Slashdot

Subscribe to Slashdot feed Slashdot
News for nerds, stuff that matters
Updated: 2 hours 59 min ago

The Dead Need Right To Delete Their Data So They Can't Be AI-ified, Lawyer Says

Tue, 2025-08-12 02:30
Legal scholar Victoria Haneman argues that U.S. law should grant estates a time-limited right to delete a deceased person's data so they can't be recreated by AI without their consent. "Digital resurrection by or through AI requires the personal data of the deceased, and the amount of data that we are storing online is increasing exponentially with each passing year," writes Haneman in an article published earlier this year in the Boston College Law Review. "It has been said that data is the new uranium, extraordinarily valuable and potentially dangerous. A right to delete will provide the decedent with a time-limited right for deletion of personal data." The Register reports: A living person may have some say on the matter through the control of personal digital documents and correspondence. But a dead person can't object, and US law doesn't offer the dead much data protection in terms of privacy law, property law, intellectual property law, or criminal law. The Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), a law developed to help fiduciaries deal with digital files of the dead or incapacitated, can come into play. But Haneman points out that most people die intestate (without a will), leaving matters up to tech platforms. Facebook's response to dead users is to allow anyone to request the memorialization of an account, which keeps posts online. As for RUFADAA, it does little to address digital resurrection, says Haneman. The right to publicity, which provides a private right of action against unauthorized commercial use of a person's name, image, or likeness, covers the dead in about 25 states, according to Haneman. But the monetization of publicity rights has proven to be problematic. Haneman says that there are some states where it's theoretically possible to be prosecuted for libeling or defaming the deceased, such as Idaho, Nevada, and Oklahoma, but adds that such prosecutions have declined because they tread upon the constitutional right to free expression. [...] A recent California law, the Delete Act, which took effect last year, is the first to offer a way for the living to demand the deletion of personal data from data brokers in one step. But according to Haneman, it's unclear whether the text of the law will be extended to cover the dead -- a possibility think tank Aspen Tech Policy Hub supports [PDF]. Haneman argues that a data deletion law for the dead would be grounded in laws governing human remains, where corpses receive protection against abuse despite being neither a person nor property. "The personal representative of the decedent has the right to destroy all physical letters and photographs saved by the decedent; merely storing personal information in the cloud should not grant societal archival rights," she argues. "A limited right of deletion within a twelve-month window balances the interests of society against the rights of the deceased."

Read more of this story at Slashdot.

Categories: Computer, News

Trump Calls Intel CEO a 'Success' After Demanding Resignation

Tue, 2025-08-12 01:50
Just days after demanding Intel CEO Lip-Bu Tan resign over his past ties to China, President Trump reversed course, calling Tan a "success" following a White House meeting. "I met with Mr. Lip-Bu Tan, of Intel, along with Secretary of Commerce, Howard Lutnick, and Secretary of the Treasury, Scott Bessent," Trump wrote in a post on Truth Social. "The meeting was a very interesting one. His success and rise is an amazing story. Mr. Tan and my Cabinet members are going to spend time together, and bring suggestions to me during the next week. Thank you for your attention to this matter!" CNBC reports: Tan has been an Intel director since 2022, and in March he replaced Pat Gelsinger as CEO. Last week Sen. Tom Cotton, R-Ark., questioned Tan's ties to China. Cotton brought up a past criminal case involving Cadence Design, where Tan had been CEO, and asked whether Intel required Tan to divest from positions in chipmakers linked to the Chinese Communist Party, the People's Liberation Army and any other concerning entities in China. Trump's latest message marks a stark change in tone from last week. In a Truth Social post on Thursday, the president wrote that Tan "is highly CONFLICTED and must resign, immediately. There is no other solution to this problem." Intel said in a comment later that day that the company, directors and Tan are "deeply committed to advancing U.S. national and economic security interests."

Read more of this story at Slashdot.

Categories: Computer, News

GM Plans Renewed Push On Driverless Cars After Cruise Debacle

Tue, 2025-08-12 01:10
An anonymous reader quotes a report from Seeking Alpha: General Motors is reviving its autonomous driving program, tapping former Cruise employees to help design a driverless car for consumers. Under the helm of former Tesla autopilot head Sterling Anderson, GM is moving ahead with a driverless, eyes-free, vehicle with the ultimate goal of developing a car without a person at the wheel, according to a meeting between Anderson and employees revealed to Bloomberg. Anderson reportedly said plans include rehiring Cruise employees, and adding staff at GM's Mountain View, California office. Currently, LiDAR-equipped vehicles are collecting data on public roads for the development of GM's driverless vehicles, GM spokesperson Chaiti Sen told Bloomberg, with the goal of building simulation models that will guide development. GM (GM) shuttered its majority-owned, money-losing, Cruise robotaxi business late last year and let go of ~1,000 Cruise employees, after a pedestrian accident led to the grounding of its entire fleet and regulatory scrutiny. At the time, the company said it was pivoting away from robotaxis to the development of hands-free driving for personal vehicles.

Read more of this story at Slashdot.

Categories: Computer, News

EU Commission Approves $4.8 Billion Prosus' Takeover of Just Eat Takeaway

Tue, 2025-08-12 00:30
Prosus has secured conditional approval from the European Union for its $4.8âbillion (4.1 billion euros) acquisition of Just Eat Takeaway, after agreeing to sell down its 27.4% stake in Delivery Hero. Reuters reports: Amsterdam-headquartered Prosus, which is majority owned by South Africa's Naspers, announced the deal in February, banking on its artificial intelligence capability to boost Just Eat Takeaway, Europe's biggest meal delivery company. The European Commission, which acts as the EU competition enforcer, said Naspers offered to significantly reduce its 27.4% stake in Delivery Hero to below a specified very low percentage within 12 months. Naspers also pledged not to exercise the voting rights with its remaining limited stake in Delivery Hero and also not to increase its stake beyond the specified maximum level. It will not recommend or propose any person to Delivery Hero's management and supervisory boards. Prosus said the EU decision was the final regulatory approval needed to close the offer which ends on October 1 and that if all offer conditions including the acceptance threshold for the deal are met by that date, it will declare its offer unconditional within three business days. "Our ambition is clear: to build a true European tech champion and lead the next chapter in food delivery innovation," Prosus CEO Fabricio Bloisi said in a statement. "This decision also sends a clear warning to an industry with recent antitrust issues: we won't tolerate any anti-competitive behaviour that may harm consumers," she said. After the deal is complete, Prosus will become the world's fourth-largest food delivery company after Meituan, DoorDash, and Uber.

Read more of this story at Slashdot.

Categories: Computer, News

Nvidia and AMD To Pay 15% of China Chip Sale Revenues To US Government

Mon, 2025-08-11 23:50
In an unusual arrangement to secure export licenses, Nvidia and AMD have agreed to give the U.S. government 15% of revenue from certain chip sales to China. The Associated Press reports: The Trump administration halted the sale of advanced computer chips to China in April over national security concerns, but Nvidia and AMD revealed in July that Washington would allow them to resume sales of the H20 and MI308 chips, which are used in artificial intelligence development. President Trump confirmed the terms of the unusual arrangement in a Monday press conference while noting that he originally wanted 20% of the sales revenue when Nvidia asked to sell the "obsolete" H20 chip to China. The president credited Nvidia CEO Jensen Huang for negotiating him down to 15%. "So we negotiated a little deal. So he's selling a essentially old chip," Trump said. Nvidia did not comment about the specific details of the agreement or its quid pro quo nature, but said they would adhere to the export rules laid out by the administration. "We follow rules the U.S. government sets for our participation in worldwide markets. While we haven't shipped H20 to China for months, we hope export control rules will let America compete in China and worldwide," Nvidia wrote in a statement to the AP. "America cannot repeat 5G and lose telecommunication leadership. America's AI tech stack can be the world's standard if we race."

Read more of this story at Slashdot.

Categories: Computer, News

Ford Announces Investment To Bring Affordable EVs To Market

Mon, 2025-08-11 23:10
An anonymous reader quotes a report from the Detroit Free Press: Ford is announcing the creation of a new electric vehicle production system and a new EV platform that will allow the automaker to more efficiently bring several lower-cost EVs to market, the first of which will be a midsize, four-door electric pickup that seats five, to launch in 2027. That pickup, which is expected to start around $30,000, will be assembled at Ford's Louisville Assembly Plant for U.S. and export markets. The Dearborn-based automaker said it will invest $2 billion to retool the Louisville plant starting later this year. [...] Ford's investment in Louisville Assembly is in addition to Ford's previously announced $3 billion commitment for BlueOval Battery Park in Marshall, Michigan, where Ford will make the prismatic LFP batteries, starting next year, for the midsize electric pickup. Together, the nearly $5 billion investments mean Ford expects to create or secure nearly 4,000 direct jobs while strengthening the domestic supply chain with dozens of new U.S.-based suppliers. Ford executives and Kentucky officials also introduced on Monday, Aug. 11, the new Ford Universal EV Production System, which they said will simplify production and ease operations for workers. Ford leaders also announced the creation of the Ford Universal Electric Vehicle Platform, which will enable the development of "a family of affordable electric vehicles produced at scale." The vehicles will be software-defined with over-the-air updates to keep improving the vehicles over time. "We took a radical approach to solve a very hard challenge: Create affordable vehicles that are breakthrough in every way that matters design, technology, performance, space and cost of ownership and do it with American workers," Ford CEO Jim Farley said in a statement. "Nobody wants to see another good college try by a Detroit automaker to make an affordable vehicle that ends up with idled plants, layoffs and uncertainty." Farley has teased this announcement since Ford's second-quarter earnings when he said Ford would have a "Model-T moment" on Aug. 11. He's referring to the classic vehicle that helped turn Ford into a mass market automaker and perfect the assembly line process. At that time, Farley said it was critical that Ford unveil an EV strategy that would position it to make money selling the electric cars and effectively compete against the Chinese, who are known for making high-quality, desirable and affordable EVs. "So, this has to be a good business," Farley said of Ford's investments in the new process and platform. "From Day 1, we knew there was no incremental path to success. We empowered a tiny skunkworks team three time zones away from Detroit. We reinvented the line. And we are on a path to be the first automaker to make prismatic LFP batteries in the U.S. We will not rely on imports." Ford says its new Universal Electric Vehicle Platform "reduces parts by 20% versus a typical vehicle, with 25% fewer fasteners, 40% fewer workstations dock-to-dock in the plant and 15% faster assembly time." The new EV pickup built using this platform is targeting a "starting MSRP at about $30,000, roughly the same as the Model T when adjusted for inflation," adds Farley. He shared additional details in an interview with Wired, such as how the automaker hired Tesla veterans Doug Field (who also helped lead Apple's now-defunct EV project) and Alan Clarke. "Turns out, Doug and Alan and the team built a propulsion system that was like Apollo 13, managed down to the watt so that our battery could be so much smaller than BYD's," said Farley.

Read more of this story at Slashdot.

Categories: Computer, News

Biochar From Human Waste Could Solve Global Fertilizer Shortages, Study Finds

Mon, 2025-08-11 22:10
Biochar produced from solid human excrement could supply up to 7% of global phosphorus fertilizer needs annually, according to a Cornell University study published in PNAS. When combined with nutrients extracted from urine, the process could provide 15% of phosphorus, 17% of nitrogen, and 25% of potassium used in agriculture worldwide. The biochar production process reduces solid waste volume and weight by up to 90%, while allowing nutrient proportions to be adjusted for specific crop requirements.

Read more of this story at Slashdot.

Categories: Computer, News

Promising Linux Project Dies After Dev Faces Harassment

Mon, 2025-08-11 21:30
New submitter darwinmac writes: Kapitano, a user-friendly GTK4 frontend for the ClamAV scanner on Linux, has been killed by its developer 'zynequ' following a wave of harsh, personal attacks from a user. The tool was meant to simplify virus scanning but quickly became a flashpoint when a user claimed it produced malware. After defending the code calmly, the developer was nonetheless met with escalating accusations and hostility, leading to burnout. The project is now marked as "not maintained," its code released into the public domain under The Unlicense, and it's being delisted from Flathub. zynequ said: "This was always a hobby project, created in my free time with none of the financial support. Incidents like this make it hard to stay motivated."

Read more of this story at Slashdot.

Categories: Computer, News

Starbucks Asks Customers in South Korea To Stop Bringing Printers and Desktop Computers Into Stores

Mon, 2025-08-11 20:51
An anonymous reader shares a report: Starbucks patrons in South Korea are setting up de facto offices at the coffee chain, bringing along their desktop computers and printers. The company implemented a new policy banning bulky items from store locations. In South Korea, where office space is scant, remote workers are using cafes as a cheap place to work. Starbucks South Korea is experiencing this exact phenomenon and is now banning patrons from bringing in large pieces of work equipment, treating the cafes like their own amenity-stuffed office space. "While laptops and smaller personal devices are welcome, customers are asked to refrain from bringing desktop computers, printers, or other bulky items that may limit seating and impact the shared space," a Starbucks spokesperson told Fortune in a statement.

Read more of this story at Slashdot.

Categories: Computer, News

America's Clean Hydrogen Dreams Are Fading, Again

Mon, 2025-08-11 20:12
Companies are canceling clean hydrogen projects across the United States after Congress shortened the qualification window for a Biden-era tax credit by five years, requiring projects to be under construction by the end of 2027. Energy consulting firm Wood Mackenzie estimates three-quarters of proposals will not meet this deadline. Woodside Energy and Fortescue have scrapped projects in Oklahoma and Arizona respectively, citing cost increases and policy uncertainty. According to McKinsey, fewer than 15% of low-emission hydrogen projects announced in the United States since 2015 have reached final investment decision stage.

Read more of this story at Slashdot.

Categories: Computer, News

Reddit Will Block the Internet Archive

Mon, 2025-08-11 19:30
Reddit says that it has caught AI companies scraping its data from the Internet Archive's Wayback Machine, so it's going to start blocking the Internet Archive from indexing the vast majority of Reddit. From a report: The Wayback Machine will no longer be able to crawl post detail pages, comments, or profiles; instead, it will only be able to index the Reddit.com homepage, which effectively means Internet Archive will only be able to archive insights into which news headlines and posts were most popular on a given day. "Internet Archive provides a service to the open web, but we've been made aware of instances where AI companies violate platform policies, including ours, and scrape data from the Wayback Machine," spokesperson Tim Rathschmidt tells The Verge.

Read more of this story at Slashdot.

Categories: Computer, News

Ex-NSA Chief Paul Nakasone Has a Warning for the Tech World

Mon, 2025-08-11 18:50
Former NSA and Cyber Command chief Paul Nakasone told the Defcon security conference this month that technology companies will find it "very, very difficult" to remain neutral through 2025 and 2026. Speaking with Defcon founder Jeff Moss in Las Vegas, Nakasone, now an OpenAI board member, addressed the intersection of technology and politics following the Trump administration's removal of cybersecurity officials deemed disloyal and revocation of security clearances for former CISA directors Chris Krebs and Jen Easterly. Nakasone also called ransomware "among the great scourges that we have in our country," stating the U.S. is "not making progress against ransomware."

Read more of this story at Slashdot.

Categories: Computer, News

'Goodbye, $165,000 Tech Jobs. Student Coders Seek Work At Chipotle.'

Mon, 2025-08-11 18:10
theodp writes: The New York Times reports from the CS grad job-seeking trenches: Growing up near Silicon Valley, Manasi Mishra remembers seeing tech executives on social media urging students to study computer programming. "The rhetoric was, if you just learned to code, work hard and get a computer science degree, you can get six figures for your starting salary," Ms. Mishra, now 21, recalls hearing as she grew up in San Ramon, Calif. Those golden industry promises helped spur Ms. Mishra to code her first website in elementary school, take advanced computing in high school and major in computer science in college. But after a year of hunting for tech jobs and internships, Ms. Mishra graduated from Purdue University in May without an offer. "I just graduated with a computer science degree, and the only company that has called me for an interview is Chipotle," Ms. Mishra said in a get-ready-with-me TikTok video this summer that has since racked up more than 147,000 views. Some graduates described feeling caught in an A.I. "doom loop." Many job seekers now use specialized A.I. tools like Simplify to tailor their resumes to specific jobs and autofill application forms, enabling them to quickly apply to many jobs. At the same time, companies inundated with applicants are using A.I. systems to automatically scan resumes and reject candidates.

Read more of this story at Slashdot.

Categories: Computer, News

GitHub No Longer Independent at Microsoft As CEO Steps Down

Mon, 2025-08-11 17:25
GitHub CEO Thomas Dohmke announced Monday he will step down to pursue entrepreneurial endeavors, with Microsoft restructuring the subsidiary's leadership rather than appointing a direct replacement. Microsoft developer division head Julia Liuson will oversee GitHub's revenue, engineering and support operations, while chief product officer Mario Rodriguez will report to Microsoft AI platform VP Asha Sharma.

Read more of this story at Slashdot.

Categories: Computer, News

The Engineering Marvel That China Hopes Will Help Wean It Off Foreign Energy

Mon, 2025-08-11 16:42
China has begun construction of a $167 billion hydropower facility on Tibet's Yarlung Tsangpo River that would generate triple the output of the Three Gorges Dam. The project employs a run-of-the-river design, drilling deep tunnels through mountains to bypass the Yarlung Tsangpo Grand Canyon, where the river drops nearly two vertical miles over 300 miles. Water diverted through the tunnels will drive turbines at both ends without creating a large reservoir. The river currently produces just 2% of its hydropower potential. A $7 billion transmission network will deliver electricity to Guangdong province, Hong Kong, and Macau. China imported nearly a quarter of its energy supply in 2023.

Read more of this story at Slashdot.

Categories: Computer, News

Wikipedia Operator Loses Court Challenge To UK Online Safety Act Regulations

Mon, 2025-08-11 16:03
The operator of Wikipedia on Monday lost a legal challenge to parts of Britain's Online Safety Act, which sets tough new requirements for online platforms and has been criticized for potentially curtailing free speech. From a report: The Wikimedia Foundation took legal action at London's High Court over regulations made under the law, which it said could impose the most stringent category of duties on Wikipedia. The foundation said if it was subject to so-called Category 1 duties -- which would require Wikipedia's users and contributors' identities to be verified -- it would need to drastically reduce the number of British users who can access the site. Judge Jeremy Johnson dismissed its case on Monday, but said the Wikimedia Foundation could bring a further challenge if regulator Ofcom "(impermissibly) concludes that Wikipedia is a Category 1 service".

Read more of this story at Slashdot.

Categories: Computer, News

It's Steve Wozniak's 75th Birthday. Whatever Happened to His YouTube Lawsuit?

Mon, 2025-08-11 13:34
In 2020 a YouTube video used video footage of Steve Wozniak in a scam to steal bitcoin. "Some people said they lost their life savings," Wozniak tells CBS News, explaining why he sued YouTube in 2020 — and where his case stands now: Wozniak's lawsuit against YouTube has been tied up in court now for five years, stalled by federal legislation known as Section 230. Attorney Brian Danitz said, "Section 230 is a very broad statute that limits, if not totally, the ability to bring any kind of case against these social media platforms." "It says that anything gets posted, they have no liability at all," said Wozniak. "It's totally absolute." Google responded to our inquiry about Wozniak's lawsuit with a statement from José Castañeda, of Google Policy Communications: "We take abuse of our platform seriously and take action quickly when we detect violations ... we have tools for users to report channels that are impersonating their likeness or business." [Steve's wife] Janet Wozniak, however, says YouTube did nothing, even though she reported the scam video multiple times: "You know, 'Please take this down. This is an obvious mistake. This is fraud. You're YouTube, you're helping dupe people out of their money,'" she said. "They wouldn't," said Steve... Today is Steve Wozniak's 75th birthday. (You can watch the interview here.) And the article includes this interesting detail about Woz's life today: Wozniak sold most of his Apple stock in the mid-1980s when he left the company. Today, though, he still gets a small paycheck from Apple for making speeches and representing the company. He says he's proud to see Apple become a trillion-dollar company. "Apple is still the best," he said. "And when Apple does things I don't like, and some of the closeness I wish it were more open, I'll speak out about it. Nobody buys my voice!" I asked, "Apple listen to you when you speak out?" "No," Wozniak smiled. "Oh, no. Oh, no."

Read more of this story at Slashdot.

Categories: Computer, News

As Demand for Plant-Based Meat Weakens in the US, Beyond Disappoints Wall Street

Mon, 2025-08-11 10:21
Wedneday Beyond Meat "missed Wall Street estimates for second-quarter revenue," reports Reuters. "Consumers' growing concerns about processed foods are severely diminishing the appeal of Beyond Meat's product line, causing retailers and quick service restaurants to pull back sharply on orders," Rachel Wolff, analyst at Emarketer, said. Retail sales of refrigerated plant-based meat alternative products in the U.S. have fallen 17.2% so far this year, and frozen plant-based meat alternatives have fallen 8.1%, according to data from SPINS... [Beyond's] revenue for the quarter ended June 28 fell nearly 20% to $75 million, compared with analysts' average estimate of $82 million, according to data compiled by LSEG. While the company arguably invented a new market for plant-based meat substitutes, it also "owns no real intellectual property," argues The Street. "And every company in the meat and grocery business (more or less) now sells a take-off of a product that already had limited appeal..." Beyond Meat has admitted it's in trouble by hiring corporate restructuring expert John Boken from consultancy AlixPartners as interim chief transformation officer [with a focus that includes "operating expense reduction" and "broader operational efficiency"]. It has also let go of 44 employees in North America (6% of its global workforce) as it seeks to cut operating expenses amid disappointing sales... Beyond Meat also has a significant cash problem. As of June 28, 2025, Beyond Meat's cash and cash equivalents balance was $117.3 million, and total outstanding debt was $1.2 billion. The company does have time to fend off a Chapter 11 bankruptcy filing, but it also has limited, if any, prospects to meet its impending cash needs.

Read more of this story at Slashdot.

Categories: Computer, News

How 12 'Enola Gay' Crew Members Remember Dropping the Atomic Bomb

Mon, 2025-08-11 07:21
Last week saw the 80th anniversary of a turning point in World War II: the day America dropped an atomic bomb on Hiroshima. "Twelve men were on that flight..." remembers the online magazine Mental Floss, adding "Almost all had something to say after the war." The group was segregated from the rest of the military and trained in secret. Even those in the group only knew as much as they needed to know in order to perform their duties. The group deployed to Tinian in 1945 with 15 B-29 bombers, flight crews, ground crews, and other personnel, a total of about 1770 men. The mission to drop the atomic bomb on Hiroshima, Japan (special mission 13) involved seven planes, but the one we remember was the Enola Gay. Air Force captain Theodore "Dutch" Van Kirk did not know the destructive force of the nuclear bomb before Hiroshima. He was 24 years old at that time, a veteran of 58 missions in North Africa. Paul Tibbets told him this mission would shorten or end the war, but Van Kirk had heard that line before. Hiroshima made him a believer. Van Kirk felt the bombing of Hiroshima was worth the price in that it ended the war before the invasion of Japan, which promised to be devastating to both sides. " I honestly believe the use of the atomic bomb saved lives in the long run. There were a lot of lives saved. Most of the lives saved were Japanese." In 2005, Van Kirk came as close as he ever got to regret. "I pray no man will have to witness that sight again. Such a terrible waste, such a loss of life..." Many of the other crewmembers also felt the bomb ultimately saved lives. The Washington Post has also published a new oral history of the flight after it took off from Tinian Island. The oral history was assembled for a new book published this week titled The Devil Reached Toward the Sky: An Oral History of the Making and Unleashing of the Atomic Bomb.. Col. Paul W. Tibbets, lead pilot of the Enola Gay: We were only eight minutes off the ground when Capt. William S. "Deak" Parsons and Lt. Morris R. Jeppson lowered themselves into the bomb bay to insert a slug of uranium and the conventional explosive charge into the core of the strange-looking weapon. I wondered why we were calling it ''Little Boy." Little Boy was 28 inches in diameter and 12 feet long. Its weight was a little more than 9,000 pounds. With its coat of dull gunmetal paint, it was an ugly monster... Lt. Morris R. Jeppson, crew member of the Enola Gay: Parsons was second-in-command of the military in the Manhattan Project. The Little Boy weapon was Parsons's design. He was greatly concerned that B-29s loaded with conventional bombs were crashing at the ends of runways on Tinian during takeoff and that such an event could cause the U-235 projectile in the gun of Little Boy to fly down the barrel and into the U-235 target. This could have caused a low-level nuclear explosion on Tinian... Jeppson: On his own, Parsons decided that he would go on the Hiroshima mission and that he would load the gun after the Enola Gay was well away from Tinian. Tibbets: That way, if we crashed, we would lose only the airplane and crew, himself included... Jeppson held the flashlight while Parsons struggled with the mechanism of the bomb, inserting the explosive charge that would send one block of uranium flying into the other to set off the instant chain reaction that would create the atomic explosion. The navigator on one of the other six planes on the mission remember that watching the mushroom cloud, "There was almost complete silence on the flight deck. It was evident the city of Hiroshima was destroyed." And the Enola Gay's copilot later remembered thinking: "My God, what have we done?"

Read more of this story at Slashdot.

Categories: Computer, News

How Python is Fighting Open Source's 'Phantom' Dependencies Problem

Mon, 2025-08-11 04:07
Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it. "Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata... Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected: - There are many methods for interfacing Python with non-Python software, such as through the C-API or FFI. Python can "wrap" and expose an easy-to-use Python API for software written in other languages like C, C++, Rust, Fortran, Web Assembly, and more. - Python is the premier language for scientific computing and artificial intelligence, meaning many high-performance libraries written in system languages need to be accessed from Python code. - Finally, Python packages have a distribution type called a "wheel", which is essentially a zip file that is "installed" by being unzipped into a directory, meaning there is no compilation step allowed during installation. This is great for being able to inspect a package before installation, but it means that all compiled languages need to be pre-compiled into binaries before installation... When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain... We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem. The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note. "Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."

Read more of this story at Slashdot.

Categories: Computer, News

Pages