An anonymous reader shares a report: Google's CEO Sundar Pichai stood smiling in a leafy-green California garden in September 2020 and declared that the tech behemoth was entering the "most ambitious decade yet" in its climate action. "Today, I'm proud to announce that we intend to be the first major company to operate carbon free -- 24 hours a day, seven days a week, 365 days a year," he said, in a video announcement at the time.

Pichai added that he knew the "road ahead would not be easy," but Google "aimed to prove that a carbon-free future is both possible and achievable fast enough to prevent the most dangerous impacts of climate change." Five years on, just how hard Google's "energy journey" would become is clear. In June, Google's Sustainability website proudly boasted a headline pledge to achieve net-zero emissions by 2030. By July, that had all changed. An investigation by Canada's National Observer has found that Google's net-zero pledge has quietly been scrubbed, demoted from having its own section on the site to an entry in the appendices of the company's sustainability report.

An anonymous reader shares a report: Some Microsoft Azure customers have had a worrying few days after a problematic account migration caused forecast costs for the cloud service to skyrocket, triggering budget alerts.

An alarmed Register reader got in touch after receiving warnings from Azure's automated systems that they had significantly exceeded their budgets, and a glance at Microsoft's support forums indicates their issue was not isolated.

The problem was that costs had suddenly ramped up. One user, with a budget threshold of $85, received an automated alert indicating that their spend was forecast to reach $1,027. Another said: "We're actively seeing the same issue, costs have blown up by a crazy amount. No official notice or announcement from Microsoft either, it's appalling."

Futurism reports: Earlier this week, buried in the middle of a lengthy blog post addressing ChatGPT's propensity for severe mental health harms, OpenAI admitted that it's scanning users' conversations and reporting to police any interactions that a human reviewer deems sufficiently threatening.

"When we detect users who are planning to harm others, we route their conversations to specialized pipelines where they are reviewed by a small team trained on our usage policies and who are authorized to take action, including banning accounts," it wrote. "If human reviewers determine that a case involves an imminent threat of serious physical harm to others, we may refer it to law enforcement."

The announcement raised immediate questions. Don't human moderators judging tone, for instance, undercut the entire premise of an AI system that its creators say can solve broad, complex problems? How is OpenAI even figuring out users' precise locations in order to provide them to emergency responders? How is it protecting against abuse by so-called swatters, who could pretend to be someone else and then make violent threats to ChatGPT in order to get their targets raided by the cops...? The admission also seems to contradict remarks by OpenAI CEO Sam Altman, who recently called for privacy akin to a "therapist or a lawyer or a doctor" for users talking to ChatGPT.
"Others argued that the AI industry is hastily pushing poorly-understood products to market, using real people as guinea pigs, and adopting increasingly haphazard solutions to real-world problems as they arise..."

Thanks to long-time Slashdot reader schwit1 for sharing the news.

At the moment, the Spotify exodus of 2025 is a trickle rather than a flood, writes the Guardian, citing the departure of five notable bands "liked in indie circles," but not "the sorts to rack up billions of listens."

"Still, it feels significant if only because, well, this sort of thing wasn't really supposed to happen any more." Plenty of bands and artists refused to play ball with Spotify in its early years, when the streamer still had work to do before achieving total ubiquity. But at some point there seemed to a collective recognition that resistance was futile, that Spotify had won and those bands would have to bend to its less-than-appealing model... This artist acquiescence happened in tandem — surely not coincidentally — with a closer relationship between Spotify and the record labels that once viewed it as their destroyer. Some of the bigger labels have found a way to make a lot of money from streaming: Spotify paid out $10bn in royalties last year — though many artists would point out that only a small fraction of that reaches them after their label takes its share...

So why have those five bands departed in quick succession? The trigger was the announcement that Spotify founder Daniel Ek had led a €6oom fundraising push into a German defence company specialising in AI weapons technology. That was enough to prompt Deerhoof, the veteran San Francisco oddball noise pop band, to jump. "We don't want our music killing people," was how they bluntly explained their move on Instagram. That seems to have also been the animating factor for the rest of the departed, though GY!BE, who aren't on any social media platforms, removed their music from Spotify — and indeed all other platforms aside from Bandcamp — without issuing a statement, while Hotline TNT's statement seemed to frame it as one big element in a broader ideological schism. "The company that bills itself as the steward of all recorded music has proven beyond the shadow of a doubt that it does not align with the band's values in any way," the statement read.

That speaks to a wider artist discontent in a company that has, even by its own standards, had a controversial couple of years. There was of course the publication of Liz Pelly's marmalade-dropper of a book Mood Machine, with its blow-by-blow explanation of why Spotify's model is so deleterious to musicians, including allegations that the streamer is filling its playlists with "ghost artists" to further push down the number of streams, and thus royalty payments, to real artists (Spotify denies this). The streamer continues to amend its model in ways that have caused frustration — demonetising artists with fewer than 1,000 streams, or by introducing a new bundling strategy resulting in lower royalty fees. Meanwhile, the company — along with other streamers — has struggled to police a steady flow of AI-generated tracks and artists on to the platform...

[R]emoving yourself from such an important platform is highly risky. But if they can pull it off, the sacrifice might just be worth it. "A cooler world is possible," as Hotline TNT put it in their statement.
The Guardian's culture editor adds that "I've been using Bandcamp more, even — gasp — buying albums..."

"Maybe weaning ourselves off not just Spotify, but the way that Spotify has convinced us to consume music is the only answer. Then a cooler world might be possible."

U.S. Commerce Secretary Howard Lutnick announced that the Department of Commerce will begin publishing GDP statistics on the blockchain, touting it as part of President Trump's push to make America a "crypto government." CoinTelegraph reports: Lutnick made the announcement during a White House cabinet meeting on Tuesday, describing the effort as a move to expand blockchain-based data distribution across government agencies. Speaking to US President Donald Trump and other government officials, he said: "The Department of Commerce is going to start issuing its statistics on the blockchain, because you are the crypto president, and we are going to put our GDP on the blockchain so people can use it for data and distribution." Lutnick said the initiative will begin with GDP figures and could expand across federal departments after the Commerce Department finishes "ironing out all of the details" for the implementation.

Nevada has been crippled by a cyberattack that began on August 24, taking down state websites, intermittently disabling phone lines, and forcing offices like the DMV to close. The Register reports: The Office of Governor Joseph Lombardo announced the attack via social media on Monday, saying that a "network security incident" took hold in the early hours of August 24. Official state websites remain unavailable, and Lombardo's office warned that phone lines will be intermittently down, although emergency services lines remain operational. State offices are also closed until further notice, including Department of Motor Vehicles (DMV) buildings. The state said any missed appointments will be honored on a walk-in basis.

"The Office of the Governor and Governor's Technology Office (GTO) are working continuously with state, local, tribal, and federal partners to restore services safely," the announcement read. "GTO is using temporary routing and operational workarounds to maintain public access where it is feasible. Additionally, GTO is validating systems before returning them to normal operation and sharing updates as needed." Local media outlets are reporting that, further to the original announcement, state offices will remain closed on Tuesday after officials previously expected them to reopen. The state's new cybersecurity office says there is currently no evidence to suggest that any Nevadans' personal information was compromised during the attack.

French prosecutors have opened an investigation into the Australian video platform Kick over the death of a content creator during a live stream. From a report: Raphael Graven -- also known as Jean Pormanove -- was found dead in a residence near the city of Nice last week. He was known for videos in which he endured apparent violence and humiliation. The Paris prosecutor said the investigation would look into whether Kick knowingly broadcast "videos of deliberate attacks on personal integrity."

The BBC has approached Kick for comment. A spokesperson for the platform previously said the company was "urgently reviewing" the circumstances around Mr Graven's death. The prosecutor's investigation will also seek to determine whether Kick complied with the European Union's Digital Services Act, and the obligation on platforms to notify the authorities if the life or safety of individuals is in question. In a separate announcement, France's minister for digital affairs, Clara Chappaz, said the government would sue the platform for "negligence" over its failure to block "dangerous content", according to the AFP news agency.

"For a few dozen people in the world, the downside of living with a rare immune condition comes with a surprising superpower — the ability to fight off all viruses..." notes an announcement from Columbia University. "At first, the condition only seemed to increase vulnerability to some bacterial infections. But as more patients were identified, its unexpected antiviral benefits became apparent." Columbia immunologist Dusan Bogunovic discovered the individuals' antiviral powers about 15 years ago, soon after he identified the genetic mutation that causes the condition... Bogunovic, a professor of pediatric immunology at Columbia University's Vagelos College of Physicians and Surgeons, soon learned that everyone with the mutation, which causes a deficiency in an immune regulator called ISG15, has mild, but persistent systemic inflammation... "In the back of my mind, I kept thinking that if we could produce this type of light immune activation in other people, we could protect them from just about any virus," Bogunovic says.

Today, Bogunovic is closing in on a therapeutic strategy that could provide that broad-spectrum protection against viruses and become an important weapon in next pandemic. In his latest study, published August 13 in Science Translational Medicine, Bogunovic and his team report that an experimental therapy they've developed temporarily gives recipients (hamsters and mice, so far) the same antiviral superpower as people with ISG15 deficiency. When administered prophylactically into the animals' lungs via a nasal drip, the therapy prevented viral replication of influenza and SARS-CoV-2 viruses and lessened disease severity. In cell culture, "we have yet to find a virus that can break through the therapy's defenses," Bogunovic says...

Bogunovic's therapeutic turns on production of 10 proteins that are primarily responsible for the broad antiviral protection. The current design resembles COVID mRNA vaccines but with a twist: Ten mRNAs encoding the 10 proteins are packaged inside a lipid nanoparticle. Once the nanoparticles are absorbed by the recipient's cells, the cells generate the ten host proteins to produce the antiviral protection. "We only generate a small amount of these ten proteins, for a very short time, and that leads to much less inflammation than what we see in ISG15-deficient individuals," Bogunovic says. "But that inflammation is enough to prevent antiviral diseases...."

"We believe the technology will work even if we don't know the identity of the virus," Bogunovic says. Importantly, the antiviral protection provided by the technology will not prevent people from developing their own immunological memory to the virus for longer-term protection.
"Our findings reinforce the power of research driven by curiosity without preconceived notions," Bogunovic says in the announcement. "We were not looking for an antiviral when we began studying our rare patients, but the studies have inspired the potential development of a universal antiviral for everyone."

More coverage from ScienceAlert.

Archer Aviation is "the official air taxi partner" of the 2028 Olympic Games in Los Angeles, Electrek reported in May. In June it entered "a key development phase ahead of full-fledged flight certification and commercial operations" by completing a piloted flight in its flagship Midnight aircraft, "demonstrating a conventional takeoff and landing instead of vertical (it can do both)." During that flight, which took place in the skies above Salinas, California, the eVTOL achieved a top speed of 125 mph and a maximum altitude of 1,500 feet above ground level. Most recently, Archer has taken its Midnight eVTOL above Salinas again, achieving its longest flight to date. Per Archer, the recent successful flight in California lasted 31 minutes, and the piloted Midnight eVTOL traveled 55 miles — the company's longest recorded flight yet with a pilot onboard... [Again with speeds exceeding 125 mph]

United Airlines CFO Mike Leskinen, who led the airline's early investment in Archer Aviation, was present at the test facility to witness the milestone flight. Leskinen congratulated the Archer team on its longest eVTOL flight and expressed his satisfaction with the Midnight aircraft's quiet operation.
Their aircraft even "reached speeds of nearly 150 miles per hour" the week before, according to Archer's announcement. They're calling it another milestone "as the company advances toward FAA certification in the U.S. and near-term commercialization in the United Arab Emirates."

And Archer's Founder/CEO said crossing the 50-mile mark at speed "is another clear step toward commercialization that shows the maturity of our program."

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

The Free Software Foundation announced a special photography contest honoring its 40th anniversary: The technology we use every day has changed dramatically since our founding nearly forty years ago, including the way we interact with it... We're incredibly grateful for the countless hours that developers and users have put into the free software programs that exist today. Without all the people who cared enough to make and use software that respects the four freedoms four decades or even a year ago, we wouldn't have much to celebrate.

We want to honor the hard work that has gone into free software and its development with the FSF40 Photo Contest. Starting on August 14, 2025, we're inviting free software supporters worldwide to share how they use free software on a daily basis. While we can think of hundreds of ways that free software can be used, there's almost certainly many of you who have thought of much more creative ways to involve libre software every day!

Shortly after the photo contest closes on August 31, 2025, we will invite you and other free software supporters to vote for your favorite of the #FSF40Photos... We will be displaying the winning photos at our fortieth [anniversary] celebration in Boston, MA on October 4, 2025 — we hope you get to see them on a big screen with us!
Earlier this month the FSF also shared 40 links from around the FSF and GNU sites "that give a sense of what we've been doing all this time as we work for your freedom." (For example, 2007's announcement of the GNU General Public License, version 3.)

Google's Android 16 QPR2 beta 1 is rolling out with new customization features, including the ability to force dark mode and icon themes on apps that don't support them. The update also adds enhanced parental controls, better data migration, PDF editing, and Bluetooth audio sharing, with a full release expected in December. The Verge reports: The beta includes a new dark theme option that will "intelligently invert the UI of apps that appear light despite users having selected the dark theme" when enabled, according to Google's announcement, forcibly making apps that don't natively support the feature to appear darker. Google says this is "largely intended as an accessibility feature" for users with low vision or photosensitivity, and will also automatically darken app splash screens and adjust status bar colors to match the darker theming.

Another feature will allow users to forcibly apply themed icon colors to apps that don't natively support them. Android's icon theming currently only works if app developers have provided a monochrome version of their app icon that can be adjusted, which is annoying for users who want to apply a consistent aesthetic across their entire home page. Auto-themed app icons spare developers from adding this capability manually, removing the hassle for users to customize their phone's theme. The full list of features in the QPR2 beta 1 update can be found on the Android developers' blog.

An anonymous reader shares a report: After years of research, the Wyoming Stable Token Commission has unveiled the mainnet launch of its first official state-backed stablecoin. The so-called Frontier Stable Token (FRNT), marking the first time a U.S. state has issued a blockchain-based, fiat-pegged token meant to be used by retail and enterprises alike, according to an announcement on Tuesday.

"FRNT is designed to provide secure, transparent, and efficient digital transactions for individuals, businesses, and institutions -- worldwide," the commission wrote in a statement. "This groundbreaking initiative cements Wyoming at the forefront of digital finance and blockchain innovation."

Indeed, the Cowboy State has long been ahead of the curve when it comes to crypto regulation, including in recognizing DAOs as legal entities, creating a framework for "crypto-banks" under the Special Purpose Depository Institutions charter, and passing the state's Stable Token Act -- all meant to draw economic activity to the region.

Duolingo's stock peaked at $529.05 on May 16th. Three months later, it's down 38% — with that drop starting shortly after backlash to the CEO's promise to make it an "AI-first" company.

Yet "The backlash against Duolingo going 'AI-first' didn't even matter," TechCrunch wrote August 7th, noting Duolingo's stock price surged almost 30% overnight. That surge vanished within two days — and instead of a 30% surge, Duolingo now shows a 5% drop over the last eight days.

Yahoo Finance blames the turnaround on OpenAI's GPT-5 demo, "which demonstrated, among many other things, its ability to create a language-learning tool from a short prompt." OpenAI researcher Yann Dubois asked the model to create an app to help his partner learn French. And in a few minutes GPT-5 churned out several iterations, with flashcards, a progress tracker, and even a simple snake-style game with a French twist, a mouse and cheese variation to learn new vocab....

[Duolingo's] corporate lawyers, of course, did warn against this in its annual 10-K, albeit in boilerplate language. Tucked into the risk factors section, Duolingo notes, "It is possible that a new product could gain rapid scale at the expense of existing brands through harnessing a new technology (such as generative AI)." Consider this another warning to anyone making software. [The article adds later that "Rapid development and fierce competition can leave firms suddenly behind — perceived as under threat, inferior, or obsolete — from every iteration of OpenAI's models and from the moves of other influential AI players..."]

There's also irony in the wild swings. Part of Duolingo's successful quarter stemmed from the business's efficient use of AI. Gross margins, the company said, outperformed management expectations due to lower AI costs. And AI conversational features have become part of the company's learning tools, helping achieve double-digit subscriber growth... But the enthusiasm for AI, which led to the initial stock bump this week, also led to the clawback. AI giveth and taketh away.
Meanwhile, this week a blog announced it was "able to activate a long-rumored Practice feature" hidden in Google Translate, notes PC Magazine, with the blogger even sharing a screen recording of "AI-led features within Translate" showing its ability to create personalized lessons. "Google's take on Duolingo is effectively ready for release," the Android Authority blog concluded. "Furthermore, the fact that a Telegram user spotted this in their app suggests that Google is already testing this in a limited fashion."

Duolingo's CEO revisited the backlash to his original "AI-first" promise today in a new interview today with the New York Times, emphasizing his hope that AI would only reduce the company's use of contractors. "We've never laid off any full-time employees. We don't plan to...." But: In the next five years, people's jobs will probably change. We're seeing it with many of our engineers. They may not be doing some rote tasks anymore. What will probably happen is that one person will be able to accomplish more, rather than having fewer people.

NYT: How are you managing that transition for employees?

Every Friday morning, we have this thing: It's a bad acronym, f-r-A-I-days. I don't know how to pronounce it. Those mornings, we let each team experiment on how to get more efficient to use A.I.
Yesterday there was also a new announcement from attorneys at Pomerantz LLP, which calls itself "the oldest law firm in the world dedicated to representing the rights of defrauded investors."

The firm announced it was investigating "whether Duolingo and certain of its officers and/or directors have engaged in securities fraud or other unlawful business practices."

This week workers on Blizzard's "Story and Franchise Development" team "strongly voted" to join America's largest communications and media labor union, the Communications Workers of America.

From the union's announcement: The Story and Franchise Development team is Blizzard's in-house cinematics, animation, and narrative team, producing the trailers, promotional videos, in-game cutscenes, and other narrative content for Blizzard franchises — as well as franchise archival workers and historians. These workers will be the first in-house cinematic, animation, and narrative studio to form a union in the North American game industry, joining nearly 3,000 workers at Microsoft-owned studios who have organized with CWA to build better standards across the video game industry after Microsoft acquired Activision Blizzard in 2023...

The announcement is the latest update in organizing the tech and video game industry, as over 6,000 workers in the United States and Canada have organized with the Campaign to Organize Digital Employees (CODE-CWA) since launching over five years ago. Last week, workers at Raven Software secured a historic contract with Microsoft, joining ZeniMax QA developers at CWA, who also secured a contract with the company in June.
"CWA says that Blizzard owner Microsoft has recognized the union," reports the gaming news site Aftermath, in accordance with the labor neutrality policy Microsoft agreed to in 2022, leading to several other union game studios at Microsoft: In July 2024, 500 workers on Blizzard-owned World of Warcraft formed a union that they called "the largest wall-to-wall union at a Microsoft-owned studio," alongside Blizzard QA workers in Austin. Other studios across Microsoft have also unionized in recent years, including at Bethesda, ZeniMax Online Studios, and ZeniMax QA, the latter of which finally reached a contract in May after nearly two years of bargaining. Unionized workers at Raven Studios reached a contract with Microsoft earlier this month.
The CWA's announcement this week included this quote from one organizing committee member (and a cinematic producer). "I'm excited that we have joined together in forming a union to protect my colleagues from things like misguided policies and instability as a result of layoffs."

An anonymous reader shares a report: Manufacturer to the stars Foxconn is building so many AI servers that they're now bringing in more cash than consumer electronics -- even counting the colossal quantity of iPhones it creates for Apple.

The Taiwanese company revealed the shift in its Thursday announcement of Q2 results, which saw revenue grow 16% to NT$1.79 trillion ($59.73 billion) and operating profit rise 27% to NT$56.6 billion ($1.9 billion). CEO Kathy Yang told investors the company's Cloud and Networking Products division delivered 41% of total revenue, up nine percent compared to Q2 2024, and surpassing the company's Smart Consumer Electronics unit for the first time. The latter business includes Foxconn's work for Apple.

hackingbear shares a report from Bloomberg: Top U.S. chip-equipment supplier Applied Materials was sued by a rival in China over alleged trade secret theft, a further escalation in the technology war between the world's two largest economies. Beijing E-Town Semiconductor Technology Co. filed a lawsuit with the Beijing Intellectual Property Court against Applied Materials, according to a company statement (PDF) to the Shanghai Stock Exchange. The Chinese chip-gear maker alleged that the Santa Clara, California-based company illegally obtained, used and revealed its core technologies related to the application of plasma source in treating the surface of wafers, the statement said. The court has filed the case but has not begun a trial, E-Town added.

Applied Materials earlier hired two employees from E-Town's fully owned US subsidiary, Mattson, and they were privy to the Beijing company's proprietary plasma technologies, the filing said. Applied Materials filed a patent application crediting the duo as inventors with the National Intellectual Property Administration in China after the two joined the Santa Clara company, the Beijing firm said, alleging that the content revealed trade secrets co-owned by E-Town and Mattson. "The patent application violated the rules of China's Anti-Unfair Competition Law, and it infringes on trade secrets, and has caused significant damage to the plaintiff's intellectual property and economic interests,â E-Town said in the filing, adding that Applied Materials is also suspected of marketing and selling the technologies involved in the case to Chinese customers. E-Town is asking the court to demand that Applied Materials stop using its trade secrets and destroy related materials. It's also seeking about 100 million yuan ($13.9 million) in recompense for damage.

An anonymous reader quotes a report from the Detroit Free Press: Ford is announcing the creation of a new electric vehicle production system and a new EV platform that will allow the automaker to more efficiently bring several lower-cost EVs to market, the first of which will be a midsize, four-door electric pickup that seats five, to launch in 2027. That pickup, which is expected to start around $30,000, will be assembled at Ford's Louisville Assembly Plant for U.S. and export markets. The Dearborn-based automaker said it will invest $2 billion to retool the Louisville plant starting later this year. [...] Ford's investment in Louisville Assembly is in addition to Ford's previously announced $3 billion commitment for BlueOval Battery Park in Marshall, Michigan, where Ford will make the prismatic LFP batteries, starting next year, for the midsize electric pickup. Together, the nearly $5 billion investments mean Ford expects to create or secure nearly 4,000 direct jobs while strengthening the domestic supply chain with dozens of new U.S.-based suppliers.

Ford executives and Kentucky officials also introduced on Monday, Aug. 11, the new Ford Universal EV Production System, which they said will simplify production and ease operations for workers. Ford leaders also announced the creation of the Ford Universal Electric Vehicle Platform, which will enable the development of "a family of affordable electric vehicles produced at scale." The vehicles will be software-defined with over-the-air updates to keep improving the vehicles over time. "We took a radical approach to solve a very hard challenge: Create affordable vehicles that are breakthrough in every way that matters design, technology, performance, space and cost of ownership and do it with American workers," Ford CEO Jim Farley said in a statement. "Nobody wants to see another good college try by a Detroit automaker to make an affordable vehicle that ends up with idled plants, layoffs and uncertainty."

Farley has teased this announcement since Ford's second-quarter earnings when he said Ford would have a "Model-T moment" on Aug. 11. He's referring to the classic vehicle that helped turn Ford into a mass market automaker and perfect the assembly line process. At that time, Farley said it was critical that Ford unveil an EV strategy that would position it to make money selling the electric cars and effectively compete against the Chinese, who are known for making high-quality, desirable and affordable EVs. "So, this has to be a good business," Farley said of Ford's investments in the new process and platform. "From Day 1, we knew there was no incremental path to success. We empowered a tiny skunkworks team three time zones away from Detroit. We reinvented the line. And we are on a path to be the first automaker to make prismatic LFP batteries in the U.S. We will not rely on imports." Ford says its new Universal Electric Vehicle Platform "reduces parts by 20% versus a typical vehicle, with 25% fewer fasteners, 40% fewer workstations dock-to-dock in the plant and 15% faster assembly time." The new EV pickup built using this platform is targeting a "starting MSRP at about $30,000, roughly the same as the Model T when adjusted for inflation," adds Farley.

He shared additional details in an interview with Wired, such as how the automaker hired Tesla veterans Doug Field (who also helped lead Apple's now-defunct EV project) and Alan Clarke. "Turns out, Doug and Alan and the team built a propulsion system that was like Apollo 13, managed down to the watt so that our battery could be so much smaller than BYD's," said Farley.

Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it.

"Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata...

Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected:

- There are many methods for interfacing Python with non-Python software, such as through the C-API or FFI. Python can "wrap" and expose an easy-to-use Python API for software written in other languages like C, C++, Rust, Fortran, Web Assembly, and more.

- Python is the premier language for scientific computing and artificial intelligence, meaning many high-performance libraries written in system languages need to be accessed from Python code.

- Finally, Python packages have a distribution type called a "wheel", which is essentially a zip file that is "installed" by being unzipped into a directory, meaning there is no compilation step allowed during installation. This is great for being able to inspect a package before installation, but it means that all compiled languages need to be pre-compiled into binaries before installation...


When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain...

We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem.
The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note.

"Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report.

A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers.

- Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus.

- Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."]

- 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."]

- Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."]

- Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety.
The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io.

There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts...

This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.