Besides administering standardized pre-college tests, America's nonprofit College Board designs college-level classes that high school students can take. But now they're also crafting courses "not just with higher education at the table, but industry partners such as the U.S. Chamber of Commerce and the technology giant IBM," reports Education Week.

"The organization hopes the effort will make high school content more meaningful to students by connecting it to in-demand job skills." It believes the approach may entice a new kind of AP student: those who may not be immediately college-bound.... The first two classes developed through this career-driven model — dubbed AP Career Kickstart — focus on cybersecurity and business principles/personal finance, two fast-growing areas in the workforce." Students who enroll in the courses and excel on a capstone assessment could earn college credit in high school, just as they have for years with traditional AP courses in subjects like chemistry and literature. However, the College Board also believes that students could use success in the courses as a selling point with potential employers... Both the business and cybersecurity courses could also help fulfill state high school graduation requirements for computer science education...

The cybersecurity course is being piloted in 200 schools this school year and is expected to expand to 800 schools next school year... [T]he College Board is planning to invest heavily in training K-12 teachers to lead the cybersecurity course.
IBM's director of technology, data and AI called the effort "a really good way for corporations and companies to help shape the curriculum and the future workforce" while "letting them know what we're looking for." In the article the associate superintendent for teaching at a Chicago-area high school district calls the College Board's move a clear signal that "career-focused learning is rigorous, it's valuable, and it deserves the same recognition as traditional academic pathways."

Also interesting is why the College Board says they're doing it: The effort may also help the College Board — founded more than a century ago — maintain AP's prominence as artificial intelligence tools that can already ace nearly every existing AP test on an ever-greater share of job tasks once performed by humans. "High schools had a crisis of relevance far before AI," David Coleman, the CEO of the College Board, said in a wide-ranging interview with EdWeek last month. "How do we make high school relevant, engaging, and purposeful? Bluntly, it takes [the] next generation of coursework. We are reconsidering the kinds of courses we offer...."

"It's not a pivot because it's not to the exclusion of higher ed," Coleman said. "What we are doing is giving employers an equal voice."
Thanks to long-time Slashdot reader theodp for sharing the article.

Two "groundbreaking research reports" on open source security were announced this week by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF) and Linux Foundation Europe. The reports specifically address the EU's Cyber Resilience Act (or CRA) and "highlight knowledge gaps and best practices for CRA compliance."

"Unaware and Uncertain: The Stark Realities of CRA-Readiness in Open Source" includes a survey which found that when it comes to CRA requirements, 62% of respondents were either "not familiar at all" (36%) or "slightly familiar" (26%) — while 51% weren't sure about its deadlines. ("Only 28% correctly identified 2027 as the target year for full compliance," according to one infographic, which adds that CRA "is expected to drive a 6% average price increase, though 53% of manufacturers are still assessing pricing impacts.") Manufacturers, who bear primary responsibility, lack readiness — many [46%] passively rely on upstream security fixes, and only a small portion produce Software Bills of Materials (SBOMs). The report recommends that manufacturers take a more active role in open source security, that more funding and legal support is needed to support security practices, and that clear regulatory guidance is essential to prevent unintended negative impacts on open source development.
The research also provides "an in-depth analysis of how open collaboration can strengthen software security and innovation across global markets," with another report that "examines how three Linux Foundation projects are meeting the CRA's minimum compliance requirements" and "provides insight on the elements needed to ensure leadership in cybersecurity best practices." (It also includes CRA-related resources.)

"These two reports offer actionable conclusions for open source stakeholders to ready themselves for 2027, when the CRA comes into force," according to a Linux Foundation reserach executive cited in the announcement. "We hope that these reports catalyze higher levels of collaboration across the open source community."

The French National Assembly has rejected a controversial provision that would have forced messaging platforms like Signal and WhatsApp to allow government access to encrypted private conversations, lawmakers voted Thursday night. The measure, embedded within anti-drug trafficking legislation, would have implemented a "ghost participant model" allowing law enforcement to silently join encrypted chats without users' knowledge.

Nvidia CEO Jensen Huang on Thursday walked back comments he made in January, when he cast doubt on whether useful quantum computers would hit the market in the next 15 years. From a report: At Nvidia's "Quantum Day" event, part of the company's annual GTC Conference, Huang admitted that his comments came out wrong. "This is the first event in history where a company CEO invites all of the guests to explain why he was wrong," Huang said.

In January, Huang sent quantum computing stocks reeling when he said 15 years was "on the early side" in considering how long it would be before the technology would be useful. He said at the time that 20 years was a timeframe that "a whole bunch of us would believe." In his opening comments on Thursday, Huang drew comparisons between pre-revenue quantum companies and Nvidia's early days. He said it took over 20 years for Nvidia to build out its software and hardware business.

He also expressed surprise that his comments were able to move markets, and joked he didn't know that certain quantum computing companies were publicly traded. "How could a quantum computer company be public?" Huang said.

Nvidia is selling its scarce RTX 5080 and 5090 graphics cards from a pop-up "food truck" at its GPU Technology Conference, where attendees paying over $1,000 for tickets can purchase the coveted hardware alongside merchandise. The company has only 2,000 cards available (1,000 each of RTX 5080 and 5090), released in small batches at random times during the three-day conference which concludes tomorrow.

Microsoft is developing a new Windows 11 feature that will explain how hardware limitations affect PC performance. The latest preview builds include a hidden FAQ section in system settings that addresses GPU memory, system RAM, and OS version impacts.

The feature, discovered by Windows observer "phantomofearth" in this week's Dev Channel build, requires manual activation. It provides specific recommendations for configurations like low RAM or GPUs with less than 4GB memory, and flags outdated Windows versions.

An anonymous reader shares a report: PCI Express 7 is nearing completion, the PCI Special Interest Group said, and the final specification should be released later this year. PCI Express 7, the backbone of the modern motherboard, is at the stage 0.9, which the PCI-SIG characterizes as the "final draft" of the specification. The technology was at version 0.5 a year ago, almost to the day, and originally authored in 2022.

The situation remains the same, however. While modern PC motherboards are stuck on PCI Express 5.0, the specification itself moves ahead. PCI Express has doubled the data rate about every three years, from 64 gigtransfers per second in PCI Express 6.0 to the upcoming 128 gigatransfers per second in PCIe 7. (Again, it's worth noting that PCIe 6.0 exists solely on paper.) Put another way, PCIe 7 will deliver 512GB/s in both directions, across a x16 connection.

It's worth noting that the PCI-SIG doesn't see PCI Express 7 living inside the PC market, at least not initially. Instead, PCIe 7 is expected to be targeted at cloud computing, 800-gigabit Ethernet and, of course, artificial intelligence. It will be backwards-compatible with the previous iterations of PCI Express, the SIG said.

Trend Micro uncovered an eight-year-long spying campaign exploiting a Windows vulnerability involving malicious .LNK shortcut files, which attackers padded with whitespace to conceal commands. Despite being reported to Microsoft in 2023, the company considers it a UI issue rather than a security risk and has not prioritized a fix. The Register reports: The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads. Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher. "This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, told The Register. "We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

After poring over malicious .LNK samples, the security shop said it found the vast majority of these files were from state-sponsored attackers (around 70 percent), used for espionage or information theft, with another 20 percent going after financial gain. Among the state-sponsored crews, 46 percent of attacks came from North Korea, while Russia, Iran, and China each accounted for around 18 percent of the activity.

Eric Migicovsky, founder of Pebble, will release two new smartwatches running the newly open-sourced Pebble operating system through his company Core Devices. The Core 2 Duo, priced at $149 and shipping in July, utilizes unused Pebble 2 frames with the same black-and-white E Ink display.

The device features a 30-day battery life -- quadruple its predecessor's -- and incorporates a speaker for AI assistant interaction. Approximately 10,000 units will be available. The Core Time 2, arriving in December at $225, adds touchscreen functionality to the classic Pebble design while maintaining physical buttons and month-long battery life.

Both devices face iPhone integration challenges. Migicovsky cautioned potential tariff increases would be passed to consumers, stating, "We're going to charge more if it costs more." "I'm not building a company to sell millions of these," Migicovsky said. "The goal is to make something I really want."

An anonymous reader shares a report: Xbox 360 modders have discovered a new way to get homebrew apps and games running on the console. A new software-only exploit known as BadUpdate allows you to use a USB key to hack past Microsoft's Hypervisor protections and run unsigned code and games.

Modern Vintage Gamer has tested BadUpdate and found that you don't even have to open up your Xbox 360 console to get it running. Unlike the RGH or JTAG exploits for the Xbox 360, this BadUpdate method just requires a USB key. If you have the time and patience to get this running successfully, you'll be able to run the Xbox 360 homebrew store which includes games, apps, emulators, utilities, and even custom dashboards.

Zillow CEO Jeremy Wacksman "recently told Entrepreneur magazine that almost five years of remote work has 'been fantastic for us,'" writes the Seattle Times. Zillow shifted to allowing people to work fully remote during the pandemic. It's been a recruiting and retention tool for Zillow as they "now see four times the number of job applicants for every job we have versus what we did before the pandemic," Wacksman said.

While Zillow still lists its corporate headquarters as Seattle, the company bills itself as "cloud-headquartered," with remote workers and satellite offices. Wacksman's comments are backed by serious real estate moves the company has made over the past five years. An annual report detailing Zillow's financial results for 2024 shows its Seattle headquarters and offices across the country are shrinking. In 2019, Zillow had 386,275 square feet of office space in Seattle after steadily gobbling up floors of the Russell Investments Center downtown over the prior five years. The company reported it had 113,470 square feet in Seattle at the end of 2024... The company has drastically cut costs by shedding offices. Zillow's total leasing costs reached $54 million in 2022 and dropped to $34 million last year... It expects those costs to decrease even further, to $18 million by 2029. Zillow is also taking advantage of subleasing some of its office space and expects $26 million in sublease income between 2025 and 2030...

Zillow's financial results from last year suggest the workforce has been productive while logging in from home. The company reported Tuesday that it beat Wall Street expectations for the last three months of 2024 with a quarterly revenue of $554 million. Wacksman said in a news release Tuesday that 2024 was a "remarkable year for Zillow," as it reached its goal of double-digit revenue growth.

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center.

And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.

The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme."
The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...)

Besides updating software and operating systems, the alert makes these recommendations for organizations:

• Require VPNs (or jump hosts) for remote network access

• Block remote access from unknown/untrusted origins, and disable unused ports

• Segment networks to help prevent the spread of ransomware

• Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts.

• Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers

• Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.)

• Disable command-line and scripting activities and permissions.

With Microsoft ending free security updates for Windows 10 in October, millions of PCs that don't meet Windows 11's hardware requirements face an uncertain fate... Charities that refurbish and distribute computers to low-income individuals must choose between providing soon-to-be-insecure Windows 10 machines, transitioning to Linux -- despite usability challenges for non-tech-savvy users -- or recycling the hardware, contributing to ewaste. Tom's Hardware reports: So how bad will it really be to run an end-of-lifed Windows 10? Should people worry? [Chester Wisniewski, who serves as Director and Global Field CISO for Sophos, a major security services company] and other experts I talked to are unequivocal. You're at risk. "To put this in perspective, today [the day we talked] was Patch Tuesday," he said. "There were 57 vulnerabilities, 6 of which have already been abused by criminals before the fixes were available. There were also 57 in February and 159 in January. Windows 10 and Windows 11 largely have a shared codebase, meaning most, if not all, vulnerabilities each month are exploitable on both OSs. These will be actively turned into digital weapons by criminals and nation-states alike and Windows 10 users will be somewhat defenseless against them."

So, in short, even though Windows 10 has been around since 2015, there are still massive security holes being patched. Even within the past few weeks, dozens of vulnerabilities were fixed by Microsoft. So what's a charity to do when these updates are running out and clients will be left vulnerable? "What we decided to do is one year ahead of the cutoff, we discontinued Windows 10," said Casey Sorensen, CEO of PCs for People, one of the U.S.'s largest non-profit computer refurbishers. "We will distribute Linux laptops that are 6th or 7th gen. If we distribute a Windows laptop, it will be 8th gen or newer." Sorensen said that any PC that's fifth gen or older will be sent to an ewaste recycler.

[...] Sorensen, who founded the company in 1998, told us that he's comfortable giving clients computers that run Linux Mint, a free OS that's based on Ubuntu. The latest version of Mint, version 22.1, will be supported until 2029. "Ten years ago if we distributed Linux, they would be like what is it," he said. But today, he notes that many view their computers as windows to the Internet and, for that, a user-friendly version of Linux is acceptable. Further reading: Is 2025 the Year of the Linux Desktop?

Apple is planning a new AirPods feature that allows the earbuds to live-translate an in-person conversation into another language, Bloomberg reports, citing people with knowledge of the matter. From the report: The capability will be offered as part of an AirPods software upgrade due later this year, said the people, who asked not to be identified because the effort is private. It will be tied to iOS 19, the upcoming update to Apple's mobile-device operating system.

Windows Defender has begun identifying WinRing0 -- a kernel-level driver used by numerous hardware monitoring applications -- as malicious software, causing widespread functionality issues for affected tools. The driver, which provides low-level hardware access necessary for reading fan speeds, controlling RGB lighting, and monitoring system components, is being quarantined due to potential security vulnerabilities that could be exploited by malware.

WinRing0 gained popularity among developers because it's one of only two freely available Windows drivers capable of accessing the SMBus registers needed for hardware monitoring functions. The affected applications include Fan Control, OpenRGB, MSI Afterburner, LibreHardwareMonitor, and multiple others that rely on this driver to communicate with system hardware.