Open-source software used by more than 23,000 organizations, some of them in large enterprises, was compromised with credential-stealing code after attackers gained unauthorized access to a maintainer account, in the latest open-source supply-chain attack to roil the Internet.
The corrupted package, tj-actions/changed-files, is part of tj-actions, a collection of files that's used by more than 23,000 organizations. Tj-actions is one of many Github Actions, a form of platform for streamlining software available on the open-source developer platform. Actions are a core means of implementing what's known as CI/CD, short for Continuous Integration and Continuous Deployment (or Continuous Delivery).
Scraping server memory at scale
On Friday or earlier, the source code for all versions of tj-actions/changed-files received unauthorized updates that changed the "tags" developers use to reference specific code versions. The tags pointed to a publicly available file that copies the internal memory of severs running it, searches for credentials, and writes them to a log. In the aftermath, many publicly accessible repositories running tj-actions ended up displaying their most sensitive credentials in logs anyone could view.
Netflix and other streaming platforms are stepping up efforts to sign YouTubers, which could mean big streaming deals for sports channel Dude Perfect or former NASA engineer Mark Rober, reports TheWall Street Journal.
The Journal writes that streaming platformsâ creator-signing ambitions have âshifted into overdriveâ in response to the success of MrBeastâs Beast Games. Amazon has made âat least $100 millionâ in profit from the show and is apparently already working out deals for two more seasons. Jimmy Donaldson, aka MrBeast, is apparently asking over $150 million per season to renew.
Rober and Dude Perfect have each been approached by Netflix, writes the Journal. But Netflix âdoesnât usually allow for sales promotions in shows that it pays to makeâ â something that has apparently âbeen a sticking pointâ in its talks with Rober, who sells robotics kit subscriptions through his channel. That sort of thing is more in line with Amazonâs business, making it a âparticularly attractiveâ option for creators like Rober, the article says.
Evan Feinman, who directed the $42.5 billion Broadband Equity, Access, and Deployment (BEAD) Program meant to bring high-speed internet access to rural areas, exited the role on Friday after he was not reappointed for a new term, according to ProPublica’s Craig Silverman. In an email sent to staffers, which Silverman shared screenshots of on Bluesky, Feinman warned against changes proposed by the new administration that could “benefit technology that delivers slower speeds at higher costs to the household paying the bill” in order to line Elon Musk's pockets.
BEAD was established in 2021, and the new Secretary of Commerce Howard Lutnick recently announced that the Commerce Department would be overhauling the program, which he said has “not connected a single person to the internet” due to the previous administration's handling of it. In a statement, Lutnick called for a “tech-neutral stance,” which would do away with the preference for faster fiber connections and open the door for a shift toward satellite internet like that offered by Elon Musk’s Starlink. Lutnick also slammed “woke mandates, favoritism towards certain technologies, and burdensome regulations.”
In the email shared on Sunday, Feinman urged colleagues to speak up in favor of removing “needless requirements,” but warned against a shift away from fiber. The bottom line is, he wrote:
The new administration seems to want to make changes that ignore the clear direction laid out by Congress, reduce the number of American homes and businesses that get fiber connections, and increase the number that get satellite connections. The degree of that shift remains unknown, but regardless of size, it will be a disservice to rural and small-town America. Stranding all or part of rural America with worse internet so that we can make the world’s richest man even richer is yet another in a long line of betrayals by Washington.
This article originally appeared on Engadget at https://www.engadget.com/big-tech/director-of-rural-broadband-program-exits-with-a-warning-about-shift-to-worse-satellite-internet-223204374.html?src=rss
American flag displayed on a laptop screen and Starlink logo displayed on a phone screen are seen in this illustration photo taken in Krakow, Poland on March 11, 2025. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
Smart home company SwitchBot is preparing a new Matter-enabled smart hub called the SwitchBot Hub 3, according to a registration with the Connectivity Standards Alliance (CSA) that HomeKitNews spotted. It has a display like the $70 Hub 2, but adds physical controls — including, delightfully, a knob.
According to the CSA listing, the Hub 3’s knob works for things like tweaking temperature on your smart thermostat or adjusting media volume — it says it’s compatible with “Apple TV, Spotify, and other streaming platforms for unified audio management.” The other physical controls include what looks like a home button, back button, and a mysterious button with an “S” logo on it. It also has four “editable quick-scene buttons on the home page for one-touch activation of customized modes.”
The SwitchBot Hub 3’s display will turn on when it detects motion, including “hand gestures or device movements,” and will show indoor temperature and humidity, third-party weather forecasts, and “real-time status updates for door locks.” It will support SwitchBot’s Bluetooth-connected smart devices, which the Hub 2 bridges to Matter, making them controllable via major smart home platforms from the likes of Apple, Google, Amazon, and Samsung. The listing says the Hub 3 supports voice control through both Alexa and Google Assistant. SwitchBot hasn’t officially announced the new hub, and it’s not clear when it might launch.
After reporting in January that Apple is adding an “Air” option to its iPhone lineup, Bloomberg’s Mark Gurman is offering more details about the upcoming slimmer iPhone. The iPhone 17 Air will launch this fall, Gurman says — and like the MacBook Air, it will be thinner than standard models, while combining high-end and low-end […]
Meta won a legal victory this week against Sarah Wynn-Williams, a former employee who recently published a memoir of her time at the company titled “Careless People: A Cautionary Tale of Power, Greed, and Lost Idealism.” An arbitrator ruled that the company has made a valid argument that Wynn-Williams, who worked at Facebook (now Meta) […]
If ever a game presents me with an opportunity to perform completely absurd aerial tricks, you best believe I will be flipping as much as possible. InJump Truck, a 3D solo racing game for Playdate by Tabortop Games, flips can work either to your benefit or detriment as you try to score the fastest finish time for each of a series of race tracks. Throwing in some flips may help to shave several seconds off your final time, but it could also send your truck hurtling into the abyss. It’s a delicate balance that I’ve been having a real hoot pushing to its limit.
Jump Truck features seven levels made up of straightaways, tight turns, long winding roads, ramps and short platforms with abrupt dropoffs to navigate at high speeds on your way to the floating vortex that serves as the finish line. You need to find the shortcuts to get the gold, and successfully making use of those often requires clearing huge gaps. That’s where flipping really comes in handy. Frontflips will give you more speed and help you cross greater distances in the air, while backflips will slow you down so you don’t overshoot your landing. You can flip using either the D-pad or the crank, but the latter can be pretty hard to coordinate if you want to seamlessly resume driving and steering.
There are a bunch of silly achievements to unlock as you progress (or die over and over), like the “Soar Like an Eagle” award for spending a quarter of your time flying through the air on any given level. Jump Truck seems like it’d be the type of game that only holds your attention for a little while at a time, but I keep getting sucked into it for much longer than I expect to, thanks to the challenge of trying to hit certain shortcuts. It’s unexpectedly addicting.
This article originally appeared on Engadget at https://www.engadget.com/gaming/the-playdate-game-jump-truck-is-a-flippin-good-time-203140598.html?src=rss
A still from the Playdate game Jump Truck showing a pickup truck on a winding race track with speed lines all around it, and the moon in the distance ahead
Users on social media have discovered a controversial use case for Google’s new Gemini AI model: removing watermarks from images, including from images published by Getty Images and other well-known stock media outfits. Last week, Google expanded access to its Gemini 2.0 Flash model’s image generation feature, which lets the model natively generate and edit […]
On Friday, we learned that Gemini is replacing Google Assistant on Android phones. At the same time, Google quietly announced that Assistant is losing 7 more features.
Google has released the first Android Auto 14.0 update through its beta program and while there are no major user-facing changes, code behind the scenes continues work on temperature controls.
Evan Feinman is out as the director of the $42.5 billion Broadband Equity, Access, and Deployment (BEAD) program, reports ProPublica’s Craig Silverman in a Bluesky post today. BEAD aims to bring high-bandwidth internet to underserved areas of America, much of which is rural. Silverman shared screenshots from a department-wide email Feinman sent on Friday, in which he warned there would be “deeply negative outcomes” if the program shifts from fiber build-outs to using satellite-based internet like that which Elon Musk’s Starlink offers. “Feinman’s term ended and he was not reappointed,” Silverman writes.
This month, Commerce Department Secretary Howard Lutnick announced a “rigorous review” of the program, which he said “has not connected a single person to the internet,” something he blamed on “woke mandates, favoritism towards certain technologies, and burdensome regulations.”
BEAD was introduced as part of the $1 trillion Biden-era infrastructure spending bill. The program offers $42.5 billion in grants to states to use toward building out internet infrastructure that would provide at least a 100Mbps down and 20Mbps up connection to underserved parts of the country. The program prioritizes fiber-based internet, but allows for other kinds where fiber isn’t proven to be tenable.
Getting from the start of the program to actual network buildouts has been a long, multi-step process that started with the FCC making a map of US broadband access and moves through state proposals, challenges to the FCC’s map, and selection of ISPs that will be paid to build new service. According to the government BEAD progress-tracking site, three states — Delaware, Louisiana, and Nevada — had made it to the last step of issuing a final proposal for public comment before the site stopped being updated regularly.
Lutnick’s announcement mirrors much of Republicans’ ongoing backlash to the program, some of whom say that Biden had blocked Starlink from being part of it for political reasons, as The New YorkTimes wrote on March 5th. The Times notes FCC denials, most recently in 2023, that kept Musk’s company from getting $886 million in Universal Service Fund subsidies for a separate rural broadband program. The FCC said said the company couldn’t “demonstrate that it could deliver the promised service.”
The rules that Lutnick may propose could benefit Musk’s company, which was “expected to get up to $4.1 billion” under the BEAD program’s initial rules, according to TheWall Street Journal in March. The outlet said Starlink could get as much as $20 billion under Lutnick’s overhaul of the program.
In his outgoing staff email, Feinman wrote that the overhaul could strand “all or part of rural America with worse internet so that we can make the world’s richest man even richer,” adding that it would be “yet another in a long line of betrayals by Washington.”
In the quotes from the email below, Feinman writes what he says will “definitely happen” next.
1. Removing the “woke” requirements from the program. This will include all provisions related to labor and wage, climate resiliency, middle class affordability, etc. I do not regard the inclusion or removal of these provisions as significant; they were inserted by the prior administration for messaging/political purposes, and were never central to the mission of the program, nor were they significant in the actual conduct of the program.
2. A “pause” that isn’t a pause. The administration wants to make changes, but doesn’t want to be seen slowing things down. They can’t have both. States will have to be advised that they should either slow down or stop doing subgrantee selection.
3. Some kind of limit on spending, per location. This could be fine. There weren’t any cases of a state planning to spend hundreds of thousands to connect one location anyway. However, if it’s heavy handed or imposed in a manner that ignores the needs of rural communities, it could be very bad – more on that below.
4. Changes to the treatment of fiber and satellite. Generally, even though the law pretty clearly requires that fiber builds be the program’s “priority projects,” the administration wants to increase the usage of low-earth satellites and diminish the usage of fiber.
5. The NTIA team will try to persuade the administration to embrace the best version of their chosen direction, and the BEAD team – especially the program officers out in the states – will do everything they can to support the states in conducting the program and dealing with changes.
He goes on to list what he considers are likely impacts of the changes.
1. Delays in getting broadband to the people. Some states are on the 1 yard line. A bunch are on the 5 yard line. More will be getting there every week. These more-sweeping changes will only cause delays. The administration could fix the problems with the program via waiver and avoid slowdowns. Shovels could already be in the ground in three states, and they could be in the ground in half the country by the summer without the proposed changes to project selection.
2. More people will get Starlink/Kuiper, and fewer people will get fiber connection. This could be dramatic, or it could be measured, depending on where the admin sets the threshold limit, and whether states are permitted to award projects above the new threshold on the basis of value per dollar, or if they’re forced to take the cheapest proposal, even if it provides poorer service.
3. The 3 states with approved Final Proposals remain in limbo. They are currently held in NIST review regarding their proposed FPFRs (the budgets accompanying their approved final proposals).
This makes no sense – these states are ready to go, and they got the job done on time, on budget, and have plans that achieve universal coverage. If the administration cares about getting shovels in the ground, states with approved Final Proposals should move forward, ASAP.
4. West Virginia (and soon additional states) who have completed their work, but don’t have approved Final Proposals also remain in limbo. They have a final proposal ready to go that gets exceptional service to all West Virginia homes and businesses. Like the three states with approved Final Proposals, only the current administration stands between them and getting shovels in the ground. If the administration cares about getting things done, they should allow any state that comes forward with a Final Proposal under the old rules in the next couple of months move forward with that plan.
5. No decision has been made about how much of the existing progress the 30 states who are already performing subgrantee selection should be allowed to keep. The administration simply cannot say whether the time, taxpayer funds, and private capital that were spent on those processes will be wasted and how much states will have to re-do.
6. The wireless industry will be, effectively, shut out of the BEAD program. There will be few, if any, locations that are above any new cost limit that will be able to be more cheaply served by fixed wireless than low earth satellites.
You can read the remainder of the email in Silverman’s screenshots below.
Here's the full email. Feinman's term ended and he was not reappointed. The Commerce Dept. is still weighing how it will change BEAD, but its stated preference for a low-cost, "tech neutral" use of funds could mean billions more for satellite operators like Starlink.
