The Free Software Foundation (FSF) has launched the LibrePhone Project, an initiative to create a fully free and open-source mobile operating system that eliminates proprietary firmware and binary blobs. From the FSF: "Librephone is a new initiative by the FSF with the goal of bringing full freedom to the mobile computing environment. The vast majority of software users around the world use a mobile phone as their primary computing device. After forty years of advocacy for computing freedom, the FSF will now work to bring the right to study, change, share, and modify the programs users depend on in their daily lives to mobile phones. ... Practically, Librephone aims to close the last gaps between existing distributions of the Android operating system and software freedom. The FSF has hired experienced developer Rob Savoye (DejaGNU, Gnash, OpenStreetMap, and more) to lead the technical project. He is currently investigating the state of device firmware and binary blobs in other mobile phone freedom projects, prioritizing the free software work done by the not entirely free software mobile phone operating system LineageOS." The project site can be found here.

Read more of this story at Slashdot.

A new study shows that common baker's yeast (Saccharomyces cerevisiae) can survive Mars-like conditions, including meteorite shock waves and toxic perchlorate salts found in Martian soil. Phys.org reports: Published in PNAS Nexus, Purusharth I. Rajyaguru and colleagues subjected Saccharomyces cerevisiae, which is a widely used model yeast, to shock waves and perchlorates. The authors chose the yeast in part because it has already been studied in space. When stressed, yeast, humans, and many other organisms form ribonucleoprotein (RNP) condensates, structures made of RNA and proteins that protect RNA and affect the fates of mRNAs. When the stressor passes, the RNP condensates, which include subtypes known as stress granules and P-bodies, disassemble. The authors simulated Martian shock waves at the High-Intensity Shock Tube for Astrochemistry (HISTA) housed in the Physical Research Laboratory in Ahmedabad, India. Yeast exposed to 5.6 Mach intensity shock waves survived with slowed growth, as did yeast subjected to 100 mM sodium salt of perchlorate (NaClO4) -- a concentration similar to that in Martian soils. Yeast cells also survived exposure to the combined stress of shock waves and perchlorate stress. In both cases, the yeast assembled RNP condensates. Shock waves induced the assembly of stress granules and P-bodies; perchlorate caused yeast to make P-bodies but not stress granules. Mutants incapable of assembling RNP condensates were poor at surviving the Martian stress condition. Transcriptome analysis identified specific RNA transcripts perturbed by Mars-like conditions.

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: On Monday, a publicly-sourced archive of more than 10,000 national park signs and monument placards went public as part of a massive volunteer project to save historical and educational placards from around the country that risk removal by the Trump administration. Visitors to national parks and other public monuments at more than 300 sites across the U.S. took photos of signs and submitted them to the archive to be saved in case they're ever removed in the wake of the Trump administration's rewriting of park history. The full archive is available here, with submissions from July to the end of September. The signs people have captured include historical photos from Alcatraz, stories from the African American Civil War Memorial, photos and accounts from the Brown v. Board of Education National History Park, and hundreds more sites. "I'm so excited to share this collaborative photo collection with the public. As librarians, our goal is to preserve the knowledge and stories told in these signs. We want to put the signs back in the people's hands," Jenny McBurney, Government Publications Librarian at the University of Minnesota and one of the co-founders of the Save Our Signs project, said in a press release. "We are so grateful for all the people who have contributed their time and energy to this project. The outpouring of support has been so heartening. We hope the launch of this archive is a way for people to see all their work come together."

Read more of this story at Slashdot.

The U.S. Department of Justice seized about $15 billion in bitcoin from wallets tied to Chen Zhi, founder of Cambodia's Prince Holding Group, who is accused of running one of the world's biggest "pig butchering" scams. Prosecutors say Zhi's network trafficked people into forced-labor scam compounds that defrauded victims worldwide through fake crypto investment schemes. CNBC reports: The seizure is the largest forfeiture action by the DOJ in history. An indictment charging the alleged pig butcher, Chen Zhi, was unsealed Tuesday in federal court in Brooklyn, New York. Zhi, who is also known as "Vincent," remains at large, according to the U.S. Attorney's Office for the Eastern District of New York. He was identified in court filings as the founder and chairman of Prince Holding Group, a multinational business conglomerate based in Cambodia, which prosecutors said grew "in secret .... into one of Asia's largest transnational criminal organizations. [...] The scams duped people contacted via social media and messaging applications online into transferring cryptocurrency into accounts controlled by the scheme with false promises that the crypto would be invested and produce profits, according to the office. "In reality, the funds were stolen from the victims and laundered for the benefit of the perpetrators," the release said. "The scam perpetrators often built relationships with their victims over time, earning their trust before stealing their funds." Prosecutors said that hundreds of people were trafficked and forced to work in the scam compounds, "often under the threat of violence." Zhi and a network of top executives in the Prince Group are accused of using political influence in multiple countries to protect their criminal enterprise and paid bribes to public officials to avoid actions by law enforcement authorities targeting the scheme, according to prosecutors.

Read more of this story at Slashdot.

Roughly 200,000 Linux-based Framework laptops shipped with a signed UEFI shell command (mm) that can be abused to bypass Secure Boot protections -- allowing attackers to load persistent bootkits like BlackLotus or HybridPetya. Framework has begun patching affected models, though some fixes and DBX updates are still pending. BleepingComputer reports: According to firmware security company Eclypsium, the problem stems from including a 'memory modify' (mm) command in legitimately signed UEFI shells that Framework shipped with its systems. The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules. The mm command can be abused to overwrite gSecurity2 with NULL, effectively disabling signature verification. "This command writes zeros to the memory location containing the security handler pointer, effectively disabling signature verification for all subsequent module loads." The researchers also note that the attack can be automated via startup scripts to persist across reboots.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: NordVPN has open sourced its Linux GUI on GitHub, giving the community full access to the code behind its graphical client. The move follows a 70 percent surge in daily active Linux users since the GUI's debut earlier this year, showing clear demand for a user friendly VPN experience on the platform. Alongside the previously open sourced command line tool, the GUI codebase is now available for anyone to audit, modify, and contribute to. While NordVPN's core backend infrastructure remains proprietary, the company says the open source release reflects its commitment to transparency and collaboration with the Linux community. The GUI can also now be installed with a single command using Snap, simplifying setup and ensuring automatic updates across distributions.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Google announced on Tuesday that it will invest $15 billion in India over the next five years to establish its first artificial intelligence hub in the country. Located in the southern city of Visakhapatnam, the hub will be one of Google's largest globally. It will feature gigawatt-scale data center operations, extensive energy infrastructure and an expanded fiber-optic network, the company said in a statement. The investment underscores Google's growing reliance on India as a key technology and talent base in the global race for AI dominance. For India, it brings in high-value infrastructure and foreign investment at a scale that can accelerate its digital transformation ambitions. Google said its AI hub investment will include construction of a new international subsea gateway that would connect to the company's more than 2 million miles (3.2 million kilometers) of existing terrestrial and subsea cables. "The initiative creates substantial economic and societal opportunities for both India and the United States, while pioneering a generational shift in AI capability," the company's statement said.

Read more of this story at Slashdot.

Longtime Slashdot reader Gadi Evron writes: Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their IEEE Security & Privacy essay, they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start. "Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption." "Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."

Read more of this story at Slashdot.

Walmart announced a new partnership with OpenAI that will let customers shop using ChatGPT. "For many years now, eCommerce shopping experiences have consisted of a search bar and a long list of item responses. That is about to change," Walmart CEO Doug McMillon said in a statement. NBC News reports: It was unclear Tuesday what the terms of the Walmart-AI partnership would be. The announcement also did not say when shoppers can expect to see ChatGPT integrated with their Walmart online shopping experiences, only that it's coming "soon." The OpenAI announcement is part of a broader push by Walmart, the biggest private employer in the U.S., to incorporate AI into its daily operations. "We're excited to partner with Walmart to make everyday purchases a little simpler. It's just one way AI will help people every day under our work together," Sam Altman, the co-founder and CEO of OpenAI, said in a statement. The partnership could also serve OpenAI by introducing ChatGPT to a massive set of consumers who may not be as accustomed to using AI chats in their shopping as OpenAI's core user base. "There is a native AI experience coming that is multi-media, personalized and contextual," said Walmart's McMillon.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Today is the official end-of-support date for Microsoft's Windows 10. That doesn't mean these PCs will suddenly stop working, but if you don't take action, it does mean your PC has received its last regular security patches and that Microsoft is washing its hands of technical support. This end-of-support date comes about a decade after the initial release of Windows 10, which is typical for most Windows versions. But it comes just four years after Windows 10 was replaced by Windows 11, a version with stricter system requirements that left many older-but-still-functional PCs with no officially supported upgrade path. As a result, Windows 10 still runs on roughly 40 percent of the world's Windows PCs (or around a third of US-based PCs), according to StatCounter data. But this end-of-support date also isn't set in stone. Home users with Windows 10 PCs can enroll in Microsoft's Extended Security Updates (ESU) program, which extends the support timeline by another year. [...] Home users can only get a one-year stay of execution for Windows 10, but IT administrators and other institutions with fleets of Windows 10 PCs can also pay for up to three years of ESUs, which is also roughly the amount of time users can expect new Microsoft Defender antivirus updates and updates for core apps like Microsoft Edge. Obviously, Microsoft's preferred upgrade path would be either an upgrade to Windows 11 for PCs that meet the requirements or an upgrade to a new PC that does support Windows 11. It's also still possible, at least for now, to install and run Windows 11 on unsupported PCs. Your day-to-day experience will generally be pretty good, though installing Microsoft's major yearly updates (like the upcoming Windows 11 25H2 update) can be a bit of a pain.

Read more of this story at Slashdot.

Apple has rebranded its streaming service Apple TV+ to simply Apple TV, further blurring the already confusing line between the Apple TV device, the Apple TV app, and the Apple TV service. As John Gruber notes, users can now "watch Apple TV in Apple TV on Apple TV." From Daring Fireball: In some ways, I get it. Like, if you're telling someone how much you enjoy Slow Horses and they ask how to watch it, it's more natural and conversational to just say "It's on Apple TV." That's what most people say. That's what I say -- and as part of my job, I completely understand the difference between Apple TV the device, Apple TV the (free) app, and Apple TV+ the (paid) streaming service. But right there in Apple's own "About Apple TV" description, you see just how overused "Apple TV" now is. You can watch Apple TV in Apple TV on Apple TV -- the paid service in the free app on the set-top box. But you can watch any streaming service you want on the box, in that service's own app. But many of those services are also available in the Apple TV app. And the Apple TV streaming service is also available on just about all other popular set-top hardware platforms. So don't need an Apple TV to watch Apple TV. It's a bit like Abbott and Costello's classic "Who's on First" routine.

Read more of this story at Slashdot.

schwit1 shares a report from Hackread: On October 3, 2025, Hackread.com published an in-depth report in which hackers claimed to have stolen 989 million records from 39 major companies worldwide by exploiting a Salesforce vulnerability. The group demanded that Salesforce and the affected firms enter negotiations before October 10, 2025, warning that if their demands were ignored, they would release the entire dataset. The hackers, identifying themselves as "Scattered Lapsus$ Hunters," a collective said to combine elements of Scattered Spider, Lapsus$, and ShinyHunters, have now published data allegedly belonging to 6 of the 39 targeted companies. The companies named in the leak are as follows: Fujifilm, GAP, INC., Vietnam Airlines, Engie Resources, Quantas Airways Limited, and Albertsons Companies, Inc. In all 6 leaks, the record contains personal details of customers, business, including email addresses, full names, addresses, passport numbers, phone numbers. The hackers said on Telegram that they will not be releasing any additional information, stating, "A lot of people are asking what else will be leaked. Nothing else will be leaked. Everything that was leaked was leaked, we have nothing else to leak, and obviously, the things we have cannot be leaked for obvious reasons."

Read more of this story at Slashdot.

NASA's Jet Propulsion Laboratory is laying off around 550 employees, or roughly 11% of its workforce, as part of an effort to "restructure and establish an appropriate size to ensure future success." According to JPL Director Dave Gallagher, the job cuts "are not related to the current government shutdown." CNBC reports: JPL is a research and development lab funded by NASA -- the federal space agency -- and managed by the California Institute of Technology. "While not easy, I believe that taking these actions now will help the Lab transform at the scale and pace necessary to help achieve humanity's boldest ambitions in space," Gallagher wrote in a separate mekor to JPL employees and contractors. Gallagher, in the public announcement, noted that the reorganization of JPL began in July, and "over the past few months, we have communicated openly with employees about the challenges and hard choices ahead." "This week's action, while not easy, is essential to securing JPL's future by creating a leaner infrastructure, focusing on our core technical capabilities, maintaining fiscal discipline, and positioning us to compete in the evolving space ecosystem -- all while continuing to deliver on our vital work for NASA and the nation," Gallagher wrote. Gallagher said that JPL employees will be notified of their status on Tuesday, and the "new Lab structure ... will become effective Wednesday."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptually, it's the equivalent of a malicious Android app being able to screenshot other apps or websites. It allows a malicious Android application to access and leak information displayed in other Android apps or on websites. It can, for example, steal data displayed in apps like Google Maps, Signal, and Venmo, as well as from websites like Gmail (mail.google.com). It can even steal 2FA codes from Google Authenticator. "First, the malicious app opens the target app (e.g., Google Authenticator), submitting its pixels for rendering," explained [Alan Wang, a PhD candidate at UC Berkeley]. "Second, the malicious app picks the coordinates of a target pixel whose color it wants to steal. Suppose for example it wants to steal a pixel that is part of the screen region where a 2FA character is known to be rendered by Google Authenticator, and that this pixel is either white (if nothing was rendered there) or non-white (if part of a 2FA digit was rendered there). Third, the malicious app causes some graphical operations whose rendering time is long if the target pixel is non-white and short if it is white. The malicious app does this by opening some malicious activities (i.e., windows) in front of the target app. Finally, the malicious app measures the rendering time per frame of the above graphical operations to determine whether the target pixel was white or non-white. These last few steps are repeated for as many pixels as needed to run OCR over the recovered pixels and guess the original content." The researchers have demonstrated Pixnapping on five devices running Android versions 13 to 16 (up until build id BP3A.250905.014): Google Pixel 6, Google Pixel 7, Google Pixel 8, Google Pixel 9, and Samsung Galaxy S25. Android 16 is the latest operating system version. Other Android devices have not been tested, but the mechanism that allows the attack to work is typically available. A malicious Android app implementing Pixnapping would not require any special permissions in its manifest file, the authors say. The researchers detail the attack in a paper (PDF) titled "Pixnapping: Bringing Pixel Stealing out of the Stone Age."

Read more of this story at Slashdot.

SpaceX's Starship megarocket successfully completed its 11th test flight, achieving major milestones like engine relight, satellite deployment, and a controlled splashdown in the Indian Ocean. From a report: This mission marks the second clean test run for Version 2, following a successful showing during its last test mission in August. Earlier this year, however, Starship Version 2 suffered three in-flight failures and an explosive accident during ground testing. Today's test mission is expected to be the last for the current iteration of Starship prototypes. The company has said it will debut a scaled up Version 3 for the next flight. You can watch a recording of the launch on YouTube.

Read more of this story at Slashdot.

The FCC has forced major U.S. online retailers to remove millions of listings for prohibited Chinese-made electronics, including products from Huawei, ZTE, Hikvision, and Dahua, citing national security risks. Reuters reports: FCC Chair Brendan Carr said in an interview [on Friday] that the items removed are either on a U.S. list of barred equipment or were not authorized by the agency, including items like home security cameras and smart watches from companies including Huawei, Hangzhou Hikvision, ZTE, and Dahua Technology Company. Carr said companies are putting new processes in place to prevent future prohibited items as a result of FCC oversight. "We're going to keep our efforts up," Carr said. The FCC issued a new national security notice reminding companies of prohibited items including video surveillance equipment. Carr said the items could allow China to "surveil Americans, disrupt communications networks and otherwise threaten U.S. national security."

Read more of this story at Slashdot.

Palmer Luckey's defense tech firm Anduril has unveiled EagleEye, an AI-powered mixed-reality combat helmet built in partnership with Meta. The system integrates AR displays, spatial audio, and drone control to create what Luckey calls "a new teammate" for soldiers. "The idea of an AI partner embedded in your display has been imagined for decades. EagleEye is the first time it's real," said Luckey. The Verge reports: Anduril, which also manufactures border control tech, lethal drones, and military aircraft, has been developing EagleEye since its inception, and already provides software for the Army's existing MR goggles, based on Microsoft's HoloLens hardware. Its partnership with Meta was announced this May, and the company told TechCrunch at the time that the collaboration was to develop EagleEye. It's a reunion of sorts for Luckey and Mark Zuckerberg, after Meta purchased Luckey's then-start-up Oculus in 2014 and fired the founder three years later.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Britain said on Monday it had issued U.S. internet forum site 4chan with a $26,644 fine for failing to provide information about the risk of illegal content on its service, marking the first penalty under the new online safety regime. Media regulator Ofcom said 4chan had not responded to its request for a copy of its illegal harms risk assessment nor a second request relating to its qualifying worldwide. Ofcom said it would take action against any service which "flagrantly fails to engage with Ofcom and their duties under the Online Safety Act" and they should expect to face penalties. The act, which is designed to protect children and vulnerable users from illegal content online, has caused tension between U.S. tech companies and Britain. Critics of the law have said it threatens free speech and targets U.S. companies. Technology minister Liz Kendall said the government "fully backed" Ofcom in taking action. "This fine is a clear warning to those who fail to remove illegal content or protect children from harmful material," she said. 4chan and Kiwi Farms filed a lawsuit in the United States against Ofcom in August, arguing that the threats and fines issued by the regulator "constitute foreign judgements that would restrict speech under U.S. law." The lawsuit claims that both entities are entirely based in the U.S., have no operations in the U.K., and therefore are not subject to its local laws.

Read more of this story at Slashdot.

Google's viral Nano Banana AI image editor is being woven into Search, NotebookLM, and Photos. Engadget reports: Perhaps the most notable integration here is with NotebookLM. Nano Banana is being used to drastically change up Video Overviews, offering up six new styles like watercolor and anime. It also now generates contextual illustrations based on sources and there's a new option for micro-videos called Briefs. For the uninitiated, Video Overviews is a neat little tool available to NotebookLM users that automatically generates explainer videos from documents. It can even whip up a narrated slideshow with visuals. The AI-heavy update starts rolling out to Pro users this week and to all users in "the upcoming weeks." Search integration offers new ways to make and edit images while using the official Google app. The company says folks can use a chat prompt to, say, ask the bot to create a stylized version of a pre-existing image. Additionally, photos can be snapped directly from the Lens tool and then edited via the AI. This is rolling out right now in English for US customers, with more countries and languages coming in the near future. We don't have any actual information as to what the Photos integration will look like, with Google simply saying it's bringing Nano Banana to the platform in "the weeks ahead."

Read more of this story at Slashdot.

"Dutch authorities have temporarily nationalized Nexperia, owned by Chinese company Wingtech, over fears of critical product unavailability," writes longtime Slashdot reader evil_aaronm. Reuters reports: The Hague invoked never-before-used powers under a Dutch law known as the "Availability of Goods Act." The decision led to a 10% fall in Wingtech's shares in Shanghai on Monday. The Dutch government will not take ownership of Nexperia, but it will now have the power to reverse or block management decisions it considers harmful. The company's regular production is continuing. [...] Wingtech called the Dutch government's intervention in Nexperia, once part of Dutch electronics group Philips, "excessive interference driven by geopolitical bias." Wingtech also alleged that non-Chinese Nexperia executives had tried to forcibly alter the company's equity structure through legal proceedings in a "cloaked power grab" on the company. A copy of an Amsterdam commercial court ruling dated October 7 and seen by Reuters showed that the court decided on October 1 to suspend Wingtech CEO Zhang Xuezheng from his position as executive director at Nexperia after finding "well founded reasons to doubt" the company was pursuing correct management policy or actions under Dutch civil law. It appointed Dutch businessman Guido Dierick to take Zhang's position with a "deciding vote", and transferred control of almost all of Nexperia's shares to a Dutch lawyer for management. The Dutch state and the company's labour council had supported the moves, the document showed. [...] In its statement, the Dutch government said that administrative problems at Nexperia posed a threat to the company's "crucial technological knowledge" without elaborating. "The loss of these capabilities could pose a risk to Dutch and European economic security," it said. Nexperia is one of the world's largest makers of simple computer chips such as diodes and transistors, though it also develops more advanced technologies such as "wide gap" semiconductors used in electrical settings and useful for electric cars, chargers and AI data centres. Wingtech said in a filing to the Shanghai stock exchange on Monday that its control over Nexperia would be temporarily restricted due to the Dutch order and court rulings, affecting decision making and operational efficiency.

Read more of this story at Slashdot.