"The San Francisco Giants are one of four teams in Major League Baseball this season offering fans a free shortcut through the gates into the ballpark," writes SFGate.

"The cost? Signing up for the league's 'facial authentication' software through its ticketing app." The Giants are using MLB's new Go-Ahead Entry program, which intends to cut down on wait times for fans entering games. The pitch is simple: Take a selfie through the MLB Ballpark app (which already has your tickets on it), upload the selfie and, once you're approved, breeze through the ticketing lines and into the ballpark. Fans will barely have to slow down at the entrance gate on their way to their seats...

The Philadelphia Phillies were MLB's test team for the technology in 2023. They're joined by the Giants, Nationals and Astros in 2024...

[Major League Baseball] says it won't be saving or storing pictures of faces in a database — and it clearly would really like you to not call this technology facial recognition. "This is not the type of facial recognition that's scanning a crowd and specifically looking for certain kinds of people," Karri Zaremba, a senior vice president at MLB, told ESPN. "It's facial authentication. ... That's the only way in which it's being utilized."
Privacy advocates "have pointed out that the creep of facial recognition technology may be something to be wary of," the article acknowledges. But it adds that using the technology is still completely optional.

And they also spoke to the San Francisco Giants' senior vice president of ticket sales, who gushed about the possibility of app users "walking into the ballpark without taking your phone out, or all four of us taking our phones out."

In Communication of the ACM, Google's VP of Education notes how calculators impacted math education — and wonders whether generative AI will have the same impact on CS education: Teachers had to find the right amount of long-hand arithmetic and mathematical problem solving for students to do, in order for them to have the "number sense" to be successful later in algebra and calculus. Too much focus on calculators diminished number sense. We have a similar situation in determining the 'code sense' required for students to be successful in this new realm of automated software engineering. It will take a few iterations to understand exactly what kind of praxis students need in this new era of LLMs to develop sufficient code sense, but now is the time to experiment."
Long-time Slashdot reader theodp notes it's not the first time the Google executive has had to consider "iterating" curriculum: The CACM article echoes earlier comments Google's Education VP made in a featured talk called The Future of Computational Thinking at last year's Blockly Summit. (Blockly is the Google technology that powers drag-and-drop coding IDE's used for K-12 CS education, including Scratch and Code.org). Envisioning a world where AI generates code and humans proofread it, Johnson explained: "One can imagine a future where these generative coding systems become so reliable, so capable, and so secure that the amount of time doing low-level coding really decreases for both students and for professionals. So, we see a shift with students to focus more on reading and understanding and assessing generated code and less about actually writing it. [...] I don't anticipate that the need for understanding code is going to go away entirely right away [...] I think there will still be at least in the near term a need to understand read and understand code so that you can assess the reliabilities, the correctness of generated code. So, I think in the near term there's still going to be a need for that." In the following Q&A, Johnson is caught by surprise when asked whether there will even be a need for Blockly at all in the AI-driven world as described — and the Google VP concedes there may not be.

AMD plans to document and open source its Micro Engine Scheduler (MES) firmware for GPUs, giving users more control over Radeon graphics cards. From a report: It's part of a larger effort AMD confirmed earlier this week about making its GPUs more open source at both a software level in respect to the ROCm stack for GPU programming and a hardware level. Details were scarce with this initial announcement, and the only concrete thing it introduced was a GitHub tracker.

However, yesterday AMD divulged more details, specifying that one of the things it would be making open source was the MES firmware for Radeon GPUs. AMD says it will be publishing documentation for MES around the end of May, and will then release the source code some time afterward. For one George Hotz and his startup, Tiny Corp, this is great news. Throughout March, Hotz had agitated for AMD to make MES open source in order to fix issues he was experiencing with his RX 7900 XTX-powered AI server box. He had talked several times to AMD representatives, and even the company's CEO, Lisa Su.

Matthew Connatser reports via The Register: An ASIC designed to display the infamous Rickroll meme is here, alongside 164 other assorted functions. The project is a product of Matthew Venn's Zero to ASIC Course, which offers prospective chip engineers the chance to "learn to design your own ASIC and get it fabricated." Since 2020, Zero to ASIC has accepted several designs that are incorporated into a single chip called a multi-project wafer (MPW), a cost-saving measure as making one chip for one design would be prohibitively expensive. Zero to ASIC has two series of chips: MPW and Tiny Tapeout. The MPW series usually includes just a handful of designs, such as the four on MPW8 submitted in January 2023. By contrast, the original Tiny Tapeout chip included 152 designs, and Tiny Tapeout 2 (which arrived last October) had 165, though could bumped up to 250. Of the 165 designs, one in particular may strike a chord: Design 145, or the Secret File, made by engineer and YouTuber Bitluni. His Secret File design for the Tiny Tapeout ASIC is designed to play a small part of Rick Astley's music video for Never Gonna Give You Up, also known as the Rickroll meme.

Bitluni was a late inclusion on the Tiny Tapeout 2 project, having been invited just three days before the submission deadline. He initially just made a persistence-of-vision controller, which was revised twice for a total of three designs. "At the end, I still had a few hours left, and I thought maybe I should also upload a meme project," Bitluni says in his video documenting his ASIC journey. His meme of choice was of course the Rickroll. One might even call it an Easter egg. However, given that there were 250 total plots for each design, there wasn't a ton of room for both the graphics processor and the file it was supposed to render, a short GIF of the music video. Ultimately, this had to be shrunk from 217 kilobytes to less than half a kilobyte, making its output look similar to games on the Atari 2600 from 1977. Accessing the Rickroll rendering processor and other designs isn't simple. Bitluni created a custom circuit board to mount the Tiny Tapeout 2 chip, creating a device that could then be plugged into a motherboard capable of selecting specific designs on the ASIC. Unfortunately for Bitluni, his first PCB had a design error on it that he had to correct, but the revised version worked and was able to display the Rickroll GIF in hardware via a VGA port.

After six months of work, DRM developer Maurice Heumann successfully cracked Hogwarts Legacy's Denuvo DRM protection system to learn more about the technology. According to Tom's Hardware, he's "left plenty of the details of his work vague so as not to promote illegal cracking." From the report: Heumann reveals in his blog post that Denuvo utilizes several different methods to ensure that Hogwarts Legacy is being run under appropriate (legal) conditions. First, the DRM creates a "fingerprint" of the game owner's system, and a Steam Ticket is used to prove game ownership. The Steam ticket is sent to the Steam servers to ensure the game was legitimately purchased. Heumann notes that he doesn't technically know what the Steam servers are doing but says this assumption should be accurate enough to understand how Denuvo works.

Once the Steam ticket is verified, a Denuovo Token is generated that only works on a PC with the exact fingerprint. This token is used to decrypt certain values when the game is running, enabling the system to run the game. In addition, the game will use the fingerprint to periodically verify security while the game is running, making Denuvo super difficult to hack.

After six months, Heumann was able to figure out how to hijack Hogwart Legacy's Denuvo fingerprint and use it to run the game on another machine. He used the Qiling reverse engineering framework to identify most of the fingerprint triggers, which took him two months. There was a third trigger that he says he only discovered by accident. By the end, he was able to hack most of the Denuvo DRM with ~2,000 of his own patches and hooks, and get the game running on his laptop using the token generated from his desktop PC. Heumann ran a bunch of tests to determine if performance was impacted, but he wasn't able to get a definitive answer. "He discovered that the amount of Denuvo code executed in-game is quite infrequent, with calls occurring once every few seconds, or during level loads," reports Tom's Hardware. "This suggests that Denuvo is not killing performance, contrary to popular belief."

The Document Foundation: Following a successful pilot project, the northern German federal state of Schleswig-Holstein has decided to move from Microsoft Windows and Microsoft Office to Linux and LibreOffice (and other free and open source software) on the 30,000 PCs used in the local government. As reported on the homepage of the Minister-President: "Independent, sustainable, secure: Schleswig-Holstein will be a digital pioneer region and the first German state to introduce a digitally sovereign IT workplace in its state administration. With a cabinet decision to introduce the open-source software LibreOffice as the standard office solution across the board, the government has given the go-ahead for the first step towards complete digital sovereignty in the state, with further steps to follow."

Google parent Alphabet has been talking to its advisers about the possibility of making an offer for HubSpot, an online marketing software company with a market value of $32 billion, Reuters reported Thursday, citing people familiar with the matter. From the report: If Alphabet moves ahead with an offer, it would be a rare example of a major technology company attempting a mega deal amid heightened regulatory scrutiny of the sector under U.S. President Joe Biden's administration.

The potential deal would also allow Alphabet to put some of its cash pile, which reached $110.9 billion as of the end of December, to work. Alphabet has met with Morgan Stanley investment bankers in recent days about a potential offer for HubSpot, the sources said. It has been discussing how much it should offer and whether antitrust regulators would clear such a tie-up, the sources added.

A new ChromeOS update (M123) is rolling out that brings keyboard shortcuts and mouse buttons and enables hotspot connections on cellular Chromebooks. The Verge reports: The keyboard shortcut feature will work like it does in other operating systems, in which you can assign specific actions to specific key combinations. Google uses the examples of tweaking shortcuts to be easier to carry out one-handed or making them resemble those you're used to in, say, macOS. The same goes for mouse button customizing -- if your mouse has extra buttons besides just left and right clicks, and you want to turn that weird side button into a mute button, you can do that in ChromeOS with this update.

The company also added per-app language preferences for Android apps that you're running in ChromeOS, and it says it has made its offline text-to-speech voices more natural-sounding. As is Google's way, these updates will be rolling out over the next few days.

Microsoft announced an extended support program for Windows 10 last year that would allow users to pay for continued security updates beyond the October 2025 end of support date. Today, the company has unveiled the pricing structure for that program, which starts at $61 per device, and doubles every year for three years. Windows Central: Security updates on Windows are important, as they keep you protected from any vulnerabilities that are discovered in the OS. Microsoft releases a security update for Windows 10 once a month, but that will stop when October 2025 rolls around. Users still on Windows 10 after that date will officially be out of support, unless you pay.

The extended support program for Windows 10 will let users pay for three years of additional security updates. This is handy for businesses and enterprise customers who aren't yet ready to upgrade their fleet of employee laptops and computers to Windows 11. For the first time, Microsoft is also allowing individual users at home to join the extended support program, which will let anyone running Windows 10 pay for extended updates beyond October 2025 for three years. The price is $61 per device, but that price doubles every year for three years. That means the second year will cost you $122 per device, and the third year will cost $244 per device.

An anonymous reader quotes a report from The Register: VMware by Broadcom will deliver a significant update to its flagship Cloud Foundation bundle in the middle of this year and follow it up with a major update early in 2025. Both releases will show off Broadcom's plan to make the package easier to implement and operate, and hopefully assuage customer concerns about price rises. More on that later. First, the updates. One release is currently scheduled to debut in July, according to Paul Turner, vice-president of product management and the leader of the VMware Cloud Foundation (VCF) team. The release will allow use of a single license key for all the components of Cloud Foundation, improve OAuth support as a step towards single sign-on across the VMware range, and add an NSX overlay that will allow implementation of software-defined networks without requiring IP address changes.

Turner explained those features as exemplifying the sort of simplification VMware by Broadcom thinks is needed to make Cloud Foundation easier to implement. A bigger release Turner hopes will debut in early 2025 -- though he would commit to only a H1 launch -- will be a "unified" release in which more of VCF is better integrated. Today, Turner admitted, VMware customers may have implemented vSphere and the Aria management suite, but might still need or choose discrete storage for each. Future VCF releases will increasingly unify the products so that silos aren't needed. Prashanth Shenoy, vice president for VMware by Broadcom's cloud platform, infrastructure, and solutions marketing, told The Register the release will be called VCF 9 and will represent "the fullest expression of Broadcom's vision for product integration." "When customers deploy VCF there are seams -- when they deploy networking and storage, they feel like they do not have a unified developer or operator experience," Shenoy admitted. VCF 9 will tidy that sort of thing up and make the process "seamless." Buyers can also expect improved log file analysis, the ability to acquire templates from a marketplace and adopt them as PaaS, and plenty more.

Turner and Shenoy told The Register that the two releases are hoped to make VCF adoption easier, and by doing so demonstrate the value of the bundle. Today, they argue, would-be hybrid cloud adopters using VCF are in reality integrating siloed products -- which doesn't prove the value of the vStack well. VCF 9's planned integrations, they argue, should demonstrate the power of the stack and the wisdom of Broadcom's decision to create a VMware unit dedicated to VCF. That team, they explained, means developers for each of the bundle's components work together on a unified experience, rather than to create their own product. It may also demonstrate the value of VMware by Broadcom's new licenses – which some users have complained are considerably more expensive now that subscriptions are required, and products are only sold in bundles. Sylvain Cazard, president of Broadcom Software for Asia-Pacific, told The Register that complaints about higher prices are unwarranted since customers using at least two components of VMware's flagship Cloud Foundation will end up paying less. He also noted that the new pricing includes support, which VMware didn't include previously.

Microsoft is currently testing a new AI-powered Xbox chatbot that can be used to automate support tasks. From a report: Sources familiar with Microsoft's plans tell The Verge that the software giant has been testing an "embodied AI character" that animates when responding to Xbox support queries. I understand this Xbox AI chatbot is part of a larger effort inside Microsoft to apply AI to its Xbox platform and services.

The Xbox AI chatbot is connected to Microsoft's support documents for the Xbox network and ecosystem, and can respond to questions and even process game refunds from Microsoft's support website. "This agent can help you with your Xbox support questions," reads a description of the Xbox chatbot internally at Microsoft. Microsoft expanded the testing pool for its Xbox chatbot more broadly in recent days, suggesting that this prototype "Xbox Support Virtual Agent" may one day handle support queries for all Xbox customers. Microsoft confirmed the existence of its chatbot to The Verge.

An anonymous reader shares a report: Echoing the past two years of Rust evangelism and C/C++ ennui, Google reports that Rust shines in production, to the point that its developers are twice as productive using the language compared to C++. Speaking at the Rust Nation UK Conference in London this week, Lars Bergstrom, director of engineering at Google, who works on Android Platform Tools & Libraries, described the web titan's experience migrating projects written in Go or C++ to the Rust programming language.

Bergstrom said that while Dropbox in 2016 and Figma in 2018 offered early accounts of rewriting code in memory-safe Rust - and doubts about productivity and the language have subsided - concerns have lingered about its reliability and security. "Even six months ago, this was a really tough conversation," he said. "I would go and I would talk to people and they would say, 'Wait, wait you have an `unsafe` keyword. That means we should all write C++ until the heat death of the Universe.'"

But there's been a shift in awareness across the software development ecosystem, Bergstrom argued, about the challenges of using non-memory safe languages. Such messaging is now coming from government authorities in the US and other nations who understand the role software plays in critical infrastructure. The reason is that the majority of security vulnerabilities in large codebases can be traced to memory security bugs. And since Rust code can largely if not totally avoid such problems when properly implemented, memory safety now looks a lot like a national security issue.

An anonymous reader quotes a report from Android Police, written by Dhruv Bhutani: As someone who is an early adopter of all things smart and has invested a significant amount of money in building a fancy smart home, it saddens me to say that I feel cheated by the thousands of dollars I've spent on smart devices. And it's not a one-off. Amazon's recent move to block off local ADB connections on Fire TV devices is the latest example in a long line of grievances. A brand busy wrestling away control from the consumer after they've bought the product, the software update gimps a feature that has been present on the hardware ever since it launched back in 2014. ADB-based commands let users take deep control of the hardware, and in the case of the Fire TV hardware, it can drastically improve the user experience. [...] A few years ago, I decided to invest in the NVIDIA Shield. The premium streamer was marketed as a utopia for streaming online and offline sources with the ability to plug in hard drives, connect to NAS drives, and more. At launch, it did precisely that while presenting a beautiful, clean interface that was a joy to interact with. However, subsequent updates have converted what was otherwise a clean and elegant solution to an ad-infested overlay that I zoom past to jump into my streaming app of choice. This problem isn't restricted to just the Shield. Even my Google TV running Chromecast has a home screen that's more of an advertising space for Google than an easy way to get to my content.

But why stop at streaming boxes? Google's Nest Hubs are equal victims of feature deterioration. I've spent hundreds of dollars on Nest Hubs and outfitted them in most of my rooms and washrooms. However, Google's consistent degradation of the user experience means I use these speakers for little more than casting music from the Spotify app. The voice recognition barely works on the best of days, and when it does, the answers tend to be wildly inconsistent. It wasn't always the case. In fact, at launch, Google's Nest speakers were some of the best smart home interfaces you could buy. You'd imagine that the experience would only improve from there. That's decidedly not the case. I had high hopes that the Fuchsia update would fix the broken command detection, but that's also not the case. And good luck to you if you decided to invest in Google Assistant-compatible displays. Google's announcement that it would no longer issue software or security updates to third-party displays like the excellent Lenovo Smart Display, right after killing the built-in web browser, is pretty wild. It boggles my mind that a company can get away with such behavior.

Now imagine the plight of Nest Secure owners. A home security system isn't something one expects to switch out for many many years. And yet, Google decided to kill the Nest Secure home monitoring solution merely three years after launching the product range. While I made an initial investment in the Nest ecosystem, I've since switched over to a completely local solution that is entirely under my control, stores data locally, and won't be going out of action because of bad decision-making by another company. "It's clear to me that smart home devices, as they stand, are proving to be very poor investments for consumers," Bhutani writes in closing. "Suffice it to say that I've paused any future investments in smart devices, and I'll be taking a long and hard look at a company's treatment of its current portfolio before splurging out more cash. I'd recommend you do the same."

New documents from a class action against Meta "reveal some of the specific ways it tackled rivals in recent years," reports the Observer.

"One of them was using software made by a mobile data analytics company called Onavo in 2016 to access user activities on Snapchat, and eventually Amazon and YouTube, too." Facebook acquired Onavo in 2013 and shut it down in 2019 after a TechCrunch report revealed that the company was paying teenagers to use the software to collect user data.

In 2020, two Facebook users filed a class action lawsuit in the U.S. District Court for the Northern District of California against Meta, then called Facebook, alleging the company engaged in anticompetitive practices and exploited user data. In 2023, the plaintiffs' attorney Brian J. Dunne submitted documents listing how Facebook used Onavo's software to spy on competitors, including Snapchat. According to the documents, made public this week, the Onavo team pitched and launched a project codenamed "Ghostbusters" — in reference to the Snapchat logo — where they developed "kits that can be installed on iOS or Android that intercept traffic for specific sub-domains," allowing them "to read what would otherwise be encrypted traffic so we can measure in-app usage."

The documents also included a presentation from the Onavo team to Mark Zuckerberg showing that they had the ability to track "detailed in-app activity" by "parsing Snapchat analytics collected from incentivized participants in Onavo's program...." The technology was used to do the same to YouTube from 2017 to 2018 and Amazon in 2018, according to the documents. "The intended and actual result of this program was to harm competition, including Facebook's then-nascent Social Advertising competitor Snapchat," the document alleged.

404 Media claims to have identified "the fundamental flaw with the age verification bills and laws" that have already passed in eight state legislatures (with two more taking effect in July): "the delusional, unfounded belief that putting hurdles between people and pornography is going to actually prevent them from viewing porn."

They argue that age verification laws "drag us back to the dark ages of the internet." Slashdot reader samleecole shared this excerpt: What will happen, and is already happening, is that people — including minors — will go to unmoderated, actively harmful alternatives that don't require handing over a government-issued ID to see people have sex. Meanwhile, performers and companies that are trying to do the right thing will suffer....

The legislators passing these bills are doing so under the guise of protecting children, but what's actually happening is a widespread rewiring of the scaffolding of the internet. They ignore long-established legal precedent that has said for years that age verification is unconstitutional, eventually and inevitably reducing everything we see online without impossible privacy hurdles and compromises to that which is not "harmful to minors." The people who live in these states, including the minors the law is allegedly trying to protect, are worse off because of it. So is the rest of the internet.
Yet new legislation is advancing in Kentucky and Nebraska, while the state of Kansas just passed a law which even requires age-verification for viewing "acts of homosexuality," according to a report: Websites can be fined up to $10,000 for each instance a minor accesses their content, and parents are allowed to sue for damages of at least $50,000. This means that the state can "require age verification to access LGBTQ content," according to attorney Alejandra Caraballo, who said on Threads that "Kansas residents may soon need their state IDs" to access material that simply "depicts LGBTQ people."
One newspaper opinion piece argues there's an easier solution: don't buy your children a smartphone: Or we could purchase any of the various software packages that block social media and obscene content from their devices. Or we could allow them to use social media, but limit their screen time. Or we could educate them about the issues that social media causes and simply trust them to make good choices. All of these options would have been denied to us if we lived in a state that passed a strict age verification law. Not only do age verification laws reduce parental freedom, but they also create myriad privacy risks. Requiring platforms to collect government IDs and face scans opens the door to potential exploitation by hackers and enemy governments. The very information intended to protect children could end up in the wrong hands, compromising the privacy and security of millions of users...

Ultimately, age verification laws are a misguided attempt to address the complex issue of underage social media use. Instead of placing undue burdens on users and limiting parental liberty, lawmakers should look for alternative strategies that respect privacy rights while promoting online safety.
This week a trade association for the adult entertainment industry announced plans to petition America's Supreme Court to intervene.

"Several big businesses have published source code that incorporates a software package previously hallucinated by generative AI," the Register reported Thursday

"Not only that but someone, having spotted this reoccurring hallucination, had turned that made-up dependency into a real one, which was subsequently downloaded and installed thousands of times by developers as a result of the AI's bad advice, we've learned." If the package was laced with actual malware, rather than being a benign test, the results could have been disastrous.

According to Bar Lanyado, security researcher at Lasso Security, one of the businesses fooled by AI into incorporating the package is Alibaba, which at the time of writing still includes a pip command to download the Python package huggingface-cli in its GraphTranslator installation instructions. There is a legit huggingface-cli, installed using pip install -U "huggingface_hub[cli]". But the huggingface-cli distributed via the Python Package Index (PyPI) and required by Alibaba's GraphTranslator — installed using pip install huggingface-cli — is fake, imagined by AI and turned real by Lanyado as an experiment.

He created huggingface-cli in December after seeing it repeatedly hallucinated by generative AI; by February this year, Alibaba was referring to it in GraphTranslator's README instructions rather than the real Hugging Face CLI tool... huggingface-cli received more than 15,000 authentic downloads in the three months it has been available... "In addition, we conducted a search on GitHub to determine whether this package was utilized within other companies' repositories," Lanyado said in the write-up for his experiment. "Our findings revealed that several large companies either use or recommend this package in their repositories...."

Lanyado also said that there was a Hugging Face-owned project that incorporated the fake huggingface-cli, but that was removed after he alerted the biz.
"With GPT-4, 24.2 percent of question responses produced hallucinated packages, of which 19.6 percent were repetitive, according to Lanyado..."

Thanks to long-time Slashdot reader schneidafunk for sharing the article.

The Record reports: Ross Anderson, a professor of security engineering at the University of Cambridge who is widely recognized for his contributions to computing, passed away at home on Thursday according to friends and colleagues who have been in touch with his family and the University.

Anderson, who also taught at Edinburgh University, was one of the most respected academic engineers and computer scientists of his generation. His research included machine learning, cryptographic protocols, hardware reverse engineering and breaking ciphers, among other topics. His public achievements include, but are by no means limited to, being awarded the British Computer Society's Lovelace Medal in 2015, and publishing several editions of the Security Engineering textbook.
Anderson's security research made headlines throughout his career, with his name appearing in over a dozen Slashdot stories...

• 2023: Researchers Warn of 'Model Collapse' As AI Trains On AI-Generated Content

• 2021: 'Trojan Source' Bug Threatens the Security of All Code

• 2015: Factory Reset On Millions of Android Devices Doesn't Wipe Storage

• 2012: UK Web Snooping Plan Invades Privacy, Despite Claims To the Contrary

• 2010: Why "Verified By Visa" System Is Insecure

• 2008: Researchers Expose New Credit Card Fraud Risk

• 2006: "Security Engineering" Is Now Online. [The link from that 2006 post still works. Slashdot called Anderson's book "arguably the best information security book ever written" in one of two reviews, published in 2002 and 2010.]

• 2002:Security of Open vs. Closed Source Software.

• 2002: Analyzing Palladium

My favorite story? UK Banks Attempt To Censor Academic Publication.

"Cambridge University has resisted the demands and has sent a response to the bankers explaining why they will keep the page online..."

An anonymous reader shares a report: Mutterings of alarm are emerging from the cloisters of Red Hat after the world's largest management consultancy was hired to help the IBM subsidiary focus engineers on their highest-value work. Red Hat confirmed the partnership with McKinsey & Company to The Reg, sharing this extract from an email from CTO Chris Wright to the Global Engineering Team:

"Hey everyone -- as I mentioned during the recent Q1 All Hands, my goal is to have Global Engineering recognized as the world's greatest open-source software engineering organization. This team is already doing amazing work, and we have several initiatives in progress to help us achieve the goal I've set. One of those is a partnership with McKinsey. The objective of this project is to help us understand and incorporate learnings on working models, development practices, and tooling from across the software industry.

"We've heard your feedback in person, during All Hands, and through RHAS [the annual Red Hat Associate Survey]. This project will help us to identify and remove mundane tasks that drain your energy so that you can focus on the most engaging and highest value work â" to make your job better. The work with McKinsey is one piece of the overall plan to help us become the world's greatest open-source software engineering organization"

An anonymous reader quotes a report from GamingOnLinux: After repeatedly suffering issues with scam apps making it onto the Snap Store, Canonical maker of Ubuntu Linux have now decided to manually look over submissions. I've covered the issues with the Snap Store a few times now like on March 19th when ten scam crypto apps appeared, got taken down and then reappeared under a different publisher. Also earlier back in February there was an issue where a user actually lost their wallet as a result of a fake app. Multiple fake apps were also put up back in October last year as well, so it was a repeating issue that really needed dealing with properly.

So to try and do something about it, Canonical's Holly Hall has posted on their Discourse forum about how "The Store team and other engineering teams within Canonical have been continuously monitoring new snaps that are being registered, to detect potentially malicious actors" and that they will now do manual reviews whenever people try to register "a new snap name." On top of that soon they will also be releasing a new policy regarding "crypto-wallet and other sensitive snaps" with "guidelines for how to publish such a snap." Currently all of this is not supposed to be long-term, as it's an evolving situation.

Lyle Smith reports via StorageReview.com: Proxmox has introduced a new import wizard for Proxmox Virtual Environment (VE), aiming to simplify the migration process for importing VMware ESXi VMs. This new feature comes at an important time in the industry, as it aims to ease the transition for these organizations looking to move away from VMware's vSphere due to high renewal costs.

The new import wizard is integrated into Proxmox VE's existing storage plugin system, allowing for direct integration into the platform's API and web-based user interface. It offers users the ability to import VMware ESXi VMs in their entirety, translating most of the original VM's configuration settings to Proxmox VE's configuration model (all while minimizing downtime). Currently, the import wizard is in a technical preview state, having been added during the Proxmox VE 8.2 development cycle. Although it is still under active development, early reports suggest the wizard is stable and holds considerable promise for future enhancements, including the planned addition of support for other import sources like OVF/OVA files. [...]

This tool represents Proxmox's commitment to providing accessible, open-source virtualization solutions. By leveraging the official ESXi API and implementing a user space filesystem with optimized read-ahead caching in Rust (a safe, fast, and modern programming language ideal for system-level tasks), Proxmox aims to ensure that this new feature can be integrated smoothly into its broader ecosystem.