Security Week brings news about CI/CD workflows using GitHub Actions in build processes. Some workflows can generate artifacts that "may inadvertently leak tokens for third party cloud services and GitHub, exposing repositories and services to compromise, Palo Alto Networks warns." [The artifacts] function as a mechanism for persisting and sharing data across jobs within the workflow and ensure that data is available even after the workflow finishes. [The artifacts] are stored for up to 90 days and, in open source projects, are publicly available... The identified issue, a combination of misconfigurations and security defects, allows anyone with read access to a repository to consume the leaked tokens, and threat actors could exploit it to push malicious code or steal secrets from the repository. "It's important to note that these tokens weren't part of the repository code but were only found in repository-produced artifacts," Palo Alto Networks' Yaron Avital explains... "The Super-Linter log file is often uploaded as a build artifact for reasons like debuggability and maintenance. But this practice exposed sensitive tokens of the repository." Super-Linter has been updated and no longer prints environment variables to log files. Avital was able to identify a leaked token that, unlike the GitHub token, would not expire as soon as the workflow job ends, and automated the process that downloads an artifact, extracts the token, and uses it to replace the artifact with a malicious one. Because subsequent workflow jobs would often use previously uploaded artifacts, an attacker could use this process to achieve remote code execution (RCE) on the job runner that uses the malicious artifact, potentially compromising workstations, Avital notes. Avital's blog post notes other variations on the attack — and "The research laid out here allowed me to compromise dozens of projects maintained by well-known organizations, including firebase-js-sdk by Google, a JavaScript package directly referenced by 1.6 million public projects, according to GitHub. Another high-profile project involved adsys, a tool included in the Ubuntu distribution used by corporations for integration with Active Directory." (Avital says the issue even impacted projects from Microsoft, Red Hat, and AWS.) "All open-source projects I approached with this issue cooperated swiftly and patched their code. Some offered bounties and cool swag." "This research was reported to GitHub's bug bounty program. They categorized the issue as informational, placing the onus on users to secure their uploaded artifacts." My aim in this article is to highlight the potential for unintentionally exposing sensitive information through artifacts in GitHub Actions workflows. To address the concern, I developed a proof of concept (PoC) custom action that safeguards against such leaks. The action uses the @actions/artifact package, which is also used by the upload-artifact GitHub action, adding a crucial security layer by using an open-source scanner to audit the source directory for secrets and blocking the artifact upload when risk of accidental secret exposure exists. This approach promotes a more secure workflow environment... As this research shows, we have a gap in the current security conversation regarding artifact scanning. GitHub's deprecation of Artifacts V3 should prompt organizations using the artifacts mechanism to reevaluate the way they use it. Security defenders must adopt a holistic approach, meticulously scrutinizing every stage — from code to production — for potential vulnerabilities. Overlooked elements like build artifacts often become prime targets for attackers. Reduce workflow permissions of runner tokens according to least privilege and review artifact creation in your CI/CD pipelines. By implementing a proactive and vigilant approach to security, defenders can significantly strengthen their project's security posture. The blog post also notes protection and mitigation features from Palo Alto Networks....

Read more of this story at Slashdot.

In the 1980s, a radio show about home computers was broadcast on a handful of California radio stations. 40 years later, reel-to-reel tapes of the shows were re-discovered — and digitized — by an Internet Archive special collections manager. An Internet Archive blog post tells the story: Earlier this year archivist Kay Savetz recovered several of the tapes in a property sale, and recognizing their value and worthiness of professional transfer, launched a GoFundMe to have them digitized, and made them available at Internet Archive with the permission of the show's creators... Interviews in the recovered recordings include Timothy Leary, Douglas Adams, Bill Gates, Atari's Jack Tramiel, Apple's Bill Atkinson, and dozens of others. The recovered shows span November 17 1984 through July 12, 1985. Many more of the original reel-to-reel tapes — including shows with interviews with Ray Bradbury, Robert Moog, Donny Osmond, and Gene Roddenberry — are still lost, and perhaps are still waiting to be found in the Los Angeles area. [Though there appears to be a transcript of the Gene Roddenberry interview.] The stories of how The Famous Computer Cafe was created — and saved, 40 years later — is explored in an episode of the Radio Survivor podcast. The podcast interviewed show co-creator Ellen Fields and archivist Kay Savetz, providing a dual perspective of how the show was created and how it was recovered. The recovery of these interviews, 40 years after their original airing, holds out hope that many more relics and treasures still await discovery. You get another perspective on the past from the show's advertisements for 1980s software (and from the production values of 1980s-era radio technology). Bill Gates was just 29 when he recorded his interview. And Douglas Adams was 32.

Read more of this story at Slashdot.

Slashdot reader yeokm1 is the Singapore-based embedded security researcher whose side projects include installing Linux on a 1993 PC and building a ChatGPT client for MS-DOS. Today he writes: When one thinks of modern technologies like Thunderbolt, 2.5 Gigabit Ethernet and modern CPUs, one would associate them with modern operating systems. How about DOS? It might seem impossible, however I did an experiment on a relatively modern 2020 Thinkpad and found that it can still run MS-DOS 6.22. MS-DOS 6.22 is the last standalone version of DOS released by Microsoft in June 1994. This makes it 30 years old today. I'll share the steps and challenges in locating a modern laptop capable of doing so — and the challenge of making the 30-year-old OS work on it with audio and networking functions. This is likely among the final generation of laptops able to run DOS natively.

Read more of this story at Slashdot.

Bloomberg's Mark Gruman remembers how Apple's hardware group "allowed Apple to dump Intel chips from its entire Mac lineup." And they're now building an in-house cellular modem: For more than a decade, Apple has used modem chips designed by Qualcomm... But in 2018 — while facing a legal battle over royalties and patents — Apple started work on its own modem design.... It's devoting billions of dollars, thousands of engineers and millions of working hours to a project that won't really improve its devices — at least at the outset... Over the past few years, Apple's modem project has suffered numerous setbacks. There have been problems with performance and overheating, and Apple has been forced to push back the modem's debut until next year at the earliest. The rollout will take place on a gradual basis — starting with niche models — and take a few years to complete. In a sign of this slow transition, Apple extended its supplier agreement with Qualcomm through March 2027... But Qualcomm has said that Apple will still have to pay it some royalties regardless (the chipmaker believes that Apple won't be able to avoid infringing its patents). So it's hard to tell how big the benefits will be in the near term. Down the road, there are plans for Apple to fold its modem design into a new wireless chip that handles Wi-Fi and Bluetooth access. That would create a single connectivity component, potentially improving reliability and battery life. There's also the possibility that Apple could one day combine all of this into the device's main system on a chip, or SoC. That could further cut costs and save space inside the iPhone, allowing for more design choices. Furthermore, if Apple does ultimately save money by switching away from Qualcomm, it could redirect that spending toward new features and components.

Read more of this story at Slashdot.

"AI is already able to mimic sight and hearing," writes CNBC. And now a startup named Osmo "wants to use the technology to digitize another: smell." Co-founded by a former Google research scientist, the company built an AI that's "superhuman in its ability to predict what things smelled like," the company's co-founder says. And he believes this might actually prove useful. "We've known that smell contains information we can use to detect disease. But computers can't speak that language and can't interpret that data yet... We will eventually be able to detect disease with scent and we're on our way to building that technology. It's not going to happen this year or anytime soon, but we're on our way." CoinTelegraph describes how the company invented a training dataset from scratch — a kind of "smell map" with labelled examples of molecular bond associations to teach the AI to identify specific patterns. The team also hopes to develop a method to recreate smells using molecular synthesis. This would, for example, allow a computer in one place to "smell" something and then send that information to another computer for resynthesis — essentially teleporting odor over the internet. This also means scent could join sight and sound as part of the marketing and branding world.

Read more of this story at Slashdot.

Indian influencers It's the largest country on earth — home to 1.4 billion people. But "The Indian government has plans to classify social media creators as 'digital news broadcasters,'" according to the nonprofit site RestofWorld.org. While there's "no clarity" on the government's next move, the proposed legislation would require social media creators "to register with the government, set up a content evaluation committee that checks all content before it is published, and appoint complaint handlers — all at their own expense. Any failures in compliance could lead to criminal charges, including jail term." On July 26, the Hindustan Times reported that the government plans to tweak the proposed Broadcasting Services (Regulation) Bill, which aims to combine all regulations for broadcasters under one law. As per a new version of the bill, which has been reviewed by Rest of World, the government defines "digital news broadcaster" as "any person who broadcasts news and current affairs programs through an online paper, news portal, website, social media intermediary, or other similar medium as part of a systematic business, professional or commercial activity." Creators and digital rights activists believe the potential legislation will tighten the government's grip over online content and threaten the last bastion of press freedom for independent journalists in the country. Over 785 Indian creators have sent a letter to the government seeking more transparency in the process of drafting the bill. Creators have also stormed social media with hashtags like #KillTheBill, and made videos to educate their followers about the proposal. One YouTube creator told the site that if the government requires them to appoint a "grievance redressal officer," they might simply film themselves, responding to grievances — to "make content out of it".

Read more of this story at Slashdot.

"From the beginning, we have believed that the right way to build these AI models is with open licenses," says the Open Model Initiative. SD Times quotes them as saying that open licenses "allow creatives and businesses to build on each other's work, facilitate research, and create new products and services without restrictive licensing constraints." Phoronix explains the community initiative "came about over the summer to help advance open-source AI models while now is becoming part of the Linux Foundation to further their cause." As part of the Linux Foundation, the OMI will be working to establish a governance framework and working groups, create shared standards to enhance model interoperability and metadata practices, develop a transparent dataset for training and captioning, complete an alpha test model for targeted red teaming, and release an alpha version of a new model with fine-tuning scripts before the end of 2024. The group was established "in response to a number of recent decisions by creators of popular open-source models to alter their licensing terms," reports Silicon Angle: The creators highlighted the recent licensing change announced by Stability AI Ltd., regarding its popular image-generation model Stable Diffusion 3 (SD3). That model had previously been entirely free and open, but the changes introduced a monthly fee structure and imposed limitations on its usage. Stability AI was also criticized for the lack of clarity around its licensing terms, but it isn't the only company to have introduced licensing restrictions on previously free software. The OMI intends to eliminate all barriers to enterprise adoption by focusing on training and developing AI models with "irrevocable open licenses without deletion clauses or recurring costs for access," the Linux Foundation said. InfoWorld also notes "the unavailability of source code and the license restrictions from LLM providers such as Meta, Mistral and Anthropic, who put caveats in the usage policies of their 'open source' models." Meta, for instance, does provide the rights to use Llama models royalty free without any license, but does not provide the source code, according to [strategic research firm] Everest Group's AI practice leader Suseel Menon. "Meta also adds a clause: 'If, on the Meta Llama 3, monthly active users of the products or services is greater than 700 million monthly active users, you must request a license from Meta.' This clause, combined with the unavailability of the source code, raises the question if the term open source should apply to Llama's family of models," Menon explained.... The OMI's objectives and vision received mixed reactions from analysts. While Amalgam Insights' chief analyst Hyoun Park believes that the OMI will lead to the development of more predictable and consistent standards for open source models, so that these models can potentially work with each other more easily, Everest Group's Malik believes that the OMI may not be able to stand before the might of vendors such as Meta and Anthropic. "Developing LLMs is highly compute intensive and has cost big tech giants and start-ups billions in capital expenditure to achieve the scale they currently have with their open-source and proprietary LLMs," Malik said, adding that this could be a major challenge for community-based LLMs. The AI practice leader also pointed out that previous attempts at a community-based LLM have not garnered much adoption, as models developed by larger entities tend to perform better on most metrics... However, Malik said that the OMI might be able to find appropriate niches within the content development space (2D/3D image generation, adaptation, visual design, editing, etc.) as it begins to build its models... One of the other use cases for the OMI's community LLMs is to see their use as small language models (SLMs), which can offer specific functionality at high effectiveness or functionality that is restricted to unique applications or use cases, analysts said. Currently, the OMI's GitHub page has three repositories, all under the Apache 2.0 license.

Read more of this story at Slashdot.

"Ben Affleck and Matt Damon have acquired a screenplay called Killing Gawker," reports TechCrunch, for a film which "presumably delves into billionaire VC Peter Thiel's campaign to bury the media outfit for posting excerpts from a Hulk Hogan sex tape." The film is based on a book that details the 2016 court case in which Hogan won a $140 million judgment against a Gawker editor, Gawker founder Nick Denton, and Gawker itself, whose Valleywag site long chronicled Silicon Valley personalities and routinely zeroed in on Thiel. While casting hasn't been announced, it's "been rumored" Hulk Hogan will be played by Ben Affleck, writes Variety. "Gus Van Sant, who previously helmed Affleck and Damon's Good Will Hunting, is set to direct". The script was adapted from the book Conspiracy: Peter Thiel, Hulk Hogan, Gawker and the Anatomy of Intrigue, they report — though the movie currently "has no formal start date or production schedule."

Read more of this story at Slashdot.

"A new Mozilla logo appears to be on the way," writes the blog OMG Ubuntu, " marking the company's first major update to its word-mark since 2017." The existing logo, which incorporates the internet protocol "://" and chosen based on feedback from the community, has become synonymous with the non-profit company. But German blogger Sören Hentzschel, an avid watcher of all things Mozilla, recently noticed that a different Mozilla word-mark was accompanying the (unchanged) Firefox logo on Mozilla's 'Nothing Personal' webpage [upper-left]. Some digging uncovered a number of recent code commits readying and referencing a refreshed word-mark and symbol for use in the navigation areas of Mozilla websites, landing pages, and so on... However, what's most exciting (to a nerd like me) with this new logo is the ASCII symbol at the end. It could be viewed as a flag on a pole. Sort of like Mozilla planting its values in the ground to say "we're here, come join". But it's more likely a nod to the original Mozilla mascot (inherited from its Netscape beginnings), which was a red dinosaur (an interesting logo of itself as it was designed by Shepard Fairey who created other seminal design works, and the skate brand OBEY)... Between the inclusion on a live webpage, code commits readying new logo for Mozilla websites, and the fact people can buy official Mozilla merchandise emblazoned with the new design, it seems a formal rebrand announcement is fairly imminent...

Read more of this story at Slashdot.

Apple is building "a pricey tabletop home device" which uses "a thin robotic arm to move around a large screen," using actuators "to tilt the display up and down and make it spin 360 degree," according to Bloomberg's Mark Gurman. Citing "people with knowledge of the matter," Gurman writes that Apple assigned "several hundred people" to the project: The device is envisioned as a smart home command center, videoconferencing machine and remote-controlled home security tool, said the people... The project — codenamed J595 — was approved by Apple's executive team in 2022 but has started to formally ramp up in recent months, they said... Apple has now decided to prioritize the device's development and is aiming for a debut as early as 2026 or 2027, according to the people. The company is looking to get the price down to around $1,000. But with years to go before an expected release, the plans could theoretically change... The idea is for the tabletop product to be primarily controlled using the Siri digital assistant and upcoming features in Apple Intelligence. The device could respond to commands, such as "look at me," by repositioning the screen to focus on the person saying the words — say, during a video call. It also could understand different voices and adjust its focus accordingly. Current models in testing run a customized version of the iPad operating system... The company also is working on robots that move around the home and has discussed the idea of a humanoid version. Those projects are being led, in part, by Hanns Wolfram Tappeiner, a robotics expert who now has about 100 former car team engineers reporting to him. In a job listing published this month, Apple said it has a team "working to leverage and build upon groundbreaking machine learning robotics research, thereby enabling development of generalizable and reliable robot systems." The company said it's seeking experts with experience in "robot manipulation" and creating AI models for robot control. The article calls points out that Apple "still gets roughly half its revenue from the iPhone," and calls the robotics effort "one of a few avenues Apple is pursuing to generate new sources of revenue" — and to "capitalize" on its AI technology. (Apple is also working on both smart eyeglasses and augmented reality galsses.)

Read more of this story at Slashdot.

Data center construction "could delay California's transition away from fossil fuels and raise electric bills for everyone else," warns the Los Angeles Times — and also increase the risk of blackouts: Even now, California is at the verge of not having enough power. An analysis of public data by the nonprofit GridClue ranks California 49th of the 50 states in resilience — or the ability to avoid blackouts by having more electricity available than homes and businesses need at peak hours... The state has already extended the lives of Pacific Gas & Electric Co.'s Diablo Canyon nuclear plant as well as some natural gas-fueled plants in an attempt to avoid blackouts on sweltering days when power use surges... "I'm just surprised that the state isn't tracking this, with so much attention on power and water use here in California," said Shaolei Ren, associate professor of electrical and computer engineering at UC Riverside. Ren and his colleagues calculated that the global use of AI could require as much fresh water in 2027 as that now used by four to six countries the size of Denmark. Driving the data center construction is money. Today's stock market rewards companies that say they are investing in AI. Electric utilities profit as power use rises. And local governments benefit from the property taxes paid by data centers. The article notes a Goldman Sachs estimate that by 2030, data centers could consume up to 11% of all U.S. power demand — up from 3% now. And it shows how the sprawling build-out of data centers across America is impacting surrounding communities: The article notes that California's biggest concentration of data centers — more than 50 near the Silicon Valley city of Santa Clara — are powered by a utility emitting "more greenhouse gas than the average California electric utility because 23% of its power for commercial customers comes from gas-fired plants. Another 35% is purchased on the open market where the electricity's origin can't be traced." Consumer electric rates are rising "as the municipal utility spends heavily on transmission lines and other infrastructure," while the data centers now consume 60% of the city's electricity. Energy officials in northern Virginia "have proposed a transmission line to shore up the grid that would depend on coal plants that had been expected to be shuttered." In 2022 an Oregon newspaper discovered Google data centers were consuming 29% of one city's water supply. "Earlier this year, Pacific Gas & Electric told investors that its customers have proposed more than two dozen data centers, requiring 3.5 gigawatts of power — the output of three new nuclear reactors."

Read more of this story at Slashdot.

The Washington Post reviews a new book about Microsoft's 68-year-old co-founder Bill Gates: "He's not the Messiah, he's a very naughty boy." That immortal line from Monty Python's Life of Brian kept running through my head as I was reading "Billionaire, Nerd, Savior, King: Bill Gates and His Quest to Shape Our World," by Anupreeta Das, a reporter at the New York Times... which often feels like an extended list of all the major and minor complaints that Das could find not only about Gates but also about billionaires, nerds and the broader practice of philanthropy... [T]he philanthropist who played a central role in the spectacularly successful fight against diseases like HIV/AIDS; the environmentalist whose net-zero vision has led him to create a multibillion-dollar nuclear-power company — that man barely makes an appearance in this book... Rather than weigh Gates's accomplishments against his failures, Das focuses on his personal weaknesses — his unpleasant management style, his extramarital affairs and, especially, his association with the convicted sex offender Jeffrey Epstein, who is featured extensively throughout, including in the beginning of the book's introduction and in a 12-page section that leads off the chapter titled "Cancel Bill." Frustratingly, Das sheds little new light on the Gates-Epstein relationship, beyond suggesting that Epstein first attracted the billionaire by indicating that he might be able to get Gates his coveted Nobel Peace Prize. While I and others have reported that a $2 million donation from Gates to the MIT Media Lab was thought of within MIT as being Epstein money, for instance, Das will go only so far as to say that "the donation may or may not have been at Epstein's recommendation." The Guardian also notes that the Gates Foundation and the Gateses "have prevented millions of deaths, pumping billions of dollars into fighting Aids, tuberculosis and malaria around the world." They co-founded Gavi, the Vaccine Alliance, which vaccinated half the world's children... [During the pandemic] the Gates-backed Covax partnership was spearheading the global vaccination effort, procuring more than 1bn doses for people in poorer countries. But this doesn't seem to wash with Das, who reports that the foundation is "bigfooting", "neocolonial", "antidemocratic", and "top down", and sees it as an egotistical way for Bill to charity-wash his reputation... The penultimate chapter is titled Cancel Bill, and that's what the whole book feels like: an appeal to public opinion to write Gates off. As yet, and in the context of what other American billionaires do and get away with, it seems a little unfair.

Read more of this story at Slashdot.

"Electronic shelf labels are already common in Europe," reports the Los Angeles Times, "and will become wider spread in the U.S., with Walmart planning to implement the labels in 2,300 stores by 2026." And grocery giant Kroger also plans to introduce digital labels. But will they also bring "dynamic pricing", where stores raise the price of ice cream on hot days — or jack the cost of water and canned goods before upcoming storms? Kroger and Walmart said they have no plans to implement dynamic pricing, and added that electronic shelf labels will only be used to help lower costs. "Kroger's business model is to lower prices over time so that more customers shop with us," a Kroger spokesperson said. "Any test of electronic shelf tags is to lower prices more for customers where it matters most. To suggest otherwise is not true." A Walmart spokesperson said updates to the electronic tags will be used to reflect lower prices for items on sale or final clearance. Prices will not change throughout the day, she said... Grocery industry analyst Phil Lempert said the digital tags will help save time and money amid a labor shortage, but they could lead grocery chains down a slippery slope. "If you can make it electronic you can take a lot of costs out of the system, and that's great," Lempert said. "But once that's installed, and regardless of what any retailer is going to say, it's now easy to change prices." Santiago Gallino, a professor specializing in retail management at the University of Pennsylvania, said he hasn't seen signs that retailers plan to use electronic shelf labels for surge pricing. "In my conversation with retailers, it's clear that those who are pushing towards this technology are mainly trying to drive efficiency up in the stores and try to reduce costs," Gallino said. "Grocery retailers operate on very thin margins, so every time they find technology that can help them save in labor, they will do that." What grocery stores save in labor they may lose in customer trust and loyalty, however, said Dominick Miserandino [CEO of the retail disussion forum RetailWire.] "Consumers are exceptionally skeptical," he said. "When most of the consumer reaction to any product seems to be overwhelmingly negative, it's probably a product that one might want to reevaluate quickly." The article notes one U.S. presidential candidate has already pledged they'd "work to pass the first-ever federal ban on price gouging on food."

Read more of this story at Slashdot.

In 1999 Los Angeles Times reporter Michael Hiltzik co-authored a Pulitzer Prize-winning story. Now a business columnist for the Times, this week he covers new pushback on the COVID lab leak claim: Here's an indisputable fact about the theory that COVID originated in a laboratory: Most Americans believe it to be true. That's important for several reasons. One is that evidence to support the theory is nonexistent. Another is that the claim itself has fomented a surge of attacks on science and scientists that threatens to drive promising researchers out of the crucial field of pandemic epidemiology. That concern was aired in a commentary by 41 biologists, immunologists, virologists and physicians published Aug. 1 in the Journal of Virology. The journal probably isn't in the libraries of ordinary readers, but the article's prose is commendably clear and its conclusions eye-opening. "The lab leak narrative fuels mistrust in science and public health infrastructures," the authors observe. "Scientists and public health professionals stand between us and pandemic pathogens; these individuals are essential for anticipating, discovering, and mitigating future pandemic threats. Yet, scientists and public health professionals have been harmed and their institutions have been damaged by the skewed public and political opinions stirred by continued promotion of the lab leak hypothesis in the absence of evidence...." [O]ne can't advance the lab leak theory without positing a vast conspiracy encompassing scientists in China and the U.S., and Chinese and U.S. government officials. How else could all the evidence of a laboratory event that resulted in more than 7 million deaths worldwide be kept entirely suppressed for nearly five years... "Validating the lab leak hypothesis requires intelligence evidence that the WIV possessed or carried out work on a SARS-CoV-2 precursor virus prior to the pandemic," the Virology paper asserts. "Neither the scientific community nor multiple western intelligence agencies have found such evidence." Despite that, "the lab leak hypothesis receives persistent attention in the media, often without acknowledgment of the more solid evidence supporting zoonotic emergence," the paper says... I've written before about the smears, physical harassment and baseless accusations of fraud and other wrongdoing that lab leak propagandists have visited upon scientists whose work has challenged their claims; similar attacks have targeted experts who have worked to debunk other anti-science narratives, including those about global warming and vaccines... What's notable about the Virology paper is that it represents a comprehensive and long-overdue pushback by the scientific community against such behavior. More to the point, it focuses on the consequences for public health and the scientific mission from the rise of anti-science propaganda... "Scientists have withdrawn from social media platforms, rejected opportunities to speak in public, and taken increased safety measures to protect themselves and their families," the authors report. "Some have even diverted their work to less controversial and less timely topics. We now see a long-term risk of having fewer experts engaged in work that may help thwart future pandemics...." Thanks in part to social media, anti-science has become more virulent and widespread, the Virology authors write.

Read more of this story at Slashdot.

17,000 AT&T workers from the CWA union went on strike Friday. NPR notes the strike affects workers in nine states: Alabama, Florida, Georgia, Kentucky, Louisiana, Mississippi, North Carolina, South Carolina and Tennessee. A North Carolina newspaper says the union will remain on strike until they believe AT&T "begins to bargain over a new contract in good faith" after their previous contract expired back on August 3. And meanwhile, their article notes that the strike comes as some AT&T customers in North Carolina's Raleigh-Durham-Chapel Hill area "report prolonged internet outages." Saturday afternoon, AT&T also reported internet outages within a circle of northern Charlotte neighborhoods. "As far as the impact, the trained, experienced CWA members who are on strike do critical work installing, maintaining and supporting AT&T's residential and business wireline telecommunications network," CWA communications director Beth Allen said. "Customers should be aware that these workers will not be available to respond to service calls during the strike." Since at least Wednesday, AT&T internet customers in Durham have reported being without residential service. According to the company's website, outages have been detected across a wide section of the city, including downtown and around Duke University. AT&T has alerted some affected residents in southwest Durham their internet service "should be online" by Tuesday morning. An AT&T spokesperson told the newspaper that "We have various business continuity measures in place to avoid disruptions to operations and will continue to provide our customers with the great service they expect." A union executive said in a statement that AT&T's contract negotiators "did not seem to have the actual bargaining authority required by the legal obligation to bargain in good faith. Our members want to be on the job, providing the quality service that our customers deserve. It's time for AT&T to start negotiating in good faith so that we can move forward towards a fair contract."

Read more of this story at Slashdot.

The Los Angeles Times spoke to Ryan Kiskis, an environmentally-conscious owner of a hydrogen fuel cell vehicle (the Toyota Mirai): He soon learned that hydrogen refueling stations are scarce and reliably unreliable. He learned that apps to identify broken stations hand out bad information. He learned that the state of California, which is funding the station buildout, is far behind schedule — 200 stations were supposed to be up and running by 2025, but only 54 exist. And since Kiskis bought his car, the price of hydrogen has more than doubled, currently the equivalent of $15 a gallon of gasoline. With fueling so expensive and stations so undependable, Kiskis — who lives in Pacific Palisades and works at Google in Playa Vista — drives a gasoline Jeep for everything but short trips around the neighborhood. "I've got a great car that sits in the driveway," he said. Bryan Caluwe can relate. The retired Santa Monican bought a Mirai in 2022. He likes his car too. "But it's been a total inconvenience." Hydrogen stations "are either down for mechanical reasons, or they're out of fuel, or, in the case of Shell, they've rolled up the carpet and gone home." And don't get Irving Alden started. He runs a commercial print shop in North Hollywood. He leases a Mirai. He too loves the car. But the refueling system? "It's a frickin' joke." The three are part of a class action lawsuit filed in July against Toyota. They claim that Toyota salespeople misled them about the sorry state of California's hydrogen refueling system. "They were told the stations were convenient and readily available," said lawyer Nilofar Nouri of Beverly Hills Trial Attorneys. "That turned out to be far from reality." The class action now amounts to two dozen plaintiffs and growing, Nouri said. "We have thousands of these individuals in California who are stuck with this vehicle." Kiskis believes Toyota sales staff duped him — but says, "I'm just as irritated with the state of California" for poor oversight of the program it's funding... Hyundai also sells a fuel cell car in California called the Nexo, and although the the suit is aimed only at Toyota, the hydrogen station situation affects Hyundai too. Toyota told The Times it's "committed to customer satisfaction and will continue to evaluate how we can best support our customers. We will respond to the allegations in this lawsuit in the appropriate forum." The article does note that the California Energy Commission awarded an extra $9.4 million to hydrogen station operators this year to cover "operations and maintenance" — and that hydrogen cars have their advantages. "The full tank range is 350 to 400 miles. A fill-up usually takes no more than five or 10 minutes. "But unlike electric vehicles, you can't fill up at home. You have to travel to a dedicated fueling station...."

Read more of this story at Slashdot.

InfoWorld reports that Microsoft-owned GitHub "has unveiled Copilot Autofix, an AI-powered software vulnerability remediation service." The feature became available Wednesday as part of the GitHub Advanced Security (or GHAS) service: "Copilot Autofix analyzes vulnerabilities in code, explains why they matter, and offers code suggestions that help developers fix vulnerabilities as fast as they are found," GitHub said in the announcement. GHAS customers on GitHub Enterprise Cloud already have Copilot Autofix included in their subscription. GitHub has enabled Copilot Autofix by default for these customers in their GHAS code scanning settings. Beginning in September, Copilot Autofix will be offered for free in pull requests to open source projects. During the public beta, which began in March, GitHub found that developers using Copilot Autofix were fixing code vulnerabilities more than three times faster than those doing it manually, demonstrating how AI agents such as Copilot Autofix can radically simplify and accelerate software development. "Since implementing Copilot Autofix, we've observed a 60% reduction in the time spent on security-related code reviews," says one principal engineer quoted in GitHub's announcement, "and a 25% increase in overall development productivity." The announcement also notes that Copilot Autofix "leverages the CodeQL engine, GPT-4o, and a combination of heuristics and GitHub Copilot APIs." Code scanning tools detect vulnerabilities, but they don't address the fundamental problem: remediation takes security expertise and time, two valuable resources in critically short supply. In other words, finding vulnerabilities isn't the problem. Fixing them is... Developers can keep new vulnerabilities out of their code with Copilot Autofix in the pull request, and now also pay down the backlog of security debt by generating fixes for existing vulnerabilities... Fixes can be generated for dozens of classes of code vulnerabilities, such as SQL injection and cross-site scripting, which developers can dismiss, edit, or commit in their pull request.... For developers who aren't necessarily security experts, Copilot Autofix is like having the expertise of your security team at your fingertips while you review code... As the global home of the open source community, GitHub is uniquely positioned to help maintainers detect and remediate vulnerabilities so that open source software is safer and more reliable for everyone. We firmly believe that it's highly important to be both a responsible consumer of open source software and contributor back to it, which is why open source maintainers can already take advantage of GitHub's code scanning, secret scanning, dependency management, and private vulnerability reporting tools at no cost. Starting in September, we're thrilled to add Copilot Autofix in pull requests to this list and offer it for free to all open source projects... While responsibility for software security continues to rest on the shoulders of developers, we believe that AI agents can help relieve much of the burden.... With Copilot Autofix, we are one step closer to our vision where a vulnerability found means a vulnerability fixed.

Read more of this story at Slashdot.

Long-time Slashdot reader theodp writes: Christie's this week announced the items that will be auctioned in three sales from the Paul G. Allen Collection, including historic computers and artifacts from the late Microsoft co-founder's former Living Computers Museum + Labs in Seattle. They include an Apple-1 from the desk of late Apple co-founder Steve Jobs, estimated at $500,000 to $800,000, to be auctioned as part of a live sale on Sept. 10 at Christie's Rockefeller Center in New York. Among the lot of "Firsts" from the Paul Allen Collection is a circa-1984 PC's Limited Personal Computer (est. $600-$800), which comes with a manual for the Microsoft-developed IBM DOS. Also being offered is a circa-1975 IMSAI 8080 microcomputer (est. $2,000-$3,000). Both computers ran operating systems that can be traced back to the efforts of Digital Research founder Gary Kildall. Kildall's CP/M was adapted for IMSAI in 1975 and inspired the "CP/M work-alike" Quick And Dirty Operating System (QDOS) that Microsoft purchased in 1981, ported to the new IBM PC as MS-DOS, and licensed to IBM, who in turn offered it as PC-DOS... Interestingly, not present in the any of the three Christie's Paul G. Allen Collection auctions is Allen's rare unedited copy of Kildall's Computer Connections: People, Places, and Events in the Evolution of the Personal Computer Industry (edited version available at CHM), one of only 20 copies that were originally distributed to family and friends shortly before Kildall's death in 1994. (In the unpublished memoir, Kildall's Seattle Times obit reported, Kildall called DOS "plain and simple theft" of CP/M). Documents released in response to a 2018 Washington Public Records Act request revealed that one of those copies found its way into the hands of Allen in 2017, gifted by University of Washington CS professor Ed Lazowska, who led fundraising campaigns for UW's Paul G. Allen Center for Computer Science & Engineering.

Read more of this story at Slashdot.

Slashdot reader Dave Knott writes: After once again being plagued by controversy, this time due to a thwarted ballot-stuffing campaign, the 2024 Hugo Awards have been awarded at the 2024 World Science Fiction Convention. This year's winners are: * Best Novel: Some Desperate Glory, by Emily Tesh * Best Novella: Thornhedge, by T. Kingfisher * Best Novelette: "The Year Without Sunshine", by Naomi Kritzer * Best Short Story: "Better Living Through Algorithms", by Naomi Kritzer * Best Series: Imperial Radch, by Ann Leckie * Best Graphic Story or Comic: Saga, Vol. 11, written by Brian K. Vaughan, art by Fiona Staples * Best Related Work: A City on Mars: Can We Settle Space, Should We Settle Space, and Have We Really Thought This Through?, by Kelly Weinersmith and Zach Weinersmith * Best Dramatic Presentation, Long Form: Dungeons & Dragons: Honor Among Thieves * Best Dramatic Presentation, Short Form: The Last of Us: "Long, Long Time", written by Craig Mazin and Neil Druckmann, directed by Peter Hoar * Best Game or Interactive Work: Baldur's Gate 3, produced by Larian Studios * Best Editor Short Form: Neil Clarke * Best Editor Long Form: Ruoxi Chen * Best Professional Artist: Rovina Cai * Best Semiprozine: Strange Horizons, by the Strange Horizons Editorial Collective * Best Fanzine: Nerds of a Feather, Flock Together, editors Roseanna Pendlebury, Arturo Serrano, Paul Weimer; senior editors Joe Sherry, Adri Joy, G. Brown, Vance Kotrla * Best Fancast: Octothorpe, by John Coxon, Alison Scott, and Liz Batty * Best Fan Writer: Paul Weimer * Best Fan Artist: Laya Rose * Lodestar Award for Best YA Book: To Shape a Dragon's Breath by Moniquill Blackgoose * Astounding Award for Best New Writer: Xiran Jay Zhao

Read more of this story at Slashdot.