Most supply-chain attacks using Ruby's package hosting site "exploit a narrow window," according to a new blog post form Ruby core maintainer Hiroshi Shibata. So its packaging-managing Bundler tool now offers a filter that blocks new version until it's been public "for at least N days. Releases too new to have been scrutinized are passed over in favor of ones that have aged past the window." The feature was designed in the open, drawing on how other ecosystems approach the same problem. It is opt-in, and complements rather than replaces existing defenses like mandatory 2FA and trusted publishing... Cooldown is unset by default, so a project without it keeps resolving to the newest versions.... Passing 0 disables cooldown for the run... Cooldown is most useful as one part of the wider security investment happening on rubygems.org. The registry now validates gem contents at push time and checks logins against Have I Been Pwned so that compromised passwords cannot be reused, work described in Protecting rubygems.org from the outside in. A dedicated team is running AI-assisted vulnerability scanning against the most critical gems, backed by Alpha Omega and Anthropic, and the direction of all of this is tracked on a public roadmap. Trusted publishing and mandatory 2FA already raise the bar for who can push a release in the first place.

Read more of this story at Slashdot.

A burglar took a self-driving Waymo taxi to rob a San Francisco yoga studio this past January, reports TechCrunch — "and police have still not caught them." Even the police officer assigned to the case thought it would be easier to solve, notes The San Francisco Chronicle, since Waymos are outfitted with multiple high-definition cameras and require users to make accounts with their credit card numbers: It's common for officers to seek video footage of a crime from any of the Waymos, Teslas and other high-tech vehicles that record their surroundings. That information can be crucial for identifying suspects or creating a reliable timeline of events. At times, police will go so far as to obtain search warrants to tow the vehicle "witnesses" to ensure they don't lose valuable video evidence. In the Hot 8 Yoga burglary case, San Francisco police issued a search warrant that forced Waymo to turn over information on the account that ordered the ride and video footage from the white Jaguar that served as the getaway car, police records show. Faye said that he couldn't discuss certain details of the case, but that the Waymo user's account information didn't lead police to the suspect. In general, he said, it's not unusual for a criminal to order a service with stolen information or a burner phone. The video evidence didn't help much either, Faye said. He said that the company had not retained interior footage of the car by the time the search warrant was filed in April and that it had kept the faces seen outside the car blurred for privacy reasons... Waymo does not publicly disclose how long it retains video footage. The company blurs faces and license plates in the public-facing images it uses in a database designed for research.... Last year in Los Angeles, a person allegedly robbed a grocery store before hopping in a Waymo. Officers were able to chase down the vehicle after the suspect got inside, and the car pulled itself over after police turned on the car's emergency lights, according to Los Angeles-area news outlets. "Farah Issa, studio manager of Hot 8 Yoga, showed the Chronicle a copy of the surveillance video from her phone, noting how the Waymo dropped off the suspect and waited for him to finish the burglary before taking off again."

Read more of this story at Slashdot.

Reuters reports: Several large data centers and crypto facilities planning to connect to the Texas power grid ahead of peak summer demand have failed key reliability tests, raising the risk of power outages just as electricity use hits its seasonal high, according to the state grid operator... Unlike traditional industrial customers, which tend to draw electricity steadily and predictably, data centers are engineered to cut their connection to the grid at the first sign of trouble to protect their equipment and keep services running. That makes them an unpredictable and potentially destabilizing force on grids already under pressure from rising demand. Four groups of unnamed large electricity users, including data centers, abruptly disconnected from the Texas grid during a test of how they would handle routine voltage disturbances, the Electric Reliability Council of Texas (ERCOT) said in a report dated May 21. When large customers abruptly cut their power use, it can knock the grid off balance and trigger wider outages. ERCOT, which manages electricity for most of Texas, said it reviewed about 20 gigawatts of large customers seeking to connect to the system, including eight projects totaling roughly 3.9 gigawatts aiming to start up before July 1. It said it identified four groups of large power users that could each trigger more than 5,000 megawatts of demand tripping under certain fault conditions, based on simulations of transmission system disturbances. Those abrupt drops in demand were equivalent to the electricity consumption of a large city such as Boston.

Read more of this story at Slashdot.

"When Hugo Parra was arrested last year on felony charges, his pleas of innocence fell on deaf ears," reports the Times of San Diego: San Diego police had a description of the Alfa Romeo car he was riding in [but no license plate number] and a witness who identified him during a curbside lineup as the man who brandished a handgun in Golden Hill. They had also checked the city's automatic license plate camera system, run by the private company Flock, and got a "hit," substantiating the claim. The problem, says attorney Alex Coolman, was that Parra was five miles away from Golden Hill at the time of the crime, and the so-called hit from the license plate reader was captured before any police pursuit began. "This Flock hit was obviously the wrong car, as it could not have been in both places simultaneously," said Coolman, who represents Parra and the driver, 23-year-old Ariel Beltran. Despite the signs pointing to it being a different Alfa Romeo, police arrested Beltran and Parra... [An officer had informed dispatch that one of the men "matched the victim's description, other than having a different-colored hooded sweatshirt."] Parra spent nearly one month behind bars, missing Thanksgiving and other special events with his family, before the assault with a firearm and evasion charges were dropped. Parras says he was incarcerated with actual murderers, according to the article, and Parra and Beltran are now preparing to sue the city, seeking $1.5 million each in damages for civil rights violations and negligence. Their claim notes they'd driven past several other Flock cameras which officers could've used to corroborate their story (not to mention location data on their cell phones). Meanwhile, the article also notes that last month the Institute for Justice "identified at least 17 cases in the United States of officers allegedly using Automated License Plate Reader technology to keep tabs on partners, exes, and strangers who had caught their eye..."

Read more of this story at Slashdot.

Italian fashion house Prada "unveiled on Sunday the inner-layer garment set to be worn by NASA astronauts heading to the moon," reports Reuters. "The body-hugging suit, created in collaboration with Houston-based space infrastructure developer Axiom Space, features ventilation tubes knitted into the garment." Expertise for developing space exploration products "can come from lots of seemingly unrelated industries," said Jonathan Cirtain, CEO of Axiom Space... The new product follows Prada's splashy foray into space fashion in 2024 with the unveiling of a spacesuit that is expected to be used for NASA's anticipated Artemis 4 moon landing in 2028... Other fashion and apparel companies have jumped on the space bandwagon. Under Armour has partnered with spaceflight company Virgin Galactic to create space apparel, while Columbia Sportswear has worked with space exploration company Intuitive Machines on space fabric technology. The new "Liquid Cooling and Ventilation Garment" was displayed on a mannequin at an event at Prada's Manhattan store.

Read more of this story at Slashdot.