Normal view

Received before yesterday

Supply-chain attacks on open source software are getting out of hand

✇Ars Technica
By:Dan Goodin
25 July 2025 at 15:50

It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users.

The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware and were downloaded by roughly 5,000 users before the supply-chain attack was detected. The packages have since been removed. This was the third supply-chain attack Socket has observed on npm in the past week.

Poisoning the well

The hackers behind the attack pulled it off by first compromising Toptal’s GitHub Organization and from there using that access to publish the malicious packages on npm.

Read full article

Comments

© CHUYN / Getty Images

CoSyn: The open-source tool that’s making GPT-4V-level vision AI accessible to everyone

✇VentureBeat
By:Michael Nuñez
25 July 2025 at 20:05
Researchers at the University of Pennsylvania and the Allen Institute for Artificial Intelligence have developed a groundbreaking tool that allows open-source AI systems to match or surpass the visual understanding capabilities of proprietary models like GPT-4V and Gemini 1.5 Flash, potentially reshaping the competitive landscape between open and c…Read More

White House unveils sweeping plan to “win” global AI race through deregulation

✇Ars Technica
By:Benj Edwards
24 July 2025 at 14:37

On Wednesday, the White House released "Winning the Race: America's AI Action Plan," a 25-page document that outlines the Trump administration's strategy to "maintain unquestioned and unchallenged global technological dominance" in AI through deregulation, infrastructure investment, and international partnerships. But critics are already taking aim at the plan, saying it's doing Big Tech a big favor.

Assistant to the President for Science and Technology Michael Kratsios and Special Advisor for AI and Crypto David Sacks crafted the plan, which frames AI development as a race the US must win against global competitors, particularly China.

The document describes AI as the catalyst for "an industrial revolution, an information revolution, and a renaissance—all at once." It calls for removing regulatory barriers that the administration says hamper private sector innovation. The plan explicitly reverses several Biden-era policies, including Executive Order 14110 on AI model safety measures, which President Trump rescinded on his first day in office during his second term.

Read full article

Comments

© Joe Daniel Price | Getty Images

Scientists once hoarded pre-nuclear steel; now we’re hoarding pre-AI content

✇Ars Technica
By:Benj Edwards
18 June 2025 at 11:15

Former Cloudflare executive John Graham-Cumming recently announced that he launched a website, lowbackgroundsteel.ai, that treats pre-AI, human-created content like a precious commodity—a time capsule of organic creative expression from a time before machines joined the conversation. "The idea is to point to sources of text, images and video that were created prior to the explosion of AI-generated content," Graham-Cumming wrote on his blog last week. The reason? To preserve what made non-AI media uniquely human.

The archive name comes from a scientific phenomenon from the Cold War era. After nuclear weapons testing began in 1945, atmospheric radiation contaminated new steel production worldwide. For decades, scientists needing radiation-free metal for sensitive instruments had to salvage steel from pre-war shipwrecks. Scientists called this steel "low-background steel." Graham-Cumming sees a parallel with today's web, where AI-generated content increasingly mingles with human-created material and contaminates it.

With the advent of generative AI models like ChatGPT and Stable Diffusion in 2022, it has become far more difficult for researchers to ensure that media found on the Internet was created by humans without using AI tools. ChatGPT in particular triggered an avalanche of AI-generated text across the web, forcing at least one research project to shut down entirely.

Read full article

Comments

© National Nuclear Security Administration/Public domain

Engineer creates first custom motherboard for 1990s PlayStation console

✇Ars Technica
By:Benj Edwards
12 June 2025 at 18:51

Last week, electronics engineer Lorentio Brodesco announced the completion of a mock-up for nsOne, reportedly the first custom PlayStation 1 motherboard created outside of Sony in the console's 30-year history. The fully functional board accepts original PlayStation 1 chips and fits directly into the original console case, marking a milestone in reverse-engineering for the classic console released in 1994.

Brodesco's motherboard isn't an emulator or FPGA-based re-creation—it's a genuine circuit board designed to work with authentic PlayStation 1 components, including the CPU, GPU, SPU, RAM, oscillators, and voltage regulators. The board represents over a year of reverse-engineering work that began in March 2024 when Brodesco discovered incomplete documentation while repairing a PlayStation 1.

"This isn't an emulator. It's not an FPGA. It's not a modern replica," Brodesco wrote in a Reddit post about the project. "It's a real motherboard, compatible with the original PS1 chips."

Read full article

Comments

© So-CoAddict via Getty Images

Backstage access: Spotify’s dev tools side-hustle is growing legs

✇TechCrunch
By:Paul Sawers
4 May 2025 at 14:00
Spotify generates the vast bulk of its income from ads and subscriptions, but for the past few years the music-streaming giant has also been quietly building out a developer tooling business. Backstage, a project it open-sourced in 2020, has been adopted by more than 2 million developers across 3,400 organizations, including Airbnb, LinkedIn, Twilio, and […]
❌