the latest attack on the country's infrastructure during the Olympic Games. Connections serving Paris, which is hosting the Olympic Games this week, and the games themselves weren't affected, a spokesman for Olympics telecom partner, Orange SA, said. Still, this is the second sabotage of French infrastructure in the past few days as the world converges on the capital. Coordinated fires on French rail lines disrupted trains ahead of the opening ceremony on Friday. The fiber cables were cut in nine departments overall including: Ardeche, Aude, Bouches-du-Rhone, Drome, Herault, Vaucluse, Marne, Meuse and Oise, the French Telecom Federation said. SFR said its network was vandalized between 1 a.m. and 3 a.m. Paris time, and teams are working on repairs, a spokesman for the French phone company said. The carrier is using alternative routes to serve customers, though redirecting the traffic might lead to slower speeds. Other carriers, including Iliad SA's Free and Netalis, also said they were impacted in social media posts. Netalis Chief Executive Officer Nicolas Guillaume said that the telecom company had successfully moved traffic to backup networks early on Monday. French cloud provider OVHcloud is also working to reroute traffic after the incident, which had caused slower performance on connections between Europe and Asia Pacific, a spokesman said. "We advocate for France reinforcing criminal sanctions for vandalism on telecom infrastructure, which should be put at the same level as vandalism on energy infrastructure," said Romain Bonenfant, head of the French Telecom Federation industry group, in an interview. "Telecom infrastructure, like the railways, covers kilometers across the whole territory -- you can't put surveillance on every part of it."

Read more of this story at Slashdot.

An anonymous reader writes: AI experts tend to agree that rapid advances in the technology will impact jobs. But there's a clear division growing between those who see that as a cause for concern and those who believe it heralds a future of growth. Andrew Ng, the founder of Google Brain and a professor at Stanford University, is in the latter camp. He's optimistic about how AI will transform the labor market. For one, he doesn't think it's going to replace jobs. "For the vast majority of jobs, if 20-30% is automated, then what that means is the job is going to be there," Ng said in a recent talk organized by Chulalongkorn University in Bangkok, Thailand. "It also means AI won't replace people, but maybe people that use AI will replace people that don't."

Read more of this story at Slashdot.

An anonymous reader shares a report: Multiple YouTube users are now reporting on social media that YouTube is serving them with blank ads or black screens before a video when they are using an ad-blocker extension. The black screens appear for the length of a typical YouTube pre-roll or ad insert before displaying the actual content of the video the viewer wants to watch.

Read more of this story at Slashdot.

An anonymous reader shares a report: Hundreds of websites trying to block the AI company Anthropic from scraping their content are blocking the wrong bots, seemingly because they are copy/pasting outdated instructions to their robots.txt files, and because companies are constantly launching new AI crawler bots with different names that will only be blocked if website owners update their robots.txt. In particular, these sites are blocking two bots no longer used by the company, while unknowingly leaving Anthropic's real (and new) scraper bot unblocked. This is an example of "how much of a mess the robots.txt landscape is right now," the anonymous operator of Dark Visitors told 404 Media. Dark Visitors is a website that tracks the constantly-shifting landscape of web crawlers and scrapers -- many of them operated by AI companies -- and which helps website owners regularly update their robots.txt files to prevent specific types of scraping. The site has seen a huge increase in popularity as more people try to block AI from scraping their work. "The ecosystem of agents is changing quickly, so it's basically impossible for website owners to manually keep up. For example, Apple (Applebot-Extended) and Meta (Meta-ExternalAgent) just added new ones last month and last week, respectively," they added.

Read more of this story at Slashdot.

The Justice Department has ramped up the case to ban TikTok, saying in a court filing Friday that allowing the app to continue operating in its current state could result in voter manipulation in elections. From a report: The filing was made in response to a TikTok lawsuit attempting to block the government's ban. The Justice Department warned that the app's algorithm and parent company ByteDance's alleged ties to the Chinese government could be used for a "secret manipulation" campaign. "Among other things, it would allow a foreign government to illicitly interfere with our political system and political discourse, including our elections...if, for example, the Chinese government were to determine that the outcome of a particular American election was sufficiently important to Chinese interests," the filing said. Under a law passed in April, TikTok has until January 2025 to find a new owner or it will be banned in the U.S. The company is suing to have that law overturned, saying it violates the company's First Amendment rights. The Justice Department disputed those claims. "The statute is aimed at national-security concerns unique to TikTok's connection to a hostile foreign power, not at any suppression of protected speech," officials wrote.

Read more of this story at Slashdot.

An anonymous reader shares a report: Indian cryptocurrency exchange WazirX announced on Saturday a controversial plan to "socialize" the $230 million loss from its recent security breach among all its customers, a move that has sent shockwaves through the local crypto community. The Mumbai-based firm, which suspended all trading activities on its platform last week following the cyber attack that compromised nearly half of its reserves in India's largest crypto heist, has outlined a strategy to resume operations within a week or so while implementing a "fair and transparent socialized loss strategy" to distribute the impact "equitably" among its user base. WazirX will "rebalance" customer portfolios on its platform, returning only 55% of their holdings while locking the remaining 45% in USDT-equivalent tokens. This will also impact customers whose tokens were not directly affected by the breach, with the company stating that "users with 100% of their tokens in the 'not stolen' category will receive 55% of those tokens back."

Read more of this story at Slashdot.

Microsoft has intensified its push for OneDrive adoption in Windows 11, introducing a full-screen pop-up that prompts users to back up their files to the cloud service, according to a report from Windows Latest. The new promotional message, which appears after a recent Windows update, mirrors the out-of-box experience typically seen during initial system setup and highlights OneDrive's features, including file protection, collaboration capabilities, and automatic syncing.

Read more of this story at Slashdot.

Scientists say the drying Great Salt Lake in Utah is now becoming a significant contributor to global greenhouse gas emissions that are causing the climate to warm, according to a new study. From a report: Due largely to water diversions by farmers and Utah's booming population growth, the Great Salt Lake has shrunk by almost half in recent years. Scientists spent seven months in 2020 sampling emissions coming off the dried saline lake bed. Canada's Royal Ontario Museum published the study on Thursday in the journal One Earth. [...] The researchers found that the drying lake bed emitted 4.1 million tons of carbon dioxide and other greenhouse gases into the atmosphere, which would translate to a 7% increase in Utah's human-caused emissions. According to scientists, 4 million tons of CO2 is roughly equivalent to the total annual emissions of 140 commercial planes. The Great Salt Lake is the largest saline lake left in the Western Hemisphere. The study occurred during one of the most notorious dry stretches of the West's mega drought, which had lasted two decades at the time of the study.

Read more of this story at Slashdot.

Apple's upcoming AI features will arrive later than anticipated, missing the initial launch of its upcoming iPhone and iPad software overhauls but giving the company more time to fix bugs. Bloomberg: The company is planning to begin rolling out Apple Intelligence to customers as part of software updates coming by October, according to people with knowledge of the matter. That means the AI features will arrive a few weeks after the initial iOS 18 and iPadOS 18 releases planned for September, said the people, who declined to be identified discussing unannounced release details. Still, the iPhone maker is planning to make Apple Intelligence available to software developers for the first time for early testing as soon as this week via iOS 18.1 and iPadOS 18.1 betas, they added. The strategy is atypical as the company doesn't usually release previews of follow-up updates until around the time the initial version of the new software generation is released publicly. The stakes are higher than usual. In order to ensure a smooth consumer release of its big bet on AI, Apple needs support from developers to help iron out issues and test features on a wider scale. Concerns over the stability of Apple Intelligence features, in part, led the company to split the features from the initial launch of iOS 18 and iPadOS 18.

Read more of this story at Slashdot.

Amazon paid nearly $1 billion to acquire the live-video startup Twitch Interactive in 2014. A decade later, the retail giant has received little financial return from one of its bigger acquisitions. WSJ: Known for hourslong broadcasts of videogame play, Twitch remains unprofitable despite periods of explosive popularity, according to current and former employees knowledgeable about its finances. Documents reviewed by The Wall Street Journal show Twitch's biggest-paying users are opening their wallets less, and third-party data reflect that growth in new users and engagement has slowed. Following two rounds of layoffs in the past year, staffers are concerned that a third round could come this fall following an annual operational review, according to people familiar with the matter. Amazon Chief Executive Andy Jassy, who took over in 2021, has led a profitability review at the company and shown little tolerance for unprofitable businesses. Insiders said they worry Twitch is at risk of becoming what they called a "zombie brand" at Amazon -- internal projects or acquisitions that have been sidelined because they haven't lived up to expectations. These staffers pointed to book-review app Goodreads, online task finder Mechanical Turk and discount website Woot.

Read more of this story at Slashdot.

An unexpected disapperance of saved passwords "impacted Chrome web browser users from all over the world," writes Forbes, "leaving them unable to find any passwords already saved using the Chrome password manager." Newly saved passwords were also rendered invisible to the affected users. Google, which has now fixed the issue, said that the problem was limited to the M127 version of Chrome Browser on the Windows platform. The precise number of users to be hit by the Google password manager vanishing act is hard to pin down. However, working on the basis that there are more than 3 billion Chrome web browser users, with Windows users counting for the vast majority of these, it's possible to come up with an estimated number. Google said that 25% of the user base saw the configuration change rolled out, which, by my calculations, is around 750 million. Of these, around 2%, according to Google's estimation, were hit by the password manager issue. That means around 15 million users have seen their passwords vanish into thin air. Google said that an interim workaround was provided at the time, which involved the particularly user-unfriendly process of launching the Chrome browser with a command line flag of " — enable-features=SkipUndecryptablePasswords." Thankfully, the full fix that has now been rolled out just requires users to restart their Chrome browser to take effect.

Read more of this story at Slashdot.

Is Ford trying to patent a way for its cars to report speeding drivers to the police? An article in Motor Authority notes that this patent application from Ford was filed January 12th of 2023 — and just published 11 days ago by the U.S. Patent and Trademark Office: In the application, Ford discusses using cars to monitor each other's speeds. If one car detects that a nearby vehicle is being driven above the posted limit, it could use onboard cameras to photograph that vehicle. A report containing both speed data and images of the targeted vehicle could then be sent directly to a police car or roadside monitoring units via an Internet connection, according to Ford. Using vehicles for speed surveillance would make cops' jobs easier, as they wouldn't have to quickly identify speeding violations and take off in pursuit, Ford notes in the application. It also means some of that work could be delegated to self-driving cars, which could be equipped to detect speeding violations, the automaker adds... Ford has also tried to patent a "night drive mode" that would limit vehicle speeds at night for everyone — including first responders. Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.

When "dragoncoder047" was but a junior developer, without very much experience at all, they were tasked with building error handling in a Python Flask web application.

Now, they were a junior, and tossed into the problem without much preparation, or much supervision, and just told to "make it work". So they did. With this disaster:

def _is_exception(obj): if type(obj) is TypeError: return True try: raise obj except BaseException as e: if type(e) is TypeError and str(e) == "exceptions must derive from BaseException": return False else: return True raise Exception("unreachable")

First, we compare type(obj) is TypeError. Is the type of obj TypeError? This is the wrong way to compare types, in general, as it doesn't respect inheritance- isinstance(obj, TypeError) would be more appropriate, but then again, *this is an exception type. The try/except statement can filter by types for us, if we just throw the exception…

Which is exactly what we do next. We raise obj inside of a try/except. Then we catch it, as a BaseException, the parent of all exceptions. Then, once again, we check to see if the exception is a TypeError and then also the message of the exception. Why?

Because this is the exception raised when you throw something that isn't actually an exception class. You're not allowed to raise "an error occurred", you must raise SomeExceptionTypeWithBaseExceptionAsAnAncestor("an error occurred").

And that's why they did the TypeError check above. If the incoming exception is already a TypeError, then we know it's an exception. In that case, we return True. If it's not a TypeError we throw it, knowing that throwing a non-exception object results in a TypeError with a specific message. So we can return False in that case. Otherwise, we can return True.

Finally, we add one last exception throw to please the linter- despite the fact that we know that this will definitely return a value, the linter doesn't, because this code is wrong on so many levels. So we ensure that it never reaches the end of the function without a return.

All of this could be replaced with isinstance(obj, BaseException). But even if we did, we're left with the question of: why do we need to do this at all? Using isinstance at all is a code smell in 90% of cases, and handling objects that are exception objects outside of some sort of try/catch block implies that we've gone way off somewhere.

Well, our submitter explains why:

The kicker is that the only place this function is used is in one single view function in a larger Flask web server. If the argument called "path" is actually an exception object, we render and return the error page template, else we do some other stuff with the actual path that was requested. And the reason that check is necessary is because I installed the same view function as both a request handler and an error handler -- instead of just doing the obvious thing and just writing a dedicated error handler!

It's a case of baby's first code-reuse creating bizarre code to try and glue unrelated functions into the same view. Sometimes the view shows actual data, sometimes it shows errors. So we have to do this test on the model to see if it's actual data, or an error.

As with many of our confessions, the developer's heart was in the right place. They wanted to re-use code. They simply didn't know how. And with no one giving them the support they needed, we got… this.

[Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

The Python Software Foundation's board "was alerted to a defect in our bylaws that exposes the Foundation to an unbounded financial liability," according to a blog post Friday: Specifically, Bylaws Article XIII as originally written compels the Python Software Foundation to extend indemnity coverage to individual Members (including our thousands of "Basic Members") in certain cases, and to advance legal defense expenses to individual Members with surprisingly few restrictions. Further, the Bylaws compel the Foundation to take out insurance to cover these requirements, however, insurance of this nature is not actually available to 501(c)(3) nonprofit corporations such as the Python Software Foundation to purchase, and thus it is impossible in practice to comply with this requirement. In the unlikely but not impossible event of the Foundation being called upon to advance such expenses, the potential financial burden would be virtually unlimited, and there would be no recourse to insurance. As this is an existential threat to the Foundation, the Board has agreed that it must immediately reduce the Foundation's exposure, and has opted to exercise its ability to amend the Bylaws by a majority vote of the Board directors, rather than by putting it to a vote of the membership, as allowed by Bylaws Article XI. Acting on legal advice, the full Board has voted unanimously to amend its Bylaws to no longer extend an offer to indemnify, advance legal expenses, or insure Members when they are not serving at the request of the Foundation. The amended Bylaws still allow for indemnification of a much smaller set of individuals acting on behalf of the PSF such as Board Members and officers, which is in line with standard nonprofit governance practices and for which we already hold appropriate insurance. Another blog post notes "the recent slew of conversations, initially kicked off in response to a bylaws change proposal, has been pretty alienating for many members of our community." - After the conversation on PSF-Vote had gotten pretty ugly, forty-five people out of ~1000 unsubscribed. (That list has since been put on announce-only) - We received a lot of Code of Conduct reports or moderation requests about the PSF-vote mailing list and the discuss.python.org message board conversations. (Several reports have already been acted on or closed and the rest will be soon). - PSF staff received private feedback that the blanket statements about "neurodiverse people", the bizarre motives ascribed to the people in charge of the PSF and various volunteers and the sideways comments about the kinds of people making reports were also very off-putting.

Read more of this story at Slashdot.

No R-rated film has ever earned as much in its opening weekend, reports the Hollywood Reporter — a whopping $205 million. (The previous record was $133.7 million, set in 2016 by the original film Deadpool...) It's also the very first R-rated film ever released by Disney... [Deadpool actor Ryan] Reynolds has his own theory about its success. "Disney probably doesn't want me to frame it this way, but I've always thought of Deadpool & Wolverine as the first four-quadrant, R-rated film," Reynolds tells the Hollywood Reporter. "Yes, it's rated R, but we set out to make a movie with enough laughs, action and heart to appeal to everyone, whether you're a comic book movie fan or not." There's reason Disney and others may bristle at labeling it a four-quadrant film, which generally is reserved for movies that work equally for males and females over and under 25. Afterall, it is perhaps the most violent and bloody Deadpool movie yet. Still, here's evidence to back up Reynolds' theory that it's playing to a far more broad audience than the usual Marvel Cinematic Univerese movie, even if it's skewing male by anywhere from 60 to 63 percent. So far, 13.6 million people have bought tickets to see it, on par with last year's Barbie, which was rated PG-13, according to Steve Buck's leading research firm EntTelligence. That's the most foot traffic ever for an R-rated movie.... "Once thought of as a sure-fire way to limit potential box office, the R rating, when properly applied, can be the key to unlocking massive box office, and this has proven to be the secret sauce for the Deadpool franchise," says chief Comscore box office analyst Paul Dergarabedian. "The creative freedom afforded by the less restrictive rating has enabled filmmakers to push the envelope and, particularly in the case of Deadpool & Wolverine, can deliver the kind of edgy, intense, profanity-filled comedy action that modern audiences are fired up to see on the big screen...." It's also the biggest July opening of all time, the biggest opening of 2024 so far and Marvel Studios' biggest launch since Spider-Man: No Way Home in December 2021. ScreenRant notes that Deadpool & Wolverine has already surpassed the entire global box office for The Marvels in just three days. It's the biggest debut for a film since James Cameron's Avatar: The Way of the Water in December of 2022 (according to the Hollywood Reporter). And they add that though the figures haven't been adjusted for inflation — it's still the eighth-biggest box office opening of all time. But at the end of the day, it's just people enjoying a movie together. "Well, I'm not saying that other people should do this, but my 9-year-old watched the movie with me and my mom, who's in her late 70s," Reynolds reportedly told the New York Times, "and it was just was one of the best moments of this whole experience for me. Both of them were laughing their guts out, were feeling the emotion where I most desperately hoped people would be."

Read more of this story at Slashdot.

"As free software activists, we ought to take the opportunity to look at the situation and see how things could have gone differently," writes FSF campaigns manager Greg Farough: Let's be clear: in principle, there is nothing ethically wrong with automatic updates so long as the user has made an informed choice to receive them... Although we can understand how the situation developed, one wonders how wise it is for so many critical services around the world to hedge their bets on a single distribution of a single operating system made by a single stupefyingly predatory monopoly in Redmond, Washington. Instead, we can imagine a more horizontal structure, where this airline and this public library are using different versions of GNU/Linux, each with their own security teams and on different versions of the Linux(-libre) kernel... As of our writing, we've been unable to ascertain just how much access to the Windows kernel source code Microsoft granted to CrowdStrike engineers. (For another thing, the root cause of the problem appears to have been an error in a configuration file.) But this being the free software movement, we could guarantee that all security engineers and all stakeholders could have equal access to the source code, proving the old adage that "with enough eyes, all bugs are shallow." There is no good reason to withhold code from the public, especially code so integral to the daily functioning of so many public institutions and businesses. In a cunning PR spin, it appears that Microsoft has started blaming the incident on third-party firms' access to kernel source and documentation. Translated out of Redmond-ese, the point they are trying to make amounts to "if only we'd been allowed to be more secretive, this wouldn't have happened...!" We also need to see that calling for a diversity of providers of nonfree software that are mere front ends for "cloud" software doesn't solve the problem. Correcting it fully requires switching to free software that runs on the user's own computer.The Free Software Foundation is often accused of being utopian, but we are well aware that moving airlines, libraries, and every other institution affected by the CrowdStrike outage to free software is a tremendous undertaking. Given free software's distinct ethical advantage, not to mention the embarrassing damage control underway from both Microsoft and CrowdStrike, we think the move is a necessary one. The more public an institution, the more vitally it needs to be running free software. For what it's worth, it's also vital to check the syntax of your configuration files. CrowdStrike engineers would do well to remember that one, next time.

Read more of this story at Slashdot.