You are here

Agreguesi i feed

New DNA Tech Identifies Soldier Killed in America's Revolution in 1780

Slashdot - Sht, 04/07/2026 - 11:34md
South Carolina's pine forests "have spent centuries hiding a secret as old as America itself," reports CBS News: In August 1780, British and American soldiers clashed there, leading to a terrible defeat for the Continental army [fighting for the 13 colonies rebelling against England]. Battlefield archaeologists Jim Legg and Steve Smith have been studying the site for decades, but recently, they made a shocking discovery: The sandy soil was home to several sets of remains buried in shallow graves. Metal buttons suggested the men had been Continental soldiers, but there was no other identification... About 2,000 Continental soldiers were killed, wounded or captured, and some men never returned home. Their families could only guess at their fates. But Legg and Smith's discovery, paired with an explosion in DNA technology, is changing what's possible. A set of remains, previously known only as 9B, has been identified as John Pumphrey, a young man from Maryland who enlisted in the Continental Army's 7th Maryland Regiment as young as 13... Pumphrey likely marched more than a thousand miles with the regiment. The unit fought in battles with then-Gen. George Washington in New Jersey and Pennsylvania... The Pumphrey family still exists today. The DNA that helped identify Pumphrey's remains came from three women: Pam Donahue, Karen Pumphrey Etchison, and Nancy Pumphrey White... In late June, members of the extended Pumphrey family came together to hear his story and say his name for the first time in centuries. His remains are interred in South Carolina, where he and the other soldiers were discovered, but the tombstone, once marked "Unknown," will soon have his name carved on it.

Read more of this story at Slashdot.

7.1.3: stable

Kernel Linux - Sht, 04/07/2026 - 1:45md
Version:7.1.3 (stable) Released:2026-07-04 Source:linux-7.1.3.tar.xz PGP Signature:linux-7.1.3.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-7.1.3

6.18.38: longterm

Kernel Linux - Sht, 04/07/2026 - 1:44md
Version:6.18.38 (longterm) Released:2026-07-04 Source:linux-6.18.38.tar.xz PGP Signature:linux-6.18.38.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.18.38

6.12.95: longterm

Kernel Linux - Sht, 04/07/2026 - 1:43md
Version:6.12.95 (longterm) Released:2026-07-04 Source:linux-6.12.95.tar.xz PGP Signature:linux-6.12.95.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.95

6.6.144: longterm

Kernel Linux - Sht, 04/07/2026 - 1:42md
Version:6.6.144 (longterm) Released:2026-07-04 Source:linux-6.6.144.tar.xz PGP Signature:linux-6.6.144.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.144

6.1.177: longterm

Kernel Linux - Sht, 04/07/2026 - 1:41md
Version:6.1.177 (longterm) Released:2026-07-04 Source:linux-6.1.177.tar.xz PGP Signature:linux-6.1.177.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.177

5.15.211: longterm

Kernel Linux - Sht, 04/07/2026 - 1:40md
Version:5.15.211 (longterm) Released:2026-07-04 Source:linux-5.15.211.tar.xz PGP Signature:linux-5.15.211.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.211

5.10.260: longterm

Kernel Linux - Sht, 04/07/2026 - 1:39md
Version:5.10.260 (longterm) Released:2026-07-04 Source:linux-5.10.260.tar.xz PGP Signature:linux-5.10.260.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.10.260

Valve Open-Sources Steam Machine's E-Ink Display

Slashdot - Pre, 03/07/2026 - 10:00md
Valve has open-sourced the design for a customizable e-ink front panel for the Steam Machine, dubbed the "Inkterface." "All of it is available on their GitLab under the MIT license, which goes over everything you need to make your own and stick it on the front of your fancy new Steam Machine," reports GamingOnLinux. From the report: They're now calling it the "Inkterface" and there's a good few things you'll need to make it including: 1 x Adafruit ESP32 Feather with 2MB PSRAM. 1 x Adafruit eInk Breakout Friend. 1 x Adafruit 5.83" Monochrome eInk Panel. 13 x M2.5 x 5mm Pan Head Machine Screws. 4 x 1/4" x 1/4" x 3/16" Stepped Magnet SB443-OUT. Valve even provided a video on the GitLab showing it being put together [...].

Read more of this story at Slashdot.

next-20260703: linux-next

Kernel Linux - Pre, 03/07/2026 - 6:03md
Version:next-20260703 (linux-next) Released:2026-07-03

Linux Security Roundup: Prioritizing This Week's Critical Updates

LinuxSecurity.com - Pre, 03/07/2026 - 5:11md
Before you close out the week, check what still needs to be patched.

New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy

Slashdot - Pre, 03/07/2026 - 5:00md
An anonymous reader quotes a report from Ars Technica: Researchers have found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to infect Macs with stealthy, custom-developed credential-stealing code. The malware is delivered in two stages. The first is distributed in a disk image that masquerades as Maccy, a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server. [...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on." If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.

Read more of this story at Slashdot.

How to Investigate Linux Persistence During Incident Response

LinuxSecurity.com - Pre, 03/07/2026 - 3:22md
You’re staring at a service or a cron job that’s giving you a bad feeling. Stop. The most dangerous thing you can do right now is act on that gut feeling alone. Linux systems are inherently noisy—package managers, configuration management, and the occasional "quick fix" from a colleague can all leave weird artifacts behind.

US Life Expectancy On Track To Reach Record High

Slashdot - Pre, 03/07/2026 - 12:00md
The US age-adjusted death rate fell to a record low in 2025, likely pushing life expectancy to a record high as overdose deaths declined and mortality improved across all age groups. CNN reports: There were about 689 deaths for every 100,000 people in the US in 2025, according to a new report from the US Centers for Disease Control and Prevention -- the lowest rate recorded in more than a century of tracking. The age-adjusted rate has fallen 22% since 2021, landing about 4% lower than it was just before the pandemic in 2019. [...] The top causes of death in the US in 2025 followed longstanding patterns: Heart disease led with nearly 695,000 deaths, followed by cancer with nearly 623,000 deaths. Unintentional injuries, which includes drug overdoses, were the third leading cause of death. Overdose deaths are still high -- about 70,000 people died from an overdose in 2025, preliminary CDC data shows -- but experts say that sharp declines probably played a large role in bringing the age-adjusted death rate down in the US.

Read more of this story at Slashdot.

Amazon Has Enough Satellites To Launch Its Starlink Competitor

Slashdot - Pre, 03/07/2026 - 8:00pd
Amazon says its Leo satellite network now has enough spacecraft in orbit to begin limited commercial internet service, with 396 satellites providing "continuous service across initial latitudes." Early performance will likely be uneven, however, and well behind Starlink. "It'll be years before Amazon can boast similar performance numbers as it continues to launch a planned 3,232 Leo satellites," reports The Verge. From the report: SpaceX went live with its "Better than nothing beta" back in 2020 when it had almost 900 satellites operating in low-Earth orbit. It initially served a narrow band of users in the upper US and Canada, who complained about frequent service interruptions and high sensitivity to obstructions, with speeds between 50Mbps and 150Mbps, and latency from 20ms to 40ms. By 2022, the service and coverage areas had already dramatically improved. [...] SpaceX currently has over 10,000 Starlink satellites in operation, providing robust internet connectivity on land, sea, and air in over 160 countries. Performance varies by the dish, service level paid for, time of day, and location of the user, but we're now talking 200Mbps median download speeds, 10Mbps to 40Mbps uploads, and latency hovering around 25ms.

Read more of this story at Slashdot.

Sitting For More Than 30 Minutes At a Time Linked To Higher Risk of Cancer Death

Slashdot - Pre, 03/07/2026 - 4:00pd
An anonymous reader quotes a report from The Guardian: Researchers who tracked more than 90,000 people over a decade found that sitting or lying down while awake for more than 30 minutes in one period each day was associated with an increased risk of cancer death. The risk increases for every additional hour of continuous inactivity, the findings suggest. However, the researchers also found breaking up periods of sedentary behavior longer than 30 minutes with bursts of physical activity could help reduce the risk. Getting up every half-hour, even for a short walk around the office, could do wonders for your health, they said. [...] The findings, published in Plos Medicine, focused on the health effects of prolonged sedentary behavior on a daily basis. [...] The team analyzed data from wearable devices worn by more than 91,000 UK Biobank participants, who were followed for an average of 12 years. The findings suggest prolonged inactivity lasting more than 30 minutes was associated with cancer risks. Each additional hour of prolonged inactivity every day was associated with a 10% increase in risk of cancer death. However, replacing long spells of inactivity with movement appeared to reduce that risk. Substituting one hour of sedentary behavior each day with light physical activity, such as ironing or washing up, was associated with a 12% lower risk of cancer death. Replacing 30 minutes of inactivity each day with 30 minutes of moderate physical activity, such as walking at an average pace, was associated with an 8% lower risk. The risk was 22% lower when five minutes of inactivity was replaced with five minutes of vigorous physical activity each day, the study suggested. There were limitations to the research, including the fact that the researchers performed a statistical analysis of an observational study, so could not prove causation.

Read more of this story at Slashdot.

Labor Force Participation Rate Falls To Lowest In 50 years

Slashdot - Enj, 02/07/2026 - 11:05md
The US unemployment rate fell to 4.2% in June largely because 720,000 people left the labor force, pushing participation to 61.5%. Excluding the Covid-era jobs market, that's the lowest participation rate since June 1976. CNBC reports: The decline in the labor force marks a "massive exodus" driven by multiple factors, said Mike Reid, head of U.S. economics at RBC. "The unemployment rate fell to 4.2% as both the number of unemployed workers and the size of the labor force pulled back," Reid wrote in a post-report commentary. "This may well be a story of retirements but could also be a story of prior job seekers dropping out of the labor force." [...] [T]he rolls of those counted as not in the labor force, a group that includes the unemployed and those not looking for work, jumped by 832,000. And while the establishment survey, which counts jobs filled, showed growth for the month of 57,000, the survey of households, which counts the actual level of those working, tumbled by 507,000. On a year-over-year basis, the labor force is down by just over 1 million, while the level of the employed also has fallen by 1.06 million and the ranks of the unemployed have risen by 40,000. The employment-to-population ratio slipped to 59% in June, the lowest since October 2021. All that has happened while the unemployment rate has risen by just one-tenth of a percentage point to 4.2%. The drop in participation is sometimes attributed to a shrinking immigrant population and retiring baby boomers and Gen Xers. However, in June the biggest plunge came from what is defined as "prime age" workers, or those between the ages of 25 and 54. That rate fell 0.6 percentage point to 83.3%, its lowest since December 2023. "Looking at the statistics now, that argument doesn't hold up so well," North said of the retirement and immigration rationale. "I hate to use the word 'alarming,'" he added, but said the numbers are cause for concern.

Read more of this story at Slashdot.

AI Agent Executes 'First' End-To-End Ransomware Attack

Slashdot - Enj, 02/07/2026 - 10:00md
Sysdig says it has documented the first ransomware attack carried out end to end by an AI agent, which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing Langflow instance by exploiting CVE-2025-3248. "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a blog post. An anonymous reader quotes an excerpt from The Register: JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials. The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment. JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.

Read more of this story at Slashdot.

Godot Game Engine No Longer Accepts AI Code

Slashdot - Enj, 02/07/2026 - 9:00md
The Godot Foundation will stop accepting AI-authored code, agent-submitted pull requests, and AI-generated text in contributor communications after maintainers were overwhelmed by low-effort submissions. "It is time for us to recognize that these problems aren't going away and therefore we need to take steps to reduce the burden on maintainers while ensuring we still have a pipeline to mentor new contributors to become future maintainers," the Godot Foundation said in a blog post. Contributors may still use AI for limited "menial things" if they disclose it, but humans must understand, own, and be able to fix the code they submit. PC Gamer reports: The Foundation says the pileup of Godot pull requests pending review isn't all bad: It's a sign that interest in using and contribution to Godot is increasing. But the influx of contributions authored or submitted by AI is sapping the projects' maintainers of their willingness to confront the "already tedious" work of reviewing pull requests. "If your feedback on PRs is just being absorbed by a machine and not going towards mentoring a potential future maintainer, it becomes much harder to justify spending your free time on PR review," the Foundation said. As the problem becomes increasingly unsustainable, the Godot Foundation says it's in the process of updating its contribution policies, focusing on "adding barriers to low-effort slop" contributions, encouraging maintainers to review code, developing new contributors into future maintainers, and crucially, requiring that all contributions come from humans who are accountable for their code -- and fixing it if it fails. "AI cannot take responsibility, and we can't trust heavy users of AI to understand their code enough to fix it," the Foundation said. The Foundation says we can expect Godot's contributing policy to soon include explicit rejections of AI-authored code, noting that contributors should only use AI assistance for "menial things" and must disclose its use. Additionally, the Foundation will reject any AI-generated text in human-to-human communications, saying it's "a basic principle of respect" -- though it says machine translations "are still acceptable" if the original text was human-authored. "Things change every day with respect to the current suite of AI tools available," the Foundation said. "We will continue taking a conservative approach in our policies towards them, but we will re-evaluate as things evolve."

Read more of this story at Slashdot.

Meta Is Charging a Subscription for Smart Glasses Features

Slashdot - Enj, 02/07/2026 - 8:05md
Meta is introducing a subscription for expanded access to advanced smart-glasses features. According to Wired, "[U]sers will need the Meta One Premium Plan to unlock expanded access to some features for their smart glasses, whether it's the Ray-Ban, Oakley, or Meta-branded version." They'll still be usable with a subscription, but "certain features will be limited," the report says. From the report: Specifically, a feature called Conversation Focus, which boosts the audio of the person you're speaking with so you can hear them better in loud environments. You'll get three hours per month without a subscription, but if you want to use it more often, then you'll need to pay up. Though even then, you're still capped at 15 hours. Subscribing also nets you "Premium Device Support," where you'll get faster access to what Meta says are "human experts" trained on the smart glasses' features, should any problems arise. Guess humans are better at some things after all. A Meta spokesperson tells WIRED that this is "not an AI rate limit." Rate limits are common on other AI platforms -- users get free access to a feature until they hit a certain cap, then they'll need to subscribe to use it more until the limit resets at the end of the month. However, the Conversation Focus feature runs on-device, meaning it doesn't need to head to Meta's servers for AI processing. There's no real-time way to monitor how many hours you've used Conversation Focus, but you'll receive a notification when you get near the limit. "The subscription supports that ongoing work and gives power users expanded access along with premium device support," the spokesperson says. "We're going to start testing new optional subscription plans that offer more premium features and advanced capabilities for those who want to unlock more from our apps and AI glasses."

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi