Two "groundbreaking research reports" on open source security were announced this week by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe. The reports specifically address the EU's Cyber Resilience Act (or CRA) and "highlight knowledge gaps and best practices for CRA compliance."

"Unaware and Uncertain: The Stark Realities of CRA-Readiness in Open Source" includes a survey which found that when it comes to CRA requirements, 62% of respondents were either "not familiar at all" (36%) or "slightly familiar" (26%) — while 51% weren't sure about its deadlines. ("Only 28% correctly identified 2027 as the target year for full compliance," according to one infographic, which adds that CRA "is expected to drive a 6% average price increase, though 53% of manufacturers are still assessing pricing impacts.") Manufacturers, who bear primary responsibility, lack readiness — many [46%] passively rely on upstream security fixes, and only a small portion produce Software Bills of Materials (SBOMs). The report recommends that manufacturers take a more active role in open source security, that more funding and legal support is needed to support security practices, and that clear regulatory guidance is essential to prevent unintended negative impacts on open source development.
The research also provides "an in-depth analysis of how open collaboration can strengthen software security and innovation across global markets," with another report that "examines how three Linux Foundation projects are meeting the CRA's minimum compliance requirements" and "provides insight on the elements needed to ensure leadership in cybersecurity best practices." (It also includes CRA-related resources.)

"These two reports offer actionable conclusions for open source stakeholders to ready themselves for 2027, when the CRA comes into force," according to a Linux Foundation reserach executive cited in the announcement. "We hope that these reports catalyze higher levels of collaboration across the open source community."

Computer programming jobs in the US have declined by more than a quarter over the past two years, placing the profession among the 10 hardest-hit occupations of 420-plus jobs tracked by the Bureau of Labor Statistics and potentially signaling the first concrete evidence of artificial intelligence replacing workers.

The timing coincides with OpenAI's release of ChatGPT in late 2022. Anthropic researchers found people use AI to perform programming tasks more than those of any other job, though 57 percent of users employ AI to augment rather than automate work. "Without getting hysterical, the unemployment jump for programming really does look at least partly like an early, visible labor market effect of AI," said Mark Muro of the Brookings Institution.

While software developer positions have remained stable with only a 0.3 percent decline, programmers who perform more routine coding from specifications provided by others have seen their ranks diminish to levels not seen since 1980. Economists caution that high interest rates and post-pandemic tech industry contraction have also contributed to the decline in programming jobs, which typically pay $99,700 compared to $132,270 for developers.

Nvidia CEO Jensen Huang on Thursday walked back comments he made in January, when he cast doubt on whether useful quantum computers would hit the market in the next 15 years. From a report: At Nvidia's "Quantum Day" event, part of the company's annual GTC Conference, Huang admitted that his comments came out wrong. "This is the first event in history where a company CEO invites all of the guests to explain why he was wrong," Huang said.

In January, Huang sent quantum computing stocks reeling when he said 15 years was "on the early side" in considering how long it would be before the technology would be useful. He said at the time that 20 years was a timeframe that "a whole bunch of us would believe." In his opening comments on Thursday, Huang drew comparisons between pre-revenue quantum companies and Nvidia's early days. He said it took over 20 years for Nvidia to build out its software and hardware business.

He also expressed surprise that his comments were able to move markets, and joked he didn't know that certain quantum computing companies were publicly traded. "How could a quantum computer company be public?" Huang said.

Apple is undergoing a rare shake-up of its executive ranks, aiming to get its artificial intelligence efforts back on track after months of delays and stumbles, Bloomberg News reported Thursday, citing people familiar with the matter. From the report: Chief Executive Officer Tim Cook has lost confidence in the ability of AI head John Giannandrea to execute on product development, so he's moving over another top executive to help: Vision Pro creator Mike Rockwell. In a new role, Rockwell will be in charge of the Siri virtual assistant, according to the people, who asked not to be identified because the moves haven't been announced.

Rockwell will report to software chief Craig Federighi, removing Siri completely from Giannandrea's command. Apple is poised to announce the changes to employees this week. The iPhone maker's senior leaders -- a group known as the Top 100 -- just met at a secretive, annual offsite gathering to discuss the future of the company. Its AI efforts were a key talking point at the summit, Bloomberg News has reported.

The moves underscore the plight facing Apple: Its AI technology is severely lagging industry rivals, and the company has shown little sign of catching up. The Apple Intelligence platform was late to arrive and largely a flop, despite being the main selling point for the iPhone 16. Further reading: 'Something Is Rotten in the State of Cupertino'

Federal authorities have broken up an international crime ring that stole thousands of iPhones from porches nationwide [non-paywalled link], arresting 13 people last month after a sophisticated operation that combined high-tech tools with old-fashioned bribery.

The thieves created software to scrape FedEx tracking numbers and paid AT&T store employees to provide customer order details and delivery addresses, according to WSJ, which cites prosecutors. Armed with this information, runners intercepted packages at doorsteps moments after delivery.

Demetrio Reyes Martinez, known online as "CookieNerd," developed code that circumvented FedEx limits on delivery-data requests, while AT&T employee Alejandro Then Castillo used his credentials to track hundreds of shipments and reportedly received up to $2,500 for recruiting other employees. Stolen devices were funneled through Wyckoff Wireless in Brooklyn, a store owned by Joel Suriel, who was already on supervised release from a previous wire-fraud conviction. The merchandise was then shipped overseas for sale and activation.

An anonymous reader quotes a report from TechCrunch: Volkswagen's ultra-cheap EV called the ID EVERY1 -- a small four-door hatchback revealed Wednesday -- will be the first to roll out with software and architecture from Rivian, according to a source familiar with the new model. The EV is expected to go into production in 2027 with a starting price of 20,000 euros ($21,500). A second EV called the ID.2all, which will be priced in the 25,000 euro price category, will be available in 2026. Both vehicles are part of the automaker's new category of electric urban front-wheel-drive cars that are being developed under the "Brand Group Core" that makes up the volume brands in the VW Group. And both vehicles are for the European market.

The EVERY1 will be the first to ship with Rivian's vehicle architecture and software as part of a $5.8 billion joint venture struck last year between the German automaker and U.S. EV maker. The ID.2all is based on the E3 1.1 architecture and software developed by VW's software unit Cariad. VW didn't name Rivian in its reveal Wednesday, although there were numerous nods to next-generation software. Kai Grunitz, member of the Volkswagen Brand Board of Management responsible for technical development, noted it would be the first model in the entire VW Group to use a "fundamentally new, particularly powerful software architecture." "This means the future entry-level Volkswagen can be equipped with new functions throughout its entire life cycle," he said. "Even after purchase of a new car, the small Volkswagen can still be individually adapted to customer needs." Volkswagen says the ID EVERY1 concept is a compact electric vehicle with a 70 kW motor, a top speed of 130 km/h, a minimum range of 250 km (150 miles), seating for four, and a 305-liter luggage capacity.

Volkswagen has a press release with additional information.

The Dutch parliament approved motions urging the government to reduce reliance on U.S. software companies by developing a sovereign cloud platform and reconsidering contracts with American firms. Reuters reports: While such initiatives have foundered in the past due to a lack of viable European alternatives, lawmakers said changing relations with the United States under the presidency of Donald Trump have given the issue fresh urgency. "The question we as Europeans must ask ourselves is: do we feel comfortable with people like Trump, (Meta CEO Mark) Zuckerberg and (X owner Elon) Musk ruling over our data?" said Marieke Koekkoek of the pro-European Volt party, who authored one of the eight motions, in an email to Reuters.

In addition to launching a sovereign cloud services platform, the motions called on the government to re-examine a decision to use Amazon's web services for the Netherlands' internet domain hosting, and to develop alternatives to U.S. software and preferential treatment for European firms in public tenders. [...] Bert Hubert, a Dutch technology expert who has advocated for reducing dependency on the U.S., said: "This is only the first step in potentially doing something." But he said one important outcome would be forcing agencies to publicly report on risks related to their reliance on U.S. cloud firms. "With the advent of Trump 2.0, it has become clear that this is not something you can harmlessly sign off on," he said.

General Motors is partnering with Nvidia to enhance its self-driving and manufacturing capabilities by leveraging Nvidia's AI chips, software, and simulation tools. "GM says it will apply several of Nvidia's products to its business, such as the Omniverse 3D graphics platform which will run simulations on virtual assembly lines with an eye on reducing downtime and improving efficiency," reports The Verge. "The automaker also plans to equip its next-generation vehicles with Nvidia's 'AI brain' for advanced driver assistance and autonomous driving. And it will employ the chipmaker's AI training software to make its vehicle assembly line robots better at certain tasks, like precision welding and material handling." From the report: GM already uses Nvidia's GPUs to train its AI software for simulation and validation. Today's announcement was about expanding those use cases into improving its manufacturing operations and autonomous vehicles, GM CEO Mary Barra said in a statement. (Dave Richardson, GM's senior VP of Software and Services Engineering will be joining NVIDIA's Norm Marks for a fireside chat at the conference.) "AI not only optimizes manufacturing processes and accelerates virtual testing but also helps us build smarter vehicles while empowering our workforce to focus on craftsmanship," Barra said. "By merging technology with human ingenuity, we unlock new levels of innovation in vehicle manufacturing and beyond."

GM will adopt Nvidia's in-car software products to build next-gen vehicles with autonomous driving capabilities. That includes the company's Drive AGX system-on-a-chip (SoC), similar to Tesla's Full Self-Driving chip or Intel's Mobileye EyeQ. The SoC runs the "safety-certified" DriveOS operating system, built on the Blackwell GPU architecture, which is capable of delivering 1,000 trillion operations per second (TOPS) of high-performance compute, the company says. [...] In a briefing with reporters, Ali Kani, Nvidia's vice president and general manager of automotive, described the chipmaking company's automotive business as still in its "infancy," with the expectation that it will only bring in $5 billion this year. (Nvidia reported over $130 billion in revenue in 2024 for all its divisions.)

Nvidia's chips are in less than 1 percent of the billions of cars on the road today, he added. But the future looks promising. The company is also announcing deals with Tier 1 auto supplier Magna, which helped build Sony's Afeela concept, to use Drive AGX in the company's next-generation advanced driver assist software. "We believe automotive is a trillion dollar opportunity for Nvidia," Kani said.

Y Combinator CEO Garry Tan said startups are reaching $1-10 million annual revenue with fewer than 10 employees due to "vibe coding," a term coined by OpenAI cofounder Andrej Karpathy in February.

"You can just talk to the large language models and they will code entire apps," Tan told CNBC (video). "You don't have to hire someone to do it, you just talk directly to the large language model that wrote it and it'll fix it for you." What would've once taken "50 or 100" engineers to build, he believes can now be accomplished by a team of 10, "when they are fully vibe coders." He adds: "When they are actually really, really good at using the cutting edge tools for code gen today, like Cursor or Windsurf, they will literally do the work of 10 or 100 engineers in the course of a single day."

According to Tan, 81% of Y Combinator's current startup batch consists of AI companies, with 25% having 95% of their code written by large language models. Despite limitations in debugging capabilities, Tan said the technology enables small teams to perform work previously requiring dozens of engineers and makes previously overlooked niche markets viable for software businesses.

HR software startup Rippling has sued competitor Deel, alleging that Deel orchestrated corporate espionage by recruiting an employee within Rippling to steal trade secrets, including customer data, sales strategies, and internal records. The lawsuit (PDF) claims the spy shared confidential information with Deel executives and a reporter, leading to legal action under the Racketeer Influenced and Corrupt Organizations (RICO) Act. Deel denies wrongdoing and plans to counter the claims. CNBC reports: The two startups are among the most world's most valuable. Investors valued Rippling at $13.5 billion in a funding round announced last year, while Deel told media outlets in 2023 that it was worth $12 billion. Deel ranked No. 28 on CNBC's 2024 Disruptor 50 list. "Weeks after Rippling is accused of violating sanctions law in Russia and seeding falsehoods about Deel, Rippling is trying to shift the narrative with these sensationalized claims," a Deel spokesperson told CNBC in an email. "We deny all legal wrongdoing and look forward to asserting our counterclaims."

Rippling confirmed its findings earlier this month. The company's general counsel sent a letter to three Deel executives that referred to a new Slack channel, and the Deel spy quickly looked for it. Rippling subsequently served a court order to the spy at its office in Dublin, Ireland requiring him to preserve information on his mobile phone. "Deel's spy lied to the court-appointed solicitor about the location of his phone, and then locked himself in a bathroom -- seemingly in order to delete evidence from his phone -- all while the independent solicitor repeatedly warned him not to delete materials from his device and that his non-compliance was breaching a court order with penal endorsement," Rippling said in Monday's filing. "The spy responded: 'I'm willing to take that risk.' He then fled the premises." "We always prefer to win by building the best products and we don't turn to the legal system lightly," Parker Conrad, Rippling's co-founder and CEO, said in a Monday X post. "But we are taking this extraordinary step to send a clear message that this type of misconduct has no place in our industry."

Google's parent company Alphabet is reportedly in talks to acquire cybersecurity startup Wiz for approximately $30 billion. Last July, negotiations had advanced on a $23 billion deal, but the talks were put on hold to prioritize Wiz's IPO. Around the same time, Alphabet also walked away from a potential acquisition of online marketing software company HubSpot. Reuters reports: The startup provides cloud-based cybersecurity solutions powered by artificial intelligence that help companies identify and remove critical risks on cloud platforms. A buyout of this size will most likely face regulatory scrutiny as tech giants are kept under close watch for possible monopolistic practices.

If the deal goes through, it could help Alphabet tap into the cybersecurity industry and expand its booming cloud infrastructure segment, which generated more than $43 billion in revenue last year. Wiz was last valued at $12 billion in a private funding round in May 2024.

GIMP 3.0 has been released after over a decade of development. Highlights include a refined GTK3 interface with scroll wheel tab navigation, a new splash screen, improved HiDPI icon support, enhanced color management, a stable public API, and support for more file formats. 9to5Linux reports: GIMP 3.0 also brings improvements to non-destructive editing by introducing an optional "Merge Filters" checkbox at the bottom of NDE filters that merges down the filter immediately after it's committed, along with non-destructive filters on layer groups and the implementation of storing version of filters in GIMP's XCF project files. Among other noteworthy changes, the GEGL and babl components have been updated with new features and many improvements, such as Inner Glow, Bevel, and GEGL Styles filters, some plugins saw small enhancements, and it's now possible to export images with different settings while leaving the original image unchanged.

There's also a new PDB call that allows Script-Fu writers to use labels to specify filter properties, a brand new named-argument syntax, support for loading 16-bits-per-channel LAB PSD files, support for loading DDS images with BC7 support, early-binding CMYK support, and support for PSB and JPEG-XL image formats. On top of that, GIMP 3.0 introduces new auto-expanding layer boundary and snapping options, an updated search pop-up to show the menu path for all entries while making individual filters searchable, a revamped alignment tool, and support for "layer sets," replacing the older concept of linked layers. You can download GIMP 3.0 from the official website.

An anonymous reader shares a report: Xbox 360 modders have discovered a new way to get homebrew apps and games running on the console. A new software-only exploit known as BadUpdate allows you to use a USB key to hack past Microsoft's Hypervisor protections and run unsigned code and games.

Modern Vintage Gamer has tested BadUpdate and found that you don't even have to open up your Xbox 360 console to get it running. Unlike the RGH or JTAG exploits for the Xbox 360, this BadUpdate method just requires a USB key. If you have the time and patience to get this running successfully, you'll be able to run the Xbox 360 homebrew store which includes games, apps, emulators, utilities, and even custom dashboards.

HR software provider Rippling has sued competitor Deel for allegedly planting a spy in its Dublin office to steal trade secrets, court documents [PDF] showed on Monday. Rippling claims the employee, identified as D.S., systematically searched internal Slack channels for competitor information, including sales leads and pitch decks.

The company discovered the alleged scheme through a "honeypot" trap -- a specially created Slack channel mentioned in a letter to Deel executives. When served with a court order to surrender his phone, D.S. locked himself in a bathroom before fleeing, according to the lawsuit. "We're all for healthy competition, but we won't tolerate when a competitor breaks the law," said Vanessa Wu, Rippling's general counsel. Both companies operate multibillion-dollar HR platforms, with Rippling valued at $13.5 billion and Deel at over $12 billion.

This week the Free Software Foundation published memorabilia items for an online silent auction — part of their big 40th anniversary celebration. "Starting March 17, the FSF will unlock items each day for bidding on the LibrePlanet wiki at 12:00 EDT.. Bidding on all items will conclude at 15:00 EDT on March 21, 2025...

"During the auction, the FSF welcomes everyone who supports user freedom to bid on historical and symbolic free software memorabilia," they annouced this week: The auction is split into two parts: a silent auction hosted on the LibrePlanet wiki from March 17 through March 21 and a live auction held on the FSF's Galène videoconferencing server on March 23 from 14:00-17:00. The auction is only the opening act to a months-long itinerary celebrating forty years of free software activism...

Executive director Zoë Kooyman adds: "These items are valuable pieces of FSF history, and some of them are emblematic of the free software movement. We want to entrust these memorabilia in the hands of the free software community for preservation and would love to see some of these items displayed in exhibitions." All in all, there are twenty-five pieces that are either directly part of the FSF's history and/or representative of the free software movement that will be available in the silent auction.

Winning bidders can rest assured that all proceeds from this auction will go towards the FSF's continued work to promote computer user freedom worldwide.
Silent auction items include:

• A print of the famous Gnu-with-Tux-as-superheroes poster signed by Richard Stallman and artist Lissanne Lake. Bids start at $300...

• A mid-1980s VT220 terminal that "still works, and can be connected to your favorite free machine over the serial interface... This is the same terminal that was on the FSF reception desk for some time, introducing visitors to ASCII art, NetHack, and other free software lore." Bids start at $250... (with estimate shipping costs of $100)

• An Amiga 3000UX donated to the GNU project "sometime in 1990." While it now has a damaged battery, "FSF staff programmers used it at MIT to help further some early development of the GNU operating system." Starting bid: $300 (with estimated shipping costs of $400).

• "A variety of plush animals that had greeted visitors at its former offices in Boston on 51 Franklin Street..."

"The most notable items have been reserved for the live auction on Sunday, March 23," they note — including the Internet Hall of Fame medal awarded to FSF founder Richard Stallman in 2013 "as ultimate recognition of free software's immense impact on the development and advancement of the Internet."

Long-time Slashdot reader chicksdaddy writes: A group of U.S. consumer advocacy groups on Wednesday proposed legislation to address the growing epidemic of "zombie" Internet of Things (IoT) devices that have had software support cut off by their manufacturer, Fight To Repair News reports.

The Connected Consumer Product End of Life Disclosure Act is a collaboration between Consumer Reports, US PIRG, the Secure Resilient Future Foundation (SRFF) and the Center for Democracy and Technology. It requires manufacturers of connected consumer products to disclose for how long they will provide technical support, security updates, or bug fixes for the software and hardware that are necessary for the product to operate securely.
The groups proposed legal requirements that manufacturers "must notify consumers when their devices are nearing the end of life and provide guidance on how to handle the device's end of life," while end-of-life notifications "must include details about features that will be lost, and potential vulnerabilities and security risks that may arise." And when an ISP-provided device (like a router) reaches its end of life, the ISP must remove them.

"The organizations are working with legislators at the state and federal level to get the model legislation introduced," according to Fight To Repair News.

Long-time Slashdot reader theodp writes: Wall Street Journal K-12 education reporter Matt Barnum has a heads-up for parents: There's a Good Chance Your Kid Uses AI to Cheat. Barnum writes:

"A high-school senior from New Jersey doesn't want the world to know that she cheated her way through English, math and history classes last year. Yet her experience, which the 17-year-old told The Wall Street Journal with her parent's permission, shows how generative AI has rooted in America's education system, allowing a generation of students to outsource their schoolwork to software with access to the world's knowledge. [...] The New Jersey student told the Journal why she used AI for dozens of assignments last year: Work was boring or difficult. She wanted a better grade. A few times, she procrastinated and ran out of time to complete assignments. The student turned to OpenAI's ChatGPT and Google's Gemini, to help spawn ideas and review concepts, which many teachers allow. More often, though, AI completed her work. Gemini solved math homework problems, she said, and aced a take-home test. ChatGPT did calculations for a science lab. It produced a tricky section of a history term paper, which she rewrote to avoid detection. The student was caught only once."

Not surprisingly, AI companies play up the idea that AI will radically improve learning, while educators are more skeptical. "This is a gigantic public experiment that no one has asked for," said Marc Watkins, assistant director of academic innovation at the University of Mississippi.

"The number of discrete GPU developers from the U.S. and Western Europe shrank to three companies in 2025," notes Tom's Hardware, "from around 10 in 2000." (Nvidia, AMD, and Intel...) No company in the recent years — at least outside of China — was bold enough to engage into competition against these three contenders, so the very emergence of Bolt Graphics seems like a breakthrough. However, the major focuses of Bolt's Zeus are high-quality rendering for movie and scientific industries as well as high-performance supercomputer simulations. If Zeus delivers on its promises, it could establish itself as a serious alternative for scientific computing, path tracing, and offline rendering. But without strong software support, it risks struggling against dominant market leaders.
This week the Sunnyvale, California-based startup introduced its Zeus GPU platform designed for gaming, rendering, and supercomputer simulations, according to the article. "The company says that its Zeus GPU not only supports features like upgradeable memory and built-in Ethernet interfaces, but it can also beat Nvidia's GeForce RTX 5090 by around 10 times in path tracing workloads, according to slide published by technology news site ServeTheHome." There is one catch: Zeus can only beat the RTX 5090 GPU in path tracing and FP64 compute workloads. It's not clear how well it will handle traditional rendering techniques, as that was less of a focus. In speaking with Bolt Graphics, the card does support rasterization, but there was less emphasis on that aspect of the GPU, and it may struggle to compete with the best graphics cards when it comes to gaming. And when it comes to data center options like Nvidia's Blackwell B200, it's an entirely different matter.

Unlike GPUs from AMD, Intel, and Nvidia that rely on proprietary instruction set architectures, Bolt's Zeus relies on the open-source RISC-V ISA, according to the published slides. The Zeus core relies on an open-source out-of-order general-purpose RVA23 scalar core mated with FP64 ALUs and the RVV 1.0 (RISC-V Vector Extension Version 1.0) that can handle 8-bit, 16-bit, 32-bit, and 64-bit data types as well as Bolt's additional proprietary extensions designed for acceleration of scientific workloads... Like many processors these days, Zeus relies on a multi-chiplet design... Unlike high-end GPUs that prioritize bandwidth, Bolt is evidently focusing on greater memory size to handle larger datasets for rendering and simulations. Also, built-in 400GbE and 800GbE ports to enable faster data transfer across networked GPUs indicates the data center focus of Zeus.

High-quality rendering, real-time path tracing, and compute are key focus areas for Zeus. As a result, even the entry-level Zeus 1c26-32 offers significantly higher FP64 compute performance than Nvidia's GeForce RTX 5090 — up to 5 TFLOPS vs. 1.6 TFLOPS — and considerably higher path tracing performance: 77 Gigarays vs. 32 Gigarays. Zeus also features a larger on-chip cache than Nvidia's flagship — up to 128MB vs. 96MB — and lower power consumption of 120W vs. 575W, making it more efficient for simulations, path tracing, and offline rendering. However, the RTX 5090 dominates in AI workloads with its 105 FP16 TFLOPS and 1,637 INT8 TFLOPS compared to the 10 FP16 TFLOPS and 614 INT8 TFLOPS offered by a single-chiplet Zeus...
The article emphasizes that Zeus "is only running in simulation right now... Bolt Graphics says that the first developer kits will be available in late 2025, with full production set for late 2026."

Thanks to long-time Slashdot reader arvn for sharing the news.

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center.

And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.

The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme."
The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...)

Besides updating software and operating systems, the alert makes these recommendations for organizations:

• Require VPNs (or jump hosts) for remote network access

• Block remote access from unknown/untrusted origins, and disable unused ports

• Segment networks to help prevent the spread of ransomware

• Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts.

• Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers

• Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.)

• Disable command-line and scripting activities and permissions.

"Why can't we each have our own AI software that runs locally," asks long-time Slashdot reader BrendaEM — and that doesn't steal the work of others.

Imagine a powerful-but-locally-hosted LLM that "doesn't spy... and no one else owns it." We download it, from souce-code if you like, install it, if we want. And it assists: us... No one gate-keeps it. It's not out to get us...

And this is important: because no one owns it, the AI software is ours and leaks no data anywhere — to no one, no company, for no political nor financial purpose. No one profits — but you!
Their longer original submission also asks a series of related questions — like why can't we have software without AI? (Along with "Why is AMD stamping AI on local-processors?" and "Should AI be crowned the ultimate hype?") But this question seems to be at the heart of their concern. "What future will anyone have if anything they really wanted to do — could be mimicked and sold by the ill-gotten work of others...?"

"Could local, open-source, AI software be the only answer to dishearten billionaire companies from taking and selling back to their customers — everything we have done? Could we not...instead — steal their dream?!"

Share your own thoughts and answers in the comments. Where are the open-source, local-only AI solutions?