The unemployment rate in America's information technology sector "rose from 3.9% in December to 5.7% in January," reports the Wall Street Journal. (Alternate URL here.) Meanwhile last month's overall jobless rate was just 4%, they point out, calling it "the latest sign of how automation and the increasing use of artificial intelligence are having a negative impact on the tech labor market."

Companies began implementing their annual spending cuts in January, and there were layoffs at large tech companies like Meta. But whatever the reason, "The number of unemployed IT workers rose from 98,000 in December to 152,000 last month, according to a report from consulting firm Janco Associates based on data from the U.S. Department of Labor," while the Labor Department said the overall economy added 143,000 jobs.

One management consulting firm offers this explanation: Job losses in tech can be attributed in part to the influence of AI, according to Victor Janulaitis, chief executive of Janco Associates. The emergence of generative AI has produced massive amounts of spending by tech giants on AI infrastructure, but not necessarily new jobs in IT. "Jobs are being eliminated within the IT function which are routine and mundane, such as reporting, clerical administration," Janulaitis said. "As they start looking at AI, they're also looking at reducing the number of programmers, systems designers, hoping that AI is going to be able to provide them some value and have a good rate of return."

Increased corporate investment in AI has shown early signs of leading to future cuts in hiring, a concept some tech leaders are starting to call "cost avoidance." Rather than hiring new workers for tasks that can be more easily automated, some businesses are letting AI take on that work — and reaping potential savings. The latest IT jobs numbers come as unemployment among white-collar workers remains at its highest levels since 2020, according to Cory Stahle, an economist at hiring website Indeed. "What we've really seen, especially in the last year or so, is a bifurcation in opportunities, where white-collar knowledge worker type jobs have had far less employer demand than jobs that are more in-person, skilled labor jobs," Stahle said.
Stahle notes that job postings at Indeed.com for software developers declined 8.5% in January from a year earlier...

Keynotes at this year's FOSDEM included free AI models and systemd, reports Heise.de — and also a progress report from Miguel Ojeda, supervisor of the Rust integration in the Linux kernel. Only eight people remain in the core team around Rust for Linux... Miguel Ojeda therefore launched a survey among kernel developers, including those outside the Rust community, and presented some of the more important voices in his FOSDEM talk. The overall mood towards Rust remains favorable, especially as Linus Torvalds and Greg Kroah-Hartman are convinced of the necessity of Rust integration. This is less about rapid progress and more about finding new talent for kernel development in the future.
The reaction was mostly positive, judging by Ojeda's slides:

- "2025 will be the year of Rust GPU drivers..." — Daniel Almedia

- "I think the introduction of Rust in the kernel is one of the most exciting development experiments we've seen in a long time." — Andrea Righi

- "[T]he project faces unique challenges. Rust's biggest weakness, as a language, is that relatively few people speak it. Indeed, Rust is not a language for beginners, and systems-level development complicates things even more. That said, the Linux kernel project has historically attracted developers who love challenging software — if there's an open source group willing to put the extra effort for a better OS, it's the kernel devs." — Carlos Bilbao

- "I played a little with [Rust] in user space, and I just absolutely hate the cargo concept... I hate having to pull down other code that I do not trust. At least with shared libraries, I can trust a third party to have done the build and all that... [While Rust should continue to grow in the kernel], if a subset of C becomes as safe as Rust, it may make Rust obsolete..." Steven Rostedt

Rostedt wasn't sure if Rust would attract more kernel contributors, but did venture this opinion. "I feel Rust is more of a language that younger developers want to learn, and C is their dad's language."

But still "contention exists within the kernel development community between those pro-Rust and -C camps," argues The New Stack, citing the latest remarks from kernel maintainer Christoph Hellwig (who had earlier likened the mixing of Rust and C to cancer). Three days later Hellwig reiterated his position again on the Linux kernel mailing list: "Every additional bit that another language creeps in drastically reduces the maintainability of the kernel as an integrated project. The only reason Linux managed to survive so long is by not having internal boundaries, and adding another language completely breaks this. You might not like my answer, but I will do everything I can do to stop this. This is NOT because I hate Rust. While not my favourite language it's definitively one of the best new ones and I encourage people to use it for new projects where it fits. I do not want it anywhere near a huge C code base that I need to maintain."
But the article also notes that Google "has been a staunch supporter of adding Rust to the kernel for Linux running in its Android phones." The use of Rust in the kernel is seen as a way to avoid memory vulnerabilities associated with C and C++ code and to add more stability to the Android OS. "Google's wanting to replace C code with Rust represents a small piece of the kernel but it would have a huge impact since we are talking about billions of phones," Ojeda told me after his talk.

In addition to Google, Rust adoption and enthusiasm for it is increasing as Rust gets more architectural support and as "maintainers become more comfortable with it," Ojeda told me. "Maintainers have already told me that if they could, then they would start writing Rust now," Ojeda said. "If they could drop C, they would do it...."

Amid the controversy, there has been a steady stream of vocal support for Ojeda. Much of his discussion also covered statements given by advocates for Rust in the kernel, ranging from lead developers of the kernel and including Linux creator Linus Torvalds himself to technology leads from Red Hat, Samsung, Google, Microsoft and others.

"It is now 45+ years since C++ was first conceived," writes 74-year-old C++ creator Bjarne Stroustrup in an article this week for Communications of the ACM. But he complains that many developers "use C++ as if it was still the previous millennium," in an article titled 21st Century C++ that promises "the key concepts on which performant, type safe, and flexible C++ software can be built: resource management, life-time management, error-handling, modularity, and generic programming...

"At the end, I present ways to ensure that code is contemporary, rather than relying on outdated, unsafe, and hard-to-maintain techniques: guidelines and profiles." To help developers focus on effective use of contemporary C++ and avoid outdated "dark corners" of the language, sets of guidelines have been developed. Here I focus on the C++ Core guidelines that I consider the most ambitious... My principal aim is a type-safe and resource-safe use of ISO standard C++. That is:

- Every object is exclusively used according to its definition
- No resource is leaked

This encompasses what people refer to as memory safety and much more. It is not a new goal for C++. Obviously, it cannot be achieved for every use of C++, but by now we have years of experience showing that it can be done for modern code, though so far enforcement has been incomplete... When thinking about C++, it is important to remember that C++ is not just a language but part of an ecosystem consisting of implementations, libraries, tools, teaching, and more.
WG21 (and others) are working on "profiles" to enforce guidelines (though they're "not yet available, except for experimental and partial versions"). But Stroustrup writes that the C++ Core Guidelines "use a strategy known as subset-of-superset." First: extend the language with a few library abstractions: use parts of the standard library and add a tiny library to make use of the guidelines convenient and efficient (the Guidelines Support Library, GSL).
Next: subset: ban the use of low-level, inefficient, and error-prone features.

What we get is "C++ on steroids": Something simple, safe, flexible, and fast; rather than an impoverished subset or something relying on massive run-time checking. Nor do we create a language with novel and/or incompatible features. The result is 100% ISO standard C++. Messy, dangerous, low-level features can still be enabled and used when needed.
Stroustrup writes that the C++ Core Guidelines focus on rules "we hope that everyone eventually could benefit from."

• No uninitialized variables

• No range or nullptr violations

• No resource leaks

• No dangling pointers

• No type violations

• No invalidation

Bjarne Stroustrup answered questions from Slashdot readers in 2014...

The tech startup "purported to make smart home and business products," writes America's Justice Department — products that were "meant to stop package theft, prevent weather damage to packages, and make it easier for emergency responders and delivery services to find homes and businesses." Royce Newcomb "developed prototypes of his products and received local and national media attention for them. For example, Time Magazine included his eLiT Address Box & Security System, which used mobile networks to pinpoint home and business locations, on its Best Inventions of 2021 list."

But then he told investors he'd also received a grant by the National Science Foundation — one of "several false representations to his investors to deceive and cheat them out of their money... Newcomb used the money to pay for gambling, a Mercedes and Jaguar, and a mansion." He also used the money to pay for refunds to other investors who wanted out, and to pay for new, unrelated projects without the investors' authorization. During this period, Newcomb also received a fraudulent COVID-19 loan for more than $70,000 from the Small Business Administration and fraudulent loans for more than $190,000 from private lenders. He lied about Strategic Innovations having hundreds of thousands and even millions in revenue to get these loans.

Newcomb was previously convicted federally in 2011 for running a real estate fraud scheme in Sacramento. He was sentenced to more than five years in prison for that offense, and he was on federal supervised release for that offense when he committed the offenses charged in this case... Newcomb faces maximum statutory penalties of 20 years in prison and a $250,000 fine for the wire fraud charge, and 10 years in prison and a $250,000 fine for the money laundering charge...

This effort is part of a California COVID-19 Fraud Enforcement Strike Force operation, one of five interagency COVID-19 fraud strike force teams established by the U.S. Department of Justice.
SFGate writes that "Despite receiving significant funding, his startup, Strategic Innovations, never made a dime or released any products to market, according to legal documents." The owner of a California tech startup has pleaded guilty to stealing over $4 million from investors, private lenders and the U.S. government in order to live a luxurious lifestyle, the United States Attorney's Office announced Monday... When investors asked about product delays and when they'd be paid back, Newcomb made excuses and provided conflicting info, telling them that there were supply chain issues or software problems, according to the indictment. In reality, federal prosecutors said, he was using the money to travel and continue to make these lavish personal expenses.

The Free Software Foundation "hinted that it would organize an unprecedented virtual memorabilia auction" in March to celebrate this year's 40th anniversary, according to an announcement this week. Those hints "left collectors and free software fans wondering which of the pieces of the FSF's history would be auctioned off."

But Tuesday the FSF "lifted the veil and gave a sneak peak of some of the more prestigious entries in the memorabilia auction." First of all, the memorabilia auction will feature an item that could be especially interesting for art collectors but will certainly also draw the attention of free software fans from all over: the original GNU head drawing by Etienne Suvasa, which became the blueprint for the iconic GNU logo present everywhere in the free software world.

The list of memorabilia for sale also entails some rare and historic hardware, such as a "terminus-est" microcomputer, and an Amiga 3000UX that was used in the FSF's old office at the Massachusetts Institute of Technology (MIT) in the early days of GNU, when these machines were capable of running a GNU-like operating system. Another meaningful item to be auctioned off, and one that collectors will want to keep a keen eye on, is the Internet Hall of Fame medal awarded to founder Richard Stallman. When Stallman was inducted into the Internet Hall of Fame, it was the ultimate recognition of free software's immense impact on the development and advancement of the Internet. This medal is definitely worthy of joining a fine historical collection...! [T]here are several more historic awards, more original GNU artwork, and a legendary katana [as seen in an XKCD comic] that became a lighthearted weapon in the fight for computer user freedom.

The auction is only the opening act to a whole agenda of activities celebrating forty years of free software activism. In May, the FSF invites free software supporters all over the world to gather for local in-person community meetups to network, discuss what people can do next to make the world freer, and celebrate forty years of commitment to software freedom. Then, on the actual birthday of the FSF on October 4, 2025, the organization intends to bring the international free software community to Boston for a celebration featuring keynotes and workshops by prominent personalities of the free software movement.
"The bidding will start as a virtual silent auction on March 17 and run through March 21, with more auction items revealed each day, and will culminate in an virtual live auction on March 23, 2025, 14:00 to 17:00 EDT," according to the announcement.

"Register here to attend the live auction. There's no need to register for the silent auction; you can simply join the bidding on the FSF's LibrePlanet wiki."

Software companies are under pressure to invest in new AI capabilities without denting profits. One increasingly popular strategy to keep costs low is to shift hiring outside the US. From a report:Â Salesforce and Workday are simultaneously cutting jobs and highlighting the cost savings from adding workers internationally. "Do we need to hire everybody in San Francisco?" Salesforce Chief Operating Officer Brian Millham said at an event hosted by Barclays in December. "Or can we think about other locations that are cheaper where we can get really incredible labor like India and Mexico City."

US-based employees at Salesforce dropped to 51% from 58% in the four years ending in January 2024. In early 2023, it announced a reduction of roughly 8,000 jobs. Earlier this week, Bloomberg reported that the San Francisco-based software company would cut more than 1,000 positions in large part to make room for new AI-focused hiring. [...] Human resources software maker Workday, based in Pleasanton, California, announced Wednesday that it would eliminate about 1,750 jobs. Last year, Chief Executive Officer Carl Eschenbach emphasized a new focus on expanding margins, saying hiring more in countries like Costa Rica would help in this effort.Â

A survey of 2,130 Americans has revealed widespread vulnerability to cyber attacks through unsupported smart devices, with 43% unaware their devices might lose software support. The security threat was underscored in December 2023 when U.S. authorities disrupted a Chinese state-sponsored botnet targeting home routers and cameras that had stopped receiving security updates. Cloudflare separately reported a record-breaking DDoS attack in late 2023, primarily originating from compromised smart TVs and set-top boxes.

The survey, conduced by Consumer Reports, found that only 39% of consumers learned about lost software support from manufacturers, with most discovering issues when devices stopped working (40%) or through media reports (15%). Most consumers expect their smart devices to retain functionality after losing software support, particularly for large appliances (70%). However, Consumer Reports' research found only 14% of 21 smart appliance brands specify support timeframes, while an FTC study of 184 devices showed just 11% disclose support duration.

The Entertainment Software Association is launching a new gaming event to replace E3, which was permanently canceled in 2023. According to Engadget, the new event is called iicon (short for "interactive innovation conference") and will feature many of the same major gaming companies that once participated in E3. "Sony, Nintendo, Microsoft, Disney, EA, Epic Games, Ubisoft, Square Enix, Take Two Interactive, Amazon Games and Warner Bros. Games are all named as participants." From the report: [T]he announcements on social media promote iicon as being for "visionaries," "changemakers" and "innovators," so our best guess is that this event will swing more toward the corporate side of gaming where people might use that language unironically. If that's the case, this won't really be a replacement for the heyday of E3, when studios big and small would showcase their upcoming projects and drop internet-breaking surprises. Instead, the inaugural event in April 2026 sounds like it will focus more on moving the needle, brand alignments and synergy.

In 2022, writer and activist Cory Doctorow coined the term "enshittification" to describe the gradual deterioration of a service or product. The term's prevalence has increased to the point that it was the National Dictionary of Australia's word of the year last year. The editors at Ars Technica, having "covered a lot of things that have been enshittified," decided to highlight some of the worst examples the've come across. Here's a summary of each thing mentioned in their report: Smart TVs: Evolved into data-collecting billboards, prioritizing advertising and user tracking over user experience and privacy. Features like convenient input buttons are sacrificed for pushing ads and webOS apps. "This is all likely to get worse as TV companies target software, tracking, and ad sales as ways to monetize customers after their TV purchases -- even at the cost of customer convenience and privacy," writes Scharon Harding. "When budget brands like Roku are selling TV sets at a loss, you know something's up."

Google's Voice Assistant (e.g., Nest Hubs): Functionality has degraded over time, with previously working features becoming unreliable. Users report frequent misunderstandings and unresponsiveness. "I'm fine just saying it now: Google Assistant is worse now than it was soon after it started," writes Kevin Purdy. "Even if Google is turning its entire supertanker toward AI now, it's not clear why 'Start my morning routine,' 'Turn on the garage lights,' and 'Set an alarm for 8 pm' had to suffer."

Portable Document Format (PDF): While initially useful for cross-platform document sharing and preserving formatting, PDFs have become bloated and problematic. Copying text, especially from academic journals, is often garbled or impossible. "Apple, which had given the PDF a reprieve, has now killed its main selling point," writes John Timmer. "Because Apple has added OCR to the MacOS image display system, I can get more reliable results by screenshotting the PDF and then copying the text out of that. This is the true mark of its enshittification: I now wish the journals would just give me a giant PNG."

Televised Sports (specifically cycling and Formula 1): Streaming services have consolidated, leading to significantly increased costs for viewers. Previously affordable and comprehensive options have been replaced by expensive bundles across multiple platforms. "Formula 1 racing has largely gone behind paywalls, and viewership is down significantly over the last 15 years," writes Eric Berger. "Major US sports such as professional and college football had largely been exempt, but even that is now changing, with NFL games being shown on Peacock, Amazon Prime, and Netflix. None of this helps viewers. It enshittifies the experience for us in the name of corporate greed."

Google Search: AI overviews often bury relevant search results under lengthy, sometimes inaccurate AI-generated content. This makes finding specific information, especially primary source documents, more difficult. "Google, like many big tech companies, expects AI to revolutionize search and is seemingly intent on ignoring any criticism of that idea," writes Ashley Belanger.

Email AI Tools (e.g., Gemini in Gmail): Intrusive and difficult to disable, these tools offer questionable value due to their potential for factual inaccuracies. Users report being unable to fully opt-out. "Gmail won't take no for an answer," writes Dan Goodin. "It keeps asking me if I want to use Google's Gemini AI tool to summarize emails or draft responses. As the disclaimer at the bottom of the Gemini tool indicates, I can't count on the output being factual, so no, I definitely don't want it."

Windows: While many complaints about Windows 11 originated with Windows 10, the newer version continues the trend of unwanted features, forced updates, and telemetry data collection. Bugs and performance issues also plague the operating system. "... it sure is easy to resent Windows 11 these days, between the well-documented annoyances, the constant drumbeat of AI stuff (some of it gated to pricey new PCs), and a batch of weird bugs that mostly seem to be related to the under-the-hood overhauls in October's Windows 11 24H2 update," writes Andrew Cunningham. "That list includes broken updates for some users, inoperable scanners, and a few unplayable games. With every release, the list of things you need to do to get rid of and turn off the most annoying stuff gets a little longer."

Web Discourse: The rapid spread of memes, trends, and corporate jargon on social media has led to a homogenization of online communication, making it difficult to distinguish original content and creating a sense of constant noise. "[T]he enshittifcation of social media, particularly due to its speed and virality, has led to millions vying for their moment in the sun, and all I see is a constant glare that makes everything look indistinguishable," writes Jacob May. "No wonder some companies think AI is the future."

An anonymous reader quotes a report from the Associated Press: The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek.

In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. [...] The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.

The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. "It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it," said Ivan Tsarynny, CEO of Feroot. "It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke," Tsarynny said.

Further reading: Senator Hawley Proposes Jail Time For People Who Download DeepSeek

Software developer and prolific blogger Herman Ounapuu, writing in a blog post: I liked Ubuntu. For a very long time, it was the sensible default option. Around 2016, I used the Ubuntu GNOME flavor, and after they ditched the Unity desktop environment, GNOME became the default option.

I was really happy with it, both for work and personal computing needs. Estonian ID card software was also officially supported on Ubuntu, which made Ubuntu a good choice for family members.

But then something changed. Ounapuu recounts how Ubuntu's bi-annual long-term support releases consistently broke functionality, from minor interface glitches to catastrophic system failures that left computers unresponsive. His breaking point came after multiple problematic upgrades affecting family members' computers, including one that rendered a laptop completely unusable during an upgrade from Ubuntu 20.04 to 22.04. Another incident left a relative's system with broken Firefox shortcuts and duplicate status bar icons after updating Lubuntu 18.04.

Canonical's aggressive push of Snap packages has drawn particular criticism. The forced migration of system components from traditional Debian packages to Snaps resulted in compatibility issues, broken desktop shortcuts, and government ID card authentication failures. In one instance, he writes, a Snap-related bug in the GNOME desktop environment severely disrupted workplace productivity, requiring multiple system restarts to resolve. The author has since switched to Fedora, praising its implementation of Flatpak as a superior alternative to Snaps.

An anonymous reader quotes a report from Ars Technica: In what is becoming a sadly regular occurrence, two popular free software projects, X.org/Freedesktop.org and Alpine Linux, need to rally some of their millions of users so that they can continue operating. Both services have largely depended on free server resources provided by Equinix (formerly Packet.net) and its Metal division for the past few years. Equinix announced recently that it was sunsetting its bare-metal sales and services, or renting out physically distinct single computers rather than virtualized and shared hardware. As reported by the Phoronix blog, both free software organizations have until the end of April to find and fund new hosting, with some fairly demanding bandwidth and development needs.

An issue ticket on Freedesktop.org's GitLab repository provides the story and the nitty-gritty needs of that project. Both the X.org foundation (home of the 40-year-old window system) and Freedesktop.org (a shared base of specifications and technology for free software desktops, including Wayland and many more) used Equinix's donated space. [...] Alpine Linux, a small, security-minded distribution used in many containers and embedded devices, also needs a new home quickly. As detailed in its blog, Alpine Linux uses about 800TB of bandwidth each month and also needs continuous integration runners (or separate job agents), as well as a development box. Alpine states it is seeking co-location space and bare-metal servers near the Netherlands, though it will consider virtual machines if bare metal is not feasible.

An anonymous reader quotes a report from 404 Media: Anthropic, the company that made one of the most popular AI writing assistants in the world, requires job applicants to agree that they won't use an AI assistant to help write their application. "While we encourage people to use AI systems during their role to help them work faster and more effectively, please do not use AI assistants during the application process," the applications say. "We want to understand your personal interest in Anthropic without mediation through an AI system, and we also want to evaluate your non-AI-assisted communication skills. Please indicate 'Yes' if you have read and agree."

Anthropic released Claude, an AI assistant that's especially good at conversational writing, in 2023. This question is in almost all of Anthropic's nearly 150 currently-listed roles, but is not in some technical roles, like mobile product designer. It's included in everything from software engineer roles to finance, communications, and sales jobs at the company. The field was spotted by Simon Willison, an open source developer. The question shows Anthropic trying to get around a problem it's helping create: people relying so heavily on AI assistants that they struggle to form opinions of their own. It's also a moot question, as Anthropic and its competitors have created AI models so indistinguishable from human speech as to be nearly undetectable.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

"Stakeholders must be included" throughout an agile project "to ensure the evolving deliverables meet their expectations," according to an article this week in Communications of the ACM.

But long-time Slashdot reader theodp complains it's a "gushing how-to-make-Agile-even-better opinion piece." Like other pieces by Agile advocates, it's long on accolades for Agile, but short on hard evidence justifying why exactly Agile project management "has emerged as a critical component for firms looking to improve project delivery speed and flexibility" and the use of Agile approaches is being expanded across other departments beyond software development. Indeed, among the three examples of success offered in the piece to "highlight the effectiveness of agile methods in navigating complex stakeholder dynamics and achieving project success" is Atlassian's use of agile practices to market and develop its products, many of which are coincidentally designed to support Agile practices and teams (including Jira). How meta.

Citing "recent studies," the piece concludes its call for stakeholder engagement by noting that "59% of organizations measure Agile success by customer or user satisfaction." But that is one of those metrics that can create perverse incentives. Empirical studies of user satisfaction and engagement have been published since the 1970's, and sadly one of the cruel lessons learned from them is that the easiest path to having satisfied users is to avoid working on difficult problems. Keep that in mind when you ponder why difficult user stories seem to languish forever in the Kanban and Scrum Board "Ice Box" column, while the "Complete" column is filled with low-hanging fruit. Sometimes success does come easy!

So, are you in the Agile-is-Heaven or Agile-is-Hell camp?

Tom's Hardware reports: Facebook's heavy-handed censorship of Linux groups and topics was "in error," the social media juggernaut has admitted. Responding to reports earlier this week, sparked by the curious censorship of the eminently wholesome DistroWatch, Facebook contacted PCMag to say that it had made a mistake and that the underlying issue had been rectified.

"This enforcement was in error and has since been addressed. Discussions of Linux are allowed on our services," said a Meta rep to PCMag. That is the full extent of the statement reproduced by the source... Copenhagen-hosted DistroWatch says it has appealed against the Community Standards-triggered ban shortly after it noticed it was in effect (January 19). PCMag received the Facebook admission of error on January 28. The latest statement from DistroWatch, which now prefers posting on Mastodon, indicates that Facebook has lifted the DistroWatch links ban.
More details from PCMag: Meta didn't say what caused the crackdown in the first place. But the company has been revamping some of its content moderation and plans to replace its fact-checking methodology with a user-driven Community Notes, similar to X. "We're also going to change how we enforce our policies to reduce the kind of mistakes that account for the vast majority of the censorship on our platforms," the company said earlier this month, in another irony.

"Up until now, we have been using automated systems to scan for all policy violations, but this has resulted in too many mistakes and too much content being censored that shouldn't have been," Meta added in the same post.

"iPhone devices are now eligible to test SpaceX-owned Starlink's direct-to-cell capability," Reuters reported this week, citing an announcement from T-Mobile: T-Mobile and Elon Musk's SpaceX are currently testing the Starlink cell network on a trial basis after receiving approval from the Federal Communications Commission in November last year. The trial offers 'text via satellite', while voice and data features will be added in the future, according to the T-Mobile website. T-Mobile initially only listed a few Android smartphones as eligible devices to test the network, but has now added iPhone devices with the latest iOS 18.3 software update.
The next day stock prices fell for several direct-to-smartphone satellite companies, reports SpaceNews: Shares in Globalstar, which enables connectivity beyond the reach of cellular towers on the latest iPhones via a far-reaching partnership with Apple, closed down nearly 18% the following day. Constellation developer AST SpaceMobile slipped 12%. Canada's MDA, which is building at least 17 satellites for Globalstar after Apple agreed to cover most of the costs to replenish the constellation, also saw its shares fall more than 9%...

"Combined, today's price action in Globalstar and satellite manufacturer MDA suggest a real investor fear that SpaceX could disintermediate the Apple-Globalstar partnership," said Adam Rhodes, a senior telecoms analyst at Octus. "However, it appears to us that there is room for both services. Based on the information we have seen, we do not anticipate that Apple views the T-Mobile-Starlink service as a replacement for the Globalstar MSS network, but rather it is choosing to enable the added feature on its T-Mobile phones...." B. Riley analyst Mike Crawford noted that Apple's two binding contracts with Globalstar extend well into the next decade, ensuring both capital expenditure (capex) and recurring service revenues.
Thanks to Slashdot reader jjslash for sharing the news.

In 2023, Microsoft began including a free VPN feature in its "Microsoft Defender" security app for all Microsoft 365 subscribers ("Personal" and "Family"). Originally Microsoft had "called it a privacy protection feature," writes the blog Windows Central, "designed to let you access sensitive data on the web via a VPN tunnel." But.... Unfortunately, Microsoft has now announced that it's killing the feature later this month, only a couple of years after it first debuted...

To add insult to injury, this announcement comes just days after Microsoft increased subscription prices across the board. Both Personal and Family subscriptions went up by three dollars a month, which the company says is the first price hike Microsoft 365 has seen in over a decade. The increased price does now include Microsoft 365 Copilot, which adds AI features to Word, PowerPoint, Excel, and others.

However, it also comes with the removal of the free VPN in Microsoft Defender, which I've found to be much more useful so far.

On January 24th Brooklyn blogger Jeffrey Emanuel made the case for shorting NVIDIA, remembers MarketWatch, "due to a number of shifting tides in the AI world, including the emergence of a China-based company called DeepSeek."

He published his 12,000-word post "on his personal blog and then shared it with the Value Investors Club website and across Reddit, X and other platforms." The next day he saw 35 people read his post. "But then the post started to go viral..." Well-known venture capitalist Chamath Palihapitiya shared Emanuel's post on Nvidia's short case with his 1.8 million X followers. Successful early stage investor Naval Ravikant shared the post with his 2.6 million followers... Morgan Brown, a vice president of product and growth at Dropbox, pointed to it in a thread that was viewed over 13 million times. Emanuel's own X post got nearly half a million views. He also quickly gained about 13,000 followers on the platform, going from about 2,000 to more than 15,000 followers...

[Emanuel] pointed to the fact that so many people in San Jose were reading his blog post. He theorized that many of them were Nvidia employees with thousands — or even millions — of dollars worth of Nvidia stock tied up in employee stock options. With that much money in a single asset, Emanuel speculated that many were already debating whether to hold the stock or sell it to lock in profits. He believes his blog post helped convince some of them to sell. "A lot of the sell pressure you saw on Monday morning wasn't necessarily what you might think. I believe a fair amount of that was from shares that had never been active because they had been sitting in workplace.schwab.com accounts..."
Emanuel stresses he's "the most bullish on AI," with MarketWatch emphasizing that "while the points Emanuel laid out in his blog post might be bearish for Nvidia, he still thinks they paint a positive future for AI." Nevertheless, Monday NVIDIA's market capitalization dropped $600 billion, which MarketWatch calls "the largest single-day market-cap drop to date for any company." What countless Wall Street firms and investment analysts had seemingly missed was being pointed out by some guy in his apartment.... Matt Levine, the prominent Bloomberg News financial columnist, noted the online chatter that claimed Emanuel's post "was an important catalyst" for the stock-market selloff and said it was a "candidate for the most impactful short research report ever." Emanuel spent the rest of the week booked solid as hedge funds paid him $1,000 per hour to speak on the phone and give his take on Nvidia and AI...

Emanuel wrote that the industry may be running low on quality data to train that AI — that is, a potential "data wall" is looming that could slow down AI scaling and reduce some of that need for training resources... Some of these companies, like Alphabet, have also been investing in building out their own semiconductor chips. For a while, Nvidia's hardware has been the best for training AI, but that might not be the case forever as more companies, such as Cerebras, build better hardware. And other GPU makers like AMD are updating their drivers software to be more competitive with Nvidia... Add all these things together — unsustainable spending and data-center building, less training data to work with, better competing hardware and more efficient AI — and you get a future where it's harder to imagine Nvidia's customers spending as much as they currently are on Nvidia hardware... "If you know that a company will only earn supersized returns for a couple years, you don't apply a multiple. You certainly don't put a 30-times multiple," Emanuel told MarketWatch.
The article notes that DeepSeek "is open-source and has been publishing technical papers out in the open for the past few months... The $5.6 million training-cost statistic that many investors cited for sparking the DeepSeek market panic was actually revealed in the V3 technical paper published on Dec. 26."

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.
The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.
A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality