An anonymous reader quotes a report from Ars Technica: In April, GitHub announced that it was moving subscribers from request-based billing to a usage-based model for its AI-powered Copilot service. As that new pricing model goes into effect today, many GitHub Copilot users are reporting some extreme sticker shock as they realize just how quickly their previous "normal" usage is burning through their newly limited monthly allotment of AI credits. Across social media and forums, many Copilot users are sharing personal statistics showing how just a few hours of AI usage can now account for a large chunk of their new monthly subscription caps. For some users, it reportedly took less than a day to use up a month's usage quota. That's a big change from previous months, when GitHub Copilot subscribers were allocated a certain number of "requests" and "premium requests" based on their payment tier. GitHub said that the old system meant that "a quick chat question and a multi-hour autonomous coding session [could] cost the user the same amount," forcing Copilot itself to "absorb much of the escalating inference cost behind that usage." [...] Indeed, some Copilot users have been sharing estimates from GitHub's own tool showing that their previous monthly usage would rack up bills in the thousands of dollars under the new pricing plan. Under GitHub's new usage-based pricing system, paid Copilot subscriptions instead grant users a certain number of AI "credits" each month, with one credit corresponding to $0.01 of usage. Subscribers also get bonus credits depending on their subscription level: the $10/month Pro plan includes 1,500 credits ($15 worth); the $39 Pro+ plan includes 7,000 credits ($70 worth); and the $100/month Copilot Max plan includes 20,000 credits ($200 worth). The precise number of Copilot credits used by a given prompt is determined by the number of input and output tokens used and the rates charged by the underlying large language model. That means pricing is highly dependent not just on the type of request but on the specific model that a user chooses. One million output tokens from OpenAI's GPT-5.4 nano would run just $1.25 on GitHub Copilot, but that same level of output would run $30 on the frontier GPT-5.5 model (Copilot users who rely on "Auto" mode to pick the most appropriate available model for any request should be extremely careful, as some users report it can switch to expensive models for extremely simple queries).

Read more of this story at Slashdot.

Longtime Slashdot reader Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkmarx, Trivy, SAP, TanStack, and Bitwarden. The group appears to be attempting to sell the stolen code on cybercrime forums. "Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately," the company said. "Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker's current claims of ~3,800 repositories are directionally consistent with our investigation so far." Although the investigation remains ongoing, GitHub says it has "no evidence of impact to customer information stored outside of GitHub's internal repositories." The company has also not said whether it's in contact with the hackers or if it's received a ransom demand.

Read more of this story at Slashdot.

Japan's worsening bear problem has created a shortage of handmade "Monster Wolf" robots, which are $4,000 solar-powered scarecrow-like devices with glowing eyes, sensors, and blaring sounds designed to frighten the animals away. "We make them by hand. We cannot make them fast enough now. We are asking our customers to wait two to three months," company president Yuji Ohta recently told the AFP. Popular Science reports: First released in 2016 by the manufacturer Ohta, Monster Wolf was originally designed to ward off the agricultural foes like boars, deer, and the island nation's Asian black bear (Ursus thibetanus) and brown bear (Ursus arctos) populations. The creative solution quickly went viral for its red LED eyes and menacing fangs -- as well as its admittedly odd, furry pipe frame. Starting at around $4,000, each bespoke Monster Wolf is now equipped with battery power, solar panels, and detection sensors. Its speakers are programmed with over 50 audio clips including human voices and sirens audible over half a mile away. These aren't assembly line products, however. Each Monster Wolf is custom made, and Ohta simply can't keep up with the current demand. [...] Ohta told the AFP that amid the ongoing crisis, there has been "growing recognition" that Monster Wolf is "effective in dealing with bears." The main customer base remains farmers, but orders are also coming from golf courses and rural workers. Upgraded versions will soon include wheels to actually chase animals and patrol preset routes. There are also plans to release a handheld version for outdoor enthusiasts and schoolchildren. Until Ohta catches up with its orders, residents and visitors are encouraged to review the Japanese government's own bear safety tips.

Read more of this story at Slashdot.

Bitwarden appears to be undergoing a quiet shift in leadership and messaging. Its longtime CEO and CFO have stepped down, while the company has removed "Always free" from a prominent password-manager page and replaced "Inclusion" and "Transparency" in its GRIT values with "Innovation" and "Trust." Fast Company reports: In February, longtime CEO Michael Crandell moved to an advisory role, according to LinkedIn, with no announcement from the company. His replacement, Michael Sullivan, former CEO of both Acquia and Insightsoftware, touts his experience with "all facets of mergers and acquisitions" on his own LinkedIn page, including experience working with leading private equity firms. CFO Stephen Morrison also left Bitwarden in April, replaced by former InVision CEO Michael Shenkman. Both Crandell and Morrison joined the company in 2019. Kyle Spearrin, who started Bitwarden as a fun hobby project in 2015, remains the company's CTO. Meanwhile, Bitwarden has made some subtle tweaks to its website. The page for its personal password manager no longer includes the phrase "Always free." Previously this appeared under the "Pick a plan" section partway down the page, but that section no longer mentions the free plan, though it remains available elsewhere on the page. Bitwarden made this change in mid-April, according to the Internet Archive. Bitwarden has also stopped listing "Inclusion" and "Transparency" as tentpole values on its careers page. The company has long defined its values with the acronym "GRIT," which used to stand for "Gratitude, Responsibility, Inclusion, and Transparency." After May 4, it changed the acronym to stand for "Gratitude, Responsibility, Innovation, and Trust." The phrase "inclusive environment" still appears under a description of Gratitude, while "transparency" is mentioned under the Trust heading. They're just no longer the focus.

Read more of this story at Slashdot.

Ancient Slashdot reader ewhac writes: CERN, a longtime Open Source pioneer, has made several contributions over the years to KiCad ("KEE-kad"), an Open Source EDA (Electronic Design Automation) package widely used in the hobbyist and professional electronics communities. It's gotten so widely used that users can now submit their KiCad design files directly to several electronics fabricators (rather than the traditional step of converting the layouts to Gerber files). Over the years, CERN has also developed their own symbol and footprint libraries to support their own internal electronic designs. Last week, CERN released those KiCad component libraries, containing over 17,000 symbols, under the CERN Open Hardware License.

Read more of this story at Slashdot.

Atmospheric carbon dioxide hit a new record in April, averaging about 431 parts per million at NOAA's Mauna Loa Observatory. That's up from under 320 ppm when the site began measurements in 1958. Scientific American reports: Greenhouse gases, such as carbon dioxide, are measured as a proportion of the total atmosphere. The numbers are presented as the number of molecules of a particular gas out of a million total molecules, or ppm. Climate scientist Zachary Labe of Climate Central, a nonprofit that researches climate change, says the new record is "depressing" but not unexpected. "It's just another sign that carbon dioxide continues to increase in our atmosphere as our planet continues to warm," he says. "For many climate scientists, this is just 'here it is again, another record in the wrong direction.'" Labe explains that the amount of CO2 in the atmosphere tends to peak in April each year as decaying plants release greenhouse gases after winter. Some of that CO2 gets reabsorbed by plants as they grow during the warmer months. But NOAA's data show a worrying trend, with the average monthly amount of CO2 steadily increasing. [...] Although the amount of CO2 in the atmosphere has continued to rise, there was a reduction in U.S. emissions in 2023 and 2024. That trend, however, was reversed in 2025, at least partially because of the increased electricity demand from artificial intelligence data centers. Still, Labe says there are reasons for optimism as the use of renewable energy sources such as solar and wind expands.

Read more of this story at Slashdot.

Cloudflare is accelerating its post-quantum security plans and now aims to make its entire platform fully post-quantum secure by 2029. "The updated timeline follows new developments in quantum computing research that suggest current cryptographic standards could be broken sooner than previously expected," reports SiliconANGLE. From the report: The decision by Cloudflare to move its post-quantum security roadmap forward comes after Google LLC and research from Oratomic demonstrated significant advances in algorithms and hardware capable of breaking widely used encryption methods such as RSA-2048 and elliptic curve cryptography. [...] The company said progress across three key areas -- quantum hardware, error correction and quantum algorithms -- is advancing in parallel and compounding overall capability. Improvements in areas such as neutral atom architectures and more efficient error correction are reducing the resources required to break encryption, while algorithmic advances are lowering computational complexity. [...] Cloudflare has already deployed post-quantum encryption across a large portion of its network and reports that more than half of human traffic it processes now uses post-quantum key agreement. The company plans to expand support for post-quantum authentication in 2026, followed by broader deployment across its network and products through 2028. By 2029, Cloudflare said, it expects all of its services to be fully post-quantum secure, with those services being available by default across its platform, without requiring customer action or additional cost as part of the company's commitment to security upgrades. Google said it plans to accelerate its post-quantum encryption migration target to 2029.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: AOMedia Video 1 (AV1) was invented by a group of technology companies to be an open, royalty-free alternative to other video codecs, like HEVC/H.265. But a lawsuit that Dolby Laboratories Inc. filed this week against Snap Inc. calls all that into question with claims of patent infringement. Numerous lawsuits are currently open in the US regarding the use of HEVC. Relevant patent holders, such as Nokia and InterDigital, have sued numerous hardware vendors and streaming service providers in pursuit of licensing fees for the use of patented technologies deemed essential to HEVC. It's a touch rarer to see a lawsuit filed over the implementation of AV1. The Alliance for Open Media (AOMedia), whose members include Amazon, Apple, Google, Microsoft, Mozilla, and Netflix, says it developed AV1 "under a royalty-free patent policy (Alliance for Open Media Patent License 1.0)" and that the standard is "supported by high-quality reference implementations under a simple, permissive license (BSD 3-Clause Clear License)." Yet, Dolby's lawsuit filed in the US District Court for the District of Delaware [PDF] alleges that AV1 leverages technologies that Dolby has patented and has not agreed to license for free and without receiving royalties. The filing reads: "[AOMedia] does not own all patents practiced by implementations of the AV1 codec. Rather, the AV1 specification was developed after many foundational video coding patents had already been filed, and AV1 incorporates technologies that are also present in HEVC. Those technologies are subject to existing third-party patent rights and associated licensing obligations." Dolby is seeking a jury trial, a declaration that Dolby isn't obligated to license the patents in questions under FRAND (fair, reasonable, and non-discriminatory) licensing obligations, and for the court to enjoin Snap from further "infringement."

Read more of this story at Slashdot.

CERN has confirmed it will host an expanded version of Open Research Europe, the EU-backed fee-free open access publishing platform that works to "keep knowledge in public hands." Research Professional News reports: A little over a year ago, 10 European research organizations announced that they would add their support to Open Research Europe, to broaden eligibility beyond only those researchers funded by the EU research program. Earlier this year, RPN reported that this group had expanded further and that Cern was set to host the broadened version of ORE, currently provided by the publisher F1000. On March 26, Cern itself finally announced the news, saying it will "provide the technical and operational infrastructure" for the broader version. It said this will build on its "longstanding experience in developing and maintaining open science infrastructures and community-governed services." [...] In its own announcement, the Commission said ORE will have a budget of 17 million euros for 2026-31, with the EU providing 10 million euros. Since it launched five years ago, ORE has published more than 1,200 articles. Cern said the platform is "expected to support a growing number of research outputs each year." Last month, experts told RPN they thought uptake of the increased eligibility will depend on how the newly participating national organizations engage with their communities. Eleven members of Science Europe, a group of major research funding and performing organizations, are part of the expansion.

Read more of this story at Slashdot.

Waymo has launched its paid robotaxi service in Miami, marking its sixth U.S. market and the company's first expansion of 2026. CNBC reports: As U.S. competition has lagged, Waymo's planned 2026 expansions could lock in rider demand and loyalty in the U.S. To start, Waymo will offer its services within a 60-square-mile area that includes Miami's Design District, Wynwood, Brickell and Coral Gables neighborhoods, the Google sister company said. The company began testing its vehicles in the Florida city in early 2025. Waymo said it plans to extend its service to the Miami International Airport in the near future, but did not give a specific timeline. The company said "nearly 10,000 residents" of Miami have already signed up to try its robotaxi service, and Waymo will be "inviting new riders on a rolling basis." Riders can hail a Waymo robotaxi in Miami using the company's app. Waymo is partnering with mobility company Moove for fleet management services including vehicle charging, cleaning and repairs.

Read more of this story at Slashdot.

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff. Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...] The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

Read more of this story at Slashdot.

The PDF Association is adding JPEG XL (JXL) support to the PDF specification, giving the advanced image format a new path to relevance despite Google's decision to declare it obsolete and remove it from Chromium. The Register reports: Peter Wyatt, CTO of the PDF Association, said: "We need to adopt a new image [format] that can support HDR [High Dynamic Range] content ... we have picked JPEG XL as our preferred solution." Wyatt also praised other benefits of JXL including wide gamut images, ultra-high resolution support for images with more than 1 billion pixels, and up to 4099 channels with up to 32 bits per channel. The association is responsible for developing PDF specifications and standards and manages the ISO committee for PDF. JPEG XL is an advanced image format that was designed to be both more efficient and richer in features than JPEG. It was based on a combination of the Free Lossless Image Format (FLIF) from Cloudinary and a Google project called PIK, first released in late 2020, and fully standardized in October 2021 as ISO/IEC 18181. There is a reference implementation called libjxl. A second edition of the ISO standard was published in 2024. JXL appeared to have wide industry support, including experimental implementation in Chrome and Chromium, until it was killed by Google in October 2022 and removed from its web browser engine. The company stated that "there is not enough interest from the entire ecosystem to continue experimenting with JPEG XL." Many in the community disagreed with the decision, including FLIF inventor Jon Sneyers, who perceived it as the outcome of an internal battle between proponents of JXL and a rival format, AVIF. "AVIF proponents within Chrome are essentially being prosecutor, judge and executioner at the same time," he said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: In a submission for the 2026 National Trade Estimate Report (PDF), Cloudflare warns the U.S. government that site blocking efforts cause widespread disruption to legitimate services. The complaint points to Italy's automated Piracy Shield system, which reportedly blocked "tens of thousands" of legitimate sites. Meanwhile, overbroad IP address blocks in Spain and new automated blocking proposals in France are serious concerns that harm U.S. business interests, Cloudflare reports. [...] Cloudflare urges the USTR to take these concerns into account for its upcoming National Trade Estimate Report. Ideally, it wants these trade barriers to be dismantled. These calls run counter to requests from rightsholders, who urge the USTR to ensure that more foreign countries implement blocking measures. With potential site-blocking legislation being considered in U.S. Congress, that may impact local lobbying efforts as well. If and how the USTR will address these concerns will become clearer early next year, when the 2026 National Trade Estimate Report is expected to be published.

Read more of this story at Slashdot.

alternative_right shares a report from the Internet Archive: This October, the Internet Archive's Wayback Machine is projected to hit a once-in-a-generation milestone: 1 trillion web pages archived. That's one trillion memories, moments, and movements -- preserved for the public and available to access via the Wayback Machine. We'll be commemorating this historic achievement on October 22, 2025, with a global event: a party at our San Francisco headquarters and a livestream for friends and supporters around the world. More than a celebration, it's a tribute to what we've built together: a free and open digital library of the web.

Read more of this story at Slashdot.

The Japanese city of Toyoake has passed (PDF) a symbolic ordinance limiting recreational smartphone use to two hours a day, aiming to improve citizens' sleep -- especially for students after summer vacation. The Register reports: "The primary purpose of this ordinance is to ensure that all citizens receive adequate sleep," states a Council information page, which explains that many Japanese people ignore Ministry of Health, Labor and Welfare recommendations to spend six to eight hours a day dozing. An accompanying FAQ [PDF] explains that Council passed the ordinance because students who return to school after summer vacations sometimes need a nudge the re-establish an appropriate daily regime. The ordinance also points out "Excessive phone users and their families are facing difficulties in their daily and social lives," and suggests the two-hours-a-day guidance might help. Council's documents point out that smartphones have myriad uses beyond recreation, and that the ordinance should not be taken as a suggestion to reduce overall use of the devices. Toyoake is part of the Nagoya megalopolis and is home to around 70,000 people. The town's government plans to survey residents about the ordinance, and the FAQ also mentions it wants to tackle other digital menaces, among them harmful effects of using smartphones while walking.

Read more of this story at Slashdot.

The Internet Archive has reached a confidential settlement with Universal Music Group and other major labels, "ending a closely watched copyright battle over the nonprofit's effort to digitize and stream historic recordings," reports the San Francisco Chronicle. From the report: The case (PDF), UMG Recordings, Inc. v. Internet Archive, targeted the Archive's Great 78 Project, an initiative to digitize more than 400,000 fragile shellac records from the early 20th century. The collection includes music by artists such as Frank Sinatra, Ella Fitzgerald and Billie Holiday, and has been made available online for free public access. Record labels including Universal, Sony Music Entertainment and Capitol Records had sought $621 million in damages, arguing the Archive's streaming of these recordings constituted copyright infringement. The Internet Archive, based in San Francisco's Richmond District, describes itself as a digital library dedicated to providing "universal access to all knowledge." Its director of library services, Chris Freeland, acknowledged the settlement in a brief statement. "The parties have reached a confidential resolution of all claims and will have no further public comment on this matter," he wrote.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: Over the Labor Day weekend, Cloudflare says it successfully stopped a record-breaking distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). This came only a few months after Cloudflare blocked a then all-time high DDoS attack of 7.3 Tbps. This latest attack was almost 60% larger. According to Cloudflare, the assault was the result of a hyper-volumetric User Datagram Protocol (UDP) flood attack that lasted about 35 seconds. During that just more than half-minute attack, it delivered over 5.1 billion packets per second. This attack, Cloudflare reported, came from a combination of several IoT and cloud providers. Although compromised accounts on Google Cloud were a major source, the bulk of the attack originated from other sources. The specific target of this attack has not been publicly disclosed, but we can be sure the intent was to overwhelm the victim's network and render online services inoperative. Cloudflare says its globally distributed, fully autonomous DDoS mitigation network detected and neutralized the threat in real time, without notable impact on customer services or requiring manual intervention. This operation highlights both the rising sophistication of attack methods and the resilience of modern internet infrastructure defenses, especially Cloudflare's use of real-time packet analysis, fingerprinting, and rapid threat intelligence sharing across its network.

Read more of this story at Slashdot.

A team of Japanese researchers has set a new world record for internet speed, transmitting data at 125,000 gigabytes per second over 1,120 miles using a new type of 19-core optical fiber. "That's about 4 million times the average internet speed in the U.S. and would allow you to download the entire Internet Archive in less than four minutes," notes Live Science. It's also "more than twice the previous world record of 50,250 Gbps, previously set by a different team of scientists in 2024." From the report: To achieve this new speed -- which has not been independently verified -- the team developed a new form of optical fiber to send information at groundbreaking speeds over roughly the distance between New York and Florida. Details about this achievement were presented April 3 at the 48th Optical Fiber Communication Conference in San Francisco, according to a statement from Japan's National Institute of Information and Communications Technology. The new type of optical fiber is equivalent to 19 standard optical fibers in its data transmission capacity. The new optical fiber is better suited to long-haul transmission than existing cables because the centers of all 19 fibers interact with light in the same way, so they encounter less light fluctuation, which results in less data loss. The new cable squeezes 19 separate fibers into a diameter of five-thousandths of an inch (0.127 millimeters), which is the same thickness as most existing single-fiber cables already in use. This effort means the new cable can transmit more data using existing infrastructure. [...] For this demonstration, the data ran through a transmission system 21 times, finally reaching a data receiver after traveling the equivalent of 1,120 miles.

Read more of this story at Slashdot.

FFmpeg has added support for WHIP (WebRTC-HTTP Ingestion Protocol), enabling sub-second latency live streaming by leveraging WebRTC's fast, secure video delivery capabilities. It's a major update that introduces a new WHIP muxer to make FFmpeg more powerful for real-time broadcasting applications. Phoronix's Michael Larabel reports: WHIP uses HTTP for exchanging initial information and capabilities and then uses STUN binding to establish a UDP session. Encryption is supported -- and due to WebRTC, mandatory -- with WHIP and audio/video frames are split into RTP packets. WebRTC-HTTP Ingestion Protocol is an IETF standard for ushering low-latency communication over WebRTC to help with streaming/broadcasting uses. With this FFmpeg commit introducing nearly three thousand lines of new code, an initial WHIP muxer has been introduced. You can learn more about WebRTC WHIP in this presentation by Millicast (PDF).

Read more of this story at Slashdot.

The Internet Archive has begun livestreaming its microfiche digitization center on YouTube, showcasing the real-time preservation of fragile film cards into searchable public documents. The work is part of Democracy's Library, a global initiative to digitize and share millions of government records. 9to5Mac reports: The livestream was brought to life by Sophia Tung, who previously gained attention for her viral robotaxi depot stream. Her new video explains how and why this new livestream project came together [...]. The livestream features five scanning stations at work, with one shown in close-up as operators digitize microfiche cards in real time. Each card holds up to 100 pages of public records. High-resolution cameras capture the images, software stitches and crops the pages, and the results are made text-searchable and freely accessible through Democracy's Library. Live scanning takes place Monday through Friday, 7:30 a.m. to 3:30 p.m. PT, excluding U.S. holidays, with a second shift expected to begin soon.

Read more of this story at Slashdot.