The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects."

And the theme of the 5th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users....

- OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security...

- As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join....

- Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential.
"These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security:

• Adopting security best practices in projects and communities

• Recognizing contributors who improve project security

• Collaborating to strengthen the ecosystem as a whole

Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily."

In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."

Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."

"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."

An anonymous reader writes: NIH Director Dr. Jay Bhattacharya has announced that the NIH Public Access Policy, originally slated to go into effect on December 31, 2025, will now be effective as of July 1. From Bhattacharya's announcement: NIH is the crown jewel of the American biomedical research system. However, a recent Pew Research Center study shows that only about 25% of Americans have a "great deal of confidence" that scientists are working for the public good. Earlier implementation of the Public Access Policy will help increase public confidence in the research we fund while also ensuring that the investments made by taxpayers produce replicable, reproducible, and generalizable results that benefit all Americans.

Providing speedy public access to NIH-funded results is just one of the ways we are working to earn back the trust of the American people. Trust in science is an essential element in Making America Healthy Again. As such, NIH and its research partners will continue to promote maximum transparency in all that we do.

LG will permanently shut down its Android smartphone update servers on June 30, 2025, ending all software, app, and security updates for its devices. If you're still using an smartphone, you'll want to install any remaining updates before that date, as no future updates will be available afterward. 9to5Google reports: When LG called it quits for Android smartphones, the company also committed to a few more updates. That included an Android 12 update for select devices, the last major update the company would put out, as well as security updates for at least three years after each device had been released. That three-year cutoff has long since passed for all LG devices, but any devices still floating around out there will soon no longer be able to pull updates. LG's notice can be read here.

South Korean telecom network SK Telecom is providing free SIM card replacements to all 25 million mobile subscribers following an April 19 security breach where malware compromised Universal Subscriber Identity Module data.

Despite the company's announcement, only 6 million replacement cards will be available through May 2025. The stolen data potentially includes IMSI numbers, authentication keys, and network usage information, though customer names, identification details, and financial information remain secure. The primary risk is unauthorized SIM swapping attacks, where threat actors could clone SIM cards.

IBM announced plans to invest $150 billion in the United States over the next five years, with more than $30 billion earmarked specifically for research and development of mainframes and quantum computing technology. The investment follows similar commitments from tech giants including Apple and Nvidia -- each pledging approximately $500 billion -- in the wake of President Trump's election and tariff threats.

"We have been focused on American jobs and manufacturing since our founding 114 years ago," said IBM CEO Arvind Krishna in a statement. The company currently manufactures its mainframe systems in upstate New York and plans to continue designing and assembling quantum computers domestically. The announcement comes amid challenging circumstances for IBM, which recently saw 15 government contracts shelved under the Trump administration's cost-cutting initiatives.

Further reading: IBM US Cuts May Run Deeper Than Feared - and the Jobs Are Heading To India;
IBM Now Has More Employees In India Than In the US (2017).

A new DARPA project called expMath "aims to jumpstart math innovation with the help of AI," writes The Register. America's "Defense Advanced Research Projects Agency" believes mathematics isn't advancing fast enough, according to their article... So to accelerate — or "exponentiate" — the rate of mathematical research, DARPA this week held a Proposers Day event to engage with the technical community in the hope that attendees will prepare proposals to submit once the actual Broad Agency Announcement solicitation goes out...

[T]he problem is that AI just isn't very smart. It can do high school-level math but not high-level math. [One slide from DARPA program manager Patrick Shafto noted that OpenAI o1 "continues to abjectly fail at basic math despite claims of reasoning capabilities."] Nonetheless, expMath's goal is to make AI models capable of:

- auto decomposition — automatically decompose natural language statements into reusable natural language lemmas (a proven statement used to prove other statements); and
auto(in)formalization — translate the natural language lemma into a formal proof and then translate the proof back to natural language.
"How must faster with technology advance with AI agents solving new mathematical proofs?" asks former DARPA research scientist Robin Rowe (also long-time Slashdot reader robinsrowe): DARPA says that "The goal of Exponentiating Mathematics is to radically accelerate the rate of progress in pure mathematics by developing an AI co-author capable of proposing and proving useful abstractions."
Rowe is cited in the article as the founder/CEO of an AI research institute named "Fountain Adobe". (He tells The Register that "It's an indication of DARPA's concern about how tough this may be that it's a three-year program. That's not normal for DARPA.") Rowe is optimistic. "I think we're going to kill it, honestly. I think it's not going to take three years. But I think it might take three years to do it with LLMs. So then the question becomes, how radical is everybody willing to be?"
"We will robustly engage with the math and AI communities toward fundamentally reshaping the practice of mathematics by mathematicians," explains the project's home page. They've already uploaded an hour-long video of their Proposers Day event.

"It's very unclear that current AI systems can succeed at this task..." program manager Shafto says in a short video introducing the project. But... "There's a lot of enthusiasm in the math community for the possibility of changes in the way mathematics is practiced. It opens up fundamentally new things for mathematicians. But of course, they're not AI researchers. One of the motivations for this program is to bring together two different communities — the people who are working on AI for mathematics, and the people who are doing mathematics — so that we're solving the same problem.

At its core, it's a very hard and rather technical problem. And this is DARPA's bread-and-butter, is to sort of try to change the world. And I think this has the potential to do that.

WhatsApp is rolling out a new "Advanced Chat Privacy" feature that blocks others from exporting chat histories or automatically downloading media. While it doesn't stop screenshots or manual downloads, it marks the first step in WhatsApp's plan to enhance in-chat privacy protections. The Verge reports: By default, WhatsApp saves photos and videos in a chat to your phone's local storage. It also lets you and your recipients export chats (with or without media) to your messages, email, or notes app. The Advanced Chat Privacy setting will prevent this in group and individual chats. [...] WhatsApp says this is its "first version" of the feature, and that it plans to add more protections down the line.

"We think this feature is best used when talking with groups where you may not know everyone closely but are nevertheless sensitive in nature," WhatsApp says in its announcement. WABetaInfo first spotted this feature earlier this month, and now it's rolling out to the latest version of the app. You can turn on the setting by tapping the name of your chat and selecting Advanced Chat Privacy.

Logitech has quietly increased prices on several flagship products by as much as 25%, according to findings (video) by YouTuber Cameron Dougherty. The MX Master 3S mouse now costs $120, up 20% from its previous $100 price point, while the MX Keys S keyboard has jumped 18% to $130. The K400 Plus Wireless Touch keyboard saw the most dramatic percentage increase, rising from $28 to $35.

These price adjustments, implemented without formal announcement, come amid ongoing tariff pressures from the Trump administration affecting PC hardware manufacturers. Chinese electronics maker Anker also recently implemented similar increases, suggesting a broader industry trend.

A new Star Wars movie — starring Ryan Gosling and directed by Shawn Levy — will be released in 2027, the two announced Friday at the "Star Wars Celebration" (a fan event in Japan). CNN reports: Set to begin production this fall, the movie will be set approximately five years after "Star Wars: Episode IX — The Rise of Skywalker," released in 2019, but will sit outside the Skywalker story as a standalone film. "The film... is an entirely new adventure featuring all-new characters set in a period of time that has not been explored on screen," said a statement from Lucasfilm, the owner of the "Star Wars" franchise...

"The script is just so good, the story, it has so much adventure, so much heart and original character. It's an opportunity to shine the light into a side of the universe that we may not have seen," Gosling said. Levy, the director of "Deadpool & Wolverine," told the crowd the film would have all the "fun of 'Star Wars'" but it would be done "in ways that are new and original...."

The next movie in the franchise, "The Mandalorian & Grogu," a spin-off of "The Mandalorian" series, directed by Jon Favreau, will hit cinemas in May 2026.
USA Today notes that more new Star Wars movies have also been announced: Daisy Ridley is set to star in a film that will see her character, Rey, building a new Jedi Order after the events of "The Rise of Skywalker." [This is sometimes referred to as "Star Wars Episode X: New Jedi Order."]

"Logan" filmmaker James Mangold has also been tapped to direct a movie about the dawn of the Jedi, and [Dave] Filoni is directing one said to "close out the interconnected stories" told in the live-action Disney+ shows like "The Mandalorian."

databasecowgirl writes: [Liz Truss will launch an "uncensorable" social media platform this summer.] The shortest-serving prime minister, who was quickly shown the door after crashing the UK economy, claims the platform is needed to take on the Deep State. Truss has worked diligently to earn comparisons to Trump with appearances at American political rallies sporting a red MAGA cap. The effort has paid off with Trump's recent tariff announcement and resulting market meltdown, resulting in the two brands combined in the neologism Liz Trump to mark the unprecedented economic policy disasters of the two politicians.

Truss' continuing in Trump's footsteps is creating her own uncensored social media platform for the UK to talk about important matters, which apparently is unable to be achieved without censorship on Musk's X or Trump's Truth Social. While a name has yet to be announced, Lettuce Talk has been suggested as appropriate for a platform run by a prime minister whose term was famously outlasted by a head of lettuce.

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.

Figma has confidentially filed for an IPO with the SEC, marking a major move more than a year after scrapping its $20 billion acquisition deal with Adobe due to regulatory pushback. CNBC reports: Figma's software is popular among designers inside companies who need to collaborate on prototypes for websites and apps. The company was valued at $12.5 billion in a 2024 tender offer. "There are two paths that venture-funded startups go down," Dylan Field, Figma's co-founder and CEO, said in an interview with The Verge last year. "You either get acquired or you go public. And we explored thoroughly the acquisition route."

The announcement lands at a precarious moment for the tech IPO market, which has been largely dormant since late 2021. The Trump presidency was expected to revive new offerings due to promises of less burdensome regulations.

Intel will sell a 51% stake in its Altera programmable chip unit to private equity firm Silver Lake for $4.46 billion, aiming to cut costs, raise cash, and streamline the company's focus as it shifts toward becoming a contract chip manufacturer. CNBC reports: The deal, announced on Monday, values Altera at $8.75 billion, a sharp decline from the $17 billion Intel paid in 2015. [...] Since last year, Intel has taken steps to spin Altera out as a separate unit and said it planned to sell a portion of its stake. "Today's announcement reflects our commitment to sharpening our focus, lowering our expense structure and strengthening our balance sheet," [CEO Lip-Bu Tan], who took the helm after former top boss Pat Gelsinger's ouster, said.

Altera makes programmable chips that can be used for various purposes from telecom equipment to military. Reuters had first reported in November that Silver Lake was among potential suitors competing for a minority stake in Altera. The deal is expected to close in the second half of 2025, after which Intel expects to deconsolidate Altera's financial results from Intel's financial statements, the company said.

10 years ago "certificate authorities normally issued certificate lifetimes lasting a year or more," remembers a new blog post Thursday by the EFF's engineering director. So in 2015 when the free cert authority Let's Encrypt first started issuing 90-day TLS certificates for websites, "it was considered a bold move, that helped push the ecosystem towards shorter certificate life times."

And then this January Let's Encrypt announced new six-day certificates...

This week saw a related announcement from the EFF engineering director. More than 31 million web sites maintain their HTTPS certificates using the EFF's Certbot tool (which automatically fetches free HTTPS certificates forever) — and Certbot is now supporting Let's Encrypt's six-day certificates. (It's accomplished through ACME profiles with dynamic renewal at 1/3rd of lifetime left or 1/2 of lifetime left, if the lifetime is shorter than 10 days): There is debate on how short these lifetimes should be, but with ACME profiles you can have the default or "classic" Let's Encrypt experience (90 days) or start actively using other profile types through Certbot with the --preferred-profile and --required-profile flags. For six day certificates, you can choose the "shortlived" profile.
Why shorter lifetimes are better (according to the EFF's engineering director):

• If a certificate's private key is compromised, that compromise can't last as long.

• With shorter life spans for the certificates, automation is encouraged. Which facilitates robust security of web servers.

• Certificate revocation is historically flaky. Lifetimes 10 days and under prevent the need to invoke the revocation process and deal with continued usage of a compromised key.

Remember how last weekend Meta claimed its "Maverick" AI model (in the newly-released Llama-4 series) beat GPT-4o and Gemini Flash 2 "on all benchmarks... This thing is a beast."

And then how within a day several AI researchers pointed out that even Meta's own announcement admitted the Maverick tested on LM Arena was an "experimental chat version," as TechCrunch pointed out. ("As we've written about before, for various reasons, LM Arena has never been the most reliable measure of an AI model's performance. But AI companies generally haven't customized or otherwise fine-tuned their models to score better on LM Arena — or haven't admitted to doing so, at least.")

Friday TechCrunch on what happened when LMArena tested the unmodified release version of Maverick (Llama-4-Maverick-17B-128E-Instruct).

It ranked 32nd.

"For the record, older models like Claude 3.5 Sonnet, released last June, and Gemini-1.5-Pro-002, released last September, rank higher," notes the tech site Neowin.

Germany will get a new "super-high-tech ministry" responsible for research, technology, and aerospace, according to the coalition agreement published by the incoming government this week. From a report: The announcement is one of several nods to science in the 144-page agreement, unveiled on 9 April following weeks of negotiations between the center-right Christian Democrats (CDU) and its sister party, the Christian Social Union in Bavaria (CSU) -- who together won the most seats in February's federal elections -- and the center-left Social Democrats. The agreement is expected to be formally approved by the three parties by early May, paving the way for CDU leader Friedrich Merz to be elected chancellor.

[...] The new agreement lists a number of scientific priorities for the new government, including support for artificial intelligence, quantum technologies, biotechnology, microchip development and production, and fusion energy. "Our goal is that the world's first fusion reactor should be realized in Germany," the text states. It also mentions personalized medicine, oceans research, and sustainability research as "strategic" areas. But the agreement does not include any budget estimates, and observers caution it is unclear where the money for new programs would come from. The agreement does affirm current commitments to increase the budgets of the country's main research organizations by 3% per year through 2030.

China responded to President Trump's tariffs on Friday, raising its own tariffs on American goods to 125%, from 84%. The New York Times: The announcement by China's State Council came after Trump administration officials clarified on Thursday that China was now facing a minimum tariff rate of 145% on all exports to United States. China said its new tariffs will take effect on Saturday. China said it plans to ignore any further increases announced by Washington from here. Bloomberg: In a statement following China's retaliatory move, the Commerce Ministry said Washington's repeated use of excessively high tariffs has become little more than a numbers game -- economically meaningless and revealing its use of tariffs as a tool for bullying and coercion. "It's become a joke," the ministry said. CNN: The trade war between the world's two economic superpowers has tanked international markets and fueled fears of a global recession.

"There are no winners in a trade war, and going against the world will only lead to self-isolation," [Chinese leader] Xi Jinping told Spanish Prime Minister Pedro Sanchez in Beijing on Friday, according to state broadcaster CCTV.

"For over 70 years, China's development has relied on self-reliance and hard work -- never on handouts from others, and it is not afraid of any unjust suppression," Xi added.

Meta says in its Llama 4 release announcement that it's specifically addressing "left-leaning" political bias in its AI model, distinguishing this effort from traditional bias concerns around race, gender, and nationality that researchers have long documented. "Our goal is to remove bias from our AI models and to make sure that Llama can understand and articulate both sides of a contentious issue," the company said.

"All leading LLMs have had issues with bias -- specifically, they historically have leaned left," Meta stated, framing AI bias primarily as a political problem. The company claims Llama 4 is "dramatically more balanced" in handling sensitive topics and touts its lack of "strong political lean" compared to competitors.

theodp writes: America's National Football League announced that beginning with the 2025 season, Sony's Hawk-Eye virtual measurement technology will assess and identify first downs after a ball spot.

Sony's Hawk-Eye virtual measurement technology, which consists of six 8K cameras for optical tracking of the position of the ball, is operated from the NFL's "Art McNally GameDay Central Officiating Center" in New York and is integrated with the League's existing replay system. It will serve as an efficient alternative to the process of having a three-person chain crew walk chains onto the field and manually measure whether 10 yards have been met after the official has spotted the ball.

However, the chain crew will remain on the field in a secondary capacity.
The NFL's executive VP of football operations says their move brings "world-class on field officiating with state-of-the-art technology to advance football excellence." (The NFL's announcement notes the whole process takes about 30 seconds, "saving up to 40 seconds from a measurement with the chains.")

The move comes a full seven years after Apple introduced its iPhone Measure app...