The Solana JavaScript SDK "was temporarily compromised yesterday in a supply chain attack," reports BleepingComputer, "with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets." Solana offers an SDK called "@solana/web3.js" used by decentralized applications (dApps) to connect and interact with the Solana blockchain. Supply chain security firm Socket reports that Solana's Web3.js library was hijacked to push out two malicious versions to steal private and secret cryptography keys to secure wallets and sign transactions... Solana confirmed the breach, stating that one of their publish-access accounts was compromised, allowing the attackers to publish two malicious versions of the library... Solana is warning developers who suspect they were compromised to immediately upgrade to the latest v1.95.8 release and to rotate any keys, including multisigs, program authorities, and server keypairs...

Once the threat actors gain access to these keys, they can load them into their own wallets and remotely drain all stored cryptocurrency and NFTs... Socket says the attack has been traced to the FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx Solana address, which currently contains 674.86 Solana and varying amounts of the Irish Pepe , Star Atlas, Jupiter, USD Coin, Santa Hat, Pepe on Fire, Bonk, catwifhat, and Genopets Ki tokens. Solscan shows that the estimated value of the stolen cryptocurrency is $184,000 at the time of this writing.

For anyone whose wallets were compromised in this supply chain attack, you should immediately transfer any remaining funds to a new wallet and discontinue the use of the old one as the private keys are now compromised.
Ars Technica adds that "In social media posts, one person claimed to have lost $20,000 in the hack."

The compromised library "receives more than ~350,000 weekly downloads on npm," Socket posted. (Although Solana's statement says the compromised versions "were caught within hours and have since been unpublished."

11 years ago his hard drive ended up in a U.K. landfill — with 8,000 bitcoin. It's now worth $800 million... and James Howell wants it back.

The Guardian reports that his "bid to become extremely rich reached a judge on Tuesday with a team of lawyers arguing that it was still possible to launch a hunt for his missing hard drive containing the bitcoin." They claimed that rather than searching for a "needle in a haystack", the position of the bitcoin hoard had been narrowed down to a small area and there was a "finely tuned" plan to retrieve it... [Howells] has been asking Newport city council for help in getting the hard drive back, and even said he would share the money with the authority, to no avail... James Goudie KC, representing the council, said Howells had no legal claim to the hard drive. He said: "Anything that goes into the landfill goes into the council's ownership."

Goudie said Howells' offer to share some of the bitcoin with Newport council amounted to a bribe. He said: "He is trying to buy something the council is not in a position to sell...." Before the hearing, a spokesperson for Newport council said: "The council has told Mr Howells multiple times that excavation is not possible under our environmental permit and that work of that nature would have a huge negative environmental impact on the surrounding area. "Responding to Mr Howells' baseless claims are costing the council and Newport taxpayers time and money which could be better spent on delivering services."
Howells was 28 when he lost the hard drive, and has said he may as well keep trying to recover it — because he'll always know that it's out there. Howells' legal teams are "working pro bono," the article notes, "on the basis that they get a share of the bitcoin profits if successful..." And TechSpot points out that "There's also the question of whether the data on the drive would still be accessible after more than a decade of sitting under a pile of rotting garbage.

"Howells has a team of data recovery engineers who are also working pro bono..."

Thanks to Slashdot reader jjslash for sharing the news.

An anonymous reader shared this report from Reuters: Elon Musk's artificial intelligence startup xAI plans to expand its Memphis, Tennessee, supercomputer to house at least one million graphics processing units (GPUs), the Greater Memphis Chamber said on Wednesday, as xAI races to compete against rivals like OpenAI.

The move represents a massive expansion for the supercomputer called Colossus, which currently has 100,000 GPUs to train xAI's chatbot called Grok. As part of the expansion, Nvidia, which supplies the GPUs, and Dell and Super Micro, which have assembled the server racks for the computer, will establish operations in Memphis, the chamber said in a statement.
The Greater Memphis chamber (an economic development organization) called it "the largest capital investment in the region's history," even saying that xAI "is setting the stage for Memphis to become the global epicenter of artificial intelligence." ("To facilitate this massive undertaking, the Greater Memphis Chamber established an xAI Special Operations Team... This team provides round-the-clock concierge service to the company.")

Reuters calls the supercomputer "a critical component of advancing Musk's AI efforts, as the billionaire has deepened his rivalry against OpenAI..." And the Greater Memphis chamber describes the expansion by Nvidia/Dell/Super Micro as "further solidifying the city's position as the 'Digital Delta'... Memphis has provided the power and velocity necessary for not just xAI to grow and thrive, but making way for other companies as well."

Nature: Millions of research articles are absent from major digital archives. This worrying finding, which Nature reported on earlier this year, was laid bare in a study by Martin Eve, who studies technology and publishing at Birkbeck, University of London. Eve sampled more than seven million articles with unique digital object identifiers (DOIs), a string of characters used to identify and link to specific publications, such as scholarly articles and official reports. Of these, he found that more than two million were 'missing' from archives -- that is, they were not preserved in major archives that ensure literature can be found in the future.

Eve, who is also a research developer at Crossref, an organization that registers DOIs, carried out the study in an effort to better understand a problem librarians and archivists already knew about -- that although researchers are generating knowledge at an unprecedented rate, it is not necessarily being stored safely for the future. One contributing factor is that not all journals or scholarly societies survive in perpetuity. For example, a 2021 study found that a lack of comprehensive and open archiving meant that 174 open-access journals, covering all major research topics and geographical regions, vanished from the web in the first two decades of this millennium.

A lack of long-term archiving particularly affects institutions in low- and middle-income countries, less-affluent institutions in rich countries and smaller, under-resourced journals worldwide. Yet it's not clear whether researchers, institutions and governments have fully taken the problem on board. [...] At the heart of the problem is a lack of money, infrastructure and expertise to archive digital resources. [...] For institutions that can afford it, one solution is to pay a preservation archive to safeguard content. Examples include Portico, based in New York City, and CLOCKSS, based in Stanford, California, both of which count a raft of publishers and libraries as customers.

More Americans are looking to switch jobs than at any point in the past decade. In a cooling job market, that's a lot easier said than done. From a report: White-collar hiring continues to slow, but workers' restlessness to find new work is intensifying, new Gallup data show. More than half of 20,000 U.S. workers surveyed in November said they were watching for or actively seeking a new job. That's the largest share since 2015, eclipsing the so-called Great Resignation of 2021 and 2022, when millions of people quit jobs for better ones.

The result? Job satisfaction has fallen to its lowest level in recent years as employees feel more stuck -- and frustrated -- where they are, according to Gallup, whose quarterly surveys are widely viewed as a bellwether of workplace sentiment. Smaller raises and fewer promotions are spurring some of the discontent, workers say. So are cost-cutting moves and stepped-up requirements to be working in offices more often.

To help replace power plants, Japan's northernmost island, Hokkaido, "is turning to a new generation of batteries designed to stockpile massive amounts of energy," reports the Washington Post.

"The Hokkaido Electric Power Network (HEPCO Network) is deploying flow batteries, an emerging kind of battery that stores energy in hulking tanks of metallic liquid." [F]low batteries are making their debut in big real-world projects. Sumitomo Electric, the company that built the Hokkaido plant, has also built flow batteries in Taiwan, Belgium, Australia, Morocco and California. Hokkaido's flow battery farm was the biggest in the world when it opened in April 2022 — a record that lasted just a month before China built one that is eight times bigger and can deliver as much energy as an average U.S. natural gas plant. "It looks like flow batteries are finally about to take off with interest from China," said Michael Taylor, an energy analyst at the International Renewable Energy Agency, an international group that studies and promotes green energy. "When China starts to get comfortable with a technology and sees it working, then they will very quickly scale their manufacturing base if they think they can drive down the costs, which they usually can...."

Lithium-ion batteries are perfect for smartphones because they're lightweight and fit in small spaces, even if they don't last long and have to be replaced frequently. Utilities have a different set of priorities: They need to store millions of times more energy, and they have much more room to work with. "If you think about utility-scale stationary applications, maybe you don't need lithium-ion batteries. You can use another one that is cheaper and can provide the services that you want like, for example, vanadium flow batteries," said Francisco Boshell, a researcher at the International Renewable Energy Agency...

Flow batteries are designed to tap giant tanks that can store a lot of energy for a long time. To boost their storage capacity, all you have to do is build a bigger tank and add more vanadium. That's a big advantage: By contrast, there's no easy way to adjust the storage capacity of a lithium-ion battery — if you want more storage, you have to build a whole new battery... One major barrier to building more of these battery farms is finding enough vanadium. Three-quarters of the world's supply comes as a by-product from 10 steel mills in China and Russia, according to Kara Rodby [a battery analyst at the investment firm Volta Energy Technologies] who got her PhD at the Massachusetts Institute of Technology studying the design and market for flow batteries. Australia, South Africa and the United States also produce vanadium, but in much smaller quantities. Mines that have been proposed could boost supply. And some flow battery start-ups are trying to sidestep the vanadium problem entirely by using different materials that are easier to buy.

The other hurdle is their up-front cost. Vanadium flow batteries are at least twice as expensive to build as lithium-ion batteries, Rodby said, and banks are hesitant to lend money to fund an unfamiliar technology. But experts say flow batteries can be cheaper in the long run because they're easier to maintain and last longer. A lithium-ion battery might have to be replaced after 10 years, but Rodby says flow batteries can last much longer. "There really is no finite lifetime for a flow battery in the way there is for lithium-ion," Rodby said.
Here's an interesting statistic from the article. "Over the next six years, utilities will have to build 35 times as many batteries as there are today to soak up all extra renewable energy that will come online, according to the International Energy Agency."

It's one of the most successful — and oldest — computer games of all-time. This week CBS News Minnesota interviewed Bill Heinemann, who in 1971 co-created "The Oregon Trail" as an educational video game simulating pioneers travelling west. "It's surprising and gratifying and humbling, in a way, that a little thing that I spent two weeks on has become a worldwide phenomenon," Heinemann said... The game's become known for the many ways players can die, including by dysentery, but Heinemann's favorite was death by snake bite. "It only happened once every several hundred times, and so people could've played it for months and all of a sudden, 'What? I got bit by a snake and died? This has never happened to me before!'" he said.
The game has been the subject of numerous satirical articles by McSweeney's. And long-time Slashdot reader whois_drek points out that a sketch comedy group also based a movie on the videogame in 2023.

So how does the game's co-creator feel about Apple's plans to film a new big-budget movie based on the game? "Surprising to me how popular it's become and how long the interest in it has been around," Heinemann said. "And this is just the next step I guess."

He won't be making any money off the movie. In fact, Heinemann's never seen a dime from the iconic game. He and his two co-creators, Rawitsch and Paul Dillenberger, turned it over to the Minnesota Educational Computing Consortium shortly after they invented it. Heinemann says it doesn't bother him. "I didn't do it for money," he said. "I did it for just the love of the game and the love of teaching."
Thanks to Slashdot reader quonset for sharing the news.

Transport for London (TfL) has dropped its investigation into how it could introduce driverless trains on the London Underground. From a report: One of the many conditions imposed on TfL during the pandemic to keep services running when most of us were stuck at home was that it would investigate how it could introduce driverless trains on the Underground. TfL was required to produce a business case for converting the Waterloo & City line and Piccadilly line to a DLR-style operation, and in September 2021, it advertised for consultancy work on the project.

It's now been confirmed that the study reached the same conclusion that every other study into the issue has already reported -- it'll cost an awful lot of money for very little benefit. Despite the claims that it would prevent strikes on the tube, the reality is that it wouldn't, as driverless trains would still have staff on board, just as the DLR does, and the DLR still has strikes.

Performance improvement plans, a controversial corporate tool for managing underperforming employees, are becoming increasingly prevalent in U.S. workplaces. HR Acuity data shows workers subject to performance actions rose from 33.4 per 1,000 in 2020 to 43.6 per 1,000 in 2023.

While companies maintain PIPs offer a path to improvement, WSJ -- citing HR executives and former employees -- describes them as primarily providing legal protection against wrongful termination lawsuits and an alternative to formal layoffs. Only 10-25% of employees survive the 30-90 day improvement plans, with most either being terminated or leaving voluntarily.

An anonymous reader shares a report: Coffee beans hit their highest price in 47 years, driven by bad weather in Vietnam and Brazil, the biggest producers of robusta and arabica beans respectively.

Brazil saw its worst drought in 70 years this year followed by heavy rains, raising fears that next season's output will drop, further pinching already tight global supplies. Vietnam has itself had three years of low output.

Arabica beans hit $3.18 a pound on Wednesday, leading Nestle, the world's biggest coffee company, to increase prices. As well as climate concerns, future prices are being raised by worries about tariffs: Roasters "will try to import now, because otherwise you will be paying tariffs later," one trade analyst told the Financial Times.

British Prime Minister Keir Starmer inaugurated London's first Google-funded AI Campus in Camden, aiming to equip young people with AI and machine learning skills. Reuters reports: The center, based in Camden, an area which Starmer represents in parliament and which is also home to Google's future offices in Kings Cross, has already started a two-year pilot project for local students. An first cohort of 32 people aged 16-18 will have access to resources in AI and machine learning and receive mentoring and expertise from Google's AI company DeepMind, the tech giant said. The students will tackle real-world projects connecting AI to fields such as health, social sciences and the arts at the campus, which has been established in partnership with the local authority, Google said.

Google's UK and Ireland managing director Debbie Weinstein announced 865,000 pounds ($1.10 million) of funding for an AI literacy program across the UK. The money will be used by charities Raspberry Pi Foundation and Parent Zone to help train teachers with an aim of reaching over 250,000 students by the end of 2026, she said.

Chinese companies are aggressively recruiting foreign tech talent as a key strategy to gain technological supremacy, prompting national security concerns across Western nations and Asia, WSJ reported Wednesday, citing multiple intelligence officials and corporate sources. The campaign focuses particularly on advanced semiconductor expertise, with companies like Huawei offering triple salaries to employees at critical firms like Zeiss SMT and ASML, which produce essential components for cutting-edge chip manufacturing.

These recruitment efforts intensified after Western export controls restricted China's access to advanced technology. While Taiwan and South Korea have implemented strict countermeasures, including criminal penalties for illegal talent transfers, the U.S. and Europe struggle to balance open labor markets with national security concerns.

Chinese firms often obscure their origins through local ventures and persistent recruitment tactics. The strategy has shown results: Former employees have helped Chinese companies advance their technological capabilities, including SMIC's development of 7nm chips with help from ex-TSMC talent.

Nearly 89% of smart device manufacturers fail to disclose how long they will provide software updates for their products, a Federal Trade Commission staff study found this week. The review of 184 connected devices, including hearing aids, security cameras and door locks, revealed that 161 products lacked clear information about software support duration on their websites.

Basic internet searches failed to uncover this information for two-thirds of the devices. "Consumers stand to lose a lot of money if their smart products stop delivering the features they want," said Samuel Levine, Director of the FTC's Bureau of Consumer Protection. The agency warned that manufacturers' failure to provide software update information for warranted products costing over $15 may violate the Magnuson Moss Warranty Act. The FTC also cautioned that companies could violate the FTC Act if they misrepresent product usability periods. The study excluded laptops, personal computers, tablets and automobiles from its review.

Indonesia rejected Apple's $100 million investment proposal to build an accessory and component plant, stating it was insufficient to lift the current ban on iPhone 16 sales in the country. Indonesia banned sales of Apple's iPhone 16 last month after it failed to meet requirements that smartphones sold domestically should comprise at least 40% locally-made parts. Reuters reports: "We have done an assessment and this (proposal) has not met principles of fairness," Industry Minister Agus Gumiwang Kartasasmita told a press conference, comparing the proposal to Apple's bigger investments in neighboring Vietnam and Thailand. Apple has no manufacturing facilities in Indonesia, but has since 2018 set up application-developer academies, which Jakarta considers a way for the company to meet local content requirement for the sale of older iPhone models. Agus said Apple had an outstanding investment commitment of $10 million it should have carried out before 2023. He also wanted Apple to commit to new investment until 2026.

Craig Newmark "is alarmed about potential cybersecurity risks in the U.S.," according to Yahoo Finance. The 71-year-old Craigslist founder says "our country is under attack now" in a new interview with Yahoo Finance executive editor Brian Sozzi on his Opening Bid podcast.

But Newmark also revealed what he's doing about it: [H]e started Craig Newmark Philanthropies to primarily invest in projects to protect critical American infrastructure from cyberattacks. He told Sozzi he is now spending $200 million more to address the issue, on top of an initial $100 million pledge revealed in September of this year. He encouraged other wealthy people to join him in the fight against cyberattacks. "I tell people, 'Hey, the people who protect us could use some help. The amounts of money comparatively are small, so why not help out,'" he said... The need for municipalities and other government entities to act rather than react remains paramount, warns Newmark. "I think a lot about this," said Newmark.

"I've started to fund networks of smart volunteers who can help people protect infrastructure, particularly [for] the small companies and utilities across the country who are responsible for most of our electrical and power supplies, transportation infrastructure, [and] food distribution.... A lot of these systems have no protection, so an adversary could just compromise them, saying unless you do what we need, we can start shutting off these things," he continued. Should that happen, recovery "could take weeks and weeks without your water supply or electricity."
A web page at Craig Newmark Philanthropies offers more details Craig was part of the whole "duck and cover" thing, in the 50s and 60s, and realizes that we need civil defense in the cyber domain, "cyber civil defense." This is patriotism, for regular people.

He's committed $100 million to form a Cyber Civil Defense network of groups who are starting to protect the country from cyber threats. Attacks on our power grids, our cyber infrastructure and even the internet-connected gadgets and appliances in our homes are real. If people think that's alarmist, tell them to "Blame Craig." The core of Cyber Civil Defense [launched in 2022] includes groups like Aspen Digital, Global Cyber Alliance, and Consumer Reports, focusing on citizen cyber education and literacy, cyber tool development, and cybersecurity workforce programs aimed at diversifying the growing field.
It's already made significant investments in groups like the Ransomware Task Force and threat watchdog group Shadowserver Foundation...

Some days more than half of California's available solar power goes to waste, according to research from the California Institute for Energy and Environment. "In the last 12 months, California's solar farms have curtailed production of more than 3 million megawatt hours of solar energy," according to a data analysis by the Los Angeles Times — enough to power 518,000 California homes for a year.

And it was curtailed "either on the orders of the state's grid operator or because prices had plummeted because of the glut. The waste would have been even larger if California had not paid utilities in other states to take the excess solar energy, documents from the state's grid operator show." That means green energy paid for by California electricity customers is sent away, lowering bills for residents of other states. Arizona's largest public utility reaped $69 million in savings last year by buying from the market California created to get rid of its excess solar power. The utility returned that money to its customers as a credit on their bills. Also reaping profits are electricity traders, including banks and hedge funds. The increasing oversupply of solar power has created a situation where energy traders can buy the excess at prices so low they become negative, said energy consultant Gary Ackerman, the former executive director of the Western Power Trading Forum. That means the solar plant is paying the traders to take it. "This is all being underwritten by California ratepayers," Ackerman said...

The solar glut also means higher electricity bills for Californians, since they are effectively paying to generate the power but not using it. California's electric rates are roughly twice the nation's average, with only Hawaii having higher rates. Rates at Southern California Edison and Pacific Gas & Electric increased by 51% over the last three years. "Ratepayers aren't getting the energy they've paid for," said Ron Miller, an energy industry consultant in Denver. He calculates that the retail value of the solar energy thrown away in a year would be more than $1 billion.

Gov. Gavin Newsom's advisors and those who manage the state's electric grid say they are working to reduce the curtailments, including by building more industrial-scale battery storage facilities that soak up the excess solar power during the day and then release it at night. Officials in the governor's office declined to be interviewed, but issued a statement saying the curtailments are often because of congestion on transmission lines, rather than a statewide oversupply of power. The state has been spending heavily to upgrade transmission lines to ease the congestion. "It's also important to have extra energy resources available that can help the state during periods of extreme weather and historic heatwaves when demand is particularly high, which have happened the past few years," the statement said...

The commercial solar industry contends that the expansion of storage capacity to bank solar power will eventually eliminate the glut.

"At points there was fear the talks would implode, as groups representing vulnerable small island states and the least-developed countries walked out of negotiations Saturday," according to a new report from CNN.

But after weeks of international climate talks at COP29, "the world agreed to a new climate deal... "with wealthy countries pledging to provide $300 billion annually by 2035 to poorer countries to help them cope with the increasingly catastrophic impacts of the climate crisis." The amount pledged, however, falls far short of the $1.3 trillion economists say is needed to help developing countries cope with a climate crisis they have done least to cause — and there has been a furious reaction from many developing countries. a fiery speech immediately after the gavel went down, India's representative Chandni Raina slammed the $300 billion as "abysmally poor" and a "paltry sum," calling the agreement "nothing more than an optical illusion" and unable to "address the enormity of the challenge we all face."

Others were equally damning in their criticism. We are leaving with a small portion of the funding climate-vulnerable countries urgently need," said Tina Stege, Marshall Islands climate envoy. Stege heavily criticized the talks as showing the "very worst of political opportunism." Fossil fuel interests "have been determined to block progress and undermine the multilateral goals we've worked to build," she said in a statement...

There was also a push for richer emerging economies such as China and Saudi Arabia to contribute to the climate funding package, but the agreement only "encourages" developing countries to make voluntary contributions, and places no obligations on them... Saudi Arabia, the world's top oil exporter, which has pushed against ambitious action at past climate summits, seemed even more emboldened in Baku, publicly and explicitly rejecting any reference to oil, coal and gas in the deal.
The package "is also being criticised as short-sighted from the richer world's perspective," notes the BBC: The argument runs that if you want to keep the world safe from rising temperatures, then wealthier nations need to help emerging economies cut their emissions, because that is where 75% of the growth in emissions has occurred in the past decade.
But "Delegations more optimistic about the agreement said this deal is headed in the right direction," writes the Associated Press, "with hopes that more money flows in the future." The text included a call for all parties to work together using "all public and private sources" to get closer to the $1.3 trillion per year goal by 2035. That means also pushing for international mega-banks, funded by taxpayer dollars, to help foot the bill. And it means, hopefully, that companies and private investors will follow suit on channeling cash toward climate action. The agreement is also a critical step toward helping countries on the receiving end create more ambitious targets to limit or cut emissions of heat-trapping gases.

An anonymous reader shared this report from the New York Times: Between the time [construction worker Florencio] Rendon applied for the coding boot camp and the time he graduated, what Mr. Rendon imagined as a "golden ticket" to a better life had expired. About 135,000 start-up and tech industry workers were laid off from their jobs, according to one count. At the same time, new artificial intelligence tools like ChatGPT, an online chatbot from OpenAI, which could be used as coding assistants, were quickly becoming mainstream, and the outlook for coding jobs was shifting. Mr. Rendon says he didn't land a single interview.

Coding boot camp graduates across the country are facing a similarly tough job market. In Philadelphia, Mal Durham, a lawyer who wanted to change careers, was about halfway through a part-time coding boot camp late last year when its organizers with the nonprofit Launchcode delivered disappointing news. "They said: 'Here is what the hiring metrics look like. Things are down. The number of opportunities is down,'" she said. "It was really disconcerting." In Boston, Dan Pickett, the founder of a boot camp called Launch Academy, decided in May to pause his courses indefinitely because his job placement rates, once as high as 90 percent, had dwindled to below 60 percent. "I loved what we were doing," he said. "We served the market. We changed a lot of lives. The team didn't want that to turn sour."

Compared with five years ago, the number of active job postings for software developers has dropped 56 percent, according to data compiled by CompTIA. For inexperienced developers, the plunge is an even worse 67 percent. "I would say this is the worst environment for entry-level jobs in tech, period, that I've seen in 25 years," said Venky Ganesan, a partner at the venture capital firm Menlo Ventures.
A Stack Overflow survey of 65,000 developers found that 60% had used AI coding tools this year, the article points out. And it includes two predictions about the future:

• Armando Solar-Lezama, leader of MIT's Computer-Assisted Programming Group, "believes that A.I. tools are good news for programming careers. If coding becomes easier, he argues, we'll just make more, better software. We'll use it to solve problems that wouldn't have been worth the hassle previously, and standards will skyrocket."

• Zach Sims, a co-founder of Codecademy, said of the job prospects for coding boot camp graduates" "I think it's pretty grim."

On November 24th, 1971 — 53 years ago today — a mysterious man jumped out of an airplane clutching $200,000 in ransom money. (He'd extorted it from the airline by claiming he had a bomb, and it's still "the only unsolved case of air piracy in the history of commercial aviation," according to Wikipedia.) Will modern technology finally let us solve the case — or just turn it into a miniseries on Netflix? And have online researchers finally discovered the definitive clue?

The FBI vetted more than 800 suspects, according to the Wyoming news site Cowboy State Daily, but in 2016 announced they were suspending their active investigation.

So it's newsworthy that the FBI now appears to be investigating new evidence, according to an amateur D.B. Cooper researcher on YouTube: the discovery of what's believed to be D.B. Cooper's uniquely-modified parachute: Retired pilot, skydiver and YouTuber, Dan Gryder told Cowboy State Daily that he may have found the missing link after uncovering the modified military surplus bailout rig he believes was used by D.B. Cooper in the heist. It belonged to Richard Floyd McCoy II, and was carefully stored in his deceased mother's storage stash until very recently... McCoy's children, Chanté and Richard III, or "Rick," agree with Gryder that they believe their father was D.B. Cooper, a secret that shrouded the family but wasn't overtly discussed. For years, they said, the family stayed mum out of fear of implicating their mother, Karen, whom they believe was complicit in both hijackings. Upon her death in 2020, they broke their silence to Gryder after being contacted by him off and on for years.

Gryder, who has been researching the case for more than 20 years, documented his investigation in a lengthy two-part series on his YouTube channel, "Probable Cause," in 2021 and 2022, where he connects the dots and shows actual footage of him finding the parachute in an outbuilding on the McCoy family property in North Carolina in July 2022. On Monday, Gryder released a third video, "D.B. Cooper: Deep FBI Update," where he announced the FBI's new and very recent efforts in his discoveries. After watching his first two videos, Gryder said FBI agents contacted Rick and Gryder to see the parachute. It was the first investigative move by the agency since issuing the 2016 public statement, declaring the case closed pending new evidence. Gryder and Rick McCoy traveled to Richmond, Virginia, in September 2023, where they met with FBI agents, who took the harness and parachute into evidence along with a skydiving logbook found by Chanté that aligned with the timeline for both hijackings, providing another vital piece in the puzzle, Gryder said....

During the meeting, Gryder said the agents called it a first step. If the evidence proved fruitless, they would have promptly returned the skydiving rig, he said, but that didn't happen. Instead, an FBI agent called Rick a month later to ask to search the family property in Cove City, North Carolina, which McCoy's mother owned and where Gryder had found the parachute and canopy... [Gryder says he watched] at least seven vehicles descend on the property with more than a dozen agents who scoured the property for about four hours... Rick said he has provided a DNA sample and was told by the FBI agents that the next step might be exhuming his father's body, but no formal terms and conditions for that process have been established thus far, he said.
A retired commercial airline pilot who was present in the Virginia FBI meeting said "It was clear they were taking it seriously" — noting it was the FBI who'd requested that meeting. The article cites two FBI agents who'd earlier already believed D.B. Cooper was McCoy. And the article points out that the FBI "has never ruled McCoy out, stating in a 2006 statement that he was 'still a favorite suspect among many.'"

A second article notes that Gryder supports the FBI's recent request to exhume McCoy's body. As he sees it, "The existing DNA marker comparisons studied so far only validate the need for this final extreme step and should close the mystery once and for all."

And the article adds that McCoy's children are "eager for closure and hope that the FBI finds the evidence agents need to close the D.B. Cooper case once and for all."

The GitHub Secure Open Source Fund launched this week with an initial commitment of $1.25 million, reports TechCrunch, using "capital from contributors including American Express, 1Password, Shopify, Stripe, and GitHub's own parent company Microsoft." GitHub briefly teased the new initiative at its annual GitHub Universe developer conference last month, but Tuesday it announced full details and formally opened the program for applicants, which will be reviewed "on a rolling basis" through the closing date of January 7, 2025, with programming and funding starting shortly after...

Tuesday's news builds on a number of previous GitHub initiatives designed to support project maintainers that work on key components of critical software, including GitHub Sponsors which landed in 2019 (and which is powering the new fund), but more directly the GitHub Accelerator program that launched its first cohort last year — the GitHub Secure Open Source Fund is essentially an extension of that.

"We're trying to acknowledge the fact that we're the home of open source, ultimately, and we have an obligation to help ensure that open source can continue to thrive and have the support that it needs," GitHub Chief Operating Officer Kyle Daigle told TechCrunch in an interview. Qualifying projects can be pretty much any project that has an open source license, but of course GitHub will be looking at those that need the funds most — so Kubernetes can hold fire with its application. "We're looking for the outsized impact, which tends to be big projects with few maintainers that we all rely on," Daigle said.

The sum of $1.25 million might sound like a reasonable amount, but it will be split across 125 projects, which means just $10,000 each — better than nothing, for sure, but a drop in the ocean on the grand scheme of things. However, Daigle is quick to stress that money is only part of the prize here — as with the initial accelerator program, maintainers embark on a three-week program, which includes mentorship, certification, education workshops, and ongoing access to GitHub tools.
From GitHub's announcement: Since introducing support for organizations through GitHub Sponsors, more than 5,800 organizations, including Microsoft and Stripe, have invested in maintainers and projects on GitHub, up nearly 40% YoY. Cumulatively, the platform has unlocked over $60 million in funding for maintainers to help them spend more time working on their projects.

But we know we're just scratching the surface when it comes to organizations and corporate support of open source. This summer, we partnered with the Linux Foundation and researchers from Laboratory for Innovation Science at Harvard (LISH) to learn more about the state of open source funding today. Diving in, we assessed organizations funding behaviors, potential misalignments, and opportunities to improve. In the report launched today, we found:


- Responding organizations annually invest $1.7 billion in open source, which can be extrapolated to estimate that approximately $7.7 billion is invested across the entire open source ecosystem annually.

- 86% of investment is in the form of contribution labor by employees and contractors working for the funding organization, with the remaining 14% being direct financial contributions.

- Organizations generally know how and where they contribute (65%) but lack specific clarity of their contributions (38%).

- Security efforts focus on bugs and maintenance; only a few (6%) said comprehensive security audits are a priority.


We all stand to benefit from unlocking more funding for open source. By tackling problems like open source security as an ecosystem, we believe we can help create more available funding and resources that are vital to the sustainability of open source. Not every open source project or maintainer has access to funding and training for security. That's why we created a fund that everyone potentially eligible can apply for...

This is the beginning of a journey into helping find ways to secure open source. On its own, it's not the answer, but we are confident it will help. We will be monitoring the impact of these investments and share what we learn as we go.