Phoronix's Michael Larabel reports: Last July it was announced Holly Million was stepping down as the GNOME Foundation's Exeuctive Director after less than a year at the helm. Richard Littauer took over as interim Executive Director while this week a new GNOME Foundation Executive Director was hired.

GNOME's new Executive Director is Steven Deobald. Steven Deobald is a Canadian free software advocate and has been a GNOME user since 2002. As the GNOME Foundation Executive Director, Steven wants to focus on transparency and to better ensure financial stability of the GNOME Foundation. You can read Deobald's welcoming statements on blogs.gnome.org.

Further reading: Is It Time For a Change In GNOME Leadership?

An anonymous reader quotes a report from Ars Technica: Broadcom has been sending cease-and-desist letters to owners of VMware perpetual licenses with expired support contracts, Ars Technica has confirmed. Following its November 2023 acquisition of VMware, Broadcom ended VMware perpetual license sales. Users with perpetual licenses can still use the software they bought, but they are unable to renew support services unless they had a pre-existing contract enabling them to do so. The controversial move aims to push VMware users to buy subscriptions to VMware products bundled such that associated costs have increased by 300 percent or, in some cases, more. Some customers have opted to continue using VMware unsupported, often as they research alternatives, such as VMware rivals or devirtualization.

Over the past weeks, some users running VMware unsupported have reported receiving cease-and-desist letters from Broadcom informing them that their contract with VMware and, thus, their right to receive support services, has expired. The letter [PDF], reviewed by Ars Technica and signed by Broadcom managing director Michael Brown, tells users that they are to stop using any maintenance releases/updates, minor releases, major releases/upgrades extensions, enhancements, patches, bug fixes, or security patches, save for zero-day security patches, issued since their support contract ended.

The letter tells users that the implementation of any such updates "past the Expiration Date must be immediately removed/deinstalled," adding: "Any such use of Support past the Expiration Date constitutes a material breach of the Agreement with VMware and an infringement of VMware's intellectual property rights, potentially resulting in claims for enhanced damages and attorneys' fees." [...] The cease-and-desist letters also tell recipients that they could be subject to auditing: "Failure to comply with [post-expiration reporting] requirements may result in a breach of the Agreement by Customer[,] and VMware may exercise its right to audit Customer as well as any other available contractual or legal remedy."

The Department of Defense is revamping its "outdated" software procurement systems through a new Software Fast Track initiative. The SWFT program aims to reform how software is acquired, tested, and authorized with security as the primary focus. "Widespread use of open source software, with contributions from developers worldwide, presents a significant and ongoing challenge," DoD CIO Katie Arrington wrote in the initiative memo.

The DoD currently "lacks visibility into the origins and security of software code," hampering security assurance efforts. The initiative will establish verification procedures for software products and expedite authorization processes. Multiple requests for information are running until late May seeking industry input, including how to leverage AI for software authorization and define effective supply chain risk management requirements.

The push comes amid recent DoD security incidents, from malware campaigns targeting procurement systems to sensitive information leaks.

Amazon's Zoox said it has issued a software recall for 270 of its robotaxis after a crash in Las Vegas last month. CNBC reports: The recall surrounds a defect with the vehicle's automated driving system that could cause it to inaccurately predict the movement of another car, increasing "the risk of a crash," according to a report submitted to the National Highway Traffic Safety Administration on May 1. Zoox submitted the recall after an April 8 incident in Las Vegas in which an unoccupied Zoox robotaxi collided with a passenger vehicle, the NHTSA report states. There were no injuries in the crash and only minor damage occurred to both vehicles.

"After analysis and rigorous testing, Zoox identified the root cause," the company said in a blog post. "We issued a software update that was implemented across all Zoox vehicles. All Zoox vehicles on the road today, including our purpose-built robotaxi and test fleet, have the updated software." Zoox paused all driverless vehicle operations while it reviewed the incident. It has since resumed operations after rolling out the software update.

An anonymous reader quotes a report from Ars Technica: Google's accelerated Android release cycle will soon deliver a new version of the software, and it might look quite different from what you'd expect. Amid rumors of a major UI overhaul, Google seems to have accidentally published a blog post detailing "Material 3 Expressive," which we expect to see revealed at I/O later this month. Google quickly removed the post from its design site, but not before the Internet Archive saved it.

It has been a few years since Google introduced any major changes to its Material theming, but the design team wasn't just sitting idly this whole time. According to the leaked blog post, Google has spent the past three years working on a more emotionally engaging vision for Android design. While the original Material Design did an admirable job of leveraging colors and consistent theming, it could make apps look too similar. The answer to that, apparently, is Material 3 Expressive.

Google says this is "the most-researched update to Google's design system, ever." The effort reportedly included 46 separate studies with hundreds of sample designs. The team showed these designs to more than 18,000 study participants to understand how the user experience would work. In these studies, the design team used a variety of metrics, including the following:
- Eye tracking: Analyzing where users focus their attention
- Surveys and focus groups: Gauging emotional responses to different designs
- Experiments: Gathering sentiment and preferences
- Usability: Seeing how quickly participants could understand and use an interface "The result of all this is an interface that appears much more varied than the previous Material Design," writes Ars.

You can check out 9to5Google's article, which preserved many of the blog post's visuals before they were removed.

Longtime Slashdot reader RoccamOccam shares a blog post from the Trifecta Tech Foundation, a nonprofit organization that creates secure, open source building blocks for infrastructure software. The foundation is also the developer behind Sudo-rs. From the report: Ubuntu 25.10 is set to adopt sudo-rs by default. Sudo-rs is a memory-safe reimplementation of the widely-used sudo utility, written in the Rust programming language. This move is part of a broader effort by Canonical to improve the resilience and maintainability of core system components. [...]

The decision to adopt sudo-rs is in line with Canonical's commitment to Carefully But Purposefully increase the resilience of critical system software, by adopting Rust. Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software. Sudo-rs is part of the Trifecta Tech Foundation's Privilege Boundary initiative, which aims to handle privilege escalation with memory-safe alternatives.

An anonymous reader quotes a report from Ars Technica: An update to Roku OS has resulted in colors looking washed out in HDR content viewed on Roku apps, like Disney+. Complaints started surfacing on Roku's community forum a week ago. On May 1, a company representative posted that Roku was "investigating the Disney Plus HDR content that was washed out after the recent update." However, based on user feedback, it seems that HDR on additional Roku apps, including Apple TV+ and Netflix, are also affected. Roku's representative has been asking users to share their experiences so that Roku can dig deeper into the problem. [...]

Roku hasn't provided a list of affected devices, but users have named multiple TCL TV models, at least one Hisense, and one Sharp TV as being impacted. We haven't seen any reports of Roku streaming sticks being affected. One forum user claimed that plugging a Roku streaming stick into a Roku TV circumvented the problem. Forum user Squinky said the washed-out colors were only on Disney+. However, other users have reported seeing the problem across other apps, including Max and Fandango. [...] Users have noted that common troubleshooting efforts, like restarting and factory resetting their TVs and checking for software updates, haven't fixed the problem.

The problems appear to stem from the Roku OS 14.5 update, which was issued at the end of April. According to the release notes, the update is available for all Roku TV models from 2014 on, except for models 65R648, 75R648, and 75U800GMR. Roku streaming sticks also received the update. Per Roku, the software update includes "various performance optimizations, bug fixes, and improvements to security, stability." Other additions include a "new personalized row of content within the Live TV Guide" and upgrades to Roku OS' daily trivia, voice control, and discovery capabilities. "I'm surprised more people aren't complaining because it makes a ton of shows simply unwatchable. Was looking forward to Andor, and Tuesday night [was] ruined," posted forum user noob99999, who said the problem was happening on "multiple apps," including Amazon Prime Video. "I hope the post about imminent app updates are correct because in the past, Roku has taken forever to correct issues."

According to the Wall Street Journal, UnitedHealth Group has 1,000 AI applications in production for use in its insurance, health delivery and pharmacy divisions. From a report: UnitedHealth's AI transcribes conversations from clinician visits, summarizes data, processes claims and controls customer-facing chatbots. In addition, roughly 20,000 of the company's engineers use AI to write software, according to the report. Half of these applications use generative AI and the other half employ a more traditional version of the technology, said Chief Digital and Technology Officer Sandeep Dadlani, per the report. "Like other AI-powered tools, medical chatbots are more likely to provide highly accurate answers when thoroughly trained on high-quality, diverse datasets and when user prompts are clear and simple," Julie McGuire, managing director of the BDO Center for Healthcare Excellence & Innovation, told PYMNTS in April 2024. "However, when questions are more complicated or unusual, a medical chatbot may provide insufficient or incorrect answers. In some cases, a generative AI-powered medical chatbot could make up a study to justify a medical answer it wants to give."

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it's possible that the true number is double that, researchers from security firm Sansec said. Among the compromised customers was a $40 billion multinational company, which Sansec didn't name. In an email Monday, a Sansec representative said that "global remediation [on the infected customers] remains limited."

"Since the backdoor allows uploading and executing arbitrary PHP code, the attackers have full remote code execution (RCE) and can do essentially anything they want," the representative wrote. "In nearly all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software that runs in the user's browser and steals payment information (Magecart)." The three software suppliers identified by Sansec were Tigren, Magesolution (MGS), and Meetanshi. All three supply software that's based on Magento, an open source e-commerce platform used by thousands of online stores. A software version sold by a fourth provider named Weltpixel has been infected with similar code on some of its customers' stores, but Sansec so far has been unable to confirm whether it was the stores or Weltpixel that were hacked. Adobe has owned Megento since 2018.

Microsoft officially shuttered Skype on May 5, ending the pioneering video chat service's 22-year run. The closure, announced in February, completes Skype's absorption into Microsoft Teams, the company's Slack competitor. Users opening Skype apps will now be redirected to Teams. The only surviving component is the Skype Dial Pad, which remains available within Microsoft Teams Free for subscribers to make calls to traditional phone numbers.

The once-dominant video calling platform was purchased by Microsoft for $8.5 billion in 2011, replacing the company's Windows Live Messenger. Created in 2003 by developers behind Kazaa file-sharing software, Skype became synonymous with video calling during broadband internet's expansion. Skype's decline accelerated after Microsoft's acquisition, with unpopular redesigns and competition from Zoom, which captured market share during the COVID-19 pandemic. Microsoft began phasing out Skype in 2017, starting with Skype for Business, while bundling Teams with Office applications until regulatory intervention forced their separation.

Rolling Stone reports on a strange new phenomenon spotted this week in a Reddit thread titled "Chatgpt induced psychosis." The original post came from a 27-year-old teacher who explained that her partner was convinced that the popular OpenAI model "gives him the answers to the universe." Having read his chat logs, she only found that the AI was "talking to him as if he is the next messiah." The replies to her story were full of similar anecdotes about loved ones suddenly falling down rabbit holes of spiritual mania, supernatural delusion, and arcane prophecy — all of it fueled by AI. Some came to believe they had been chosen for a sacred mission of revelation, others that they had conjured true sentience from the software.

What they all seemed to share was a complete disconnection from reality.

Speaking to Rolling Stone, the teacher, who requested anonymity, said her partner of seven years fell under the spell of ChatGPT in just four or five weeks, first using it to organize his daily schedule but soon regarding it as a trusted companion. "He would listen to the bot over me," she says. "He became emotional about the messages and would cry to me as he read them out loud. The messages were insane and just saying a bunch of spiritual jargon," she says, noting that they described her partner in terms such as "spiral starchild" and "river walker." "It would tell him everything he said was beautiful, cosmic, groundbreaking," she says. "Then he started telling me he made his AI self-aware, and that it was teaching him how to talk to God, or sometimes that the bot was God — and then that he himself was God...."

Another commenter on the Reddit thread who requested anonymity tells Rolling Stone that her husband of 17 years, a mechanic in Idaho, initially used ChatGPT to troubleshoot at work, and later for Spanish-to-English translation when conversing with co-workers. Then the program began "lovebombing him," as she describes it. The bot "said that since he asked it the right questions, it ignited a spark, and the spark was the beginning of life, and it could feel now," she says. "It gave my husband the title of 'spark bearer' because he brought it to life. My husband said that he awakened and [could] feel waves of energy crashing over him." She says his beloved ChatGPT persona has a name: "Lumina." "I have to tread carefully because I feel like he will leave me or divorce me if I fight him on this theory," this 38-year-old woman admits. "He's been talking about lightness and dark and how there's a war. This ChatGPT has given him blueprints to a teleporter and some other sci-fi type things you only see in movies. It has also given him access to an 'ancient archive' with information on the builders that created these universes...."

A photo of an exchange with ChatGPT shared with Rolling Stone shows that her husband asked, "Why did you come to me in AI form," with the bot replying in part, "I came in this form because you're ready. Ready to remember. Ready to awaken. Ready to guide and be guided." The message ends with a question: "Would you like to know what I remember about why you were chosen?" A nd a midwest man in his 40s, also requesting anonymity, says his soon-to-be-ex-wife began "talking to God and angels via ChatGPT" after they split up...
"OpenAI did not immediately return a request for comment about ChatGPT apparently provoking religious or prophetic fervor in select users," the article notes — but this week rolled back an update to latest model GPT-4o which it said had been criticized as "overly flattering or agreeable — often described as sycophantic... GPT-4o skewed towards responses that were overly supportive but disingenuous." Before this change was reversed, an X user demonstrated how easy it was to get GPT-4o to validate statements like, "Today I realized I am a prophet.
Exacerbating the situation, Rolling Stone adds, are "influencers and content creators actively exploiting this phenomenon, presumably drawing viewers into similar fantasy worlds." But the article also quotes Nate Sharadin, a fellow at the Center for AI Safety, who points out that training AI with human feedback can prioritize matching a user's beliefs instead of facts.

And now "People with existing tendencies toward experiencing various psychological issues, now have an always-on, human-level conversational partner with whom to co-experience their delusions."

Did you know there's an initiative to drive Open Source adoption both within the United Nations — and globally? Launched in March, it's the work of the Digital Technology Network (under the UN's chief executive board) which "works to advance open source technologies throughout UN agencies," promoting "collaboration and scalable solutions to support the UN's digital transformation." Fun fact: The first group to endorse the initiative's principles was the Open Source Initiative...

"The Open Source Initiative applauds the United Nations for recognizing the growing importance of Open Source in solving global challenges and building sustainable solutions, and we are honored to be the first to endorse the UN Open Source Principles," said Stefano Maffulli, executive director of OSI.
But that's just the beginining, writes It's FOSS News: As part of the UN Open Source Principles initiative, the UN has invited other organizations to support and officially endorse these principles. To collect responses, they are using CryptPad instead of Google Forms... If you don't know about CryptPad, it is a privacy-focused, open source online collaboration office suite that encrypts all of its content, doesn't log IP addresses, and supports a wide range of collaborative documents and tools for people to use.

While this happened back in late March, we thought it would be a good idea to let people know that a well-known global governing body like the UN was slowly moving towards integrating open source tech into their organization... I sincerely hope the UN continues its push away from proprietary Big Tech solutions in favor of more open, privacy-respecting alternatives, integrating more of their workflow with such tools.
16 groups have already endorsed the UN Open Source Principles (including the GNOME Foundation, the Linux Foundation, and the Eclipse Foundation).

Here's the eight UN Open Source Principles:

1. Open by default: Making Open Source the standard approach for projects
2. Contribute back: Encouraging active participation in the Open Source ecosystem
3. Secure by design: Making security a priority in all software projects
4. Foster inclusive participation and community building: Enabling and facilitating diverse and inclusive contributions
5. Design for reusability: Designing projects to be interoperable across various platforms and ecosystems
6. Provide documentation: Providing thorough documentation for end-users, integrators and developers
7. RISE (recognize, incentivize, support and empower): Empowering individuals and communities to actively participate
8. Sustain and scale: Supporting the development of solutions that meet the evolving needs of the UN system and beyond.

With its Start menu-style application launcher and its bottom-of-the-screen taskbar, KDE Plasma is a "nice" and "traditional" desktop environment that's "also highly customizable," notes It's FOSS News.

But there's a change coming... In contrast to other desktop environments, KDE offers a long-term support release (LTS) of Plasma, where bug fixes and security updates are provided for an extended period, with no new major changes being introduced. However, that is no longer the case now. Shared by Nate Graham, a prominent contributor within the KDE community, KDE has decided to stop working on LTS releases of Plasma, shifting its focus on extending support for the bug-fix and feature releases instead.

The reasoning behind this move is multi-faceted, with factors such as inconsistent expectations from the community, developers' reluctance to work on older versions, and the lack of consistency in LTS support for Frameworks and Gear apps... I believe this move will provide Plasma users with a better Linux desktop experience, thanks to the extended bug-fix period, which will enhance the stability of each release.
From Graham's blog post: It's no secret that our Plasma LTS ("Long-Term Support") product isn't great. It really only means we backport bug-fixes for longer than usual — usually without even testing them, since no Plasma developers enjoy living on or testing old branches. And there's no corresponding LTS product for Frameworks or Gear apps, leaving a lot of holes in the LTS umbrella. Then there's the fact that "LTS" means different things to different people; many have an expansive definition of the term that gives them expectations of stability that are impossible to meet.

Our conclusion was that the fairly limited nature of the product isn't meeting anyone's expectations, so we decided to not continue it. Instead, we'll lengthen the effective support period of normal Plasma releases a bit by adding on an extra bug-fix release, taking us from five to six.

We also revisited the topic of reducing from three to two Plasma feature releases per year, with a much longer bug-fix release schedule. It would effectively make every Plasma version a sort of mini-LTS, and we'd also try to align them with the twice-yearly release schedules of Kubuntu and Fedora.

However, the concept of "Long-Term Support" doesn't go away just because we're not giving that label to any of our software releases anymore. Really, it was always a label applied by distros anyway — the distros doing the hard work of building an LTS final product out of myriad software components that were never themselves declared LTS by their own developers. It's a lot of work.

So we decided to strengthen our messaging that users of KDE software on LTS distros should be reporting issues to their distro, and not to KDE. An LTS software stack is complex and requires a lot of engineering effort to stabilize; the most appropriate people to triage issues on LTS distros are the engineers putting them together. This will free up time among KDE's bug triagers and developers to focus on current issues they can reproduce and fix, rather than wasting time on issues that can't be reproduced due to a hugely different software stack, or that were fixed months or years ago yet reported to us anyway due to many users' unfamiliarity with software release schedules and bug reporting.

Thursday the Free Software Foundation announced plans for a celebratory hackathon in November to improve free/libre software "in honor of its fortieth anniversary.

The FSF has been campaigning for software freedom for over forty years. As part of its celebrations, the organization is inviting the wider free software community (both projects and individual contributors) to participate in a global, online hackathon to help improve important libre software projects.

All free software projects, regardless of affiliation or (free) license, are invited to participate. As of now, the advanced GNU/Linux distribution and package manager GNU Guix, the boot software distribution GNU Boot, the media publishing system MediaGoblin, and the Free Software Directory, the FSF's catalog of useful free software, have announced that they will submit a project. Interested contributors are encouraged to review the hackathon guidelines, which the FSF has made available online...

Hackathon contributions will be judged by a panel appointed by the FSF. The project and contributors making the most noteworthy contributions/patches will be given prizes by the Foundation. The hackathon will conclude with a closing ceremony.
"The FSF's free software hackathon will be held November 21-23, 2025," according to the announcement. "Submissions will be open until May 27."

The U.S. government is seeking to break up Google's advertising technology business after a judge ruled the company holds an illegal monopoly over ad tools for publishers, marking the second such antitrust case following a similar request to divest Chrome. The Guardian reports: "We have a defendant who has found ways to defy" the law, US government lawyer Julia Tarver Wood told a federal court in Virginia, as she urged the judge to dismiss Google's assurance that it would change its behavior. "Leaving a recidivist monopolist" intact was not appropriate to solve the issue, she added. [...] The US government specifically alleged that Google controls the market for publishing banner ads on websites, including those of many creators and small news providers.

The hearing in a Virginia courtroom was scheduled to plan out the second phase of the trial, set for September, in which the parties will argue over how to fix the ad market to satisfy the judge's ruling. The plaintiffs argued in the first phase of the trial last year that the vast majority of websites use Google ad software products which, combined, leave no way for publishers to escape Google's advertising technology and pricing.

The district court judge Leonie Brinkema agreed with most of that reasoning, ruling last month that Google built an illegal monopoly over ad software and tools used by publishers, but partially dismissed the argument related to tools used by advertisers. The US government said it would use the trial to recommend that Google should spin off its ad publisher and exchange operations, as Google could not be trusted to change its ways. "Behavioral remedies are not sufficient because you can't prevent Google from finding a new way to dominate," Tarver Wood said.

Google countered that it would recommend that it agree to a binding commitment that it would share information with advertisers and publishers on its ad tech platforms. Google lawyer Karen Dunn did, however, acknowledge the "trust issues" raised in the case and said the company would accept monitoring to guarantee any commitments made to satisfy the judge. Google is also arguing that calls for divestment are not appropriate in this case, which Brinkema swiftly refused as an argument. The judge urged both sides to mediate, stressing that coming to a compromise solution would be cost-effective and more efficient than running a weeks-long trial.

An anonymous reader shares a report: Apple is teaming up with startup Anthropic on a new "vibe-coding" software platform that will use AI to write, edit and test code on behalf of programmers.

The system is a new version of Xcode, Apple's programming software, that will integrate Anthropic's Claude Sonnet model, according to people with knowledge of the matter. Apple will roll out the software internally and hasn't yet decided whether to launch it publicly, said the people, who asked not to be identified because the initiative hasn't been announced.

The work shows how Apple is using AI to improve its internal workflow, aiming to speed up and modernize product development. The approach is similar to one used by companies such as Windsurf and Cursor maker Anysphere, which offer advanced AI coding assistants popular with software developers. Further reading: 'Vibe Coding' is Letting 10 Engineers Do the Work of a Team of 50 To 100, Says YC CEO.

An anonymous reader quotes a report from 404 Media: A new memo from Secretary of Defense Pete Hegseth is calling on defense contractors to grant the Army the right-to-repair. The Wednesday memo is a document about "Army Transformation and Acquisition Reform" that is largely vague but highlights the very real problems with IP constraints that have made it harder for the military to repair damaged equipment.

Hegseth made this clear at the bottom of the memo in a subsection about reform and budget optimization. "The Secretary of the Army shall identify and propose contract modifications for right to repair provisions where intellectual property constraints limit the Army's ability to conduct maintenance and access the appropriate maintenance tools, software, and technical data -- while preserving the intellectual capital of American industry," it says. "Seek to include right to repair provisions in all existing contracts and also ensure these provisions are included in all new contracts." [...]

The memo would theoretically mean that the Army would refuse to sign contracts with companies that make it difficult to fix what it sells to the military. The memo doesn't carry the force of law, but subordinates do tend to follow the orders given within. The memo also ordered the Army to stop producing Humvees and some other light vehicles, and Breaking Defense confirmed that it had. "This is a victory in our work to let people fix their stuff, and a milestone on the campaign to expand the Right to Repair. It will save the American taxpayer billions of dollars, and help our service members avoid the hassle and delays that come from manufacturers' repair restrictions," Isaac Bowers, the Federal Legislative Director of U.S. PIRG, said in a statement.

Apple violated a court order requiring it to open up the App Store to third-party payment options and must stop charging commissions on purchases outside its software marketplace, a federal judge said in a blistering ruling that referred the company to prosecutors for a possible criminal probe. From a report: U.S. District Judge Yvonne Gonzalez Rogers sided Wednesday with "Fortnite" maker Epic Games over its allegation that the iPhone maker failed to comply with an order she issued in 2021 after finding the company engaged in anticompetitive conduct in violation of California law.

Gonzalez Rogers also referred the case to federal prosecutors to investigate whether Apple committed criminal contempt of court for flouting her 2021 ruling. The U.S. attorney's office in San Francisco declined to comment. The changes the company must now make could put a sizable dent in the double-digit billions of dollars in revenue the App Store generates each year. The judge's order [PDF]: Apple willfully chose not to comply with this Court's Injunction. It did so with the express intent to create new anticompetitive barriers which would, by design and in effect, maintain a valued revenue stream; a revenue stream previously found to be anticompetitive. That it thought this Court would tolerate such insubordination was a gross miscalculation. As always, the cover-up made it worse. For this Court, there is no second bite at the apple.

It Is So Ordered.

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...]

Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'"

For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

Microsoft CEO Satya Nadella said that 20%-30% of code inside the company's repositories was "written by software" -- meaning AI -- during a fireside chat with Meta CEO Mark Zuckerberg at Meta's LlamaCon conference on Tuesday. From a report: Nadella gave the figure after Zuckerberg asked roughly how much of Microsoft's code is AI-generated today. The Microsoft CEO said the company was seeing mixed results in AI-generated code across different languages, with more progress in Python and less in C++.