“In the last six months, we’ve seen a lot more commits,” Torvalds noted, estimating that “the last two releases, it’s been about 20% more commits than we had in the previous releases over many years.... The real change that happened in the last six months was that the AI tools actually got good enough for a lot of people… we’re seeing a definite uptick in just development on pretty much all fronts....”

On the positive side, he framed AI-discovered bugs as “short-term pain” with long-term benefits: “When AI finds a bug in any source code… long term is you found a bug, we fixed it, that the end result is better for it.” After all, he continued, “I think finding bugs is great, because the real problem is all the bugs you didn’t find…” For small teams or solo maintainers, he said, flood-style AI bug reports can cause real burnout, especially when “it’s a bug report, and when you ask for more information, the person has done a drive-by and doesn’t even answer your questions anymore.”

The chief challenge with AI is that it forces people to change how they work, he found. People get into a rut, and AI challenges their norm. The Linux security mailing list got the brunt of this new wave of AI-generated commits. Not all bugs are security issues, but when “people think that when they find a bug with AI, the first reaction seems to sometimes be let’s send it to the security list, because this may have security implications,” Torvalds said. As a result, the security list — watched over by a small group of maintainers — was overrun by duplicate entries…

The Linux project learned to manage the bug influx with a set number of tools to sort out and deprioritize the obvious drive-by reports (ones where the person submitting the report won’t even answer any questions). One tool, Sashiko, reviews all the patches submitted on the mailing list. “Sometimes the review is not great, but quite often it finds issues and it asks questions and says, ‘Hey, what about this issue?’" he said.

A proposal to make daylight saving time permanent has advanced in the House, reigniting an age-old American debate around the twice-annual clock changes. And this time, the proposal has the president’s backing. President Donald Trump said Thursday that he will work “very hard” to sign the so-called Sunshine Protection Act into law after the House Energy and Commerce Committee overwhelmingly approved the bill by a 48-1 vote.

The bill still needs to pass the full U.S. House, and then the U.S. Senate would consider taking up the measure.

AMD has announced a change to the way they are licensing Vivado, their FPGA development tool… Hidden between the lines of the announcement [of a new model starting with the 2026.1 release] is the change to the free of charge tier. AMD is adding more devices to be supported in this tier, which is supposedly the carrot. The stick, however, is the removal of certain debug features.

The thing that’s likely to hit the hobbist community the worst, however, is that the free tier will now not be available on Linux.

AMD are saying that old licenses are still in effect, so it appears that if you hurry to install Vivado now, you’d still be able to use it moving forward. It is not clear, however, whether it’ll still be possible to install Vivado 2025.2 after Vivado 2026.1 becomes available.

In the technology industry, where Meta and other companies are regularly announcing job cuts, the layoff picture is complex. There has been a marked increase in layoffs in recent months in what the Labor Department calls the information industry, which includes employment of software developers and other tech workers. But Matthew Martin, senior U.S. economist at the research and consulting firm Oxford Economics, noted that hiring has also increased in that category, which includes media and entertainment. The combination of hiring minus layoffs in the information industry is effectively a wash, Martin said. Layoffs at Big Tech companies like Meta and other high-profile employers don’t necessarily reflect what is happening in the country, Martin said, and draw far more attention than what may be slow and steady workforce growth. “There’s a lot more headlines about job cuts than there are [about] expansion plans by businesses,” he said.

In his view, technology companies may be pushing out some workers and replacing them with people who have different skills as they respond to the demands of AI. It’s true that businesses in some industries are devoting enormous sums of money and attention to AI. It’s changing how some people work and a minority of American businesses are rolling out AI tools. But it’s also become a trend for bosses to blame layoffs on the productive capabilities of AI and its ability to replace workers, even when job cuts may have little to do with the technology. Sam Altman, CEO of ChatGPT-maker OpenAI, has taken note of the pattern that he and others call “AI washing,” essentially a high-tech form of whitewashing… “You know something is happening all the time when they have a word for it,” said Gautam Mukunda, who teaches leadership at the Yale School of Management…

AI-related employment changes are tiny so far, said Nathan Goldschlag, director of research at the Economic Innovation Group, a Washington think tank. He pointed to a recently published analysis of Census Bureau surveys, which found more than 95 percent of businesses that use AI said it hasn’t changed their staff sizes — and AI-related employment increases were more common than decreases.

Air France and Airbus have been found guilty of manslaughter over a 2009 plane crash which killed 228 people. The Paris Appeals Court found the airline and aircraft manufacturer “solely and entirely responsible” for the incident, in which flight AF447 from Rio de Janeiro to Paris crashed into the Atlantic Ocean. The passenger jet stalled during a storm and plunged into the water, killing all on board. A court had previously cleared the companies in April 2023, but they were found guilty on Thursday after an eight-week trial.

Both have repeatedly denied the charges and say they will appeal… The companies have been asked to pay the maximum fine — €225,000 ($261,720; £194,500) each — but some victims’ families have criticised the amount as a token penalty…

In 2012, French investigators found a combination of technical failure involving ice in the plane’s sensors and the pilots’ inability to react to the aircraft stalling led to it plunging into the sea. The captain was on a break when the co-pilots became confused by faulty air-speed readings. They then mistakenly pointed the nose of the plane upwards when it stalled, instead of down. Investigators concluded the co-pilots did not have the training to deal with the situation. Pilot training has since been improved and the speed sensors replaced.

The FSF invited free software supporters to organize in-person community meetups in their area during May 2026, or LibreLocal month, to bring people together to swap ideas, learn from each other, and celebrate free software. People were encouraged to organize events grounded in freedom to help spread the free software philosophy.... “The success of these LibreLocals speaks to how many people globally are interested in free software and ready to build community, and it demonstrates the strength of our movement” [said FSF executive director Zoë Kooyman]. “People getting together like this also proves how computer freedom and digital rights are on people’s minds. When we reject freedom-restricting software and promote software that respects user rights, it helps further so many other basic rights....”

The FSF has financially supported some of the events, but notes organizers are going above and beyond to create noteworthy events by any measure, and is impressed with the global network taking shape. “The energy we feel from all organizers is extremely motivating and we look forward to seeing LibreLocal events spread even wider over the next years! We want to support these initiatives even more, so we’ll be looking to build a network of sponsors for future iterations as we work towards May 2027,” says Heshan de Silva-Weeramuni, FSF program manager… William Goodspeed, the organizer behind the Beijing LibreLocal, reported that their meetup was double the size of last year’s, and a number of very rich collaborative projects have emerged among the attendees.

Discussing the value of connecting people, de Silva-Weeramuni notes: “Free software supporters know that connecting with each other leads them to learn, experiment, and create great things that protect our individual and shared rights. The extraordinary contributions that free software has made to the world were born through such collaborations between like-minded people towards a freer society. This same global spirit of collectively building a better future is one of the inspiring things that we have once again seen unfold through this year’s many LibreLocals.”

Earlier this week, Google rolled out a completely new Search experience, foregrounding AI summaries and kicking the traditional “10 blue links” far down the page. But the sheer scale of Google Search means there are lots of edge cases that the company doesn’t seem to have considered…

Google has been catching some flack on social media for this, and it’s easy to see why… For most users, that single reply is the only thing you’ll see. And crucially, the AI response serves no conceivable value to a user searching the word “disregard.” It’s just a broken tool.

Researchers’ new list of seven plausible carbon pollution scenarios for the future are pushing aside two staples of climate policy: the extremes on either end. The extremes have become less probable in the past several years because of how we power our world. Carbon dioxide, released from the burning of gas, oil and coal, is chiefly responsible for warming. Increasing use of green energies, like solar, wind and geothermal, which don’t emit carbon dioxide, have lowered top end carbon pollution projections. However, because those changes haven’t been fast enough, the bottom end projections have risen.

The Paris climate agreement in 2015 set a goal of limiting warming to 1.5 degrees Celsius (2.7 degrees Fahrenheit) since pre-industrial times, or the mid-1800s, giving rise to the mantra "1.5 to stay alive,” but now scientists say that even their best case scenario still shoots past that signature temperature mark. On the other end, those same new scenarios no longer include the coal-heavy future that would lead to 4.5 degrees Celsius (8.1 degrees Fahrenheit) of warming by 2100, a scary scenario that many scientific studies used in their future projections.

The new proposed worst case scenario has an end-of-the-century warming of about 3.5 degrees Celsius (6.3 degrees Fahrenheit), a full degree (1.8 degrees Fahrenheit) less than the old scenario, while the updated best case future is a couple tenths of a degree Celsius (0.36 degrees Fahrenheit) warmer than previously theorized, squeezing past the Paris goal, said climate scientist Detlef Van Vuuren of Utrecht University, lead author of a recent study laying out future scenarios. “There is kind of a narrowing of the futures. It cannot be as bad as we thought, but it cannot be as good as we hoped,” said Johan Rockström, director of the Potsdam Institute for Climate Impact Research in Germany.

The scenarios include a “middle” one where by the end of the century the world warms 3 degrees Celsius (5.4 degrees Fahrenheit) above pre-industrial times, which is roughly the path society is currently on, scientists said… Because carbon pollution keeps rising globally and stays in the atmosphere for about century, the best case scenario is for warming to shoot past the 1.5 degree mark, peak at 1.7 degrees Celsius (3.1 degrees Fahrenheit) for maybe as long as 70 years, and eventually somehow come back down below 1.5 degrees if a technology can be designed to remove massive amounts of carbon from the air, said nine of the 10 scientists interviewed for this article. The world is warming at a pace of a tenth of a degree Celsius (nearly 0.2 degrees Fahrenheit) every five years, they said.

Working exploits are circulating publicly, and administrators should apply vendor kernel updates without delay. During ongoing research into Linux kernel privilege boundaries, TRU identified a narrow window in which a privileged process that is dropping its credentials remains reachable through ptrace-family operations even though its dumpable flag should have closed that path. By pairing this window with the pidfd_getfd() syscall (added in v5.6-rc1, January 2020), an attacker can capture open file descriptors and authenticated inter-process channels from a dying privileged process and re-use them under their own uid. The primitive is reliable and turns any local shell into a path to root or to sensitive credential material [including host private keys under /etc/ssh ]

CVE-2026-46333 is local-only, but the impact is severe… Any unprivileged shell on a vulnerable host is enough to read /etc/shadow, exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd. In practice, the distinction between an unprivileged foothold and full host compromise collapses: a phished developer account, a constrained CI runner, a low-privilege service account, or a shared multi-tenant host all become direct paths to root. With the vulnerable code shipping in mainline kernels since v4.10-rc1 (November 2016), the historical exposure spans nine years of enterprise fleets, cloud images, and container hosts.

Qualys followed responsible disclosure throughout. Qualys reported the vulnerability privately to the upstream Linux kernel security contact on 2026-05-11. Over the following three days the kernel security team developed and reviewed the fix, CVE-2026-46333 was assigned, and the patch was committed publicly on 2026-05-14. We then engaged the linux-distros mailing list, the standard pre-disclosure channel for downstream coordination. A short time later, an independent exploit derived from the public kernel commit appeared.... Qualys is releasing the complete advisory today because the underlying technique is novel, the public picture is now incomplete and uneven, and independent researchers have already achieved local root and published exploit material. Doing so gives defenders, detection engineers, and downstream maintainers a single authoritative reference for the flaw, the race against do_exit(), the role of pidfd_getfd(), and the four exploitation case studies.

Anthropic CEO Dario Amodei has called for similar public-relief measures, including, potentially, universal basic income, or UBI. Eventually “our current economic setup will no longer make sense,” he wrote in a blog post, adding that “there will be a need for a broader societal conversation about how the economy should be organized.”

Though OpenAI CEO Sam Altman once championed universal basic income, he has since embraced a new structure where the public has “collective ownership” of aspects of AI, according to Business Insider. “I think any version of the future that I can get really excited about means that everybody’s got to participate in the upside,” he said in a recent podcast interview. In April, OpenAI laid out a set of policy proposals aiming to address the coming upheaval, referencing the transition to the industrial age and the New Deal as points of comparison for what’s on the horizon…

But some experts question whether tech billionaires, who spent decades resisting regulation, unions and higher taxes, would support the kind of massive redistribution such programs would require. “The only way to pay for UBI is to massively tax those enormously rich people who own the UBI machines,” said Jesse Rothstein, a professor of public policy and economics at the University of California at Berkeley who served as chief economist at the U.S. Department of Labor. “It’s a nice surprise to hear Elon Musk advocating for that....” Rothstein co-authored a study in 2019 that estimated granting a small income to the entire country would cost a massive amount — nearly double the total spending of Social Security, Medicare and Medicaid. To issue payments of $12,000 a year to U.S. adults, for example, “would require nearly doubling federal tax revenues,” according to the paper…

Economists appear to broadly support other solutions beyond redistribution, such as job retraining. A working paper published this spring by the Federal Reserve Bank of Chicago showed economists support more narrowly tailored solutions to the economic disruption. In late April, Meta appeared to embrace that path, announcing “a multi-year initiative that provides free, rapid training to turn thousands of Americans with no prior experience into high-paid fiber technicians” for projects including data centers.

• Elon Musk said in an X post that “Universal HIGH INCOME via checks issued by the Federal government is the best way to deal with unemployment caused by AI.”

• “I think it’s a marketing tactic” responded Scott Santens, a universal basic income advocate and is CEO of the nonprofit Income to Support All Foundation. He argued to the Washington Post that Musk’s comment is “trying to thread this needle of, ‘I want to solve this stuff that will potentially put a lot of people out of work.’ And how do you avoid people getting really [angry] at that? Okay, well, you’re still going to get money, everything will be great it’s just you won’t have to work anymore....”

• The article also cites a recent commentary from Jay W. Richards, a senior research fellow and VP of social and domestic policy at the Heritage Foundation. “The new AI prophets of doom suffer from a failure of imagination. They simply cannot envision what work the future will bring, so they conclude it will bring none,”

According to the JPL statement, Caltech has been preparing for this possible transition since last summer, so the news “comes as no surprise.” But the potential change is part of a larger shakeup for the agency. Earlier this morning, NASA announced a major reorganization, which is separate from the JPL news. “To support the agency’s ambitious short- and long-term goals, NASA is taking action to increase specialization at centers and integrate mission directorates, elevating delivery of technically excellent work,” the agency said in a statement today.

JPL is NASA’s lead center for the robotic exploration of Mars and other deep-space locales. The agency has worked with JPL through Caltech as a manager for nearly 70 years. Though JPL still counts as one of NASA’s field centers, it’s run as a contracted FFRDC (federally funded research and development center). This status has allowed the lab to function slightly differently than other NASA centers; it has a unique sort of independence, though NASA has always had significant oversight of the lab. “As an FFRDC, JPL operates under a special contractual and governance framework designed to ensure that its work is performed in the public interest and aligned with national priorities,” NASA has stated. “The FFRDC model enables NASA to retain access to this depth of capability while maintaining a clear separation between government decision-making authority and contractor execution responsibilities.”

Opening up the competition for institutions beyond Caltech to operate JPL could mean significant changes for everything from day-to-day mission management to big NASA science programs. Until now, JPL and Caltech have been heavily intertwined, with mission personnel, scientists, leadership, and others working closely “across the pond” between JPL and Caltech. JPL mission and program meetings often include Caltech employees and sometimes even take place on its Pasadena campus.

In one video from the Middle East in 2019, taken “likely from an infrared sensor aboard a US military platform operating within the US Central Command area of responsibility,” according to the Pentagon, three UAP are captured flying in formation over the Persian Gulf. Another formation of four unidentified objects is seen flying past vessels on the water off Iran in a video from 2022.

Footage taken over Syria in 2021 shows a mysterious object racing away at speed akin to instantaneous warp-speed acceleration from science fiction movies. Few of the objects seem to resemble flying saucers, discs or other traditionally perceived forms for UAP, although one October 2022 clip taken at an undisclosed location shows a cigar-shaped entity racing over what appears to be a residential area.

None of the videos are accompanied by explanations, and the Pentagon’s all-domain anomaly resolution office (AARO) has previously stated it has no evidence to suggest any of the thousands of objects seen on video, or described in written testimony, is of extraterrestrial origin. In its May 8 release, a statement from the defense department said the public “can ultimately make up their own minds about the information contained in these files.” Additionally, the information is collated from a diverse range of sources, including government agencies including several military branches, the FBI, the state department and Nasa. “Many of these materials lack a substantiated chain-of-custody,” the Pentagon notes

The towering vehicle, consisting of the upper-stage Starship astronaut vessel stacked atop a Super Heavy booster rocket, blasted off at about 5:30 p.m. CT on Friday (2230 GMT) from SpaceX facilities in Starbase, Texas, on the Gulf of Mexico near Brownsville. A live SpaceX webcast of the liftoff showed the rocketship, more than 40 stories tall, climbing from the launch tower as the Super Heavy’s cluster of Raptor engines thundered to life in a ball of flames and billowing clouds of vapor and exhaust. The test ended about an hour later when the Starship vehicle made it through a blazing re-entry through Earth’s atmosphere and splashed down into the Indian Ocean, nose up as planned, as SpaceX employees who gathered to watch a live webcast of the flight cheered. The lower-stage Super Heavy came down separately in the Gulf of Mexico about six minutes after blast-off.

The launch marked SpaceX’s 12th Starship test flight since 2023 and the first ever for the V3 iteration of both the cruise vessel and its Super Heavy booster, as well as the first blast-off from a new launch pad designed for the more powerful rocket. During its suborbital cruise phase, Starship successfully released its payload of 20 mock Starlink satellites one by one, plus two actual modified satellites that scanned the spacecraft’s heat shield and transmitted data back to operators on the ground during the vehicle’s descent. Starship made it to its cruise phase despite the loss of one of its six upper-stage engines, and mission controllers opted not to attempt an inflight re-ignition of the engines before re-entry. But the vehicle did execute a return-landing burn at the very end of its flight, along with several aerodynamic maneuvers deliberately intended to place the spacecraft under maximum stress, and Starship completed those moves intact for its controlled final descent.

Joe Leon, researcher at Belgian startup Aikido Security, recently analyzed the revocation window — the time between a key’s deletion and its last successful authentication — for the cloud giant’s API keys. In a blog post published today, Leon said Google Cloud Platform (GCP) customers expect API access to end immediately after the key is deleted, but this is not the case. In a series of tests, Leon found that the median revocation window was around 16 minutes, while the longest window was up to 23 minutes, “an incredibly long time” for API keys to continue authenticating successfully, he said.

And these windows have serious repercussions for organizations. “An attacker holding your deleted key can keep sending requests until one reaches a server that has not caught up. If Gemini is enabled on the project, they can dump files you have uploaded and exfiltrate cached conversations,” Leon said. “The GCP console will not show the key, and it will not tell you the key is still working. You are trusting Google’s infrastructure to eventually catch up.”

[…] Leon tells Dark Reading the revocation windows for Google’s API keys, as well as the unpredictable authentication success rates, complicate matters for incident response teams that are dealing with a potential breach. “This breaks the mental model IR teams have when responding to leaked credentials,” he says. “It’s assumed that when you click ‘Delete’ or ‘Revoke’ that the credential no longer works. Now IR teams need to remember that for GCP credentials, a window exists when that ‘Deleted’ credential still works for attackers.”

To that end, Aikido recommended that security teams and IR personnel use a 30-minute window for Google API key deletions. Additionally, organizations should monitor their API requests by credential through the “Enabled APIs and services” portion of the GCP console, and review API requests by credential. “If you see unexpected usage from that credential after deletion, someone could be actively exploiting it,” Leon wrote. Aikido reported the findings to Google, but the company closed the report as “won’t fix,” according to the blog post.

“The total contributions are expected to stabilize the funding at more than $2 billion in support of Canadian and Indigenous content, such as French-language content and news,” the regulator said in a press release. The CRTC made the decisions as part of its implementation of the Online Streaming Act, which the U.S. has identified as a trade irritant ahead of trade negotiations with Canada.

The CRTC also set out rules on how the money must be spent for both streamers and broadcasters, including contributions toward production funds and direct spending on Canadian content. Most of the streamers’ financial contributions can go toward content, though the CRTC is imposing rules on how that money must be spent for the largest streamers. For instance, streamers with Canadian revenues of more than $100 million annually must direct 30 percent of spending toward partnerships with Canadian broadcasters and independent producers. Large Canadian broadcasters will have to direct at least 15 percent of their contributions toward news.

The new financial contribution rules apply to streamers and broadcasters with at least $25 million in annual Canadian broadcasting revenues. The decision covers audiovisual programming, meaning it affects traditional TV broadcasters and online services that stream television content. The regulator also said Thursday online streamers will have to take steps to ensure Canadian and Indigenous content is available and visible to audiences. “This will make it easier for people to find this content on the platforms they use, while giving broadcasters flexibility in how they meet the new expectations,” the CRTC said in the release. Details of those requirements will be determined at a later time.