SlashdotNews for nerds, stuff that matters
Jun 21st 2026, 15:34 by EditorDavid
While the Rust Foundation has a Security Initiative to protect its ecosystem, "the threats have expanded," they announced this week, "and so has the kind of help maintainers need." Much of this comes back to a single shift: Automated tooling (much of it now built on large language models) has gotten good enough to surface real vulnerabilities in open source code quickly and at scale. That is useful, and several large Rust projects have already received and fixed credible issues found this way. The same tooling has also made it trivial to generate vulnerability reports that look plausible and are worthless. Maintainers across the ecosystem are losing real hours sorting these from the reports that matter, and the noise tends to bury the signal. So, with funding from the Alpha-Omega Project, the Rust Foundation is bringing on a full-time AI Security Engineer in Residence dedicated to the Rust ecosystem. This position is being funded with part of the $12.5M in open source security funding that the Linux Foundation announced in March. The role exists to take pressure off maintainers. The person in this position will use a mix of human-led and AI-assisted methods to proactively review Rust itself and the crates the ecosystem leans on most and help us separate real, exploitable issues from false positives and low-signal noise before anything reaches a maintainer... This role will run full-time for six months to start, with room to extend depending on what we learn and the funding available. Methods, playbooks, and prompts will be documented so the work doesn't end with the contract. We are grateful that Rust is not embarking on this work in isolation. Several other ecosystems have received parallel Alpha-Omega grants for the same kind of work (e.g., the PHP Foundation and the Drupal Association) and we plan to share tooling, triage practices, and what we learn rather than duplicating work A statement from Rust's new AI Security Engineer in Residence acknowledges that "One of our next challenges is the wave of bugs discovered by the next generation of AI-powered developer tools."
 
Read more of this story at Slashdot.
Jun 21st 2026, 14:34 by EditorDavid
This week the Ubuntu desktop's director of engineering announced they're bringing speech-to-text dictation to Ubuntu Desktop, aiming for an experience "that feels like a natural part of the desktop while respecting user privacy and running entirely on local hardware." "Speech recognition has become a common feature on modern platforms, and we think it should be a first-class experience on Ubuntu Desktop as well." More details from the blog It's FOSS: For Ubuntu 26.10, the initial version of Myna is expected to be a desktop dictation tool built around GNOME on Wayland with a push-to-talk mechanism gatekeeping when your microphone accepts input. Using it means holding a hotkey, speaking, and letting go. A small activity indicator shows while it is listening, and the transcribed text lands wherever the cursor was sitting when dictation started. Recognition itself happens inside a sandboxed component called the Canonical Inference Snap, while a Speech Orchestrator manages the session and an Audio Adapter handles whatever the microphone picks up, denoising and chunking it before it ever reaches the model... Speech recognition will happen locally, and an internet connection is not needed once the appropriate model is installed... The audio data won't be sticking around either, being stored in a small in-memory buffer that gets discarded the moment the session ends. Features like dictation into password fields, wake words, continuous listening, voice assistants, voice commands, translation, speaker identification, and automatic language detection are all off the table... You should also know that Canonical is looking for feedback before the specs for Myna are finalized, especially from people who already rely on dictation or assistive tools on Linux.
Read more of this story at Slashdot.
Jun 21st 2026, 11:34 by EditorDavid
"A grassroots movement is forming among everyday tech workers who are demanding their companies develop and deploy AI responsibly," reports TechCrunch. Hoping to leverage that discontent is a new super PAC called the Guardrails Alliance. The New York Times reports that it launched Thursday with backers that included tech employees and labor unions: Guardrails positions itself as a populist political movement that runs on small donations from people in the trenches of the AI boom. The PAC has about $5 million at its disposal today and planGuardrails will buy ads to support Alex Bores, a New York congressional candidate who became Leading the Future's first target and is running in the primaries next week. s to raise $15 million this cycle — small potatoes compared to deep-pocketed adversaries like Leading the Future, which has more than $100 million from tech leaders like OpenAI president Greg Brockman... "This is not about matching [Leading the Future] dollar for dollar," [said the super PAC's co-founder, political operative Shaunna Thomas]. "What this vehicle is meant to do is be a political home for people who are concerned about the way the anti-regulation AI tech sector is trying to manipulate elections." Meanwhile a former Netflix and Warner Bros. executive has launched the Alliance for Responsible Innovation in the Arts & Media, reports Variety, calling it an AI-focused content coalition that says it's dedicated to supporting "responsible and sustainable AI innovation and the importance of human creativity." The initial members of the coalition, announced Monday, include Disney, the New York Times, Adobe, Condé Nast, the Financial Times, ITV, Advance, BBC, Cambridge University Press & Assessment, U.K. publisher Reach and Wiley. Many of the coalition's members have either struck deals with AI companies or are developing their own AI tools... The group plans to argue for legal and policy guardrails around AI's usage, with its funding directed towards analyses, tools and services focused on advancing those initiatives... One of the group's launch advisers is Damian Collins, OBE, who previously served as the U.K. Parliamentary Under-Secretary of State in the Department for Science, Innovation and Technology under prime ministers Boris Johnson and Liz Truss. "Using AI to break the law can never be an acceptable excuse," he said in a statement. "Laws around personal safety, intellectual property and financial crime still apply in the age of AI. This is why ARIAM has been created and why I'm proud to working with this necessary initiative."
Read more of this story at Slashdot.
Jun 21st 2026, 07:34 by EditorDavid
An anonymous reader shared this report from the Associated Press: Officials in Kansas City, Missouri, are preparing to equip cameras on some public buses with facial recognition software capable of identifying passengers who appear on a list of banned riders or missing persons. Supporters and opponents alike view the effort as a major litmus test for tapping the AI-powered software on a U.S. public transportation system, positioning Kansas City as the latest epicenter of a fierce debate over whether the safety benefits of artificial intelligence are worth the privacy costs. "The idea of running face recognition on a camera that is pointed on live spaces in public is a line that until recently has never really been crossed in the last 25 years," said Jay Stanley, senior policy analyst for the Project on Speech, Privacy and Technology at the American Civil Liberties Union. The state of Missouri declined to help fund the project as expected due to concerns with the facial recognition component. Still, the city is pushing ahead with local and federal money, said Tyler Means, chief mobility and strategy officer at the Kansas City Transportation Authority. "Privacy is always a tricky thing," Means said. "We've always had cameras on our buses. It's just new technology. I think in time it'll smooth over and people will realize, 'Well, it didn't really feel any different'...." Images captured by cameras aboard the buses would immediately be checked against any active alerts, generated when a missing person, banned rider or someone on a law enforcement watch list designated by the transportation authority is identified... After the buses return to the depot, the transportation authority would archive the regular video footage on a local server for up to five years. The company partnering with Kansas City to run the cameras "started using live facial recognition years ago to alert nursing homes when residents left the building," according to the article, and then "brought the technology to correctional institutions and schools." But this is its first attempt at bringing its cameras onto public transportation. The article also includes this quote from Will Owen, communications director for the Surveillance Technology Oversight Project. "City residents should not be guinea pigs for transit systems to test Silicon Valley's latest unproven, biased surveillance tech."
Read more of this story at Slashdot.
Jun 21st 2026, 04:34 by EditorDavid
In January a college student posted a video showing him winning $100,000 on Polymarket — one of 145 that appeared to show bets adding up to almost $410,000, reports the Wall Street Journal. "But none of those bets were real." Instead its creator was "one of dozens of mostly college-age creators Polymarket paid to film themselves making fake trades and sometimes scoring fake wins," the Journal reports, citing interviews with the creators an an analysis of more than 1,100 of their videos: Polymarket built near-perfect copies of its website, then instructed creators to make simulated trades on those dummy sites and hide that they were being paid by Polymarket. To get the videos to go viral, Polymarket has recruited a social-media army to copy and re-post creators' footage. Though the New York-based company has been banned from offering its primary crypto platform in the U.S. since 2022, the social-media creators are paid to specifically target U.S. users, who can still access the site with a virtual private network... Polymarket hired and worked closely with a marketing contractor to promote the site. In a message reviewed by the Journal, that contractor told its social-media army to repost content made by 10 Polymarket creators in particular... These creators didn't initially identify themselves as paid by Polymarket, although one offered a $20 bonus code in his social-media bio... The company instructed creators not to disclose they are paid, according to creators who have worked with the company. They said the pay often added up to $2,000 to $3,000 a month... A handful of videos the Journal reviewed also contained short glimpses of URLs indicating the sites were test environments for Polymarket engineers... Creators said they send the finished videos to Polymarket for review. If a video isn't engaging enough, or if it bears obvious signs of being faked, Polymarket will ask for the videos to be reshot, the creators said... Polymarket sends creators bullet-point guidance on what to say, according to creators who have worked with the company and a recruiting website... Polymarket's viral clipping campaign racked up more than 140 million views on TikTok, YouTube and Instagram, according to the analytics provider Tubular... Internal materials show that Polymarket and Virality promote videos showing how easy it is to conduct insider trades on the platform. Polymarket has paid clippers to promote at least 19 videos discussing opportunities to use inside information or other tactics to manipulate markets. America's advertising laws "require people who are paid to endorse a product to disclose their ties," the article notes, "although there is some gray area about what's permitted." (After the Journal's investigation, the creators started adding "@polymarket partner" to their bios, the article points out._ And when asked for a comment, Polymarket "said it plans to conduct a comprehensive audit of active promotional content."
Read more of this story at Slashdot.
You are receiving this email because you subscribed to this feed at blogtrottr.com. By using Blogtrottr, you agree to our terms. If you no longer wish to receive these emails, you can unsubscribe from this feed, edit this subscription, or manage all your subscriptions. |
Comments
Post a Comment