Agreguesi i feed

This month I’m mostly listening to music by Nu Genea, Danalogue and Noon Garden.

I’m going to tell you about a big change I’m proposing for folks using Freedesktop SDK to build operating systems. And I’m also going to talk a bit about the GNOME Foundation elections. Maybe I’ll do that first.

GNOME Foundation elections

The GNOME Foundation is a democratically organised not-for-profit that grew from the GNOME open source project around the year 2000. Anyone who contributes to the GNOME open source project can be a member of the Foundation, which allows (among other things) periodically voting in a Board of Directors who govern the Foundation. You probably know all of this.

Back in 2001 the Foundation was a lively active space. Check out the election results from 2001: 11 candidates were selected out of 25 candidates, some of whom made pretty wild campaign promises such as banning all mentions of proprietary software.

When I became more involved in GNOME, ten or fifteen years ago, the Foundation seemed pretty boring and sensible and not many people volunteered to be directors. Here’s a mail from 2017 of someone complaining about not enough candidates and low voter turnout.

This year’s election has nine eight candidates for five seats, and a lively debate. Two years ago a big explosion happened in the community, and we are still dealing with the fallout and, in many cases, still piecing together what actually happened. (It seems like the explosion had been building for a long time and maybe the boring and sensible days of 2017 weren’t as boring and sensible as they appeared from outside.) I am not impressed by the tone of some of the discourse, everyone involved in the campaign believes in what they are doing and deserves respect, but it does make me optimistic about the future of the GNOME Foundation. Questioning things is healthier than ignoring them.

My quiet theory is that the dynamics of open source have changed fundamentally now that LLMs are a mainstream technology. Code is less of an asset than it ever was. A lot of work in the desktop space since 1997 has been simply keeping pace with the rest of the industry: Apple introduced glassy window bars and so we had to have them in GNOME too, Apple introduced “retina” displays and now we need fractional scaling, Apple introduced the App Store and now we need Flatpak, and so on. All of these are huge engineering efforts requiring a lot of new code.

Now the industry is out of ideas. Apple this year are announcing AI integration and more glassy window bars.

So if code is not the asset, what is? The people, as it always ways. And in an increasingly hostile and untrustworthy internet, where you can’t even trust websites any more, a resilient autonomous and trusted structure like the GNOME Foundation, with a battle-tested democratic structure, and strong moderation capabilities to keep out the increasingly automated and vociferous trolls, is a very valuable thing indeed. (No wonder the trolls see it as a threat).

It’s hard to imagine a parallel universe where there’s no KDE eV and no GNOME Foundation, but I suspect we would miss both of them. Clearly all of the candidates believe in the Foundation enough to run for election. Remember that it’s an unpaid position with a lot of responsibility and minimal benefits. Being a director is a personal sacrifice. So thanks to everyone who keeps it working.

freedesktop-sdk.bst:public-stacks/runtime-gnu.bst

Onto the more technical material, I guess. The Freedesktop SDK is a widely used Flatpak app runtime that powers thousands of apps on Flathub. You probably know that, too.

Flatpak aimed from the beginning to be distro-independent, and consequently the Freedesktop SDK isn’t a repackaging of Debian or Fedora or Alpine Linux, but something more like a DIY Linux From Scratch build. As an app user you don’t notice any of this, because it’s very well executed and apps just work. Again, it’s hard now to imagine a parallel universe where the main Flatpak runtime was Fedora in a trenchcoat, but perhaps that would have impeded the success of Flatpak. (Of course Canonical still built their own app store technology, but I suspect that Canonical re-inventing things is part of every parallel universe).

So Freedesktop SDK has build instructions for common Linux tools, utilities and libraries, and they are so good that most BuildStream projects end up junctioning Freedesktop SDK to reuse them. (I covered this in more detail back in April). In theory this brings a virtuous cycle: we use FDSDK in industry and that funds maintenance and improvement of the build instructions, which in turn benefits the Flatpak runtime which doesn’t have any source of funding of its own.

I’ve been working on a slightly tricky intersection between these two worlds, which I call “Choose your own userland”. It makes a relatively small change to a stack element in Freedesktop SDK, but one which has big consequences for BuildStream projects that junction the project. (And no immediate consequences for Flatpak users, but you could see it as future-proofing).

A stack element is a group of elements. Freedesktop SDK provides various “public stacks” with useful element groupings. Most of these are related to build systems, like public-stacks/buildsystem-autotools.bst which includes everything you need to run builds with the crusty old GNU Autotools build system. Then there’s this special one: public-stacks/runtime-minimal.bst, which as of today includes the following:

• Root filesystem symlinks
• C/C++ platform libraries like GNU GLIBC,
• The GNU Bash shell (and its dependencies Readline and ncurses)
• GNU Coreutils, and all their dependencies

This stack is a recent addition, announced in the release notes of last year’s FDSDK 25.08 major release:

[BREAKING CHANGE] It’s now possible to create more minimal runtimes thanks to rework of bootstrap-import.bst. This adds a new stack public-stacks/buildsystem-make.bst which is essentially same as the original bootstrap-import.bst. There is also a new stack public-stacks/runtime-minimal.bst that is intended to provide a minimal environment that you can shell into. More info in the related issues: #1728 (closed), #1523

My selfish motivation for this change is I want to build embedded systems that don’t include GNU Bash and Coreutils at all, using BusyBox to provide the shell and utilities instead. This is hard today with FDSDK because every element unconditionally depends on Bash and Coreutils, so how can I remove them from my final system? But coincidentally, in the desktop world we are also seeing GNU Coreutils replaced with uutils/coreutils, a reimplementation in Rust which is already the default in Ubuntu since 25.10. So there’s another reason we might not want to hardcode a specific coreutils implementation in the lowest level stack.

The idea implemented in my branch came from Abderrahim and is delightfully simple: just drop Bash and Coreutils from the runtime-minimal stack, and have elements opt into them explictly.

On hearing the idea, I wasn’t sure how this would work, so of course I was effectively nerd-sniped into trying it. The result is as we’d hoped, it allows you to build systems with alternative coreutils. The FDSDK includes some example VMs, and here’s an example of one of them booting with uutils/coreutils (taken from MR!31779):

https://gitlab.com/-/project/4339844/uploads/04ea5b38ae78b5ee6ed175ea9ea54369/FDSDK_example_system_with_uutils-coreutils.webm

So the approach works. My main concern was the amount of churn we would cause if we change the meaning of runtime-minimal.bst. Of course, we often still want GNU Bash and GNU Coreutils, so my branch adds an additional public-stacks/runtime-gnu.bst element that brings in a GNU userland. I added Bash and Coreutils into all the public-stacks/buildsystem-*.bst elements too as we still want them at build time. That means that for most elements the change is actually transparent. You just need to ensure that each output explicitly includes a shell and utilities of your choice as runtime-depensd.

To test things further I tested the changes in branch of gnome-build-meta. It was pretty boring working through various build failures to get to a new dependency graph, but I came out the other side still convinced that this change is a good idea. (You can see my gnome-build-meta branch here, bearing in mind half the changes are actually dealing with differences between FDSDK 25.08 and ‘master’).

There was some lively discussion on the MR and I’m still not entirely clear if this change is going to land, much as I like it. One sticking point is a fear of landing big changes and not having enough people to deal with the fallout, and as an open source maintainer I certainly know that feeling, so I have more testing planned still.

Another complaint is that this change reneges on the promise from 25.08 about public-stacks/runtime-minimal.bst, that it “is intended to provide a minimal environment that you can shell into.“. You can’t shell into anything if there’s no shell, of course, so I can’t argue with the premise. But I am missing why this is a big deal. I’ve always had a bad time in BuildStream build shells because I just want to edit a file for testing and dammit there’s no Vim or even Vi or even Nano… in fact we don’t even seem to have less?! So I’ve always wanted a way to overlay elements with debug tools in my shell, and it turns out that “bst shell should be able to stage the specified element on top of a base element” is a feature request that’s been open since 2018.

If you use FDSDK as a junction and you like the idea then I’d appreciate comments on the MR. (If you hate the idea, I’m sure you’ve already switched tabs and are half way through posting an irate comment ;-). I am of course prepared for an outcome where this change doesn’t land, and it may indeed lead to some separation of “Linux OS & compiler bootstrap using BuildStream” and “Base Flatpak runtime” into different projects. My gut feeling is that this would be a bit like trying to carve a single grape into two pieces, i.e. there are still few enough people who actually want to maintain build instructions that it makes more sense to collaborate in the same repo.

Thanks as always for reading!

Longtime Slashdot reader schwit1 shares a report from Autoblog: For years, the Chinese auto industry has employed a hostile price war to kneecap global competitors. Armed with massive state subsidies, cheap raw materials, and an aggressive "scale-first" business model, Chinese automakers flooded the market with electric vehicles priced so low that legacy manufacturers stood no chance to compete. How did they do it? Simple, they couldn't. They did it anyway. Reports from CarNewsChina show that Chinese automakers have been selling vehicles at a loss until a recent law passed by the Chinese government banned below-cost sales of new vehicles. During the ongoing sales slump in China caused by rolled-back subsidies and direct government intervention banning below-cost sales, the truth behind the rapid expansion of the Chinese auto industry has been exposed. "By the first quarter of 2026, China captured 32 percent of the global auto market, with its New Energy Vehicles (NEVs) controlling an incredible 61 percent of global share," the report notes. Yet that dominance has come at a steep cost: throughout 2025, "the profit margin for China's auto industry plunged to 4.4 percent and dropped further to a historic low of 3.2 percent in early 2026." "Gross profit, not net profit, per vehicle, plummeted to a mere $2,000. We can expect the net figure to be loss-making." Autoblog adds: "Data shows over 70 percent of Chinese car sales were loss-making. This left more than half of the country's auto industry in the red. Great Wall Motor (GWM) even saw net profits drop 17 percent despite steady revenue growth." China's EV price war has now hit a wall. New regulations are discouraging below-cost sales, rising material costs are forcing automakers to cut discounts and raise prices, and reduced tax incentives are weakening domestic demand. To sustain growth, manufacturers are increasingly turning to exports.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Tesco, a retail conglomerate headquartered in the United Kingdom, is moving 40,000 server workloads off of VMware amid "abusive conduct" from Broadcom, recent legal filings claim. Tesco filed a lawsuit in the UK's High Court against Broadcom alleging breach of contract last year. According to a September report from The Register, the lawsuit claimed that in January 2021, Tesco bought perpetual licenses for VMware's vSphere Foundation and Cloud Foundation, a subscription to VMware Tanzu, plus support services until 2026, with the option to extend support for four additional years. But when Broadcom took over VMware in November 2023, it would not honor the deal and instead tried to get Tesco to pay "excessive and inflated prices for virtualization software for which Tesco has already paid" and would not allow it to buy support services for its perpetually licensed software without buying "duplicative subscription-based licenses for those same Software products," the initial complaint read, The Register reported at the time. Tesco, which reported 73.7 billion pounds (about $98.7 billion) in revenue in its fiscal year 2026, has since started migrating away from VMware and Broadcom's mainframe products, according to late-May court filings reported on by The Register today. In January, Broadcom stopped supporting Tesco's VMware products, Tesco said, and Tesco has been paying for third-party support since. In its initial filing, Tesco also said that Broadcom refused to upgrade software or provide all security updates to customers without subscriptions. One of Tesco's recent filings, per The Register, reads: "Faced with Broadcom's abusive conduct, and given the criticality of virtualization and mainframe software and services to its business, Tesco has been forced to incur material costs to procure alternative solutions with reduced functionality, and to migrate to that software in a manner, and on a timeframe, that creates very significant risks to its business." If it works "at exceptional pace," Tesco will be completely off VMware by the end of 2027 at the earliest. However, "the timeframe in which that migration must be undertaken has created and continues to create operational and commercial risk, and at material ongoing cost and disruption to the business," Tesco reportedly noted. Tesco is also dealing with migration challenges related to data security because its new, unnamed virtualization software is incompatible with the Veeam and Zerto products it uses. Tesco initially requested at least 100 million pounds (about $133.6 million) in damages each from Broadcom, VMware, and reseller Computacenter, plus interest. In its recent filings, Tesco said it turned down at least four offers from Broadcom to continue using VMware and Broadcom's mainframe tech. [...] The case is expected to go to court between November 1, 2027, and February 25, 2028, The Register reported. Afterward, it could go to trial. Further reading: HPE Tempts VMware Users, Partners With Year of Free Virtualization Software

Read more of this story at Slashdot.

Hello GNOME, This is a progress report on the Pitivi Timeline Ruler Rust rewrite.

Progress

We are rewriting the Pitivi Ruler in Rust and gtk4 snapshot logic to improve performance and memory safety. At its current stage the ruler is being constructed as a standalone widget in a personal repo that can be found here:

Pitivi Timeline Ruler

GTK_DEBUG=interactive cargo run --example sandbox

Any feedback on the code is greatly appreciated!

Structure

I am structuring this around rendering a single interval of ticks between two major ticks once, then stamping that across the duration of the project, as seen in draw_single_interval().

With the ticks stamped across the timeline I am then rendering a cache of Pango labels for the timestamps that are stamped across the visible window. I made the decision to use a BTreeMap for the cache for ease of iterating chronologically through the stamps and for dropping out-of-bounds keys. The logic for this cache handling primarily lives in update_label_cache().

After some feedback from members of the video editing community, I made the decision that minor ticks should always be clean multiples of frames in the time period. This logic is implemented in calculate_minor_divisions().

Next Steps

The primary goal I am focusing on next is implementing the gesture handling, including click and drag actions. Once gestures are implemented I am going to begin moving a lot of the math to traits so that I can write a mock_env and a live_env to start writing some unit testing.

wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds. RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

Read more of this story at Slashdot.

CCS Insight expects global smartphone shipments to fall 15% this year as AI-driven demand pushes memory manufacturers toward higher-margin server chips. "[S]ome entry-level devices have already seen their sticker prices go up by more than 50 percent since last year," reports The Register. From the report: The firm found that the primary smartphone market (meaning new devices) contracted 4.4 percent in the first quarter of this year, despite sales channels front-loading (meaning stockpiling) product inventory, as device prices begin to rise sharply. As CCS notes, this casts an ominous shadow on the outlook for the rest of the year, and it seems things have worsened since The Register first started reporting on the smartphone memory woes. Back in January, the forecast was for handset price rises of 6-8 percent, while the most pessimistic outlook was that the global market might contract as much as 5.2 percent. By February, analysts were expecting to see a decline in shipments of around 8 percent across the global market, and for prices to increase by about 14 percent. The root cause of all this is the AI craze, which has seen huge demand for high-performance GPU-filled servers to process it all. Chipmakers have moved to capitalize on this by prioritizing production of high-margin memory components for those servers, rather than making the plain old DRAM and NAND needed for PCs and phones. "The memory chip crisis shows no sign of slowing down in the near future, ramping up the pressure on manufacturers and consumers. Memory components now account for more than 30 percent of a manufacturer's bill of materials in some smartphones." said CCS research analyst Ben Hatton. "The full impact has yet to be felt in many regions, but it's clear that device prices will accelerate over the rest of the year."

Read more of this story at Slashdot.

Carvana is testing a radically different new-car dealership model in Dallas, turning the location into a test-drive center and themed "playground" while requiring every purchase to be completed through its online platform. "Every single car that we sell, whether it's used or new, is online," said Tom Taira, Carvana president of special projects who's leading the new vehicle operations. "That's a very inherent difference. Even coming into the store, you're buying it online, and that's a big difference in how people think about it." The company hopes its no-haggle pricing, hourly employees, service operations, and national logistics network can reshape franchised auto retail. CNBC reports: Through its used vehicles sales, Carvana has become the most valuable auto retailer in the U.S. with a more than $70 billion market cap. Carvana's target with the new vehicle business is to grow its market share and customer base as well as assist used vehicle sales through trade-ins and other means, according to Taira. If the company is successful, the strategy could cause a ripple effect across the U.S. franchised dealership model, which the National Automobile Dealers Association reports includes 16,990 retailers that topped $1.3 trillion in sales last year. [...] Carvana is using a location in Dallas as a test center for its foray into new vehicle sales. The facility looks like a traditional Stellantis dealership from the outside, but the consumer process for purchasing a vehicle and the responsibilities of its employees are unprecedented. Couches and chairs replace cubicles and sales offices. There are no finance and insurance departments, and instead of an army of commission-based employees, the facility has associates that are paid hourly to assist customers -- if they want the help. The experience is meant to be as self-guided as a customer wants. By scanning QR codes located on 10-foot-by-10-foot screens inside the building or on vehicles and displays outside, shoppers can customize a vehicle, learn about a product's features and conduct test drives before deciding whether to purchase anything. If they do decide to buy something, it's online and not originated from a sales person, the company said. The "playground" has roughly 50 vehicles divided by brand, with each having a theme. Jeep has an off-road display. Dodge has race tracks, including a Carvana-themed Charger pace car and part of a traditional track fence barrier. Chrysler minivans, meanwhile, have a soccer net and Ram's area is truck-centric. Carvana is not committing to expanding the exact experience to its other franchised dealer locations, but Taira told CNBC that the overall process of online sales, vehicle testing and service are expected to be consistent throughout the locations. Further reading:: Online Car Retailer Launching Nation's First Car "Vending Machine

Read more of this story at Slashdot.

BrianFagioli writes: Google, Microsoft, OpenAI, Arm, Mastercard, Siemens, and other companies have joined the newly launched Appia Foundation under the Linux Foundation. The project aims to create common specifications and assessment frameworks that organizations can use to demonstrate AI systems meet emerging safety, trust, and compliance requirements. According to the Linux Foundation, the framework is designed to allow conformity evidence to be reused across the AI supply chain, potentially reducing duplicate assessments and compliance costs. The announcement comes as governments around the world move toward enforcing AI regulations and organizations face increasing pressure to prove AI systems are trustworthy. "As international standards and legal frameworks become more established, global organizations need a consistent, practical way to verify that AI systems conform to new expectations," said Jim Zemlin, CEO of the Linux Foundation. "The Appia Foundation establishes a neutrally governed environment where the entire industry can collaborate on a common assessment framework. By building this infrastructure in the open, we are helping organizations reduce complexity, lower operational costs and build trust." Craig Shank, Executive Director of the Appia Foundation, added: "AI systems now make decisions about people's loans, their children's schools and their jobs. People on the receiving end deserve to know those systems were built and assessed against criteria that hold up to scrutiny. The Appia Foundation was formed to do that work: creating publicly available specifications that organizations across the AI value chain use to demonstrate their systems meet those criteria. By establishing this open framework, we are building the accountability layer required to scale safe and trusted AI across major industries."

Read more of this story at Slashdot.

Anthropic employees say they remain confused and increasingly convinced that the Trump administration is singling out the company after officials gave it less than 90 minutes to disable Fable 5 and Mythos 5 over alleged national security concerns. Cybersecurity experts, however, argue that the cited behavior of helping to identify vulnerabilities in software is also available in rival models and is more valuable to defenders than attackers. The New York Times reports: Inside the company, employees' private group chats immediately lit up. Managers were instructed to prepare customers for a potential service disruption to the models, called Fable 5 and Mythos 5. But the messaging kept changing, with workers initially being told that the security problem was the ability of foreign companies to gain access to the systems, and later that a major vulnerability had been discovered in the models. In employee chats, Anthropic engineers asked one another if the company's plan to go public this year would be harmed by the White House directive. Many shared news reports that offered conflicting information about why the White House had ordered Anthropic to suspend access to Fable 5 and Mythos 5 for all foreign nationals. "What are you telling your clients?" one employee asked in a chat viewed by The New York Times. Another said, "Does anyone know what to believe?" In another message, a worker said, "I don't understand what the issue is." Six days later, Anthropic's roughly 3,000 employees still have few answers. The San Francisco company is continuing to grapple with internal confusion as Dario Amodei, the chief executive, and some of his lieutenants meet with the Trump administration to try and resolve the situation. But after discussions on Monday and Tuesday, there was no breakthrough over ending the U.S. order to limit access to the company's new A.I. models. In a statement on Monday, Anthropic said it would continue meeting with government officials and pledged its "ongoing commitment to working alongside the administration." The dispute highlights how singular Anthropic has become in Washington. It was the second time in six months that the fast-growing A.I. start-up has become embroiled in a fight with the Trump administration over its powerful technologies, even as other A.I. companies offer similar models that have not received the same attention. And it has left Anthropic's employees in what they described as a holding pattern, with some wondering if they were being picked on by President Trump. "Are we being bullied based on bad vibes?" one employee asked in a chat viewed by The Times. Yesterday, TechCrunch's Zack Whittaker argued that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Artificial Intelligence will lead to labour shortages, not the replacement of humans, Amazon founder Jeff Bezos predicted in a highly optimistic appearance at the VivaTech technology conference in Paris on Wednesday. Bezos put forward a rosy vision of how technology will help humanity, speaking about projects including his space venture Blue Origin and his new AI startup Prometheus, which is aimed at speeding up physical manufacturing. "I know there's a lot of concern that many people have, including many smart people, that AI is going to make humans redundant and so on," Bezos said. "I totally disagree with this point of view. And I think, in fact, AI is going to create a labor shortage." Half of Americans fear the rise of AI could put them or someone in their household out of work, a Reuters/Ipsos poll found this month. Bezos, the world's fourth-richest person with a net worth around $250 billion, argued that people have "endless" things to do, and are currently limited by barriers that he said AI would lower. One goal of space exploration is to move polluting industries off Earth, said Bezos, whose Blue Origin aims to compete with trillionaire Elon Musk's SpaceX in rockets. "If space travel gets reliable enough and inexpensive enough, and we can get materials from asteroids and near-Earth objects and the moon, then this garden planet can be returned to its pre-Industrial Revolution state," Bezos said.

Read more of this story at Slashdot.

Epic Games has released Lore, an MIT-licensed version control system written in Rust and designed specifically for "games and entertainment purposes with large file sizes," reports Phoronix. From the report: While there is Git LFS for large file storage with Git, Epic Games has crated Lore as a version control system designed entirely around the large file needs of modern game development as well as multimedia/entertainment purposes. Lore is designed to be fast and efficient for large files including binary files, and be easy-to-use including for 3D artists and more. The Lore documentation elaborates more on its differences and motivation for development compared to Git: "No existing system was designed for the combination of constraints that large game and entertainment projects require: arbitrary content types, multi-axis scale, multi-tenant safety, and a fully open specification and license. [...] Lore is designed to combine what works in each (Git's content-addressed revision graph and centralized systems): a centralized server-of-record for durability, access control, and conflict resolution; content-addressed storage with fragment-level deduplication that is as effective on a multi-gigabyte binary as on a kilobyte of text; sparse, lazy working copies that materialize only what you need; free branching; and a fully open, publicly versioned specification and MIT license. Normal editing operations -- staging, committing, branching, diffing -- never require a network round trip." You can learn more at Lore.org. All the code is available on GitHub.

Read more of this story at Slashdot.

The Joomla Content Editor (JCE), one of the most widely deployed editor extensions for Joomla websites, is currently under active attack due to a critical vulnerability.

At least 15 malicious plugins and nearly 70,000 installs later, developers are being reminded that trusted marketplaces can become supply-chain attack vectors overnight.  

Excited that Bobby has been accepted as a GNOME Circle app!

Screenshot of a SQLite table opened in Bobby Who’s Bobby?

Bobby is a viewer utility. It displays tables from SQLite files. The most deployed database format in the world. That’s it.

Whilst hacking on the backend of Auroras I was missing an easy way to check my data tables. There are many database management tools, but they seemed too heavy for my use case.

GTK4 and Libadwaita

Releasing something smaller first also was a chance to refamiliarise myself with modern GNOME app development. It was my first serious project using Rust.

GTK is still the rock UI toolkit it has always been. Libadwaita makes it easy for your app to look beautiful and is a lot of fun to use.

The main challenge was hooking up the database backend to the ListModel required to be displayed by the new ColumnView. The struggle was worth it though as it enables Bobby to have lazy loading of rows, smooth scrolling, and a limited memory footprint.

After that using any other widget should be a breeze!

Future

I will keep the scope of the app small, but there are a few features I want to add in the future:

• Encrypted file support
• Updating values in place
• Search

Get Bobby on Flathub and always sanitise your database inputs!

One of the great annual trips we do with a bunch of friends is a train trip to Jakuszyce, a tiny stop in neighbouring Poland, and ride along the contour line through one of the most beautiful places in the Jizera Mountains. There's only one proper climb from Smedava to Knajpa, the rest is fast. A joyride. Catching up on our lives on the train and a joyride home is the best combo.

I tend to think of myself as a friend of repairs, of making things last. I have sadly had to retire our washing machine after a good 25 years. The dishwasher before that served us more than 15. A boiler and heater had to go this year after about 20. I had my previous car for 13 years and felt like I was bailing too soon, even though there were quite a few issues with it at the end. None of those things ever felt new to me by the end. They most certainly showed their age.

But the bike. The bike I ride every year on that trip, the one leaning against the wall in the shed right now — it still feels like my "new bike". I replaced the tires and brake pads last year and the thing screams. It is such a joy to ride. It feels current, alive, like something I just picked out. Until a friend sent me a photo his Google Photos app reminded him of. A very young version of myself is sitting on that exact bike. Fifteen years ago. Nothing has aged except me. Bikes just don't age like we do.

An anonymous reader quotes a report from Ars Technica: The driving technology company Mobileye plans to launch a robotaxi service in an as-yet-unnamed US city in 2027, it said earlier today. The service will be vertically integrated, using Mobileye's Moovit mobility platform to interact with customers booking rides, coordinate drivers, and so on. The Israeli company, which was bought by Intel in 2017 before going public again in 2022, says it will start with around 100 robotaxis early next year. The company first rose to prominence in the mid-2010s, when Tesla began using Mobileye's advanced driving assistance systems (ADAS) as part of Autopilot. That relationship lasted until 2016, when Mobileye dropped Tesla as a customer after being alarmed that a driver assistance system was being sold to end users as driverless technology. Since then, Mobileye has continued to work with other partners on ADAS and autonomous vehicles. It has developed a new "SuperVision" ADAS that combines cameras and radar sensors, used by Porsche and Polestar, among others. On the robotaxi front, it has partnered with Volkswagen Group's MOIA to develop a commercially available robotaxi based on the VW ID. Buzz minivan, and last year, Mobileye revealed plans to work with Lyft to deploy robotaxis in Dallas, "as soon as" this year. [...] If Mobileye's experience with the initial 100 robotaxis goes well, it says it will scale up to around 17,000 robotaxis within the following five years. "The robotaxi revolution has only just begun, and its potential for transforming how we travel around the world continues to increase," Shashua said. "This initiative is not a replacement for our existing partnerships; it is an extension of them," said Amnon Shashua, founder and CEO of Mobileye. "We remain deeply committed to enabling automakers and mobility providers with Mobileye Drive. At the same time, operating our own service allows us to accelerate adoption, gain direct operational experience, and showcase the full potential of autonomous mobility."

Read more of this story at Slashdot.

Snap is launching its first consumer augmented-reality glasses this fall for $2,195. "You can preorder a pair of Specs now at specs.com with a $200 refundable deposit, and Snap says they're expected to ship 'this fall' in the US, UK, and France," reports The Verge. From the report: This is a big moment for Snap: The company made a big entry into smart glasses with its original Spectacles in 2016, and the company has been toiling away on nonpublic AR versions of Spectacles over the past few years. CEO Evan Spiegel promised the company would launch consumer AR glasses in 2026 and even turned its smart glasses team into a separate business. The company says that Specs are "fully standalone, with no puck and no tether." (Which is perhaps a jab at Apple's Vision Pro, which is tethered to a separate battery pack.) They'll be offered in two sizes, a 47mm model weighing 132g and a 52mm model weighing 136g, and will have removable inserts that Snap says will support "a wide range of prescriptions." You probably won't mistake Specs, with their wide, bold frames, for any of Meta's smart glasses -- Snap clearly picked a design that it wants to stand out. (They're not my style -- I don't think I can pull off the "snow goggles, but fashionable" look -- though maybe Jony Ive might like them.) They have visible light and infrared cameras, and while the Specs are recording, a little LED bar will glow in the middle of the glasses. Both of the lenses will be able to show you content, and Snap says that its display system is powered by a "proprietary liquid crystal on silicon technology" that offers a 51-degree field of view and can show 16 million colors. The lenses can also go from clear to tinted in 10 seconds, Snap says. The Specs have two Snapdragon processors onboard, and while Snap isn't specifying exactly which ones they are, the company says that one is focused on "computer vision" while the other is focused on running AR Lenses. "Together, they enable fast hand tracking, low latency, and responsive interactions that help digital content feel anchored in the real world," Snap says. You can also expect up to four hours of battery life on a charge, which Snap says accounts for things like "audio and video playback, AI assistance, Bluetooth notifications, and more." The Specs come with a charging case that Snap says will offer four more charges for a total of 20 hours of battery.

Read more of this story at Slashdot.

SpaceX has agreed to acquire Cursor for $60 billion in stock, adding the popular AI coding assistant to Elon Musk's newly public aerospace-and-AI conglomerate. CNBC reports: Cursor built a popular AI coding tool that helps software developers generate, edit and review code, and the company has experienced explosive growth since its founding in 2022. In November, Cursor said it crossed $1 billion in annualized revenue, according to a release at the time. Cursor was also ranked at No. 37 on the annual CNBC Disruptor 50 list in 2026. [...] Musk merged SpaceX with his AI startup, xAI, earlier this year, and the Cursor deal looks set to help revitalize the company's efforts to compete with rivals like Anthropic and OpenAI, which also offer popular coding tools. SpaceX expects the merger to close during the third quarter of this year, according to a filing with the Securities and Exchange Commission. The transaction is subject to "requisite regulatory approvals," the filing said.

Read more of this story at Slashdot.

TechCrunch's Zack Whittaker argues that the U.S. government's abrupt export-control order forcing Anthropic to pull its Fable 5 and Mythos 5 models offline was "never about an AI jailbreak" threat. Instead, it was driven more by "personality differences" between the AI company and Trump administration. Security experts say the reported guardrail bypass did not justify the order and warn that the move sets a troubling precedent: the government can unilaterally disrupt American software products without court approval, potentially undermining trust in U.S. AI providers. From the report: Katie Moussouris, a cybersecurity veteran and researcher who founded Luta Security, said in a blog post that Anthropic recently shared with her a private copy of a paper written by security researchers describing an alleged guardrail bypass in Fable 5. (The Wall Street Journal reports that the paper's authors are security researchers at Amazon.) Moussouris said that Anthropic reached out to ask for her take on the paper. Moussouris' blog post described how the researchers triggered the guardrail bypass, but said that the bypass itself "should never have triggered an export control." The difference is largely between asking an AI model to "review code for security issues" versus asking it to "fix this code." The end result is largely the same, even if the questions are posed slightly differently. "The behavior described in the paper cannot meaningfully be fixed, and any attempt would only weaken the model for defense," said Moussouris, who criticized the export control directive as hasty, heavy-handed, and misguided. Moussouris and dozens of other top security researchers and experts have since called on the Trump administration to revoke the export control order, calling the move to pull advanced cybersecurity capabilities from network defenders in the U.S. as "dangerous." Past administrations have made sweeping decisions on knowledge gaps. For instance, language used by the U.S. government during the 2010s to fix export law covering cybersecurity tools that could also be used for cyberattacks was so broad that inadvertently, it nearly outlawed legitimate security and vulnerability research. However, the Trump administration's directive appears retaliatory. Justin Hendrix, the editor of Tech Policy Press, said the Trump administration's move is "likely to raise alarms in foreign capitals about the reliability of American AI for critical applications." The message is that AI companies in the United States can't be trusted to operate without interference from the U.S. government. The Trump administration hasn't confirmed why it invoked its export control directive. Did the officials misread the report and freak out? Did Amazon CEO Andy Jassy say something to senior government officials that prompted the reaction, out of caution or spite? Was something lost in translation, or was this a way to pressure Anthropic, with whom the administration already has a fractious relationship? It's possible that the White House was unaware of the far-reaching consequences of the letter's demand and officials are scrambling to undo the damage of their own making. To quote Hendrix, "the climate is one of a cloud of suspicion that senior officials are picking favorites based on personal and political factors." The aftermath is that the government has set a dangerous precedent about how much control it intends to wield over the release of American-made software. This time the government took issue with Anthropic; tomorrow it could be with anyone else.

Read more of this story at Slashdot.

The Arch Linux User Repository "AUR" is facing another issue just days after more than 1,500 packages were found carrying malware. According to Phoronix, over 70 AUR packages have reportedly been modified to insert Russian spam and profane messages into users' shell configuration files. From the report: Nicolas Boichat with his AI/LLM detection bot detected some questionable messages appearing in AUR content. Russian messages were being added post-install to the bashrc / zshrc / Fish configuration, etc containing offensive messaging. Those commits happened on the 14th, after the recent malware fiasco. And then over the past day reporting on dozens of AUR packages having similar Russian messages containing offensive language. The latest update on that thread indicates more than 70 AUR packages having this Russian spam / offensive messaging. Among those various Python packages, Ruby packages, Llama.cpp, and others. At least the AI/LLM bots are proving helpful here in proactively picking up on some of the AUR abuses until the fundamental situation can be better handled.

Read more of this story at Slashdot.