Published on: 2025-04-20 03:00:06
DirecTV's base streaming package costs more than all the other platforms on this list and its stiffest competition is still Hulu Plus Live TV and YouTube TV. With its channel selection, it's ideal for sports fans who want to watch local or national games. The service does have its pluses, though -- for example, it includes the flipper-friendly ability to swipe left and right to change channels. Additionally, it includes some channels some other services can't, including nearly 250 PBS stations
Keywords: channels directv package sports tv
Find related items on AmazonPublished on: 2025-04-30 02:19:29
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The term slopsquatting was coined by security researcher Seth Larson as a spin on typosquatting, an attack method that tricks developers into installing malicious packages by using names that closely resemble popular libraries. Unlike typosquatting, slopsquatting doesn't rely on misspellings. Instead
Keywords: ai hallucinated names package packages
Find related items on AmazonPublished on: 2025-04-30 00:22:35
The rise of AI-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process. AI coding assistants, like large language models in general, have a habit of hallucinating. They suggest code that incorporates software packages that don't exist. As we noted in March and September last year, security and academic researchers have found that AI code assistants invent package names. In a recent study, researchers found
Keywords: ai code hallucinated package packages
Find related items on AmazonPublished on: 2025-05-01 18:40:26
Fedora change aims for 99% package reproducibility Ready to give LWN a try? With a subscription to LWN, you can stay current with what is happening in the Linux and free-software community and take advantage of subscriber-only site features. We are pleased to offer you a free trial subscription, no credit card required, so that you can see for yourself. Please, join us! The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction
Keywords: build fedora package packages reproducible
Find related items on AmazonPublished on: 2025-05-06 11:20:27
is platforms and communities reporter with five years of experience covering the companies that shape technology and the people who use their tools. Donald Trump is making it even more expensive for US consumers to shop online from Chinese retailers like Temu and Shein. In an executive order amendment published Tuesday night, Trump raised the tariff rate for packages valued under $800 entering the US from China and Hong Kong that previously were exempt. The increase essentially triples what sho
Keywords: china packages percent tariffs trump
Find related items on AmazonPublished on: 2025-05-10 01:13:23
Posted on April 7, 2025 It’s time Lua got the ecosystem it deserves! For a bit over a year, we have been cooking up Lux, a new package manager for creating, maintaining and publishing Lua code. It does this through a simple and intuitive CLI inspired by other well-known package managers like cargo . Today, we feel the project has hit a state of “very usable for everyday tasks” . Features Fully portable between systems. Parallel builds and installs. 🚀 Handles the installation of Lua header
Keywords: lua luarocks lux neovim package
Find related items on AmazonPublished on: 2025-05-10 11:13:23
Posted on April 7, 2025 It’s time Lua got the ecosystem it deserves! For a bit over a year, we have been cooking up Lux, a new package manager for creating, maintaining and publishing Lua code. It does this through a simple and intuitive CLI inspired by other well-known package managers like cargo . Today, we feel the project has hit a state of “very usable for everyday tasks” . Features Fully portable between systems. Parallel builds and installs. 🚀 Handles the installation of Lua header
Keywords: lua luarocks lux neovim package
Find related items on AmazonPublished on: 2025-05-11 14:17:27
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. The script specifically targeted WooCommerce stores using the CyberSource payment gateway to validate cards, which is a key step for carding actors who need to evaluate thousands of stolen cards from dark web dumps and leaked databases to determine their value and potential exploitati
Keywords: card cards checkout package socket
Find related items on AmazonPublished on: 2025-05-13 17:33:37
Edgar Cervantes / Android Authority TL;DR An Android Authority teardown of the Uber app has revealed that the company is working on package protection for its courier service. Strings show that the company would reimburse you for the package’s value if it’s lost, stolen, or damaged. This should give users more peace of mind when using Uber’s courier service. Uber has evolved to become more than just a rideshare and food delivery service. One of its more recent additions was a courier service
Keywords: authority package protection string uber
Find related items on AmazonPublished on: 2025-05-10 07:22:27
I rebuilt (the top-50 popcon) Debian and Ubuntu packages, on amd and arm64, and compared the results a couple of months ago. Since then the Reproduce.Debian.net effort has been launched. Unlike my small experiment, that effort is a full-scale rebuild with more architectures. Their goal is to reproduce what is published in the Debian archive. One differences between these two approaches are the build inputs: The Reproduce Debian effort use the same build inputs which were used to build the publi
Keywords: build debian packages rebuild stage
Find related items on AmazonPublished on: 2025-05-14 12:38:58
With President Donald Trump’s new tariff plan, your online shopping packages coming directly from China are about to get much more expensive. In February, the Trump administration moved to get rid of a little-known rule that allows US consumers to avoid tariffs on low-value packages. The de minimis exemption meant that packages valued under $800 could enter the US duty-free, and shoppers — as well as retailers — relied on the exemption regularly, even if they didn’t realize it. Nearly 1.4 billi
Keywords: china coming exemption minimis packages
Find related items on AmazonPublished on: 2025-05-15 03:38:58
With President Donald Trump’s new tariff plan, your online shopping packages coming directly from China are about to get much more expensive. In February, the Trump administration moved to get rid of a little-known rule that allows US consumers to avoid tariffs on low-value packages. The de minimis exemption meant that packages valued under $800 could enter the US duty-free, and shoppers — as well as retailers — relied on the exemption regularly, even if they didn’t realize it. Nearly 1.4 billi
Keywords: china coming exemption minimis packages
Find related items on AmazonPublished on: 2025-05-16 05:43:16
A driver for an independent contractor to FedEx delivers packages on Cyber Monday in New York, U.S, on Monday, Nov. 27, 2023. President Donald Trump on Wednesday signed an executive order shutting the de minimis trade loophole, effective May 2. Trump in February abruptly ended the de minimis trade exemption, which allows shipments worth less than $800 to enter the U.S. duty-free. The order overwhelmed U.S. Customs and Border Protection employees and caused the U.S. Postal Service to temporaril
Keywords: customs minimis packages shipments trump
Find related items on AmazonPublished on: 2025-05-17 11:15:00
Jack Wallen / Elyse Betters Picaro / ZDNET After using Linux for a while, switching from one distribution to another becomes a fairly easy task. You know the landscape, and you understand the choices and how they are pieced together, so the decision becomes second nature. Also: The best-looking Linux desktop I've seen so far in 2025 -- and it's not even close But those early days can be filled with confusion, especially when trying to choose a distribution. The list goes on and on and on. In
Keywords: desktop distribution distributions linux package
Find related items on AmazonPublished on: 2025-05-25 19:22:41
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers' systems. The campaign targeted multiple cryptocurrency-related packages, and the popular 'country-currency-map' package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, "/scripts/launch.js" and "/scripts/diagnostic-report.js," which execute
Keywords: downloads malicious npm packages version
Find related items on AmazonPublished on: 2025-05-28 10:53:47
Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year's numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, none of it warranted a detailed writeup. Then March rolled around, and two very interesting packages were published on npm: ethers-provider2 and ethers-providerz. These were simple downlo
Keywords: ethers malicious npm package provider2
Find related items on AmazonPublished on: 2025-05-29 11:00:00
Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. This way, even if the victim removes the malicious packages, the backdoor remains on their system. The new tactic was discovered by researchers at Reversing Labs, who warned about the risk it entails, even if the packages weren't downloaded in large numbers. "It's not unusual to encounter downloaders on npm; they are may
Keywords: ethers legitimate npm package packages
Find related items on AmazonPublished on: 2025-06-02 06:59:00
The big picture: Nvidia's approach to co-packaged optics is a nuanced reflection of the technology's current limitations and future potential. By focusing on specialized applications with less demanding reliability requirements, Nvidia is positioning itself to lead the development of optical technologies for networking and data center applications while continuing to rely on traditional copper connections for its high-performance GPUs. Nvidia CEO Jensen Huang recently addressed the reliability
Keywords: gpus nvidia optics packaged technology
Find related items on AmazonPublished on: 2025-06-02 21:59:00
The big picture: Nvidia's approach to co-packaged optics is a nuanced reflection of the technology's current limitations and future potential. By focusing on specialized applications with less demanding reliability requirements, Nvidia is positioning itself to lead the development of optical technologies for networking and data center applications while continuing to rely on traditional copper connections for its high-performance GPUs. Nvidia CEO Jensen Huang recently addressed the reliability
Keywords: gpus nvidia optics packaged technology
Find related items on AmazonPublished on: 2025-06-07 15:47:31
What is Package Phobia? Package Phobia reports the size of an npm package before you install it. This is useful for inspecting potential dependencies or devDependencies without using up precious disk space or waiting minutes for npm install . What is "publish size" vs "install size"? The "publish size" is the size of the source code published to npm. This number is easy to detect and is typically very small. The "install size" is the size your hard drive will report after running npm instal
Keywords: dependencies install npm package size
Find related items on AmazonPublished on: 2025-06-21 17:42:19
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously known Lazarus supply chain operations. The threat group is known for pushing malicious packages i
Keywords: code malicious malware package packages
Find related items on AmazonPublished on: 2025-06-29 12:11:16
A malicious Python Package Index (PyPI) package named "set-utils" has been stealing Ethereum private keys through intercepted wallet creation functions and exfiltrating them via the Polygon blockchain. The package disguises itself as a utility for Python, mimicking the popular "python-utils," which has over 712 million downloads, and "utils," which counts over 23.5 million installs. Researchers from the developer cybersecurity platform Socket discovered the malicious package and reported that
Keywords: ethereum malicious package stolen utils
Find related items on AmazonPublished on: 2025-06-30 01:00:27
A heavy, sturdy black case arrives at my door. On it, a logo well known to sci-fi fans: Weyland-Yutani, the company from the Alien franchise. A company whose desperate attempts to secure a Xenomorph have resulted in thousands of deaths, maybe more. So, when you receive a package from them, you know something important is about to happen. What’s about to happen is the debut of Alien: Earth, FX’s upcoming show set years before any of the Alien films. It follows a team of soldiers who investigate
Keywords: alien cat package ship video
Find related items on AmazonPublished on: 2025-07-07 17:00:00
The software supply chain is notoriously porous: a reported 81% of codebases contain high- or critical-risk open source vulnerabilities. A single vulnerability can have a far-reaching impact on the wider software supply chain, as evidenced by the likes of the Log4Shell exploit that saw millions of applications exposed to potential remote code execution hacks via the Log4j logging library. Northern Irish startup Cloudsmith is setting out to solve this exact problem with its cloud-native “artifac
Keywords: cloudsmith package packages software source
Find related items on AmazonPublished on: 2025-07-14 11:59:36
A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. Deezer is a music streaming service available in 180 countries that offers access to over 90 million tracks, playlists, and podcasts. It is offered via an ad-supported free tier or paid subscriptions that support higher audio quality and offline listening. Security firm Socket discovered the
Keywords: automslc deezer malicious package service
Find related items on AmazonPublished on: 2025-07-12 05:48:53
When using xonsh as a default shell (and we do!), it's important to ensure that it is installed in a Python environment that is independent of changes from the system package manager. If you are installing xonsh via your system package-manager, this is handled for you. If you install xonsh outside of your system package manager, you can use xonsh-install for this.
Keywords: environment install manager package xonsh
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.