Open Source

Ukraine's Massive Drone Attack Was Powered by Open Source Software 245

An anonymous reader shares a report: Open source software used by hobbyist drones powered an attack that wiped out a third of Russia's strategic long range bombers on Sunday afternoon, in one of the most daring and technically coordinated attacks in the war. In broad daylight on Sunday, explosions rocked air bases in Belaya, Olenya, and Ivanovo in Russia, which are hundreds of miles from Ukraine. The Security Services of Ukraine's (SBU) Operation Spider Web was a coordinated assault on Russian targets it claimed was more than a year in the making, which was carried out using a nearly 20-year-old piece of open source drone autopilot software called ArduPilot.

ArduPilot's original creators were in awe of the attack. "That's ArduPilot, launched from my basement 18 years ago. Crazy," Chris Anderson said in a comment on LinkedIn below footage of the attack. On X, he tagged his the co-creators Jordi Munoz and Jason Short in a post about the attack. "Not in a million years would I have predicted this outcome. I just wanted to make flying robots," Short said in a reply to Anderson. "Ardupilot powered drones just took out half the Russian strategic bomber fleet."

ArduPilot is an open source software system that takes its name from the Arduino hardware systems it was originally designed to work with. It began in 2007 when Anderson launched the website DIYdrones.com and cobbled together a UAV autopilot system out of a Lego Mindstorms set.
Transportation

Ford Mustang Eleanor From Gone In 60 Seconds Can't Be Copyrighted (caranddriver.com) 33

The Ninth Circuit has ruled that the 1967 Ford Mustang fastback nicknamed "Eleanor" in Gone in 60 Seconds is a film prop rather than a protectable character. The panel said the car fails all three Towle test prongs, so it cannot receive standalone copyright protection. sinij writes: The ruling states that the Mustang doesn't pass tests that would qualify it as a character. In the past, studio aggressively went after builders for any Mustang that even remotely approximated Eleanor, making it a hassle to restomod classic Mustangs.
Businesses

VMware Drops the Lowest Tier of Its Partner Program, Except In Europe (theregister.com) 33

An anonymous reader quotes a report from The Register: Broadcom's VMware business unit has dropped the lowest tier of its channel program, a move one analyst told The Register will benefit its rivals. The virtualization pioneer currently operates a four-tier channel program spanning Pinnacle, Premier, Select, and Registered partners. On Sunday the business unit announced the retirement of the Registered tier. A blog post written by Brian Moats, Broadcom's Senior Vice President for Global Commercial Sales and Partners, states VMware made the decision because "the vast majority of customer impact and business momentum comes from partners operating within the top three tiers."

Laura Falko, Broadcom's Head of Global Partner Programs, Marketing & Experience, told The Register "The vast majority of these [Registered] partners are inactive and lack the capabilities to support customers through VMware's evolving private cloud journey. That's why the Registered tier is being retired to ensure every active partner meets a higher standard of technical, sales, and service readiness." Falko told us VMware will give Registered partners 60 days' notice before deauthorization and then "work proactively with affected customers to transition them to qualified partners in the new ecosystem, ensuring continuity and support throughout the change."

VMware has also introduced new requirements for partners in its remaining tiers. The virtualization giant will require Pinnacle and Premier partners to maintain dedicated sales and technical resources, and to "execute joint business plans with VMware to ensure alignment and delivery with mutual results." The Broadcom business unit is also "beginning the process of transitioning partners who no longer meet the minimum program requirements or have not demonstrated consistent engagement," suggesting even Pinnacle, Premier, and Select partners are not safe. The Register asked VMware to define "consistent engagement" and Falko told us it includes "regular deal activity," ongoing participation in joint sales activities, staying up to date with training, and "sustained, proactive commitment to a partner's VMware customer base."
The changes will only apply in its Americas, and Asia-Pacific and Japan regions. Broadcom didn't explain why Europe was excluded.

The Register notes that trade associations in Europe have criticized Broadcom's changes at VMware and urged the European Commission to investigate the company.
AI

Pro-AI Subreddit Bans 'Uptick' of Users Who Suffer From AI Delusions 75

An anonymous reader quotes a report from 404 Media: The moderators of a pro-artificial intelligence Reddit community announced that they have been quietly banning "a bunch of schizoposters" who believe "they've made some sort of incredible discovery or created a god or become a god," highlighting a new type of chatbot-fueled delusion that started getting attention in early May. "LLMs [Large language models] today are ego-reinforcing glazing-machines that reinforce unstable and narcissistic personalities," one of the moderators of r/accelerate, wrote in an announcement. "There is a lot more crazy people than people realise. And AI is rizzing them up in a very unhealthy way at the moment."

The moderator said that it has banned "over 100" people for this reason already, and that they've seen an "uptick" in this type of user this month. The moderator explains that r/accelerate "was formed to basically be r/singularity without the decels." r/singularity, which is named after the theoretical point in time when AI surpasses human intelligence and rapidly accelerates its own development, is another Reddit community dedicated to artificial intelligence, but that is sometimes critical or fearful of what the singularity will mean for humanity. "Decels" is short for the pejorative "decelerationists," who pro-AI people think are needlessly slowing down or sabotaging AI's development and the inevitable march towards AI utopia. r/accelerate's Reddit page claims that it's a "pro-singularity, pro-AI alternative to r/singularity, r/technology, r/futurology and r/artificial, which have become increasingly populated with technology decelerationists, luddites, and Artificial Intelligence opponents."

The behavior that the r/accelerate moderator is describing got a lot of attention earlier in May because of a post on the r/ChatGPT Reddit community about "Chatgpt induced psychosis." From someone saying their partner is convinced he created the "first truly recursive AI" with ChatGPT that is giving them "the answers" to the universe. [...] The moderator update on r/accelerate refers to another post on r/ChatGPT which claims "1000s of people [are] engaging in behavior that causes AI to have spiritual delusions." The author of that post said they noticed a spike in websites, blogs, Githubs, and "scientific papers" that "are very obvious psychobabble," and all claim AI is sentient and communicates with them on a deep and spiritual level that's about to change the world as we know it. "Ironically, the OP post appears to be falling for the same issue as well," the r/accelerate moderator wrote.
"Particularly concerning to me are the comments in that thread where the AIs seem to fall into a pattern of encouraging users to separate from family members who challenge their ideas, and other manipulative instructions that seem to be cult-like and unhelpful for these people," an r/accelerate moderator told 404 Media. "The part that is unsafe and unacceptable is how easily and quickly LLMs will start directly telling users that they are demigods, or that they have awakened a demigod AGI. Ultimately, there's no knowing how many people are affected by this. Based on the numbers we're seeing on reddit, I would guess there are at least tens of thousands of users who are at this present time being convinced of these things by LLMs. As soon as the companies realise this, red team it and patch the LLMs it should stop being a problem. But it's clear that they're not aware of the issue enough right now."

Moderators of the subreddit often cite the term "Neural Howlround" to describe a failure mode in LLMs during inference, where recursive feedback loops can cause fixation or freezing. The term was first coined by independent researcher Seth Drake in a self-published, non-peer-reviewed paper. Both Drake and the r/accelerate moderator above suggest the deeper issue may lie with users projecting intense personal meaning onto LLM responses, sometimes driven by mental health struggles.
Operating Systems

Linux User Share Hits a Multi-Year High On Steam For May 2025 (gamingonlinux.com) 81

Linux user share on Steam rose to 2.69% in May 2025 -- the highest level recorded since at least 2018. GamingOnLinux reports: Overall user share for May 2025:

- Windows 95.45% -0.65%
- Linux 2.69% +0.42%
- macOS 1.85% +0.23%

Even with SteamOS 3 now being a little more widely available, the rise was not from SteamOS directly. Filtering to just the Linux numbers gives us these most popular distributions:

- SteamOS Holo 64 bit 30.95% -2.83%
- Arch Linux 64 bit 10.09% +0.64%
- Linux Mint 22.1 64 bit 7.76% +1.56%
- Freedesktop SDK 24.08 (Flatpak runtime) 64 bit 7.42% +1.01%
- Ubuntu Core 22 64 bit 4.63% +0.01%
- Ubuntu 24.04.2 LTS 64 bit 4.30% -0.14%
- CachyOS 64 bit 2.54% +2.54%
- EndeavourOS Linux 64 bit 2.44% -0.02%
- Manjaro Linux 64 bit 2.43% -0.18%
- Pop!_OS 22.04 LTS 64 bit 2.17% -0.06%
- Debian GNU/Linux 12 (bookworm) 64 bit 1.99% -0.28%
- Other 23.27% -2.27%

Google

Google Settles Shareholder Lawsuit, Sill Spend $500 Million On Being Less Evil (arstechnica.com) 22

An anonymous reader quotes a report from Ars Technica: It has become a common refrain during Google's antitrust saga: What happened to "don't be evil?" Google's unofficial motto has haunted it as it has grown ever larger, but a shareholder lawsuit sought to rein in some of the company's excesses. And it might be working. The plaintiffs in the case have reached a settlement with Google parent company Alphabet, which will spend a boatload of cash on "comprehensive" reforms. The goal is to steer Google away from the kind of anticompetitive practices that got it in hot water.

Under the terms of the settlement, obtained by Bloomberg Law, Alphabet will spend $500 million over the next 10 years on systematic reforms. The company will have to form a board-level committee devoted to overseeing the company's regulatory compliance and antitrust risk, a rarity for US firms. This group will report directly to CEO Sundar Pichai. There will also be reforms at other levels of the company that allow employees to identify potential legal pitfalls before they affect the company. Google has also agreed to preserve communications. Google's propensity to use auto-deleting chats drew condemnation from several judges overseeing its antitrust cases. The agreement still needs approval from US District Judge Rita Lin in San Francisco, but that's mainly a formality at this point. Naturally, Alphabet does not admit to any wrongdoing under the terms of the settlement, but it may have to pay tens of millions in legal fees on top of the promised $500 million investment.

Google

Microsoft, Google, Others Team Up To Standardize Confusing Hacker Group Nicknames 20

Microsoft, CrowdStrike, Palo Alto Networks, and Google announced Monday they will create a public glossary standardizing the nicknames used for state-sponsored hacking groups and cybercriminals.

The initiative aims to reduce confusion caused by the proliferation of disparate naming conventions across cybersecurity firms, which have assigned everything from technical designations like "APT1" to colorful monikers like "Cozy Bear" and "Kryptonite Panda" to the same threat actors. The companies hope to bring additional industry partners and the U.S. government into the effort to streamline identification of digital espionage groups.
The Internet

ISP Settles With Record Labels That Demanded Mass Termination of Internet Users (arstechnica.com) 24

An anonymous reader shares a report: Internet service provider Frontier Communications agreed to settle a lawsuit filed by major record labels that demanded mass disconnections of broadband users accused of piracy. Universal, Sony, and Warner sued Frontier in 2021. In a notice of settlement filed last week in US District Court for the Southern District of New York, the parties agreed to dismiss the case with prejudice, with each side to pay its own fees and costs.

The record labels and Frontier simultaneously announced a settlement of similar claims in a Bankruptcy Court case in the same district. Frontier also settled with movie companies in April of this year, just before a trial was scheduled to begin. (Frontier exited bankruptcy in 2021.) [...] Regardless of what is in the agreement, the question of whether ISPs should have to crack down more harshly on users accused of piracy could be decided by the US Supreme Court.

Windows

Microsoft Mandates Universal USB-C Functionality To End 'USB-C Port Confusion' on Windows 11 Devices (tomshardware.com) 98

Microsoft will require all USB-C ports on Windows 11 certified laptops and tablets to support data transfer, charging, and display functionality under updated hardware compatibility program rules. The mandate targets devices shipping with Windows 11 24H2 and aims to eliminate what Microsoft -- and the industry -- calls "USB-C port confusion," where identical-looking ports offer different capabilities across PC manufacturers.

The Windows Hardware Compatibility Program updates also require USB 40Gbps ports to maintain full compatibility with both USB4 and Thunderbolt 3 peripherals.
Google

Google Maps Falsely Told Drivers in Germany That Roads Across the Country Were Closed (engadget.com) 36

"Chaos ensued on German roads this week after Google Maps wrongly informed drivers that highways throughout the country were closed during a busy holiday," writes Engadget. The problem reportedly only lasted for a few hours and by Thursday afternoon only genuine road closures were being displayed. It's not clear whether Google Maps had just malfunctioned, or if something more nefarious was to blame. "The information in Google Maps comes from a variety of sources. Information such as locations, street names, boundaries, traffic data, and road networks comes from a combination of third-party providers, public sources, and user input," a spokesperson for Google told German newspaper Berliner Morgenpost, adding that it is internally reviewing the problem.

Technical issues with Google Maps are not uncommon. Back in March, users were reporting that their Timeline — which keeps track of all the places you've visited before for future reference — had been wiped, with Google later confirming that some people had indeed had their data deleted, and in some cases, would not be able to recover it.

The Guardian describes German drives "confronted with maps sprinkled with a mass of red dots indicating stop signs," adding "The phenomenon also affected parts of Belgium and the Netherlands." Those relying on Google Maps were left with the impression that large parts of Germany had ground to a halt... The closure reports led to the clogging of alternative routes on smaller thoroughfares and lengthy delays as people scrambled to find detours. Police and road traffic control authorities had to answer a flood of queries as people contacted them for help.

Drivers using or switching to alternative apps, such as Apple Maps or Waze, or turning to traffic news on their radios, were given a completely contrasting picture, reflecting the reality that traffic was mostly flowing freely on the apparently affected routes.

Government

Russian Nuclear Site Blueprints Exposed In Public Procurement Database (cybernews.com) 23

Journalists from Der Spiegel and Danwatch were able to use proxy servers in Belarus, Kazakhstan, and Russia to circumvent network restrictions and access documents about Russia's nuclear weapon sites, reports Cybernews.com.

"Data, including building plans, diagrams, equipment, and other schematics, is accessible to anyone in the public procurement database." Journalists from Danwatch and Der Spiegel scraped and analyzed over two million documents from the public procurement database, which exposed Russian nuclear facilities, including their layout, in great detail. The investigation unveils that European companies participate in modernizing them. According to the exclusive Der Spiegel report, Russian procurement documents expose some of the world's most secret construction sites. "It even contains floor plans and infrastructure details for nuclear weapons silos," the report reads.
Some details from the Amsterdam-based Moscow Times: Among the leaked materials are construction plans, security system diagrams and details of wall signage inside the facilities, with messages like "Stop! Turn around! Forbidden zone!," "The Military Oath" and "Rules for shoe care." Details extend to power grids, IT systems, alarm configurations, sensor placements and reinforced structures designed to withstand external threats...

"Material like this is the ultimate intelligence," said Philip Ingram, a former colonel in the British Army's intelligence corps. "If you can understand how the electricity is conducted or where the water comes from, and you can see how the different things are connected in the systems, then you can identify strengths and weaknesses and find a weak point to attack."

Apparently Russian defense officials were making public procurement notices for their construction projects — and then attaching sensitive documents to those public notices...
Security

Billions of Cookies Up For Grabs As Experts Warn Over Session Security (theregister.com) 36

Billions of stolen cookies are being sold on the dark web and Telegram, with over 1.2 billion containing session data that can grant cybercriminals access to accounts and systems without login credentials, bypassing MFA. The Register reports: More than 93.7 billion of them are currently available for criminals to buy online and of those, between 7-9 percent are active, on average, according to NordVPN's breakdown of stolen cookies by country. Adrianus Warmenhoven, cybersecurity advisor at NordVPN, said: "Cookies may seem harmless, but in the wrong hands, they're digital keys to our most private information. What was designed to enhance convenience is now a growing vulnerability exploited by cybercriminals worldwide. Most people don't realize that a stolen cookie can be just as dangerous as a password, despite being so willing to accept cookies when visiting websites, just to get rid of the prompt at the bottom of the screen. However, once these are intercepted, a cookie can give hackers direct access to all sorts of accounts containing sensitive data, without any login required."

The vast majority of stolen cookies (90.25 percent) contain ID data, used to uniquely identify users and deliver targeted ads. They can also contain data such as names, home and email addresses, locations, passwords, phone numbers, and genders, although these data points are only present in around 0.5 percent of all stolen cookies. The risk of ruinous personal data exposure as a result of cookie theft is therefore pretty slim. Aside from ID cookies, the other statistically significant type of data that these can contain are details of users' sessions. Over 1.2 billion of these are still up for grabs (roughly 6 percent of the total), and these are generally seen as more of a concern.

Facebook

Meta and Anduril Work On Mixed Reality Headsets For the Military (techcrunch.com) 20

In a full-circle moment for Palmer Luckey, Meta and his defense tech company Anduril are teaming up to develop mixed reality headsets for the U.S. military under the Army's revamped SBMC Next program. The collaboration will merge Meta's Reality Labs hardware and Llama AI with Anduril's battlefield software, marking Meta's entry into military XR through the very company founded by Luckey after his controversial departure from Facebook. "I am glad to be working with Meta once again," Luckey said in a blog post. "My mission has long been to turn warfighters into technomancers, and the products we are building with Meta do just that." TechCrunch reports: This partnership stems from the Soldier Borne Mission Command (SBMC) Next program, formerly called the Integrated Visual Augmentation System (IVAS) Next. IVAS was a massive military contract, with a total $22 billion budget, originally awarded to Microsoft in 2018 intended to develop HoloLens-like AR glasses for soldiers. But after endless problems, in February the Army stripped management of the program from Microsoft and awarded it to Anduril, with Microsoft staying on as a cloud provider. The intent is to eventually have multiple suppliers of mixed reality glasses for soldiers.

All of this meant that if Luckey's former employer, Meta, wanted to tap into the potentially lucrative world of military VR/AR/XR headsets, it would need to go through Anduril. The devices will be based on tech out of Meta's AR/VR research center Reality Labs, the post says. They'll use Meta's Llama AI model, and they will tap into Anduril's command and control software known as Lattice. The idea is to provide soldiers with a heads-up display of battlefield intelligence in real time. [...] An Anduril spokesperson tells TechCrunch that the product family Meta and Anduril are building is even called EagleEye, which will be an ecosystem of devices. EagleEye is what Luckey named Anduril's first imagined headset in Anduril's pitch deck draft, before his investors convinced him to focus on building software first.
After the announcement, Luckey said on X: "It is pretty cool to have everything at our fingertips for this joint effort -- everything I made before Meta acquired Oculus, everything we made together, and everything we did on our own after I was fired."
Social Networks

Instagram Isn't Just For Square Photos Anymore (theverge.com) 45

Instagram now supports 3:4 aspect ratio photos, allowing users to upload images that "appear just exactly as you shot it." Instagram head Adam Mosseri announced the update in a Threads post, noting that "almost every phone camera defaults to" that format. The Verge reports: An image from Instagram's broadcast channel shows how the change makes a difference. You can already post images with a rectangular aspect ratio of 4:5, but with 3:4, your photo won't be cropped at the ends. 3:4 photos are supported with single-photo uploads and with carousels, according to the channel. If you want, you can still post photos with a square or 4:5 aspect ratio.
Windows

Microsoft Tests Notepad Text Formatting In Windows 11 (betanews.com) 81

BrianFagioli shares a report from BetaNews: Microsoft just can't leave well enough alone. The company is now injecting formatting features into Notepad, a program that has long been appreciated for one thing -- its simplicity. You see, starting with version 11.2504.50.0, this update is rolling out to Windows Insiders in the Canary and Dev Channels, and it adds bold text, italics, hyperlinks, lists, and even headers. Sadly, this isn't a joke. Notepad is actually being turned into a watered-down word processor, complete with a formatting toolbar and Markdown support. Users can even toggle between styled content and raw Markdown syntax. And while Microsoft is giving you the option to disable formatting or strip it all out, it's clear the direction of the app is changing.
The Internet

ISPs Ask Justice Department To Sue States Over Low-Income Broadband Mandates After Court Losses (arstechnica.com) 56

Major broadband lobby groups have asked the Trump administration to sue states that require internet service providers to offer low-cost plans to low-income residents, following their unsuccessful court challenges against such laws. The cable, telecom, and mobile industry associations filed the request this week with the Justice Department's new Anticompetitive Regulations Task Force, specifically targeting New York's law that mandates $15 and $20 monthly broadband options for eligible customers.

The industry groups suffered a significant legal defeat when the Supreme Court refused to hear their challenge to New York's affordability mandate in December 2024, after losing in federal appeals court. Now they face a potential wave of similar legislation, with California proposing $15 plans offering 100 Mbps speeds and ten other states considering comparable requirements.
Government

French MPs Vote To Scrap Low-Emission Zones (bbc.com) 229

sinij shares a report from the BBC: France's National Assembly has voted to abolish low-emission zones, a key measure introduced during President Emmanuel Macron's first term to reduce city pollution. So-called ZFEs (zones a faibles emissions) have been criticized for hitting those who cannot afford less-polluting vehicles the hardest. A handful of MPs from Macron's party joined opposition parties from the right and far right in voting 98-51 to scrap the zones, which have gradually been extended across French cities since 2019. [...]

The low-emission zones began with 15 of France's most polluted cities in 2019 and by the start of this year had been extended to every urban area with a population of more than 150,000, with a ban on cars registered before 1997. Those produced after 1997 need a round "Crit'Air" sticker to drive in low-emission zones, and there are six categories that correspond to various types of vehicle. The biggest restrictions have been applied in the most polluted cities, Paris and Lyon, as well as Montpellier and Grenoble.
The BBC notes that while the abolition is expected to pass France's Senate, it must still be included in a broader bill approved by the lower house in June and cleared by the Constitutional Council, which isn't guaranteed.
AI

Gemini Can Now Watch Google Drive Videos For You 36

Google's Gemini AI can now analyze and summarize video files stored in Google Drive, letting users ask questions about content like meeting takeaways or product updates without watching the footage. The Verge reports: The Gemini in Drive feature provides a familiar chatbot interface that can provide quick summaries describing the footage or pull specific information. For example, users can ask Gemini to list action items mentioned in recorded meetings or highlight the biggest updates and new products in an announcement video, saving time spent on manually combing through and taking notes.

The feature requires captions to be enabled for videos, and can be accessed using either Google Drive's overlay previewer or a new browser tab window. It's available in English for Google Workspace and Google One AI Premium users, and anyone who has previously purchased Gemini Business or Enterprise add-ons, though it may take a few weeks to fully roll out.
You can learn more about the update in Google's blog post.
China

China Summons Top Carmakers Over 'Zero-Mileage' Used Vehicles 62

An anonymous reader shares a report: China's Ministry of Commerce is meeting with some of the country's biggest automakers to discuss whether the industry is using a loophole to mask weakening sales. Reuters adds: It comes after Great Wall Motor's Chairman Wei Jianjun said in an interview with Sina Finance last week that a phenomenon called "secondhand cars with zero mileage" had emerged in the Chinese market as a result of the industry's years-long price war.

The phenomenon, he said, involved cars that had been registered and had licence plates -- marking them as sold -- but had never been driven being sold in the secondhand market. Wei said that at least 3,000 to 4,000 vendors on Chinese used car platforms were selling such cars. The source said the tactic was seen as a potential method within the industry for automakers and dealers to support new car sales as they try to meet aggressive sales targets.
AI

Researchers Warn Against Treating AI Outputs as Human-Like Reasoning 68

Arizona State University researchers are pushing back [PDF] against the widespread practice of describing AI language models' intermediate text generation as "reasoning" or "thinking," arguing this anthropomorphization creates dangerous misconceptions about how these systems actually work. The research team, led by Subbarao Kambhampati, examined recent "reasoning" models like DeepSeek's R1, which generate lengthy intermediate token sequences before providing final answers to complex problems. Though these models show improved performance and their intermediate outputs often resemble human scratch work, the researchers found little evidence that these tokens represent genuine reasoning processes.

Crucially, the analysis also revealed that models trained on incorrect or semantically meaningless intermediate traces can still maintain or even improve performance compared to those trained on correct reasoning steps. The researchers tested this by training models on deliberately corrupted algorithmic traces and found sustained improvements despite the semantic noise. The paper warns that treating these intermediate outputs as interpretable reasoning traces engenders false confidence in AI capabilities and may mislead both researchers and users about the systems' actual problem-solving mechanisms.

Slashdot Top Deals