SoylentNews

Arthur T Knackerbracket writes:

Now that doesn't mean Linux stable kernel maintainer Greg Kroah-Hartman thinks Rust is magic:

At the Rust Week conference, the world's biggest Rust language conference, in Utrecht, Netherlands, Linux stable kernel maintainer Greg Kroah-Hartman opened by saying: "I'm here to talk about untrusted data and Linux, and how Rust is going to save us." After "a long month or two on the kernel security list," he pushed that point even further: "I'm going to make even a bolder statement and say, 'You are going to save Linux.' Sorry, it's all on you."

What he was talking about was the sudden flood of serious Linux security holes being discovered, such as Dirty Frag, Copy Fail, and Fragnesia, that have come to light thanks to the latest AI bug-detection programs.

As a result, Kroah-Hartman, who has "seen every single kernel security bug ever" since 2005, said the kernel team is now issuing "13 CVEs [Common Vulnerabilities and Exposures] a day, or something, something crazy." He thinks Rust is one of the few realistic ways to slash the class of bugs that come from C's traditional error-handling and resource-management pitfalls.

Kroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where "we forgot to unlock" in an error path. "The majority of the bugs in the kernel are this tiny, minor stuff," he explained. "Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C. This is why we don't like it."

Kroah-Hartman argued that the "best beauty of Rust" is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: "The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy. You just can't write code to access these values...without grabbing the lock. The compiler will not let you."

Arthur T Knackerbracket writes:

The feds are raising the alarm about a new category of threat:

In the wake of attacks on CEOs, a nationwide protest movement targeting data centers, and increasing concerns about AI job replacement, federal intelligence agencies and domestic law enforcement are circulating reports with a new domestic target in mind: anti-technology extremists.

More than 1,000 pages of unpublished reports from the Department of Homeland Security, FBI, and fusion centers obtained by WIRED show a national shift taking place to surveil this new and worryingly broad category of people and activities deemed an emerging threat.

This new effort follows President Donald Trump's National Security Presidential Memo 7, which instructs the Department of Justice to target anyone holding "anti-American," "anti-Christian," and "anti-capitalism" beliefs. Earlier this month, Trump's counterterrorism czar, Sebastian Gorka, released a public counterterrorism strategy claiming that left-wing extremists are one of the three top counterterrorism priorities facing the United States.

Taken together, these Trump administration directives have commandeered the domestic surveillance apparatus to surveil and criminalize speech and assembly that challenges the ideology of the White House. A new focus on anti-technology extremism adds an unreported category to already public designations under a presidency that has heavily invested political and material capital in AI and data center proliferation.

Among the documents in the tranche obtained by WIRED is a New York Intelligence and Counterterrorism Bureau report that warns of widespread upheaval in response to AI adoption. Of particular note is a novel term for what the bureau purports to be an emerging extremism threat.

Arthur T Knackerbracket writes:

Stealth on a budget:

A Turkish researcher just shared details of a sprayable radar absorbent material (RAM) designed to be applied to drones and other small uncrewed aerial vehicles (UAVs). According to the Defense Blog, Yunus İnce and their small defense research firm have been working on the material, called Kürşat 3.0, for more than seven years. İnce shared test footage of the product with the publication, showing the claimed 43dB signal attenuation. This is a greater reduction compared to broadband coatings tested by academic researchers in standardized test conditions. However, the company's claims must still be validated by a third-party expert to prove that it actually works and makes it harder to detect UAVs.

Drone warfare has exploded in recent years, with the ongoing Russian invasion of Ukraine, which started in 2022, showing how these cheap and tiny gadgets could effectively stop the advance of a multi-million-dollar tank column. Both sides of the conflict have wholeheartedly adopted UAVs as part of their military tactics, and militaries around the globe are devising cost-effective ways of taking down this new threat, like using lasers, microwaves, or good ol’ kinetic energy. Drone operators and manufacturers are not taking these threats lightly, with companies working to make them harder to detect via radar.

[...] A UAV’s advantage is its small size and low cost, making it cost-inefficient to produce specialized radar-deflecting designs. However, the Kürşat 3.0 could be a game-changer if other scientists can confirm that it really works. Many UAVs are so small that it’s difficult to detect them at longer distances — covering them with this “spray-on” RAM would only make it harder for defenders to detect and lock on to them using traditional radar sets.

This coating is not the be-all and end-all of drone stealth, though. That’s because most drones are built for efficiency and speed, not stealth, so they lack the required geometry to deflect radar signals. This is especially true for quadcopters, where the four exposed blades would easily reflect signals back to the radar transceiver. But because they’re often already tiny, covering them in Kürşat 3.0 spray would increase their survivability and make it harder for defenders to target them on their radar scopes.

Original Submission

kolie has been hard at work producing a logical line for line copy of rehash (written in perl) in Python - including warts where they affect the functioning of the software. This will ensure that the software remains maintainable into the future, and gives kolie a chance to fix some previously unknown bugs.

PyHash is currently running on dev.soylentnews.org. Please take a look and report any problems / observations / comments in kolie's journal. This software is still under development as kolie explains. If you cannot log in with your usual username/password you might have to create a new account on dev.

An Anonymous Coward writes:

The flaw affects the boundary between the Linux CIFS client and cifs-utils, allowing local root access on some systems.

A newly disclosed Linux local privilege escalation vulnerability, CIFSwitch, allows an unprivileged local user to gain root access on certain systems via the Linux kernel's CIFS client and the cifs-utils userspace helper. CIFS, also known as SMB, is a network file-sharing protocol commonly used to access Windows file shares from Linux and other platforms.

Security researcher Asim Manizada disclosed the issue, describing it as a non-universal Linux local root vulnerability since exploitability depends on specific distribution configurations. A public proof-of-concept exploit is available, increasing the urgency for patching and mitigation on affected systems.

CIFSwitch exists at the interface between the kernel CIFS client and cifs.upcall, the cifs-utils helper for Kerberos-authenticated CIFS/SMB mounts. While CIFS is commonly associated with Windows file shares, Linux systems can also mount SMB shares using the kernel CIFS client.

The vulnerability arises from how CIFS uses Linux keyrings. Normally, the kernel requests a cifs.spnego key, and the system's request-key configuration launches cifs.upcall as root to handle Kerberos/SPNEGO authentication.

According to the disclosure, the vulnerability allows an unprivileged userspace process to request a forged cifs.spnego key description. The kernel failed to properly reject descriptions not originating from kernel CIFS, and the default request-key rule could still launch cifs.upcall as root.

The userspace helper then parsed attacker-controlled fields, including pid, uid, creduid, and upcall_target, as if they were generated by the kernel. By setting upcall_target=app, the helper could switch into a namespace controlled by the attacker.

Arthur T Knackerbracket writes:

https://www.tomshardware.com/tech-industry/jensen-huang-urges-super-micro-to-tighten-compliance

Huang told reporters at Songshan Airport that Nvidia insists its partners follow U.S. trade rules. "We insist our partners are compliant. We hope that they will enhance and improve their regulation compliance and prevent that from happening in the future," Huang said in an address to the media.

The Taiwan case is separate from, but closely related to, the much larger U.S. federal prosecution unsealed in March. That indictment charged Supermicro co-founder Yih-Shyan "Wally" Liaw and two others with conspiring to smuggle approximately $2.5 billion worth of Nvidia-equipped servers to China through shell companies in Southeast Asia. Liaw has pleaded not guilty, and Supermicro has said it’s not named as a defendant and is cooperating with the investigation.

In the same press scrum at Songshan Airport, Huang confirmed that China is included in the $200 billion addressable market he projected for Nvidia's upcoming Vera CPU during the company's earnings call on May 20th. "H200 has been licensed to ship to China. It would be terrific to be able to serve that market. The Chinese market is very important. It's very large, of course," Huang told reporters, according to Reuters.

Despite the licensing approval, not a single H200 has been delivered to a Chinese customer. While roughly 10 Chinese firms have been cleared to purchase the chip, shipments haven’t started, and President Trump's talks with Chinese President Xi Jinping in Beijing earlier this month produced no breakthrough on Nvidia chip sales.

Huang is in Taipei ahead of Nvidia's GTC Taipei event and his Computex keynote on June 1st, where he’s expected to explore the Vera Rubin platform's software stack. He described the platform as "the largest product launch, probably in the history of Taiwan," noting that each Vera Rubin NVL72 system contains nearly 2 million parts and involves around 150 Taiwanese ecosystem partners.

Original Submission

Arthur T Knackerbracket writes:

https://www.theregister.com/science/2026/05/26/bezos-rocket-fell-short-after-cryogenic-leak-cut-engine-thrust/5246481

The US Federal Aviation Administration (FAA) and Blue Origin have revealed what went wrong on the third flight of New Glenn and it looks like a cryogenic leak is our culprit. 

According to Blue Origin: "Prior to our second GS2 burn, we experienced an off-nominal thermal condition, and, as a result, one of the BE-3U engines didn't achieve full thrust to reach our target orbit."

The FAA's explanation was a little more detailed: "The final mishap report identified the direct cause of the mishap as a cryogenic leak that froze a hydraulic line and led to a thrust anomaly during the second stage engine burn."

The April 19 launch of the NG-3 mission started well. The first stage firing went well, and the booster made a successful landing on Blue Origin's floating landing platform, Jacklyn. However, during the second burn of the second stage (dubbed GS2), things went awry. One of the two BE-3U engines failed to achieve full thrust, leaving the payload, AST SpaceMobile's BlueBird 7 satellite, in a lower-than-planned orbit. AST SpaceMobile later said the spacecraft would be deorbited.

All told, nine corrective actions were identified to prevent a repeat of the problem, and Blue Origin says all have been implemented ahead of the next New Glenn launch. The FAA said it will verify those changes before the rocket flies again.

It is, however, not immediately clear what payload the company will be launching. Blue Origin CEO Dave Limp showed off a video of the next vehicle being lifted onto the Transporter Erector, but gave no further details.

Like SpaceX, which will be launching the next batch of AST SpaceMobile BlueBird satellites, Blue Origin has several targets to hit. It is expected to launch an uncrewed lunar lander this year and deliver NASA's off-again-on-again VIPER mission to the lunar surface in late 2027.

NASA boss Jared Isaacman said in recent weeks that SpaceX and Blue Origin had told the agency both would have vehicles "to meet our needs" for a late 2027 rendezvous, docking, and capability test tied to Artemis III.

Approval from the FAA removes one distraction for the company. However, time is running out for Blue Origin to accomplish its goals before the end of next year.

Original Submission

Arthur T Knackerbracket writes:

https://www.tomshardware.com/tech-industry/drone-breaks-world-speed-record-with-453-mph-in-test-run-exotic-sawtooth-carbon-fiber-propeller-blades-one-of-the-key-advances-in-the-blackbird-design

These changes seemed to have pushed the team’s drone further, as it achieved 393 mph (633 kph or 341 kts) in its first test run. Unfortunately, physics got the better of them, as antenna geometry, the Doppler effect, and signal overload caused the drone to lose connection from the controller at such a high speed. The two did not bother attempting to recover it, as they knew that it was lost for good at these speeds. Furthermore, even if the drone lost connection right in front of the controller, it would have traveled miles at its current speed before it would have crashed.

Thankfully, they still had another drone available for testing and another set of their updated propellers. So, they set out again the following day and continued their tests. It seemed that they only had enough batteries for two test runs, and adverse weather was quickly approaching, so they had to set up quickly and get to flying. It was also a windy day, so they made one downwind flight and one upwind flight, and they just averaged the speeds between the two to get a rather fair result.

It was on the downwind test flight that they achieved their record 453 mph, which is above the 441-mph record that they initially hoped for. However, when they accounted for the 34-mph tailwind, this meant that the drone only had an actual airspeed of 419 mph (674 kph or 364 kts). For their final test run, the duo achieved 397 mph (640 kph or 345 kts) against the wind. They averaged the two runs, getting a figure of 425 mph (685 kph or 369 kts) — this might be a bit short of the more than 434 mph (700 kph or 377 kts) they hoped to achieve, but it still beats the current world record.

If you want to make your own attempt at achieving the drone world speed record, you can actually get guidance through their Drone Pro Hub website. And while they use custom propeller blades made by a professional, you can actually 3D print the body and other components at home with one of the best 3D printers you can buy.

Original Submission

Arthur T Knackerbracket writes:

https://www.theregister.com/science/2026/05/26/japanese-space-agency-names-arrival-date-for-bepicolombo-mercury-mission/5245906

Japan's Aerospace Exploration Agency (JAXA) has offered a definitive date for the BepiColombo mission's arrival at Mercury.

BepiColombo is a joint effort between JAXA and the European Space Agency. The mission involves three craft: A vehicle called the Mercury Transfer Module (MTM), which carries the ESA's Mercury Planetary Orbiter (MPO) and JAXA's Mercury Magnetospheric Orbiter (MMO).

The MTM's primary role is getting the two orbiters to Mercury, but mission boffins have used its cameras to snap images of Earth, Venus and Mercury in the seven-and-a-half years since its October 2018 launch.

The mission plan called for the MTM to swing around the Earth once and Venus twice, plus six loops around Mercury. A thruster glitch saw mission planners revise that itinerary and meant the probe would arrive in orbit at Mercury in November 2026 – eleven months later than first planned.

In a Monday Xeet from a JAXA X account dedicated to the MMO, the Japanese space agency revealed the exact date BepiColombo will arrive: November 21.

"We'll gently be captured by Mercury's gravity and enter orbit," the Xeet states, before adding that Japan's orbiter will detach from the MTM on December 10.

Mission plans assume another few weeks will pass before either orbiter gets down to work.

BepiColombo is humanity's third mission to Mercury, following 1973's Mariner 10 and 2004's Messenger. The MMO and MPO carry instruments that, it's hoped, will help to enhance our understanding of Mercury's interior and magnetosphere.

We currently know very little about Mercury because it is so close to the Sun that spacecraft must avoid being trapped by the massive gravity of Earth's nearest star, which makes navigation and ongoing operations complicated. Once spacecraft do reach Mercury, temperatures are fierce even hundreds of kilometres above the planet's surface. The ESA has used the example of a laptop that can work inside a pizza oven to illustrate the difficulties its probe will face and loaded its MPO with radiators and 94kg of insulation to protect its instruments.

The planet, our solar system's smallest and most dense, also defies observation from telescopes because the Sun shines so brightly it can damage sensitive optics.

BepiColombo's imminent arrival therefore brings hope that humanity can learn more about a planet that, thanks to its speedy orbit, is often closer to Earth than any other.

Original Submission

owl writes:

https://www.righto.com/2026/05/microcode-inside-intel-8087-floating.html

In 1980, Intel introduced the 8087 floating-point chip, a co-processor that made floating-point operations up to 100 times faster. This chip was highly influential, and today most processors use the floating-point standard introduced by the 8087.

The 8087 uses complicated algorithms to accurately compute functions such as square roots, tangents, and exponentials. These algorithms are implemented inside the chip in low-level code called microcode. I'm part of a group, the Opcode Collective, that is reverse-engineering this microcode. In this post, I take a close look at the microcode for one of the 8087's instructions—FXCH—and explain how the microcode works. The FXCH (Floating-point Exchange) instruction exchanges two floating-point registers. You might expect this instruction to be trivial, but there's more going on than you might expect; the microcode uses 14 micro-instructions to implement the exchange instruction.

To explore the microcode, I opened up an 8087 chip and created a high-resolution image with a microscope. The large microcode ROM occupies a central position, holding the micro-instructions that control the chip. The microcode engine on the left steps through the microcode, handling jumps and subroutine calls. The bottom half of the chip is the "datapath", the circuitry that performs floating-point calculations; it is split into a 16-bit datapath for the number's exponent and a 64-bit datapath for the number's fractional part (also known as the significand).

Original Submission

Snotnose writes:

Be afraid. Very afraid..

1. Political Appointees Take Control of Grant Awards (§200.205). Senior political appointees, rather than career scientists or program officers, would now be required to conduct a "pre-issuance review" of every discretionary grant before it is awarded. These appointees are explicitly forbidden from deferring to peer reviewers or routinely ratifying their recommendations.

2. Peer Review Is No Longer Binding The rule explicitly states that peer review recommendations "remain advisory and are not ministerially ratified, routinely deferred to, or otherwise treated as de facto binding."

3. "Gold Standard Science" as an Undefined Political Test (§200.205) without defining it in any concrete or measurable way.

4. Active Grants Can Be Terminated at Any Time, for Any Reason (§200.340). The rule codifies and expands the authority to terminate active grants mid-award simply because they are "inconsistent with program goals or agency priorities."

5. DEI, Gender Research, and Related Topics Banned as Grant Conditions (§200.300)

6. Broad Prohibition on International Scientific Collaboration (§200.220)

7. "Domestic-First" Framework for Research Awards (§200.202(e))

8. Applicants Can Be Denied Based on Organizational "Affiliations" (§200.206)

9. E-Verify Mandated for All Grant Recipients (§200.303)

10. OMB Claims Direct Binding Authority Over All Agencies

There's 19 total, some might have merit with a bit of tweaking but the majority of this is flat out anti-science garbage.

Original Submission

cereal_burpist writes:

A London startup trained an AI on 4.1 million recipes across seven languages

• KAIKAKU.AI published Epicure, a family of three ingredient AI models trained on 4.14 million multilingual recipes.
• The model doesn't store recipes—it stores what was learned from them, letting users navigate cooking knowledge mathematically.
• Three variants—Cooc, Chem, and Core—sit at different points on a recipe-context vs. flavor-chemistry spectrum, each answering a slightly different culinary question from the same 2MB file.

Josef Chen says he compressed all of human cooking into two megabytes. That's a bold claim. It also checks out.

Chen, co-founder and CEO of London food AI startup KAIKAKU.AI, published a paper on arXiv this week, alongside researcher Jakub Radzikowski, presenting Epicure—three AI models trained on 4.14 million recipes pulled from 11 datasets across seven languages. The result: a map of 1,790 ingredients, each described by 300 numbers, ...
[...]
Think of it as a map. Every ingredient gets a precise location based on how it behaves across millions of real dishes worldwide. The math is blunt: 1,790 ingredients × 300 numbers per ingredient × 4 bytes each ≈ 2.05 megabytes. Those numbers encode which ingredients appear together, which share flavor compounds, and which belong to the same culinary tradition. Once the model learns all that from the recipes, the recipes can go. The knowledge lives in the coordinates.

This is essentially the same trick word2vec pulled on language back in 2013, when Google researchers showed that you could do arithmetic with meaning. Epicure does that for food. Take beef, point it toward America and you'll get bread, lettuce, maybe beer. Point it toward South East Asia and the model stops thinking about burgers and grills and starts thinking about soy sauce, ginger, and sesame oil.
[...]
Epicure comes in three versions, and picking the right one depends on what you're actually asking. Cooc learns from recipe co-occurrence—what shows up together in real dishes. Chem learns from flavor chemistry—which ingredients share aroma compounds from the FlavorDB chemical database. Core is a mix between the previous two.

Arthur T Knackerbracket writes:

The company was doing a hotfire test to prepare for New Glenn's next mission:

Blue Origin's New Glenn rocket has exploded on its launchpad at Cape Canaveral Space Force Station while the company was conducting ground tests for an upcoming launch. The company explained that it "experienced an anomaly" during a hotfire test and will provide more details about the incident when it learns more. On X, company owner Jeff Bezos said all personnel are safe and account for. Blue Origin has already started investigating, but it's too early to know the root cause of the explosion. "Very rough day, but we'll rebuild whatever needs rebuilding and get back to flying," he added. "It's worth it.

As you can see in the footage of the explosion above, it pretty much obliterated the rocket, the structure and the equipment around it. As The New York Times reports, that's Blue Origin's only launchpad for New Glenn, and it could take several months for the company to repair it.

The incident could affect Blue Origin's participation in NASA's Artemis and Moon Base programs, wherein it's expected to provide a commercial lunar lander for both cargo and crew. NASA even chose Blue Origin over SpaceX for the Moon Base I mission, which it's hoping to launch this fall. Blue Origin's lunar missions require the use of its New Glenn rocket, but with its launchpad now out of commission, NASA may have to rethink its plans.

[...] Blue Origin has only just gotten clearance from the Federal Aviation Administration (FAA) to launch its New Glenn rocket again. The FAA grounded New Glenn after it had failed to put the payload it was carrying into orbit in its third mission. It oversaw the company's investigation and determined that the incident was caused by a "cryogenic leak that froze a hydraulic line and led to a thrust anomaly during the second-stage engine burn." After the FAA gave the company permission to launch New Glenn again, it quickly started preparing the rocket for its next mission, which will clearly not happen anytime soon.

Original Submission

"fab23" writes:

What Is a Dickover?:

dickover n. : a modal panel, popover, or curtain presented by a website or app, deliberately obscuring its own content to frustrate the user with an unwanted, unnecessary, mandatory interaction; e.g. asking the user to accept "cookies", subscribe to a newsletter, install the website's mobile app, agree to terms of service, or anything else that the user couldn't give two shits about.

You know what a dickover is, even if you didn't know what to call it (until now). If you use the Internet, you encounter them every day. They're popovers, but dickheaded. The web is absolutely lousy with them, and mobile apps present them too, with increasing frequency.

Dickovers are a veritable scourge. They're so common they're effectively part of the firmament. I started calling these things dickpanels in 2022 , but when dickover popped into my head last week, 1 I couldn't shake the feeling that it's a better term for these ubiquitous odious irritations. You can hardly go anywhere on the web without getting dicked over by a dickover. They often pester you about permitting cookies, like this one from Euronews or this one from Gallup . This malicious design pattern is so ubiquitous that it has spread even to personal blogs, like this one from my friend Om Malik , and to great brands like Field Notes , both asking you to sign up for their newsletters.

The homepage for every single blog hosted by Substack shows a particularly pernicious dickover on its homepage. The Substack dickover doesn't even look like a panel. It's a full-screen curtain designed and worded to suggest, strongly, that you need to sign up for the blog's email newsletter just to read anything. The dismissal button for the Substack dickover is a small text link — that doesn't look anything like a button — that says something like "No thanks" (e.g. Paul Krugman , Matt Yglesias ) or something that adds insult to injury with a cloyingly saccharine label like "Just gimme that content!" (e.g. Volts ).

hubie writes:

PR executives say UK companies are forcing them to present ordinary automation as artificial intelligence:

UK companies are performing "yoga-level" stretches to describe themselves as AI specialists in an attempt to capitalise on the buzz around the technology, public relations firms have said.

Weary communications executives tasked with securing media coverage for brands have complained that bosses in low-tech industries or running businesses that use automation but not generative AI, are increasingly demanding they are pitched to journalists as artificial intelligence companies.

"You can almost hear the eyes roll when you mention the word AI to a reporter," said a publicist in south London who represents a portfolio of tech and design firms. "I've watched a steady stream of companies try to bolt the label AI on to whatever they do, no matter how tenuous the link."

Imran Ariff, a media strategist for Fight or Flight, a London-based communications agency, said: "It can be easy for brands to 'drink their own Kool-Aid' when they're so proud of what they're doing and consequently, go too far in their efforts to promote their AI capabilities."

Last month, the US shoe company AllBirds "pivoted" to to acquiring AI graphics processing units, while genetics companies have hyped AI-powered blood tests. In inboxes this month, there have been press releases about AI-powered basketball hoops, and AI-powered lasers that – somehow – protect women from predators on crowded underground platforms.

Some companies have been accused of "AI washing", trying to rebrand familiar, often years-old, technologies as "AI".

Technology PRs – whose job it is to send tens, or hundreds, of pitches to journalists each week, the vast majority of which get ignored – have complained about being forced to send out AI-related press releases under duress despite their industries' image for unscrupulously hyping up products.

"A lot of companies are trying to name every single product with 'AI' first, or trying to get 'AI' into an actual product name," said an account director at another firm, based in central London.

"People are littering marketing with how AI is making a difference. It's an 'AI-driven' or 'AI-powered' product when in reality, it's just better automation than we've seen before."

[...] Communications workers also said that bosses were asked to be presented as commentators on the technology to appear relevant.

"I have seen some Bikram yoga-level stretches by brands in service of trying to manufacture reasons to talk about AI," said a PR working for a global agency with offices in New York and London.

Original Submission