ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Did Microsoft Shift Its Profits to Low-Tax Countries? (nytimes.com)

(Sunday July 05, 2026 @05:55PM (EditorDavid) from the representation-without-taxation dept.)

Microsoft is apparently shifting its profits to countries with low taxes — and out of countries where they have many more employees and significant sales. Back in 2005 Former Microsoft CEO Steve Ballmer even [1]said that a low corporate tax rate "is part of the overall advantage of doing business in Ireland," remembers long-time Slashdot reader [2]theodp . (Ballmer added "It would be disingenuous to say otherwise.")

But in 2026 the EU now requires a country-by-country compliance report, and the New York Times notes that Microsoft "was most likely [3]the first major U.S. technology company to make a so-called country by country report of its finances to comply..."

> Like other big companies, Microsoft uses transactions between subsidiaries to shift profits around to reduce its tax bill. The report revealed a consistent pattern: high returns in low-tax jurisdictions and slim margins in higher-tax ones. The report showed the sometimes absurd results. Microsoft said it had generated almost 40 percent of its pretax income in tax-friendly Ireland, where it employed about 3 percent of its global work force. In higher-tax Germany, the largest economy in Europe, Microsoft earned barely half of 1 percent of its global profits, it said.

>

> Excluding Ireland, the company said, it generated less than 2 percent of its worldwide pretax earnings in Europe... [In Luxembourg Microsoft said it had $283 million in pretax income with only 34 employees.]

>

> [America's] Internal Revenue Service is challenging profit-shifting transactions used by Microsoft, and is seeking back taxes of [4]nearly $29 billion 4. The company has said it disagrees with the I.R.S. and said in a securities filing that it "will vigorously contest" the proposed tax bills.

This week a Microsoft blog post offered their own " [5]context ," arguing that tax is "one important measure of contribution, but it is not the only one.

"Our investments, partnerships, infrastructure, and long-term presence in countries around the world also reflect a commitment to helping strengthen the economies and communities where we operate, today and for the future."



[1] https://www.siliconrepublic.com/business/ireland-still-integral-to-microsoft-says-ballmer

[2] https://www.slashdot.org/~theodp

[3] https://www.nytimes.com/2026/07/03/technology/microsoft-europe-disclosure-tax-havens.html?unlocked_article_code=1.vFA.AZUY.Qj8Au9rWTOvu&smid=url-share

[4] https://www.sec.gov/Archives/edgar/data/789019/000119312526191507/msft-20260331.htm

[5] https://blogs.microsoft.com/on-the-issues/2026/06/30/context-on-our-country-by-country-tax-footprint/



Hobbit-like Humans May Have Scavenged Komodo Dragons' Leftovers to Survive (cnn.com)

(Monday July 06, 2026 @11:00AM (EditorDavid) from the here-be-dragons dept.)

[1]CNN reports :

> Prehistoric human relatives, nicknamed "hobbits" due to their short stature, may have been scavengers, rather than skilled hunters capable of taking down big game or building cooking fires, according to [2]new research . The study adds to growing evidence that [3]Homo floresiensis , which had a brain only slightly bigger than that of a chimpanzee, wasn't as advanced as scientists previously believed....

>

> The researchers believe that much like how Komodo dragons hunt water buffaloes today, they were using their venomous bite to take down Stegodons — and after the scene was clear, Homo floresiensis swept in to cleave meat from what remained... The new study reinforces a long-held suspicion that Homo floresiensis is not a dwarfed form of Homo erectus but a descendant of a more primitive [4]Homo habilis-like or Australopithecus-like form that arrived on the island more than1 million years ago, said Dr. Chris Stringer, a research leader specializing in human origins and paleoanthropology at London's Natural History Museum.



[1] https://www.cnn.com/2026/07/03/science/homo-floresiensis-scavenged-food

[2] http://www.science.org/doi/10.1126/sciadv.aeb7219

[3] https://www.cnn.com/2023/09/02/asia/homo-floresiensis-hobbit-discovery-anniversary-scn

[4] https://www.cnn.com/2025/08/16/science/australopithecus-homo-species-afar-ethiopia



FSF Shares Update on 'LibrePhone' and New Automated Site Monitoring Tool (fsf.org)

(Sunday July 05, 2026 @05:55PM (EditorDavid) from the sharing-the-software dept.)

At the end of 2025, the FSF launched [1]LibrePhone project, which is working to "better understand and reverse-engineer the nonfree [2]blobs used by a great majority of (if not all) system on a chip designs available today." The FSF's [3]summer newsletter shares [4]this update :

> We started with [5]researching the proprietary files in Android phones supported by the [6]Lineage project, an Android-based volunteer-led mobile phone operating system with much free software already in it. Our current, primary focus is on the radio blobs that control WiFi, Bluetooth, NFC, and cellular communications.

>

> The software freedom issues with [7]mobile computing have been around for a long time, with the most challenging issue being the baseband/modem firmware that relies heavily on proprietary software. This creates a technical and legal maze that is nearly impossible to break free from, but that doesn't mean we should ever stop working to create free systems. It certainly doesn't mean we shouldn't liberate the software that we know can be free software. Now, half a year into this project, lead developer Rob Savoye has extracted firmware from over 200 Lineage install packages, processed 85GB of files, and imported the results of these analyses into a PostgreSQL database for cross-device comparison... [M]uch of the software and blobs we need to work through are shared across multiple devices; this means even greater strides for mobile phone freedom...

>

> As insurmountable as it may seem at times, every blob we manage to free up will be progress. The FSF has proven time and time again that it can bring the [8]free software philosophy to life, not just by advocating for it, but by making it so.

The bulletin also describes how waves of botnets from "aggressive LLM scrapers, vulnerability scanners, poorly optimized CI/CD servers" inspired the FSF to create a new free-as-in-freedom [9]automated monitoring tool :

> In our efforts to combat the botnets, we optimized several detection rules to ban abusive behavior. We found the upper limit of fail2ban and replaced it with [10]reaction , an efficient alternative with our configuration that uses [11]ipset . We also split several monolithic machines into many separate machines so that when a web service is overwhelmed the other functions of the service do not go down with it... We found quite a few ways to respond to and prevent botnet attacks, but still faced a significant related challenge: communicating when a website or service is down...

>

> Uptime Kuma is a human-readable, automated monitoring addition to our systems... You can check out our recently-launched self-hosted Uptime Kuma instance at [12]https://status.fsf.org/ . When you see the page, you will also likely say, "Wow! The FSF and GNU sure do run a ton of services!" and you would be right... If you maintain websites and services, and are looking for a simple way to communicate publicly with your users, consider using Uptime Kuma or another free software solution instead of choosing a proprietary monitoring solution."

There's also an article on the state of [13]free-as-in-freedom videogame console emulators .



[1] https://librephone.fsf.org/

[2] https://en.wikipedia.org/wiki/Binary_blob

[3] https://magazine.fsf.org/2026-summer/

[4] https://www.fsf.org/bulletin/2026/summer/ensuring-freedom-one-blob-at-a-time

[5] https://librephone.fsf.org/site/files/

[6] https://wiki.lineageos.org/

[7] https://www.fsf.org/working-together/next-steps/free-software-phones

[8] https://www.gnu.org/philosophy/free-sw.html

[9] https://status.fsf.org/

[10] https://reaction.ppom.me/

[11] https://ipset.netfilter.org/

[12] https://status.fsf.org/

[13] https://www.fsf.org/bulletin/2026/summer/video-game-console-emulators-free-or-not



AOL's Owner Bending Spoons Hits Wall Street with $1.7 billion IPO (apnews.com)

(Sunday July 05, 2026 @05:55PM (EditorDavid) from the you've-got-IPO dept.)

"The owner of AOL and other tech businesses hit Wall Street with a $1.7 billion initial public offering Wednesday," [1]reports the Associated Press :

> The company is getting $1 billion in proceeds, while the rest is going to shareholders. The stock surged 39.7% in its first day of trading under the symbol "BSP" on the Nasdaq, giving it a market value of $25.2 billion.

>

> Among the company's well-known holdings are the event creation and ticketing company Eventbrite, and the video hosting service Vimeo... AOL itself went public in 1992 and was a vanguard of technology and communication. It reached a market value of $164 billion in 2000 shortly before merging with Time Warner. It then crashed along with the rest of the industry following the bursting of the dot-com bubble. It has been bought and sold several times over the last two decades...

>

> [Italy-based Bending Spoons] was founded by three friends in 2013 following the failure of their first attempt at building a technology startup. It has since grown by buying more than 50 companies. The acquired companies are reorganized, and AI technology is often a key tool in the redesign. The focus remains on subscription-based revenue from the portfolio of businesses. The company said it had net income of $27.5 million on revenue of $601 million during the first three months of 2026. It had more than 500 million monthly active users and 9 million monthly paying customers as of March. The company has debt of just under $4.4 billion. It plans to use proceeds from the offering to invest in new acquisitions.

The article notes that in the company's prospectus, it says they chose the name Bending Spoons because "We were about to attempt to create a world-class company with $40,000, a team of five, and a track record that read 0 for 1. A touch of irony seemed appropriate."



[1] https://apnews.com/article/bending-spoons-ipo-aol-technology-vimeo-93a8426bab66c9d821a9beb0d2750d64



EchoStar's US Satellite Pay-TV Provider Dish DBS Files for Bankruptcy (deadline.com)

(Sunday July 05, 2026 @11:34AM (EditorDavid) from the breaking-a-Dish dept.)

EchoStar's satellite pay-TV unit Dish DBS has filed for Chapter 11 bankruptcy protection, [1]reports Reuters . The move also applies to its wireless subsidiaries, according to the article, and "facilitates the wind-down of Dish Wireless's 5G network operations following an unexpected delay in a spectrum license sale to AT&T... under which EchoStar [2]agreed to sell about 50 megahertz of its nationwide spectrum for $23 billion."

Some [3]context from Deadline.com :

> Charlie Ergen, who co-founded EchoStar and Dish, recently returned as chairman and CEO to steer the company through its recent challenges... Even prior to the merger, Ergen had been working to pivot from the pay-TV business, where Dish now has just 5 million subscribers and streaming sibling Sling TV has another 2 million, toward wireless telecom. With wireless spectrum hitting the market due to the Sprint-T-Mobile merger and then Elon Musk's Starlink looking to ramp up in the sector, it seemed more attractive than the cord-cutting-ravaged pay-TV business. But it is still entails plenty of risk, especially given how tightly regulated the spectrum is due to security concerns.

Thanks to long-time Slashdot reader [4]schwit1 for sharing the news.



[1] https://www.reuters.com/legal/litigation/echostars-dish-dbs-wireless-units-file-prepackaged-bankruptcy-2026-06-30/

[2] https://www.reuters.com/en/echostar-sell-wireless-spectrum-licenses-att-23-billion-deal-2025-08-26/

[3] https://deadline.com/2026/06/dish-satellite-pay-tv-files-chapter-11-bankruptcy-1236971845/

[4] https://www.slashdot.org/~schwit1



Decades-Old Bash Tricks Expose AI Coding Agents To Supply Chain Attacks (securityweek.com)

(Sunday July 05, 2026 @11:34AM (EditorDavid) from the big-Bash-theory dept.)

Slashdot reader [1]wiredmikey writes:

> AI security researchers have uncovered a structural security flaw [2]dubbed GuardFall that allows decades-old Bash shell tricks to bypass safeguards in most open source AI coding agents. By exploiting shell behaviors such as quote removal and variable expansion, attackers can hide malicious commands in repositories, README files, Makefiles, or other content consumed by AI agents. If executed — particularly in auto-approve or CI environments—the commands can steal credentials, compromise developer systems, or enable software supply chain attacks. [3]According to researchers at Adversa AI , the 11 popular open source AI coding agents tested, only one successfully blocked all of the Bash trick techniques.



[1] https://slashdot.org/~wiredmikey

[2] https://www.securityweek.com/decades-old-bash-tricks-expose-ai-coding-agents-to-supply-chain-attacks/

[3] https://adversa.ai/blog/opensource-ai-coding-agents-shell-injection-vulnerability/



What Is a Quantum Computer Good For? Absolutely Nothing - Yet (theverge.com)

(Sunday July 05, 2026 @11:34AM (EditorDavid) from the quantum-leaps dept.)

[1]The Verge argues that researchers "have made genuine progress in quantum computing — it's just been largely incremental and too esoteric to immediately capture the public's imagination."

And there are predictions that quantum computers will finally do something useful as soon as 2028:

> The drama can overshadow the real progress in quantum computing... Researchers have improved the qubits themselves, so they hold onto information longer. When they hold onto information longer, you can fit in more operations and do more complicated algorithms. Last November, Andrew Houck of Princeton University and his colleagues reported that they'd [2]made a superconducting qubit that can hold onto information three times longer than the previous record holder... And in the last two years, researchers have made substantial strides in what's known as quantum error correction... In addition, researchers have developed algorithms to correct errors while the quantum computer operates... Microsoft claimed, [3]which experts dispute , that it made an object made of electrons known as a Majorana particle [which should make fewer errors and be easier to scale up]...

>

> "We 100 percent stand behind our results. We stand by our roadmap," Microsoft's quantum lead, Chetan Nayak, [4]responded in an interview with The Verge. In an email statement, he added that Microsoft's "papers do show that we are creating and controlling Majorana [particles]... Microsoft's supporting evidence is unconvincing [according to [Henry Legg, a physicist from the University of St. Andrews and a longtime Microsoft critic]Rnqyq. What it claimed as evidence of a Majorana particle, he says, could actually be due to quantum dots forming in its device. Quantum dots are electron-containing objects that are not useful for Microsoft's quantum computer. It also bases its claim on data from a single device, says Legg. He wants to see Microsoft replicate the results in multiple chips. "If you repeatedly try and find Jesus in your toast, eventually you'll find Jesus in your toast," he says. "But that one piece of toast doesn't mean you had some kind of epiphany."

>

> "While we appreciate the religious fervor, our data maintains the strength and consistency of our roadmap, as we have for the past several years across previous milestones. We look forward to delivering the world's first quantum machine and sharing the energy of our achievements with the world," wrote Nayak in response.

>

> Past spurious work from Microsoft-affiliated researchers adds to the doubt. In 2021, the journal Nature [5]retracted an article from Microsoft-affiliated researchers in which they'd claimed strong experimental evidence that they'd created a Majorana particle.

"Even hopeful experts have varying opinions about when a quantum computer will demonstrate something useful," the article acknowledges.

But quantum computing lecturer Eleanor Crane of King's College London predicts researchers will have demonstrated a useful scientific simulation on a quantum computer by 2028.

Thanks to Slashdot reader [6]joshuark for sharing the article.



[1] https://www.theverge.com/science/959466/quantum-computer-majorana-2-microsoft-trump-eo

[2] https://www.nature.com/articles/s41586-025-09687-4

[3] https://www.nature.com/articles/s41586-026-10567-8

[4] https://www.theverge.com/tech/956450/nature-microsoft-quantum-computing-majorana-1-claims

[5] https://www.nature.com/articles/nature26142

[6] https://www.slashdot.org/~joshuark



Startup Targets Datacenters With 3D-Printed Nuclear Reactor Module (theregister.com)

(Sunday July 05, 2026 @11:34AM (BeauHD) from the first-of-its-kind dept.)

Startup Ampera has [1]unveiled what it calls the [2]first 3D-printed nuclear reactor module , built around a silicon-carbide core and pressure vessel designed for a thorium-based microreactor. The company says future systems could deliver 15 or 30 megawatts for up to 30 years without refueling. When The Register asked about availability, their spokesperson said: "We expect the power generation portion of the system to be available as early as 2027, with the nuclear module being available to customers about 2030 based on regulatory approval." From the report:

> Founder and CEO Brian Matthews revealed the prototype microreactor, which features a fully 3D-printed silicon carbide reactor core and pressure vessel. "This next-generation nuclear core and pressure vessel sets the foundation for factory-built, mass-produced nuclear energy," Matthews said. "The advanced technology and additive manufacturing used demonstrate a clear commercial path for new nuclear technology coming to market in an accelerated manner." His company is developing a subcritical, solid-state, factory-built thorium-based nuclear reactor. Subcritical means the fuel cannot sustain a nuclear chain reaction on its own, which prevents a runaway power excursion.

>

> Ampera uses "solid-state" to describe a design with solid rather than liquid fuel. The proposed fuel uses tristructural isotropic, or [3]TRISO , particles, consisting of a fuel kernel containing thorium, surrounded by multiple ceramic and carbon layers. [...] "Thorium is the future for ultra-safe, clean power production," Matthews said at the time. "By producing TRISO thorium kernels in the United States, we can ensure ample access to the needed fuel supply as we scale up and also minimize price volatility risk."

>

> Ampera also describes the heart of the reactor as as a spherical monolithic gyroid core. A gyroid, as far as we can fathom, is a complex shape that provides a massive surface area relative to its volume, making it well-suited for heat transfer. Its complexity makes it difficult to produce using conventional manufacturing methods, which is where additive manufacturing comes in. The core is 3D-printed using silicon carbide and designed to operate for up to 30 years without refueling, the firm claims. Ampera says its planned systems will provide 15 or 30 MWe, depending on the configuration, enough to supply a typical datacenter. Larger configurations are planned. Matthews said that his company expects to be the first to industrialize factory-built nuclear power with near-term deployment timelines.



[1] https://www.prnewswire.com/news-releases/ampera-marks-major-nuclear-milestone-863473352.html

[2] https://www.theregister.com/systems/2026/07/03/startup-targets-datacenters-with-3d-printed-nuclear-reactor-module/5266480

[3] https://www.energy.gov/ne/articles/triso-particles-most-robust-nuclear-fuel-earth



Video Game History Foundation Says Piracy Remains the Only Viable Preservation Method (techspot.com)

(Sunday July 05, 2026 @11:34AM (BeauHD) from the running-out-of-options dept.)

An anonymous reader quotes a report from TechSpot:

> Video Game History Foundation founder Frank Cifaldi recently supported claims that [1]piracy is the only effective way to preserve video games . The comments lay the blame squarely on game companies' refusal to keep legacy content available or allow archivists to build legal repositories. Sony's [2]announcement that all PlayStation games will be digital-only from 2028 onward has sparked concern that titles will become harder to preserve and more easily vanish, since the company's servers will become the sole point of distribution. In an official statement, Cifaldi noted that the end of physical PlayStation games has surprisingly little impact on the Foundation's efforts because the majority of games from the last two decades are already digital-only.

>

> According to the Foundation, most games nowadays are not released for consoles, let alone on physical discs. Furthermore, many discs for major titles require downloading updates before they are playable, although the DoesItPlay database reveals that, even today, most are playable offline out of the box. Cifaldi claimed that the true reason piracy remains the best option for preservation is that the Entertainment Software Association, which lobbies for game publishers, has closed off other routes. For example, in 2018, the Association opposed efforts to grant copyright exemptions for museums, libraries, and archives to retain copies of abandoned online games for research.

>

> This is the same organization that recently helped defeat a proposed California bill to preserve premium-priced online-only games by falsely claiming that community servers are illegal. The Foundation accused the ESA of repeatedly blocking attempts by cultural heritage institutions to reform DRM legislation. Cifaldi also described the Library of Congress' outdated software preservation process, which currently only requires tiny snippets of source code. For example, Capcom once asked the Foundation to provide the LoC with "the first and last ten pages of code" for a Mega Man game. Unable to discern where digital records began and ended, the group simply chose random segments. Platform holders' habit of closing online storefronts and removing media from users' accounts is also unhelpful.

"What continues to baffle us is what the industry expects institutions like ours to do about it," the Video Game History Foundation [3]said . "If platform owners are deciding to eliminate physical media and older digital storefronts, then we'd also like to see trade groups like the Entertainment Software Association offer meaningful solutions for archives and museums to legally preserve digital-only content and make it accessible for research.



[1] https://www.techspot.com/news/112985-video-game-history-foundation-founder-piracy-remains-only.html

[2] https://games.slashdot.org/story/26/07/01/1734219/sony-playstation-will-stop-releasing-games-on-discs-in-2028

[3] https://bsky.app/profile/gamehistoryorg.bsky.social/post/3mpm6jzps6k2i



Alibaba To Ban Claude Code In Workplace Over Alleged Backdoor Risks

(Sunday July 05, 2026 @04:34AM (BeauHD) from the code-cold-war dept.)

Alibaba has reportedly [1]banned employees from using Anthropic's Claude Code and directed them to its own Qoder platform amid a growing dispute over features that can help identify China-linked users. Reuters reports:

> The ban is part of a deepening spat between the two companies after Anthropic accused Alibaba of [2]illicitly extracting its Claude AI model capabilities -- a dispute that highlights the frantic race between the U.S. and China to take the lead in artificial intelligence. [...] Anthropic said last month that it had suffered a strike by Alibaba, which it described as a "distillation" effort that involves training a less capable model on the outputs of a stronger one. The distillation helps accelerate China's ability to reach Anthropic's advanced Mythos Preview capabilities, it said in a letter seen by Reuters that was sent to two U.S. senators.

>

> Alibaba's ban comes just days after developers said Claude Code contained mechanisms that inspected user environments, including timezone and proxy-related information, and inserted subtle markers into prompts sent to Anthropic's servers. An Anthropic employee wrote on Tuesday on X that the feature was "an experiment we launched in March" intended to prevent account abuse by unauthorized resellers and protect against model distillation. The person who spoke to Reuters about Alibaba's ban said that Anthropic's restrictions targeting China were difficult to enforce on individual users who can deploy servers in the United States and make traffic appear as if it originated there. But companies were more aware of legal and compliance risks, the person added.



[1] https://www.reuters.com/world/china/alibaba-ban-claude-code-workplace-over-alleged-backdoor-risks-source-says-2026-07-03/

[2] https://yro.slashdot.org/story/26/06/25/1810226/anthropic-says-alibaba-must-be-punished-for-largest-claude-cloning-attack



Valve Open-Sources Steam Machine's E-Ink Display (gamingonlinux.com)

(Sunday July 05, 2026 @04:34AM (BeauHD) from the good-move dept.)

Valve has [1]open-sourced the design for a customizable e-ink front panel for the Steam Machine, dubbed the "Inkterface." "All of it is available on [2]their GitLab under the MIT license, which goes over everything you need to make your own and stick it on the front of your fancy new Steam Machine," reports GamingOnLinux. From the report:

> They're now calling it the "Inkterface" and there's a good few things you'll need to make it including:

> 1 x Adafruit ESP32 Feather with 2MB PSRAM.

> 1 x Adafruit eInk Breakout Friend.

> 1 x Adafruit 5.83" Monochrome eInk Panel.

> 13 x M2.5 x 5mm Pan Head Machine Screws.

> 4 x 1/4" x 1/4" x 3/16" Stepped Magnet SB443-OUT.

>

> Valve even [3]provided a video on the GitLab showing it being put together [...].



[1] https://www.gamingonlinux.com/2026/07/valve-open-source-the-steam-machine-e-ink-screen-so-you-can-make-your-own/

[2] https://gitlab.steamos.cloud/SteamHardware/SteamMachine/inkterface

[3] https://www.youtube.com/watch?v=TeojwRnhEB4



New PamStealer macOS Malware Uses Clever Tradecraft To Remain Stealthy (arstechnica.com)

(Saturday July 04, 2026 @09:34PM (BeauHD) from the what-will-they-think-of-next dept.)

An anonymous reader quotes a report from Ars Technica:

> Researchers have [1]found a never-before-seen piece of macOS malware that combines a series of clever tradecraft to [2]infect Macs with stealthy, custom-developed credential-stealing code . The malware is delivered in two stages. The first is distributed in a disk image that masquerades as [3]Maccy , a clipboard manager for Macs. It's compiled as AppleScript that is notable for the way it delivers the second stage. The malware is named PamStealer because the Rust-written infostealer uses the Pluggable Authentication Modules interface built into macOS to validate the target's login password before sending it to an attacker-controlled server.

>

> [...] PamStealer shows a native password prompt designed to resemble a system authorization request. Text that appears with the prompt says: "Maccy wants to make changes. Enter your password to allow this." As noted earlier, once a target complies, the malware validates it locally through the PAM API. "This check is done entirely through PAM: there is no call out to dscl, security, osascript or any spawned process to verify the password, as many commodity macOS stealers do," [said Jamf, a security firm for macOS users]. "The result is a quieter routine that keeps only a verified password, and one fewer process chain for defenders to detect on."

>

> If the validation fails, PamStealer displays the prompts again until it receives the correct one. Once the target enters the correct password, PamStealer displays a message stating that the file is damaged and can't be installed. This is designed to be a decoy to prevent the target from suspecting anything is amiss. The malware uses tactics to maximize the information it can steal. One tactic is to request the target grant full disk access to the fake Maccy app. It also contains code designed to access ethereum accounts. The various techniques -- particularly the Script Editor lure, a self-contained JXA dropper, a Rust-based second stage, and local validation of credentials through PAM are all noteworthy.



[1] https://www.jamf.com/blog/pamstealer-macos-infostealer-applescript-rust/

[2] https://arstechnica.com/security/2026/07/new-pamstealer-macos-malware-uses-clever-tradecraft-to-remain-stealthy/

[3] https://maccy.app/



US Life Expectancy On Track To Reach Record High (cnn.com)

(Saturday July 04, 2026 @09:34PM (BeauHD) from the would-you-look-at-that dept.)

The US age-adjusted death rate fell to a record low in 2025, [1]likely pushing life expectancy to a record high as overdose deaths declined and mortality improved across all age groups. CNN reports:

> There were about 689 deaths for every 100,000 people in the US in 2025, according to a new report from the US Centers for Disease Control and Prevention -- the lowest rate recorded in more than a century of tracking. The age-adjusted rate has fallen 22% since 2021, landing about 4% lower than it was just before the pandemic in 2019. [...] The top causes of death in the US in 2025 followed longstanding patterns: Heart disease led with nearly 695,000 deaths, followed by cancer with nearly 623,000 deaths.

>

> Unintentional injuries, which includes drug overdoses, were the third leading cause of death. Overdose deaths are still high -- about 70,000 people died from an overdose in 2025, preliminary CDC data shows -- but experts say that sharp declines probably played a large role in bringing the age-adjusted death rate down in the US.



[1] https://www.cnn.com/2026/07/02/health/us-death-rate-record-low-cdc-report-longevity



Amazon Has Enough Satellites To Launch Its Starlink Competitor (theverge.com)

(Saturday July 04, 2026 @05:34PM (BeauHD) from the better-than-nothing dept.)

Amazon says its Leo satellite network [1]now has enough spacecraft in orbit to begin limited commercial internet service , with 396 satellites providing "continuous service across initial latitudes." Early performance will likely be uneven, however, and well behind Starlink. "It'll be years before Amazon can boast similar performance numbers as it continues to launch a planned 3,232 Leo satellites," reports The Verge. From the report:

> SpaceX went live with its "Better than nothing beta" back in 2020 when it had almost 900 satellites operating in low-Earth orbit. It initially served a narrow band of users in the upper US and Canada, who complained about frequent service interruptions and high sensitivity to obstructions, with speeds between 50Mbps and 150Mbps, and latency from 20ms to 40ms. By 2022, the service and coverage areas had already dramatically improved. [...]

>

> SpaceX currently has over 10,000 Starlink satellites in operation, providing robust internet connectivity on land, sea, and air in over 160 countries. Performance varies by the dish, service level paid for, time of day, and location of the user, but we're now talking 200Mbps median download speeds, 10Mbps to 40Mbps uploads, and latency hovering around 25ms.



[1] https://www.theverge.com/science/960563/amazon-leo-service-tipping-point



Sitting For More Than 30 Minutes At a Time Linked To Higher Risk of Cancer Death

(Saturday July 04, 2026 @11:34AM (BeauHD) from the prolonged-inactivity dept.)

An anonymous reader quotes a report from The Guardian:

> Researchers who tracked more than 90,000 people over a decade found that sitting or lying down while awake for more than 30 minutes in one period each day was [1]associated with an increased risk of cancer death . The risk increases for every additional hour of continuous inactivity, the findings suggest. However, the researchers also found breaking up periods of sedentary behavior longer than 30 minutes with bursts of physical activity could help reduce the risk. Getting up every half-hour, even for a short walk around the office, could do wonders for your health, they said.

>

> [...] The findings, [2]published in Plos Medicine , focused on the health effects of prolonged sedentary behavior on a daily basis. [...] The team analyzed data from wearable devices worn by more than 91,000 UK Biobank participants, who were followed for an average of 12 years. The findings suggest prolonged inactivity lasting more than 30 minutes was associated with cancer risks. Each additional hour of prolonged inactivity every day was associated with a 10% increase in risk of cancer death. However, replacing long spells of inactivity with movement appeared to reduce that risk. Substituting one hour of sedentary behavior each day with light physical activity, such as ironing or washing up, was associated with a 12% lower risk of cancer death.

>

> Replacing 30 minutes of inactivity each day with 30 minutes of moderate physical activity, such as walking at an average pace, was associated with an 8% lower risk. The risk was 22% lower when five minutes of inactivity was replaced with five minutes of vigorous physical activity each day, the study suggested. There were limitations to the research, including the fact that the researchers performed a statistical analysis of an observational study, so could not prove causation.



[1] https://www.theguardian.com/science/2026/jul/02/sitting-minutes-cancer-death-risk-study

[2] https://journals.plos.org/plosmedicine/article?id=10.1371/journal.pmed.1004767



Labor Force Participation Rate Falls To Lowest In 50 years (cnbc.com)

(Saturday July 04, 2026 @11:34AM (BeauHD) from the mass-exodus dept.)

The US unemployment rate [1]fell to 4.2% in June largely because 720,000 people left the labor force, pushing participation to 61.5%. Excluding the Covid-era jobs market, that's the lowest participation rate since June 1976. CNBC reports:

> The decline in the labor force marks a "massive exodus" driven by multiple factors, said Mike Reid, head of U.S. economics at RBC. "The unemployment rate fell to 4.2% as both the number of unemployed workers and the size of the labor force pulled back," Reid wrote in a post-report commentary. "This may well be a story of retirements but could also be a story of prior job seekers dropping out of the labor force."

>

> [...] [T]he rolls of those counted as not in the labor force, a group that includes the unemployed and those not looking for work, jumped by 832,000. And while the establishment survey, which counts jobs filled, showed growth for the month of 57,000, the survey of households, which counts the actual level of those working, tumbled by 507,000. On a year-over-year basis, the labor force is down by just over 1 million, while the level of the employed also has fallen by 1.06 million and the ranks of the unemployed have risen by 40,000. The employment-to-population ratio slipped to 59% in June, the lowest since October 2021. All that has happened while the unemployment rate has risen by just one-tenth of a percentage point to 4.2%.

>

> The drop in participation is sometimes attributed to a shrinking immigrant population and retiring baby boomers and Gen Xers. However, in June the biggest plunge came from what is defined as "prime age" workers, or those between the ages of 25 and 54. That rate fell 0.6 percentage point to 83.3%, its lowest since December 2023. "Looking at the statistics now, that argument doesn't hold up so well," North said of the retirement and immigration rationale. "I hate to use the word 'alarming,'" he added, but said the numbers are cause for concern.



[1] https://www.cnbc.com/2026/07/02/job-seekers-giving-up-labor-force-participation-rate-falls-to-lowest-in-50-years-outside-of-covid-era.html



AI Agent Executes 'First' End-To-End Ransomware Attack

(Saturday July 04, 2026 @11:34AM (BeauHD) from the first-of-its-kind dept.)

Sysdig says it has documented the [1]first ransomware attack carried out end to end by an AI agent , which autonomously exploited exposed systems, stole credentials, established persistence, compromised a production database, and destroyed data. The research team named the attacker "JadePuffer" and said it gained initial access to an internet-facing [2]Langflow instance by exploiting [3]CVE-2025-3248 . "The most striking characteristic, however, was the LLM's behavior," Sysdig director of threat research Michael Clark said in a [4]blog post . An anonymous reader quotes an excerpt from The Register:

> JadePuffer's "self-narrating" payloads "contained natural language reasoning, target prioritization, and the kind of detailed annotations that human operators don't often write but LLM-generated code produces reflexively," Clark added. "The operation also adapted in real time, retrying failed steps within refined parameters. In one sequence, it went from a failed login to a working fix in 31 seconds." After exploiting CVE-2025-3248, a missing authentication vulnerability in Langflow that allows remote, unauthenticated attackers to execute arbitrary Python on the host, the AI agent began scanning for and collecting secrets, including LLM provider API keys, cloud credentials "with explicit coverage of Chinese providers" including Alibaba, Aliyun, Tencent, and Huawei, while also scanning for AWS, Azure and Google Cloud Platform, cryptocurrency wallets, and database credentials.

>

> The AI also installed a crontab entry on the Langflow server to maintain persistence and call back to the attacker's infrastructure every 30 minutes. JadePuffer's intended target was a separate internet-exposed production server running a MySQL database and an Alibaba Nacos configuration service, we're told. Nacos is an open-source service-discovery and dynamic configuration platform developed by Alibaba and used in the cloud provider's microservices applications. The agent connected to the server's exposed MySQL port using root credentials, although Sysdig doesn't know how the attacker obtained them. These credentials weren't stolen from the victim's environment.

>

> JadePuffer then attacked Nacos via multiple vectors including an authorization bypass flaw (CVE-2021-29441) and forging a valid JSON web token (JWT) using Nacos's default signing key. Additionally, using its root database access, the LLM injected a backdoor administrator into the Nacos backing database. It ultimately encrypted all 1,342 Nacos service configuration items using MySQL's built-in AES encryption function, and created an extortion demand, ransom note, Bitcoin payment address, and a Proton Mail contact [...]. However, according to the threat hunters, the victim can't recover the encrypted data, even if they paid the ransom demand, because the agent escalated "from row-level deletion to dropping entire database schemas, narrating its own targeting rationale," without backing up any of the encrypted data.



[1] https://www.theregister.com/security/2026/07/02/smooth-ai-criminal-drives-first-end-to-end-agentic-ransomware-attack/5266073

[2] https://github.com/langflow-ai/langflow

[3] https://nvd.nist.gov/vuln/detail/CVE-2025-3248

[4] https://www.sysdig.com/blog/jadepuffer-agentic-ransomware-for-automated-database-extortion



Godot Game Engine No Longer Accepts AI Code

(Saturday July 04, 2026 @11:34AM (BeauHD) from the suffering-from-slop dept.)

The Godot Foundation will [1]stop accepting AI-authored code , agent-submitted pull requests, and AI-generated text in contributor communications after maintainers were overwhelmed by low-effort submissions. "It is time for us to recognize that these problems aren't going away and therefore we need to take steps to reduce the burden on maintainers while ensuring we still have a pipeline to mentor new contributors to become future maintainers," the Godot Foundation [2]said in a blog post. Contributors may still use AI for limited "menial things" if they disclose it, but humans must understand, own, and be able to fix the code they submit. PC Gamer reports:

> The Foundation says the pileup of Godot pull requests pending review isn't all bad: It's a sign that interest in using and contribution to Godot is increasing. But the influx of contributions authored or submitted by AI is sapping the projects' maintainers of their willingness to confront the "already tedious" work of reviewing pull requests. "If your feedback on PRs is just being absorbed by a machine and not going towards mentoring a potential future maintainer, it becomes much harder to justify spending your free time on PR review," the Foundation said.

>

> As the problem becomes increasingly unsustainable, the Godot Foundation says it's in the process of updating its contribution policies, focusing on "adding barriers to low-effort slop" contributions, encouraging maintainers to review code, developing new contributors into future maintainers, and crucially, requiring that all contributions come from humans who are accountable for their code -- and fixing it if it fails. "AI cannot take responsibility, and we can't trust heavy users of AI to understand their code enough to fix it," the Foundation said.

>

> The Foundation says we can expect Godot's contributing policy to soon include explicit rejections of AI-authored code, noting that contributors should only use AI assistance for "menial things" and must disclose its use. Additionally, the Foundation will reject any AI-generated text in human-to-human communications, saying it's "a basic principle of respect" -- though it says machine translations "are still acceptable" if the original text was human-authored. "Things change every day with respect to the current suite of AI tools available," the Foundation said. "We will continue taking a conservative approach in our policies towards them, but we will re-evaluate as things evolve."



[1] https://www.pcgamer.com/gaming-industry/open-source-game-engine-godot-will-no-longer-accept-ai-authored-code-contributions-we-cant-trust-heavy-users-of-ai-to-understand-their-code-enough-to-fix-it/

[2] https://godotengine.org/article/contribution-policy-2026/



Meta Is Charging a Subscription for Smart Glasses Features (wired.com)

(Saturday July 04, 2026 @11:34AM (BeauHD) from the subscription-fatigue dept.)

Meta is [1]introducing a subscription for [2]expanded access to advanced smart-glasses features . According to Wired, "[U]sers will need the [3]Meta One Premium Plan to unlock expanded access to some features for their smart glasses, whether it's the Ray-Ban, Oakley, or Meta-branded version." They'll still be usable with a subscription, but "certain features will be limited," the report says. From the report:

> Specifically, a feature called Conversation Focus, which boosts the audio of the person you're speaking with so you can hear them better in loud environments. You'll get three hours per month without a subscription, but if you want to use it more often, then you'll need to pay up. Though even then, you're still capped at 15 hours. Subscribing also nets you "Premium Device Support," where you'll get faster access to what Meta says are "human experts" trained on the smart glasses' features, should any problems arise. Guess humans are better at some things after all.

>

> A Meta spokesperson tells WIRED that this is "not an AI rate limit." Rate limits are common on other AI platforms -- users get free access to a feature until they hit a certain cap, then they'll need to subscribe to use it more until the limit resets at the end of the month. However, the Conversation Focus feature runs on-device, meaning it doesn't need to head to Meta's servers for AI processing. There's no real-time way to monitor how many hours you've used Conversation Focus, but you'll receive a notification when you get near the limit.

>

> "The subscription supports that ongoing work and gives power users expanded access along with premium device support," the spokesperson says. "We're going to start testing new optional subscription plans that offer more premium features and advanced capabilities for those who want to unlock more from our apps and AI glasses."



[1] https://www.theverge.com/gadgets/959899/meta-ai-glasses-paywall-rate-limit

[2] https://www.wired.com/story/why-meta-is-charging-a-subscription-for-on-device-smart-glasses-features/

[3] https://www.meta.com/help/subscriptions/960854640235758/?srsltid=AfmBOoqofO93I3X3YXPm7G6aP2LDYwj4LR26F0ieUQSPDAVNZGVOj26b



OpenAI 'In Early Talks To Give 5% Stake To US Government'

(Saturday July 04, 2026 @11:34AM (BeauHD) from the financial-stakes dept.)

OpenAI is [1]reportedly in early talks to [2]give the U.S. government a 5% stake , potentially alongside similar contributions from other major AI companies. "Such a deal would help improve the industry's relations with the Trump administration and could help garner political support by sharing wealth generated by the AI boom with the public," reports The Guardian. From the report:

> [OpenAI CEO Sam Altman] and other OpenAI bosses have suggested that each of the biggest AI developers in the US should give 5% to their equity to an investment vehicle such as the Alaska Permanent Fund, a sovereign fund that invests US oil wealth into stocks and pays dividends to the state, the FT reported.

>

> The talks are "conceptual" and in early stages, it said, and any deal could require an act of Congress to implement. Both OpenAI and Anthropic have previously suggested in policy papers that a public or sovereign wealth fund may be required in the future to distribute shares to the public. In April, OpenAI said that a "public wealth fund" could provide "every citizen -- including those not invested in financial markets -- with a stake in AI-driven economic growth."

Further reading: [3]Bernie Sanders Unveils $7 Trillion Plan To Give Americans Control of AI Industry



[1] https://www.ft.com/content/7c803eab-8e80-4431-9a87-e943bf00e00b?syn-25a6b1a6=1

[2] https://www.theguardian.com/technology/2026/jul/02/openai-stake-us-government-ai-sam-altman

[3] https://yro.slashdot.org/story/26/06/18/1914206/bernie-sanders-unveils-7-trillion-plan-to-give-americans-control-of-ai-industry



More

One of the advantages of being a captain is being able to ask for
advice without necessarily having to take it.
-- Kirk, "Dagger of the Mind", stardate 2715.2