Slashdot

Investigative journalist and cybersecurity expert Brian Krebs writes: The Chinese company in charge of handing out domain names ending in ".top" has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in ".com." On July 16, the Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to the owners of the .top domain registry. ICANN has filed hundreds of enforcement actions against domain registrars over the years, but in this case ICANN singled out a domain registry responsible for maintaining an entire top-level domain (TLD). Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains. "Based on the information and records gathered through several weeks, it was determined that .TOP Registry does not have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse," the ICANN letter reads (PDF). ICANN's warning redacted the name of the recipient, but records show the .top registry is operated by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd. Representatives for the company have not responded to requests for comment. Domains ending in .top were represented prominently in a new phishing report released today by the Interisle Consulting Group, which sources phishing data from several places, including the Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus. Interisle's newest study examined nearly two million phishing attacks in the last year, and found that phishing sites accounted for more than four percent of all new .top domains between May 2023 and April 2024. Interisle said .top has roughly 2.76 million domains in its stable, and that more than 117,000 of those were phishing sites in the past year.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Angry T-Mobile customers have filed a class action lawsuit over the carrier's decision to raise prices on plans that were advertised as having a lifetime price guarantee. "Based upon T-Mobile's representations that the rates offered with respect to certain plans were guaranteed to last for life or as long as the customer wanted to remain with that plan, each Plaintiff and the Class Members agreed to these plans for wireless cellphone service from T-Mobile," said the complaint (PDF) filed in US District Court for the District of New Jersey. "However, in May 2024, T-Mobile unilaterally did away with these legacy phone plans and switched Plaintiffs and the Class to more expensive plans without their consent." The complaint, filed on July 12, has four named plaintiffs who live in New Jersey, Georgia, Nevada, and Pennsylvania. They are seeking to represent a class of all US residents "who entered into a T-Mobile One Plan, Simple Choice plan, Magenta, Magenta Max, Magenta 55+, Magenta Amplified or Magenta Military Plan with T-Mobile which included a promised lifetime price guarantee but had their price increased without their consent and in violation of the promises made by T-Mobile and relied upon by Plaintiffs and the proposed class." The complaint seeks "restitution of all amounts obtained by Defendant as a result of its violation," plus interest. It also seeks statutory and punitive damages, and an injunction to prevent further "wrongful, unlawful, fraudulent, deceptive, and unfair conduct." The report notes that the lawsuit centers around T-Mobile's broken "Un-contract" promise made in January 2017, which assured customers that their T-Mobile One plan prices would never increase unless they decided to change their plans. Despite the guarantee, T-Mobile included a significant caveat in a FAQ on its website, stating they would only cover the final month's bill if the price was raised and the customer decided to cancel. Many customers missed this caveat, leading to confusion and frustration when prices were later hiked. The lawsuit also addresses the transition from the "Un-contract" to a new "Price Lock" guarantee, which initially offered more protection but was later weakened, causing further dissatisfaction. The FCC said it has received around 1,600 complaints regarding these price hikes by late June.Read more of this story at Slashdot.

Malaysia's digital minister said today he has asked global tech firms Microsoft and CrowdStrike to consider compensating companies that suffered losses during last week's global tech outage. From a report: Five government agencies and nine companies operating in aviation, banking and healthcare were among those affected in Malaysia, minister Gobind Singh Deo told reporters. "If there are any damages or losses, where there have been any parties that have made such claims, I've asked them to consider those claims and see to what extent they are able to help resolve the issue," Gobind said, adding that the government would also assist on the claims where possible. The total amount of losses incurred has not yet been determined, he said. The outage will cost Fortune 500 companies $5.4 billion, according to estimates from insurers. The projected financial losses exclude Microsoft.Read more of this story at Slashdot.

Meta CEO Mark Zuckerberg has advocated for open-source AI development, asserting it as a strategic advantage for the United States against China. In a blog post, Zuckerberg argued that closing off AI models would not effectively prevent Chinese access, given their espionage capabilities, and would instead disadvantage U.S. allies and smaller entities. He writes: Our adversaries are great at espionage, stealing models that fit on a thumb drive is relatively easy, and most tech companies are far from operating in a way that would make this more difficult. It seems most likely that a world of only closed models results in a small number of big companies plus our geopolitical adversaries having access to leading models, while startups, universities, and small businesses miss out on opportunities. Plus, constraining American innovation to closed development increases the chance that we don't lead at all. Instead, I think our best strategy is to build a robust open ecosystem and have our leading companies work closely with our government and allies to ensure they can best take advantage of the latest advances and achieve a sustainable first-mover advantage over the long term.Read more of this story at Slashdot.

Researchers at Check Point have uncovered a clandestine network of approximately 3,000 "ghost" accounts on GitHub, manipulating the platform to promote malicious content. Since June 2023, a cybercriminal dubbed "Stargazer Goblin" has been exploiting GitHub's community features to boost malicious repositories, making them appear legitimate and popular. Antonis Terefos, a malware reverse engineer at Check Point, discovered the network's activities, which include "starring," "forking," and "watching" malicious pages to increase their visibility and credibility. The network, named "Stargazers Ghost Network," primarily targets Windows users, offering downloads of seemingly legitimate software tools while spreading various types of ransomware and info-stealer malware.Read more of this story at Slashdot.

AI is increasingly being employed in job interviews across China and India, marking a significant shift in recruitment practices in the region. This follows a similar practice making inroads in the U.S. Rest of World adds: A 2023 survey of 1,000 human-resources workers by the U.S. firm ResumeBuilder found that 10% of companies were already using AI in the hiring process, and another 30% planned to start the following year. The research firm Gartner listed natural-language chatbots as one of 2023's key innovations for the recruiting industry, designating the technology as experimental but promising. Companies like Meituan, Siemens, and Estee Lauder are using AI-powered interviews, with platforms such as MoSeeker, Talently.ai, and Instahyre leading the charge in AI recruitment solutions.Read more of this story at Slashdot.

Google is now the only search engine that can surface results from Reddit, making one of the web's most valuable repositories of user generated content exclusive to the internet's already dominant search engine. 404 Media: If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn't rely on Google's indexing and search Reddit by using "site:reddit.com," you will not see any results from the last week. DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that "We would like to show you a description here but the site won't allow us." Older results will still show up, but these search engines are no longer able to "crawl" Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google. The news shows how Google's near monopoly on search is now actively hindering other companies' ability to compete at a time when Google is facing increasing criticism over the quality of its search results. The news follows Google signing a $60 million deal with Reddit early this year to use the social network's content to train its LLMs.Read more of this story at Slashdot.

In a response to the UK's Competition and Markets Authority's investigation into cloud services and licensing, Microsoft has defended its practices, asserting that its terms "do not meaningfully raise cloud rivals' costs." The Windows-maker emphasized Amazon's continued dominance in the UK hyperscale market and noted Google's quarter-on-quarter growth, while also highlighting the declining share of Windows Server relative to Linux in cloud operating systems and SQL Server's second-place position behind Oracle. [...] The CMA's inquiry primarily focuses on the pricing disparity between using Microsoft products on Azure versus rival cloud platforms, with most surveyed customers perceiving Azure as the more cost-effective option for Microsoft software deployment. The Register adds: Microsoft's bullish take on this is that AWS and Google should be grateful that they even get to run its software. In its response, the company said: "This dispute on pricing terms only arises because Microsoft grants all rivals IP licenses in the first place to its software that is of most popularity for use in the cloud. It does this not because there is any legal obligation to share IP with closest rivals in cloud, but for commercial reasons."Read more of this story at Slashdot.

OpenAI has built one of the fastest-growing businesses in history. It may also be one of the costliest to run. The Information: The ChatGPT maker could lose as much as $5 billion this year [non-paywalled source], according to an analysis by The Information, based on previously undisclosed internal financial data and people involved in the business. [...] On the cost side, OpenAI as of March was on track to spend nearly $4 billion this year on renting Microsoft's servers to power ChatGPT and its underlying LLMs (otherwise known as inference costs), said a person with direct knowledge of the spending. In addition to running ChatGPT, OpenAI's training costs -- including paying for data -- could balloon to as much as $3 billion this year. Last year, OpenAI ramped up the training of new AI faster than it had originally planned, said a person with direct knowledge of the decision. So while the company earlier planned to spend about $800 million on such costs, it ended up spending considerably more, this person said.Read more of this story at Slashdot.

T-Mobile and investment firm KKR have formed a joint venture (JV) to acquire fiber service provider Metronet. From a report: The fiber provider reaches over 300 communities and more than 2 million homes in 17 states. Metronet is both a pure-play fiber company and independent FTTH operator. In some markets, Metronet delivers residential speeds up to 5 Gbit/s. The acquisition includes Metronet's broadband infrastructure, residential fiber business operations and existing customers. The JV will acquire Oak Hill Capital's existing stake; Oak Hill Capital will re-invest for a minority position and Metronet CEO John Cinelli will retain a minority position after the deal closes. T-Mobile said it plans to invest nearly $4.9 billion to acquire a 50% equity stake in the JV and 100% of Metronet's residential fiber retail operations and customers, as well as funding of the JV. After the close of the deal, Metronet, based in Evansville, Indiana, will transition to a wholesale service provider for its retail customers. T-Mobile will take on management of residential customer acquisition and support, using T-Mobile's marketing and service model and Metronet's fiber broadband services.Read more of this story at Slashdot.

Lorenzo Franceschi-Bicchierai, reporting for TechCrunch: CrowdStrike, the cybersecurity firm that crashed millions of computers with a botched update all over the world last week, is offering its partners a $10 Uber Eats gift card as an apology, according to several people who say they received the gift card, as well as a source who also received one. On Tuesday, a source told TechCrunch that they received an email from CrowdStrike offering them the gift card because the company recognizes "the additional work that the July 19 incident has caused." "And for that, we send our heartfelt thanks and apologies for the inconvenience," the email read, according to a screenshot shared by the source. The same email was also posted on X by someone else. "To express our gratitude, your next cup of coffee or late night snack is on us!" The report adds that some people are having trouble redeeming the card. Some are seeing the error that says the gift card "has been canceled by the issuing party and is no longer valid."Read more of this story at Slashdot.

The US is warning homegrown tech startups and venture capital firms that some foreign investments may be fronts for hostile nations seeking data and technology for their governments or to undermine American businesses. From a report: Several US intelligence agencies are spotlighting the concern in a joint bulletin Wednesday to small businesses, trade associations and others associated with the venture capital community, according to the National Counterintelligence and Security Center. "Unfortunately our adversaries continue to exploit early-stage investments in US startups to take their sensitive data," said Michael Casey, director of the NCSC. "These actions threaten US economic and national security and can directly lead to the failure of these companies." Washington has ramped up scrutiny of investments related to countries it considers adversaries, most notably China, as advanced technologies with breakthrough commercial potential, such as artificial intelligence, can also be used to enhance military or espionage capabilities. [...] Small tech companies and venture capitalists "are not in a position to assess the national security implications of their investments," said Mark Montgomery, former executive director of the Cyberspace Solarium Commission, which was assigned to develop a US cybersecurity strategy. "There are way too many examples where what appears to be, at best, potentially only dual-use or non-military-use technology is quickly twisted and used as a national security tool."Read more of this story at Slashdot.

A surge in new oil and gas production in 2024 threatens to unleash nearly 12 billion tonnes of planet-heating emissions, with the world's wealthiest countries -- such as the US and the UK -- leading a stampede of fossil fuel expansion in spite of their climate commitments, new data reveals. From a report: The new oil and gas field licences forecast to be awarded across the world this year are on track to generate the highest level of emissions since those issued in 2018, as heatwaves, wildfires, drought and floods cause death and destruction globally, according to analysis of industry data by the International Institute for Sustainable Development (IISD). The 11.9bn tonnes of greenhouse gas emissions -- which is roughly the same as China's annual carbon pollution -- resulting over their lifetime from all current and upcoming oil and gas fields forecast to be licensed by the end of 2024 would be greater than the past four years combined. The projection includes licences awarded as of June 2024, as well as the oil and gas blocks open for bidding, under evaluation or planned. Meanwhile, fossil fuel firms are ploughing more money into developing new oil and gas sites than at any time since the 2015 Paris climate deal, when the world's governments agreed to take steps to cut emissions and curb global heating. The world's wealthiest countries are economically best placed -- and obliged under the Paris accords -- to lead the transition away from fossil fuels to cleaner energy sources. But these high-capacity countries with a low economic dependence on fossil fuels are spearheading the latest drilling frenzy despite dwindling easy-to-reach reserves, handing out 825 new licences in 2023, the largest number since records began.Read more of this story at Slashdot.

Global enterprises are grappling with the complexities of AI adoption, according to hundreds of top industry executives at a recent private software conference hosted by UBS. UBS adds: We heard:1. The data points from a private GPU cloud infrastructure provider were a very bullish readthrough to GPU demand, Microsoft's AI infra capabilities and the ramp of enterprise/software demand for training and inference compute.2. One F500 customer was at 1% Office Copilot roll-out, moving to perhaps 2% in a year as they a) fine-tune internal best practices and b) negotiate to get Microsoft much lower on price.3. One private flagged "copilot chaos," with customers having to choose between AI copilots from seemingly every tech firm (we wonder if this creates pricing pressure and/or an evaluation slowdown).4. Popular use cases are AI apps for internal, domain-specific tasks (simple workflow automation).5. Little evidence of AI resulting in customer headcount cuts, but headcount reduction with 3rd-party managed services providers and (India-based) SI firms.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Content creators are busy people. Most spend more than 20 hours a week creating new content for their respective corners of the web. That doesn't leave much time for audience engagement. But Mark Zuckerberg, Meta's CEO, thinks that AI could solve this problem. In an interview with internet personality Rowan Cheung, Zuckerberg laid out his vision for a future in which creators have their own bots, of sorts, that capture their personalities and "business objectives." Creators will offload some community outreach to these bots to free up time for other, presumably more important tasks, Zuckerberg says. "I think there's going to be a huge unlock where basically every creator can pull in all their information from social media and train these systems to reflect their values and their objectives and what they're trying to do, and then people can can interact with that," Zuckerberg said. "It'll be almost like this artistic artifact that creators create that people can kind of interact with in different ways." [...] It's tough to imagine creators putting trust in the hands of flawed AI bots to interact with their fans. In the interview, Zuckerberg acknowledges that Meta has to "mitigate some of the concerns" around its use of generative AI and win users' trust over the long term. This is especially true as some of Meta's AI training practices are actively driving creators away from its platforms.Read more of this story at Slashdot.

Negotiations on a global tax deal have extended beyond the June 30 deadline, with countries now looking to the G20 finance leaders meeting for progress. "The stakes in the negotiations are high," reports Reuters. "A failure to reach agreement on final terms could prompt several countries to reinstate their taxes on U.S. tech giants and risk punitive duties on billions of dollars in exports to the U.S." Some countries, like Canada, have already implemented their own digital services tax. Reuters reports: The so-called "Pillar 1" arrangement, part of a 2021 global two-part tax deal, aims to replace unilateral digital services taxes (DSTs) on U.S. tech giants including Alphabet's Google, Amazon.com and Apple through a new mechanism to share taxing rights on a broader, global group of companies. Standstill agreements under which Washington has suspended threatened trade retaliation against seven countries -- Austria, Britain, France, India, Italy, Spain and Turkey -- expired on June 30, but the U.S. has not taken steps to impose tariffs. Discussions on the matter are continuing. An Italian government source said that European countries were seeking assurances that the U.S. tariffs on some $2 billion worth of annual imports from French Champagne to Italian handbags and optical lenses remained frozen while the talks continue, including at the G20 meeting in Rio de Janeiro. A European Union document prepared for the G20 meeting lists finalizing the international tax deal as a "top priority." It said the G20 should urge countries and jurisdictions participating in the tax deal "to finalize discussions on all aspects of Pillar 1, with a view to signing the Multilateral Convention (MLC) by summer end and ratifying it as soon as possible." "Treasury continues to oppose all tax measures that discriminate against U.S. businesses," a U.S. Treasury spokesperson said in response to Canada's move. "We encourage all countries to finalize the work on the Pillar 1 agreement. We are in active discussions on next steps related to the existing DST joint statements."Read more of this story at Slashdot.

On Sunday, global temperatures reached their highest levels in recorded history (source may be paywalled; alternative source), with a daily average of 17.09 degrees Celsius (62.76 degrees Fahrenheit). "The historic day comes on the heels of 13 straight months of unprecedented temperatures and the hottest year scientists have ever seen," adds the Washington Post, citing preliminary data from the Copernicus Climate Change Service. From the report: Though Sunday was only slightly warmer than the world's previous hottest day, Copernicus researchers noted, it was extraordinarily hotter than anything that came before. Before July 2023, Earth's daily average temperature record -- set in August 2016 -- was 16.8 degrees Celsius (62.24 degrees Fahrenheit). But in the past year, the global has exceeded that old record on 57 days. Scientists have been tracking global temperatures only for the past few centuries. Yet there is good reason to believe that Sunday was the hottest day on Earth since the start of the last Ice Age more than 100,000 years ago. Research from paleoclimate scientists -- who use tree rings, ice cores, lake sediments and other ancient material to understand past environments -- suggests that recent heat would have been all but impossible over the last stretch of geologic time. "We are in truly uncharted territory," Copernicus director Carlo Buontempo said in a statement. "And as the climate keeps warming, we are bound to see records being broken in future months and years. What is truly staggering is how large the difference is between the temperature of the last 13 months and the previous temperature records."Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media's Jason Koebler: The Department of Homeland Security bought a dog-like robot that it has modified with an "antenna array" that gives law enforcement the ability to overload people's home networks in an attempt to disable any internet of things devices they have, according to the transcript of a speech given by a DHS official at a border security conference for cops obtained by 404 Media. The DHS has also built an "Internet of Things" house to train officers on how to raid homes that suspects may have "booby trapped" using smart home devices, the official said. The robot, called "NEO," is a modified version of the "Quadruped Unmanned Ground Vehicle (Q-UGV) sold to law enforcement by a company called Ghost Robotics. Benjamine Huffman, the director of DHS's Federal Law Enforcement Training Centers (FLETC), told police at the 2024 Border Security Expo in Texas that DHS is increasingly worried about criminals setting "booby traps" with internet of things and smart home devices, and that NEO allows DHS to remotely disable the home networks of a home or building law enforcement is raiding. The Border Security Expo is open only to law enforcement and defense contractors. A transcript of Huffman's speech was obtained by the Electronic Frontier Foundation's Dave Maass using a Freedom of Information Act request and was shared with 404 Media. [...] The robot is a modified version of Ghost Robotics' Vision 60 Q-UGV, which the company says it has sold to "25+ National Security Customers" and which is marketed to both law enforcement and the military. "Our goal is to make our Q-UGVs an indispensable tool and continuously push the limits to improve its ability to walk, run, crawl, climb, and eventually swim in complex environments," the company notes on its website. "Ultimately, our robot is made to keep our warfighters, workers, and K9s out of harm's way." "NEO can enter a potentially dangerous environment to provide video and audio feedback to the officers before entry and allow them to communicate with those in that environment," Huffman said, according to the transcript. "NEO carries an onboard computer and antenna array that will allow officers the ability to create a 'denial-of-service' (DoS) event to disable 'Internet of Things' devices that could potentially cause harm while entry is made."Read more of this story at Slashdot.

According to Bloomberg, hackers have leaked internal documents stolen from Leidos Holdings, one of the largest IT services providers of the U.S. government. Reuters reports: The company recently became aware of the issue and believes the documents were taken during a previously reported breach of a Diligent Corp. system it used, the report said, adding that Leidos is investigating it. The Virginia-based company, which counts the U.S. Department of Defense as its primary customer, used the Diligent system to host information gathered in internal investigations, the report added, citing a filing from June 2023. A spokesperson for Diligent said the issue seems to be related to an incident from 2022, affecting its subsidiary Steele Compliance Solutions. The company notified impacted customers and had taken corrective action to contain the incident in November 2022.Read more of this story at Slashdot.

During Alphabet's second-quarter earnings call today, Alphabet CFO Ruth Porat announced the organization will spend an additional $5 billion on its self-driving subsidiary, Waymo. "This new round of funding, which is consistent with recent annual investment levels, will enable Waymo to continue to build the world's leading autonomous driving technology company," said Porat. TechCrunch reports: Porat noted that Google will focus on improving overall efficiencies in its "other bets" segment, which includes innovative projects that are distinct from the tech giant's core search and advertising business. Other companies in this segment are Verily, Calico, Google Ventures and drone company Wing. "Waymo is an important example of this, with its technical leadership coupled with progress on operational performance," Porat continued. The executive noted that parent company Alphabet's 10-Q form, which has yet to be filed, will have more details.Read more of this story at Slashdot.

Humble Games, the indie game publisher behind the popular pay-what-you-want "Humble Game Bundle," has laid off its entire staff of 36 people. However, the company says it is not shutting down and Humble Bundle will not be impacted. Instead, the job cuts are part of a restructuring of operations. GameSpot reports: In a statement shared with GameSpot, Humble Games confirmed that Humble Bundle will have "no impact on its operations. Additionally, ongoing and upcoming games from Humble Games will still move ahead and be published by the company. Humble Games is the publisher of many notable indie games, including Stray Gods, Bo: Path of the Teal Lotus, Chinatown Detective Agency, Ikenfell, Unpacking, Slay the Spire, and Midnight Fight Express, just to name a few. Humble Games is the separate publishing arm of digital storefront Humble Bundle. Both companies are owned by IGN Entertainment, but operate as a separate entities. Earlier this year, IGN Entertainment also bought video game websites Eurogamer, Rock Paper Shotgun, VG247, GamesIndustry.biz, and Dicebreaker from Gamer Network.Read more of this story at Slashdot.

An anonymous reader quotes a report from the Center for European Policy Analysis (CEPA): Alexey Soldatov, a Russian Internet pioneer and a founder of the first Internet provider in the country, has been sentenced by a court to two years in a labor colony on charges of "abuse of power." Soldatov, 72, had been detained by a court in Moscow. He is terminally ill. Very few in Russia believe in the government charges against a man widely known as a Father of the Russian Internet -- and who is less well known as the father of Andrei Soldatov, one of this article's authors. Soldatov was accused of abuse of power when managing a pool of IP-addresses by an organization he had no position at. This legal absurdity was enough to see him imprisoned even though the court knew of Soldatov's illness, which meant the court had no legal right to pass a custodial sentence. His family believes that the decision is essentially a death sentence. The article details Soldatov's history and his pivotal role in creating the Relcom network, which connected Soviet research centers and established the Soviet Union's first link to the global internet in 1990. During the 1991 KGB coup attempt, Relcom remained operational, highlighting its role in bypassing traditional media control and connecting people both within the Soviet Union and globally.Read more of this story at Slashdot.

According to the Washington Post (paywalled), the House Homeland Security Committee has called on the CrowdStrike CEO to testify over the major outage that brought flights, hospital procedures, and broadcasters to a halt on Friday. The outage was caused by a defective software update from the company that primarily affected computers runnings Windows, resulting in system crashes and "blue screen of death" errors. From the report: Republican leaders of the House Homeland Security Committee demanded that CrowdStrike CEO George Kurtz commit by Wednesday to appearing on Capitol Hill to explain how the outages occurred and what "mitigation steps" the company is taking to prevent future episodes. [...] Reps. Mark Green (R-Tenn.) and Andrew R. Garbarino (R-N.Y.), chairs of the Homeland Security Committee and its cybersecurity subcommittee, respectively, wrote in their letter that the outages "must serve as a broader warning about the national security risks associated with network dependency. Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again," the lawmakers wrote. CrowdStrike spokesperson Kirsten Speas said in an emailed statement Monday that the company is "actively in contact" with the relevant congressional committees and that "engagement timelines may be disclosed at Members' discretion," but declined to say whether Kurtz will testify. The committee is one of several looking into the incident, with members of the House Oversight Committee and House Energy and Commerce Committee separately requesting briefings from CrowdStrike. But the effort by Homeland Security Committee leaders marks the first time the company is being publicly summoned to testify about its role in the disruptions. CrowdStrike has risen to prominence as a major security provider partly by identifying malicious online campaigns by foreign actors, but the outages have heightened concern in Washington that international adversaries could look to exploit future incidents. "Malicious cyber actors backed by nation-states, such as China and Russia, are watching our response to this incident closely," Green and Garbarino wrote. The outages, which disrupted agencies at the federal and state level, are also raising questions about how much businesses and government officials alike have come to rely on Microsoft products for their daily operations.Read more of this story at Slashdot.

Switzerland has enacted the "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG), mandating open-source software (OSS) in the public sector to enhance transparency, security, and efficiency. "This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it," writes ZDNet's Steven Vaughan-Nichols. "This 'public money, public code' approach aims to enhance government operations' transparency, security, and efficiency." From the report: Making this move wasn't easy. It began in 2011 when the Swiss Federal Supreme Court published its court application, Open Justitia, under an OSS license. The proprietary legal software company Weblaw wasn't happy about this. There were heated political and legal fights for more than a decade. Finally, the EMBAG was passed in 2023. Now, the law not only allows the release of OSS by the Swiss government or its contractors, but also requires the code to be released under an open-source license "unless the rights of third parties or security-related reasons would exclude or restrict this." Professor Dr. Matthias Sturmer, head of the Institute for Public Sector Transformation at the Bern University of Applied Sciences, led the fight for this law. He hailed it as "a great opportunity for government, the IT industry, and society." Sturmer believes everyone will benefit from this regulation, as it reduces vendor lock-in for the public sector, allows companies to expand their digital business solutions, and potentially leads to reduced IT costs and improved services for taxpayers. In addition to mandating OSS, the EMBAG also requires the release of non-personal and non-security-sensitive government data as Open Government Data (OGD). This dual "open by default" approach marks a significant paradigm shift towards greater openness and practical reuse of software and data. Implementing the EMBAG is expected to serve as a model for other countries considering similar measures. It aims to promote digital sovereignty and encourage innovation and collaboration within the public sector. The Swiss Federal Statistical Office (BFS) is leading the law's implementation, but the organizational and financial aspects of the OSS releases still need to be clarified.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: The European Commission announced a formal investigation into Berlin-based food delivery giant Delivery Hero and its Spanish subsidiary, Glovo, on Tuesday, citing cartel concerns. The Commission will launch an in-depth probe into agreements between the online delivery firms to establish whether any anticompetitive activity has taken place. "The Commission is concerned that, before the takeover, Delivery Hero and Glovo may have allocated geographic markets and shared commercially sensitive information (e.g., on commercial strategies, prices, capacity, costs, product characteristics)," the Commission wrote in a press release. "The Commission is also concerned that the companies may have agreed not to poach each other's employees. These practices could have been facilitated by Delivery Hero's minority share in Glovo." The move follows unannounced raids conducted on the two companies' local offices in July 2022 and November 2023. From July 2018, Delivery Hero held a minority share in Glovo -- going on to acquire sole control in July 2022, per the Commission, which noted that this is the first investigation it has undertaken into anti-competitive agreements "that may have occurred in the context of a minority shareholding by one operator in a competitor." [...] Earlier this month, the German delivery giant warned investors it could ultimately face an antitrust fine of up to 400 million euros over the EU antitrust issue.Read more of this story at Slashdot.

For decades, American and Chinese scientists collaborated on supercomputers. But Chinese scientists have become more secretive as the U.S. has tried to hinder China's technological progress, and they have stopped participating altogether in a prominent international supercomputing forum. From a report: The withdrawal marked the end of an era and created a divide that Western scientists say will slow the development of AI and other technologies as countries pursue separate projects. The new secrecy also makes it harder for the U.S. government to answer a question it deems essential to national security: Does the U.S. or China have faster supercomputers? Some academics have taken it upon themselves to hunt for clues about China's supercomputing progress, scrutinizing research papers and cornering Chinese peers at conferences. Supercomputers have become central to the U.S.-China technological Cold War because the country with the faster supercomputers can also hold an advantage in developing nuclear weapons and other military technology. "If the other guy can use a supercomputer to simulate and develop a fighter jet or weapon 20% or even 1% better than yours in terms of range, speed and accuracy, it's going to target you first, and then it's checkmate," said Jimmy Goodrich, a senior adviser for technology analysis at Rand, a think tank. The forum that China recently stopped participating in is called the Top500, which ranks the world's 500 fastest supercomputers. While the latest ranking, released in June, says the world's three fastest computers are in the U.S., the reality is probably different.Read more of this story at Slashdot.

An anonymous reader shares a report: For two days in mid-January, some Ukrainians in the city of Lviv had to live without central heating and suffer freezing temperatures because of a cyberattack against a municipal energy company, security researchers and Ukrainian authorities have since concluded. On Tuesday, the cybersecurity company Dragos published a report with details about a new malware dubbed FrostyGoop, which the company says is designed to target industrial control systems -- in this particular case, specifically against a type of heating system controller. Dragos researchers wrote in their report that they first detected the malware in April. At that point, Dragos did not have more information on FrostyGoop apart from the malware sample, and believed it was only used for testing. Later on, however, Ukrainian authorities warned Dragos that they had found evidence that the malware was actively used in a cyberattack in Lviv during the late evening of January 22 through January 23. "And that resulted in the loss of heating to over 600 apartment buildings for almost 48 hours," said Mark "Magpie" Graham, a researcher at Dragos, during a call with reporters briefed on the report prior to its release. Dragos researchers Graham, Kyle O'Meara, and Carolyn Ahlers wrote in the report that "remediation of the incident took almost two days, during which time the civilian population had to endure sub-zero temperatures." This is the third known outage linked to cyberattacks to hit Ukrainians in recent years.Read more of this story at Slashdot.

Developer and librarian Misty De Meo, writing about her frustrating experience using GitHub: To me, one of GitHub's killer power user features is its blame view. git blame on the commandline is useful but hard to read; it's not the interface I reach for every day. GitHub's web UI is not only convenient, but the ease by which I can click through to older versions of the blame view on a line by line basis is uniquely powerful. It's one of those features that anchors me to a product: I stopped using offline graphical git clients because it was just that much nicer. The other day though, I tried to use the blame view on a large file and ran into an issue I don't remember seeing before: I just couldn't find the line of code I was searching for. I threw various keywords from that line into the browser's command+F search box, and nothing came up. I was stumped until a moment later, while I was idly scrolling the page while doing the search again, and it finally found the line I was looking for. I realized what must have happened. I'd heard rumblings that GitHub's in the middle of shipping a frontend rewrite in React, and I realized this must be it. The problem wasn't that the line I wanted wasn't on the page -- it's that the whole document wasn't being rendered at once, so my browser's builtin search bar just couldn't find it. On a hunch, I tried disabling JavaScript entirely in the browser, and suddenly it started working again. GitHub is able to send a fully server-side rendered version of the page, which actually works like it should, but doesn't do so unless JavaScript is completely unavailable. [...] The corporate branding, the new "AI-powered developer platform" slogan, makes it clear that what I think of as "GitHub" -- the traditional website, what are to me the core features -- simply isn't Microsoft's priority at this point in time. I know many talented people at GitHub who care, but the company's priorities just don't seem to value what I value about the service. This isn't an anti-AI statement so much as a recognition that the tool I still need to use every day is past its prime. Copilot isn't navigating the website for me, replacing my need to the website as it exists today. I've had tools hit this phase of decline and turn it around, but I'm not optimistic. It's still plenty usable now, and probably will be for some years to come, but I'll want to know what other options I have now rather than when things get worse than this.Read more of this story at Slashdot.

The US transportation department said on Tuesday it was opening an investigation into Delta Air Lines after the carrier canceled more than 5,000 flights since Friday as it struggles to recover from a global cyber outage that snarled airlines worldwide. From a report: While other carriers have been able to resume normal operations, Delta has continued to cancel hundreds of flights daily because of problems with its crew scheduling system. Since Friday Delta has been cancelling 30% or more of its flights daily through Monday, axing 444 flights on Tuesday, or 12% of its schedule as of 11.00am and delaying another 590, or 16%, according to FlightAware, after cancelling 1,150 on Monday. The transportation secretary, Pete Buttigieg, said on Tuesday the investigation was to "ensure the airline is following the law and taking care of its passengers during continued widespread disruptions ... Our department will leverage the full extent of our investigative and enforcement power to ensure the rights of Delta's passengers are upheld." Delta said it was in receipt of the USDOT notice of investigation and was fully cooperating. "Delta teams are working tirelessly to care for and make it right for customers impacted by delays and cancellations as we work to restore the reliable, on-time service they have come to expect from Delta," the airline said.Read more of this story at Slashdot.

merbs writes: Video games -- and the people who make them -- are in trouble. An estimated 10,500 people in the industry were laid off in 2023 alone. This year, layoffs in the nearly $200 billion sector have only gotten worse, with studios axing what is believed to be 11,000 more, and counting. Microsoft, home of the Xbox and parent company to several studios, including Activision Blizzard, shuttered Tango Gameworks and Alpha Dog Games in May. All the while, generative AI systems built by OpenAI and its competitors have been seeping into nearly every industry, dismantling whole careers along the way. But gaming might be the biggest industry AI stands poised to conquer. Its economic might has long since eclipsed Hollywood's, while its workforce remains mostly nonunion. A recent survey from the organizers of the Game Developers Conference found that 49 percent of the survey's more than 3,000 respondents said their workplace used AI, and four out of five said they had ethical concerns about its use. "It's here. It's definitely here, right now," says Violet, a game developer, technical artist, and a veteran of the industry who has worked on AAA games for over a decade. "I think everyone's seen it get used, and it's a matter of how and to what degree. The genie is out of the bottle, Pandora's box is opened." The story adds: "At Activision, it was the same. 'A lot of 2D artists were laid off,' Noah says. The department was slashed. 'Remaining concept artists,' he claims, 'were then forced to use AI to aid in their work.' Employees, according to Noah, have been made to sign up for AI trainings, and its use is being promoted throughout the org."Read more of this story at Slashdot.

smooth wombat writes: The FTC has sent mandatory notices for information to eight companies it says engages in "surveillance pricing", the process by which prices are rapidly changed using AI based on data about customer behavior and characteristics. This process, the FTC claims, allows companies to charge different customers different prices for the same product. The list includes Mastercard, JPMorgan Chase, Accenture and consulting giant McKinsey. It also includes software firm Task, which counts McDonald's and Starbucks as clients; Revionics, which works with Home Depot, Tractor Supply and grocery chain Hannaford; Bloomreach, which services FreshDirect, Total Wine and Puma; and Pros, which was named Microsoft's internet service vendor of the year this year. "Firms that harvest Americans' personal data can put people's privacy at risk," FTC Chair Lina Khan said in a news release. "Now firms could be exploiting this vast trove of personal information to charge people higher prices."Read more of this story at Slashdot.

Meta has warned that the EU's approach to regulating AI is creating the "risk" that the continent is cut off from accessing cutting-edge services, while the bloc continues its effort to rein in the power of Big Tech. From a report: Rob Sherman, the social media group's deputy privacy officer and vice-president of policy, confirmed a report that it had received a request from the EU's privacy watchdog to voluntarily pause the training of its future AI models on data in the region. He told the Financial Times this was in order to give local regulators time to "get their arms around the issue of generative AI." While the Facebook owner is adhering to the request, Sherman said such moves were leading to a "gap in the technologies that are available in Europe versus" the rest of the world. He added that, with future and more advanced AI releases, "it's likely that availability in Europe could be impacted." Sherman said: "If jurisdictions can't regulate in a way that enables us to have clarity on what's expected, then it's going to be harder for us to offer the most advanced technologies in those places ... it is a realistic outcome that we're worried about."Read more of this story at Slashdot.

Apple is advancing its plans for a foldable iPhone, with potential release as early as 2026, The Information reported Tuesday. The iPhone-maker has begun engaging with Asian suppliers for component production, the report added. The proposed device is said to feature a clamshell design, reminiscent of Samsung's Galaxy Z Flip series. The company faces considerable technical hurdles, including display crease issues and achieving optimal device thickness. Despite these challenges, the assignment of an internal codename, V68, suggests the project has progressed beyond the conceptual stage, the report added.Read more of this story at Slashdot.

Meta has released Llama 3.1, its largest open-source AI model to date, in a move that challenges the closed approaches of competitors like OpenAI and Google. The new model, boasting 405 billion parameters, is claimed by Meta to outperform GPT-4o and Claude 3.5 Sonnet on several benchmarks, with CEO Mark Zuckerberg predicting that Meta AI will become the most widely used assistant by year-end. Llama 3.1, which Meta says was trained using over 16,000 Nvidia H100 GPUs, is being made available to developers through partnerships with major tech companies including Microsoft, Amazon, and Google, potentially reducing deployment costs compared to proprietary alternatives. The release includes smaller versions with 70 billion and 8 billion parameters, and Meta is introducing new safety tools to help developers moderate the model's output. While Meta isn't disclosing what all data it used to train its models, the company confirmed it used synthetic data to enhance the model's capabilities. The company is also expanding its Meta AI assistant, powered by Llama 3.1, to support additional languages and integrate with its various platforms, including WhatsApp, Instagram, and Facebook, as well as its Quest virtual reality headset.Read more of this story at Slashdot.

Intel has finally figured out why its 13th and 14th generation core desktop CPUs are repeatedly crashing. From a report: In a forum post on Monday, Intel said it traced the problem to faulty software code, which can trigger the CPUs to run at higher voltage levels.A Intel examined a number of 13th and 14th gen desktop processors that buyers had returned. "Our analysis of returned processors confirms that the elevated operating voltage is stemming from a microcode algorithm resulting in incorrect voltage requests to the processor," it says. But in some bad news, Intel still needs a few more weeks to test its fix for the problem. "Intel is currently targeting mid-August for patch release to partners following full validation," it says. The company also recently confirmed that the issue doesn't extend to its mobile processors.Read more of this story at Slashdot.

Amazon's strategy to set prices low for Echo speakers and other smart devices, expecting them to generate income elsewhere in the tech giant, hasn't paid off [paywalled]. From a report: Amazon's Echo speakers are the type of business success companies don't want: a widely purchased product that is also a giant money loser. Chief Executive Andy Jassy is trying to plug that hole -- and move away from the Amazon accounting tactic that helped create it. When Amazon launched the Echo smart home devices with its Alexa voice assistant in 2014, it pulled a page from shaving giant Gillette's classic playbook: sell the razors for a pittance in the hope of making heaps of money on purchases of the refill blades. A decade later, the payoff for Echo hasn't arrived. While hundreds of millions of customers have Alexa-enabled devices, the idea that people would spend meaningful amounts of money to buy goods on Amazon by talking to the iconic voice assistant on the underpriced speakers didn't take off. Customers actually used Echo mostly for free apps such as setting alarms and checking the weather. "We worried we've hired 10,000 people and we've built a smart timer," said a former senior employee. As a result, Amazon has lost tens of billions of dollars on its devices business, which includes Echos and other products such as Kindles, Fire TV Sticks and video doorbells, according to internal documents and people familiar with the business. Between 2017 and 2021, Amazon had more than $25 billion in losses from its devices business, according to the documents. The losses for the years before and after that period couldn't be determined.Read more of this story at Slashdot.

AT&T's February wireless outage disrupted over 92 million voice calls and hindered more than 25,000 attempts to reach emergency services, an FCC report said. The 12-hour nationwide incident affected approximately 125 million devices, including those of other providers using AT&T's network. Stemming from an equipment configuration error during a network change, the outage also impacted first responders' communications.Read more of this story at Slashdot.

An anonymous reader quotes a report from SFGate: A group of tech billionaires and millionaires has pulled its ballot measure that aimed to build a utopian city in Solano County. Instead, the group will go back to the drawing board the old-fashioned way by submitting an application to the county. The surprise announcement was made Monday by California Forever, a group of investors planning a city of 400,000 people in an agricultural part of the Bay Area near Rio Vista. It recently received the requisite number of signatures to put its East Solano Plan on the November ballot; that measure, if passed, would have removed some zoning restrictions that prevent this type of development in the area. California Forever will instead "submit an application for a General Plan & Zoning Amendment and proceed with the normal County process which includes preparation of a full Environmental Impact Report and the negotiation and execution of Development Agreement," Solano County Board of Supervisors Chair Mitch Mashburn said in a statement Monday. The news was celebrated by many in Solano County, where skepticism about the project ran deep. The group's secretive purchases of huge tracts of land first brought about national security fears, even from local politicians, who had no idea who was behind the project. When the plan to build a futuristic city was announced, California Forever faced widespread pushback, ranging from concerns about billionaire backers like Reid Hoffman and Laurene Powell Jobs to questions about the impacts on traffic, water usage and proximity to Travis Air Force Base. California Forever CEO Jan Sramek said in a statement: "We believe that with this process, we can build a shared vision that passes with a decisive majority and creates broad consensus for the future. We're excited about working with the Board of Supervisors, its land use subcommittee, and county staff to make this happen."Read more of this story at Slashdot.

Simon Sharwood reports via The Register: Chinese researchers have created a drone that weighs just over four grams -- less than a sheet of printer paper -- and may be able to fly indefinitely. Documented in a paper published last week in Nature, the drone uses an electrostatic motor that weighs just 1.52 grams and is powered by solar cells that produce 4.5V. The paper asserts that the drone's design has a lift-to-power efficiency two to three times better than that found in traditional drones. The authors suggested that if rechargeable batteries can be added, the craft could be capable of 24-hour flying operations.Read more of this story at Slashdot.

Rosemary Fowler, a pioneering physicist who discovered the kaon particle during her doctoral research in 1948, has been awarded an honorary doctorate from the University of Bristol -- 75 years after she left her PhD to raise a family. The Guardian reports: Rosemary Fowler, 98, discovered the kaon particle during her doctoral research under Cecil Powell at the University of Bristol in 1948, which contributed to his Nobel prize for physics in 1950. Fowler's discovery helped lead to a revolution in the theory of particle physics, and it continues to be proven correct -- predicting particles such as the Higgs boson, discovered at Cern in Geneva, Switzerland. But she left university without completing her PhD to marry fellow physicist Peter Fowler in 1949, a decision she later described as pragmatic after she went on to have three children in a time of postwar food rationing. At 22, Fowler spotted something when viewing unusual particle tracks -- a particle that decayed into three pions, a type of subatomic particle. She said: "I knew at once that it was new and would be very important. We were seeing things that hadn't been seen before -- that's what research in particle physics was. It was very exciting." The track, later labelled K, was evidence of an unknown particle, now known as the kaon or K meson. The K track was the mirror image of a particle seen before by colleagues in Manchester, but their track decayed into two pions, not three. Trying to understand how these images were the same, yet behaved differently, helped lead to a revolution in the theory of particle physics. The year after the discovery, Fowler left university having published her discovery in three academic papers.Read more of this story at Slashdot.

An anonymous reader quotes a report from MIT Technology Review: Researchers from Google have built a new weather prediction model that combines machine learning with more conventional techniques, potentially yielding accurate forecasts at a fraction of the current cost. The model, called NeuralGCM and described in a paper in Nature today, bridges a divide that's grown among weather prediction experts in the last several years. While new machine-learning techniques that predict weather by learning from years of past data are extremely fast and efficient, they can struggle with long-term predictions. General circulation models, on the other hand, which have dominated weather prediction for the last 50 years, use complex equations to model changes in the atmosphere and give accurate projections, but they are exceedingly slow and expensive to run. Experts are divided on which tool will be most reliable going forward. But the new model from Google instead attempts to combine the two. "It's not sort of physics versus AI. It's really physics and AI together," says Stephan Hoyer, an AI researcher at Google Research and a coauthor of the paper. The system still uses a conventional model to work out some of the large atmospheric changes required to make a prediction. It then incorporates AI, which tends to do well where those larger models fall flat -- typically for predictions on scales smaller than about 25 kilometers, like those dealing with cloud formations or regional microclimates (San Francisco's fog, for example). "That's where we inject AI very selectively to correct the errors that accumulate on small scales," Hoyer says. The result, the researchers say, is a model that can produce quality predictions faster with less computational power. They say NeuralGCM is as accurate as one-to-15-day forecasts from the European Centre for Medium-Range Weather Forecasts (ECMWF), which is a partner organization in the research. But the real promise of technology like this is not in better weather predictions for your local area, says Aaron Hill, an assistant professor at the School of Meteorology at the University of Oklahoma, who was not involved in this research. Instead, it's in larger-scale climate events that are prohibitively expensive to model with conventional techniques. The possibilities could range from predicting tropical cyclones with more notice to modeling more complex climate changes that are years away. "It's so computationally intensive to simulate the globe over and over again or for long periods of time," Hill says. That means the best climate models are hamstrung by the high costs of computing power, which presents a real bottleneck to research." The researchers said NeuralGCM will be open source and capable of running on less than 5,500 lines of code, compared with the nearly 377,000 lines required for the model from the National Oceanic and Atmospheric Administration (NOAA).Read more of this story at Slashdot.

Wiz, the cloud security startup that was in acquisition talks with Google, has decided not to forward with the deal and to remain an independent company, according to an internal note sent to company employees on Monday. Fortune: "While we are flattered by offers we have received, we have chosen to continue on our path to building Wiz," CEO Assaf Rappaport wrote in the note. Rappaport said in the email that the company's next target is to reach $1 billion in annual recurring revenue and to take the company public.Read more of this story at Slashdot.

The Japan Newspaper Publishers and Editors Association claims that AI-powered search engines by U.S. tech giants like Google and Microsoft likely infringe on copyright by using news articles without permission. Therefore, they're urging the Japanese government to quickly review and revise intellectual property laws to address these issues. Kyodo News reports (translated in English): The association argued in the statement that while traditional search engines direct users to various copyrighted material available online, AI search engines disclose the content, making them a completely different type of service. While stressing that in many instances, the essential content of the referenced article is reprinted in its entirety and therefore constitutes copyright infringement, the association also highlighted the issue of "zero-click searches," where users do not visit the source site. It warned that the lack of traffic could lead to the diminution of news organizations' reporting activities, which would then have a negative impact on democracy and culture. The statement also expressed concern over potential inaccuracies in responses generated by AI search engines, which could give the impression that the source articles themselves were erroneous and damage the credibility of news organizations. The association added that providing AI search engine services without obtaining permission to use the source articles could violate the antimonopoly law. "There are many reasons AI companies are attracted to Japan, including the need for its companies to rapidly develop their digital capabilities and the country's declining population, which is very open to AI," said Yutaka Matsuo, a professor at Tokyo University and chair of the government's AI council, in a statement to the Financial Times. "One other attraction is that AI companies are permitted to learn from information without infringing copyright laws," he added. The Financial Times says the push to bring AI companies to Japan has raised alarm for some content creators who worry their work isn't being protected. "As it relates to generative AI, Japan's existing Copyright Act does not contribute to protecting creators. In fact, it is focused on restricting the rights of creators," the Japanese Society for Rights of Authors, Composers and Publishers said in a statement.Read more of this story at Slashdot.

Azure used to be a cloud platform dedicated to Windows. Now, it's the most widely used operating system on Microsoft Azure. The New Stack's Joab Jackson writes: These days, Microsoft expends considerable effort that Linux runs as smoothly as possible on Azure, according to a talk given earlier this year at the Linux Foundation Open Source Summit given by two Microsoft Azure Linux Platforms Group program managers, Jack Aboutboul, and Krum Kashan. "Linux is the #1 operating system in Azure today," Aboutoul said. And all must be supported in a way that Microsoft users have come to expects. Hence, the need for the Microsoft's Linux Platforms Group, which provides support Linux to both the internal customers and to Azure customers. These days, the duo of engineers explained, Microsoft knows about as much as anyone about how to operate Linux at hyperscale. [...] As of today, there are hundreds of Azure and Azure-based services running on Linux, including the Azure Kubernetes Service (AKS), OpenAI, HDInsight, and many of the other database services. "A lot of the infrastructure powering everything else is running on Linux," Aboutoul said. "They're different flavors of Linux running all over the place," Aboutoul said. To run these services, Microsoft maintains its own kernel, Azure Linux, and in 2023 the company released its own version of Linux, Azure Linux. But Azure Linux is just a small portion of all the other flavors of Linux running on Azure, all of which Microsoft must work with to support. Overall, there are about 20,000 third-party Software as a Service (SaaS) packages in the Azure marketplace that rely on some Linux distribution. And when things go wrong, it is the Azure service engineers who get the help tickets. The company keeps a set of endorsed Linux distributions, which include Red Hat Enterprise Linux, Debian, Flatcar, Suse, Canonical, and Oracle Linux and CentOS (as managed by OpenLogic, not Red Hat). [...] Overall, the company gets about 1,000 images a month from these endorsed partners alone. Many of the distributions have multiple images (Suse has a regular one, and another one for high-performance computing, for instance).Read more of this story at Slashdot.

"Anyone who is into gaming knows your graphics card is under strain trying to display modern graphics," writes longtime Slashdot reader smooth wombat. "This results in increased power usage, which is then turned into heat. Keeping your card cool is a must to get the best performance possible." "However, hardware tester Igor's Lab found that vendors for Nvidia RTX 40-series cards are using cheap, poorly applied thermal paste, which is leading to high temperatures and consequently, performance degradation over time. This penny-pinching has been confirmed by Nick Evanson at PC Gamer." From the report: I have four RTX 40-series cards in my office (RTX 4080 Super, 4070 Ti, and two 4070s) and all of them have quite high hotspots -- the highest temperature recorded by an individual thermal sensor in the die. In the case of the 4080 Super, it's around 11 C higher than the average temperature of the chip. I took it apart to apply some decent quality thermal paste and discovered a similar situation to that found by Igor's Lab. In the space of a few months, the factory-applied paste had separated and spread out, leaving just an oily film behind, and a few patches of the thermal compound itself. I checked the other cards and found that they were all in a similar state. Igor's Lab examined the thermal paste used on a brand-new RTX 4080 and found it to be quite thin in nature, due to large quantities of cheap silicone oil being used, along with zinc oxide filler. There was lots of ground aluminium oxide (the material that provides the actual thermal transfer) but it was quite coarse, leading to the paste separating quite easily. Removing the factory-installed paste from another RTX 4080 graphics card, Igor's Lab applied a more appropriate amount of a high-quality paste and discovered that it lowered the hotspot temperature by nearly 30 C.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: The European Commission (EC) has finally taken action to block Meta's heavily criticized plan to charge a subscription fee to users who value privacy on its platforms. Surprisingly, this step wasn't taken under laws like the Digital Services Act (DSA), the Digital Markets Act (DMA), or the General Data Protection Regulation (GDPR). Instead, the EC announced Monday that Meta risked sanctions under EU consumer laws if it could not resolve key concerns about Meta's so-called "pay or consent" model. Meta's model is seemingly problematic, the commission said, because Meta "requested consumers overnight to either subscribe to use Facebook and Instagram against a fee or to consent to Meta's use of their personal data to be shown personalized ads, allowing Meta to make revenue out of it." Because users were given such short notice, they may have been "exposed to undue pressure to choose rapidly between the two models, fearing that they would instantly lose access to their accounts and their network of contacts," the EC said. To protect consumers, the EC joined national consumer protection authorities, sending a letter to Meta requiring the tech giant to propose solutions to resolve the commission's biggest concerns by September 1. That Meta's "pay or consent" model may be "misleading" is a top concern because it uses the term "free" for ad-based plans, even though Meta "can make revenue from using their personal data to show them personalized ads." It seems that while Meta does not consider giving away personal information to be a cost to users, the EC's commissioner for justice, Didier Reynders, apparently does. "Consumers must not be lured into believing that they would either pay and not be shown any ads anymore, or receive a service for free, when, instead, they would agree that the company used their personal data to make revenue with ads," Reynders said. "EU consumer protection law is clear in this respect. Traders must inform consumers upfront and in a fully transparent manner on how they use their personal data. This is a fundamental right that we will protect." Additionally, the EC is concerned that Meta users might be confused about how "to navigate through different screens in the Facebook/Instagram app or web-version and to click on hyperlinks directing them to different parts of the Terms of Service or Privacy Policy to find out how their preferences, personal data, and user-generated data will be used by Meta to show them personalized ads." They may also find Meta's "imprecise terms and language" confusing, such as Meta referring to "your info" instead of clearly referring to consumers' "personal data." A Meta spokesperson said in a statement: "Subscriptions as an alternative to advertising are a well-established business model across many industries. Subscription for no ads follows the direction of the highest court in Europe and we are confident it complies with European regulation."Read more of this story at Slashdot.

Researchers have identified a zero-day exploit for the Telegram messaging app on Android devices that could have allowed attackers to send malicious payloads disguised as legitimate files. From a report: The exploit was built to abuse a vulnerability that Slovakia-based firm ESET dubbed EvilVideo. Telegram fixed the bug earlier this month in versions 10.14.5 and above after researchers reported it. Threat actors had about five weeks to exploit the zero-day before it was patched, but it's not clear if it was used in the wild, ESET said. ESET discovered the exploit on an underground forum in early June. It was sold for an unspecified price by a user with the username "Ancryno." In its post, the seller showed screenshots and a video of testing the exploit in a public Telegram channel. In unpatched versions of Telegram for Android, attackers could use the exploit to send malicious payloads via Telegram channels, groups and chats, making them appear as multimedia files. The exploit takes advantage of Telegram's default setting to automatically download media files. The option can be disabled manually, but in that case, the payload could still be installed on the device if a user tapped the download button in the top left corner of the shared file. If the user tried to play the "video," Telegram displayed a message that it was unable to play it and suggested using an external player. The hackers disguised a malicious app as this external player.Read more of this story at Slashdot.

In an interview with The Verge's Nilay Patel, Rivian founder and CEO RJ Scaringe said the automaker has no plans to adopt Apple CarPlay in its vehicles. "We have a great relationship with Apple," he said. "As much as I love their products, there's a reason that ironically is very consistent with Apple ethos for us to want to control the ecosystem." CarPlay isn't "consistent with how we think about really creating a pure product experience," Scaringe said. From the report: One example given by Scaringe includes CarPlay's inability to "leverage other parts of the vehicle experience," which would require Rivian customers to leave the app in order to do things like open the vehicle's front trunk. "We've taken the view of the digital experience in the vehicle wants to feel consistent and holistically harmonious across every touchpoint," said Scaringe. Instead, the Rivian CEO says the company will eventually add CarPlay's most desirable features "but on an a la carte basis." Scaringe says that excluding CarPlay will allow the company to be more selective about features like routing and mapping charging points, noting that Rivian had acquired route planning app maker Iternio last year to facilitate that. "We recognize that it'll take us time to fully capture every feature that's in CarPlay, and hopefully, customers are seeing that. I think it often gets more noise than it deserves," Scaringe said in the interview. "The other thing beyond mapping that's coming is better integration with texting. We know that needs to come, and it's something that teams are actively working on."Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Boeing-owned Wisk Aero expects its pilotless air-taxi to begin carrying passengers "later in the decade" as it works with the U.S. regulator to secure approvals, its CEO said on Monday, amid skepticism among industry analysts about certification timelines. Wisk is one of several electric vertical take-off and landing (eVTOL) aircraft makers that have emerged over the last few years with a promise to provide an environmentally-friendly mode of transport in congested cities. But the industry faces technological hurdles such as making batteries powerful enough for companies to make more trips on a single charge. They also need to convince regulators and the public that the aircraft are safe, a barrier that is higher when the aircraft is autonomous.Wisk is developing a four-seater autonomous aircraft that will have a range of 90 miles (145 km). "We are right now testing and producing the elements of this aircraft that we will hope to fly around the end of this year," CEO Brian Yutko told reporters at the Farnborough Airshow. Wisk's strategy is a departure from other major air-taxi makers, which are developing models that will require a pilot to fly the aircraft. The company has said operators of its aircraft will save on pilot costs. But industry experts at Bain say a full autonomous passenger flight is not expected before the late 2030s and pilotless aircraft will face competition from autonomous vehicles on the road. "Maximizing passenger occupancy and avoiding return trips with empty aircraft will be crucial for operator profitability," said Mattia Celli, one of the authors of the Bain report.Read more of this story at Slashdot.

In a blog post today, Google said it has an "updated approach" that won't involve "deprecating third-party cookies" in Chrome. Instead, it's introducing "a new experience in Chrome that lets people make an informed choice that applies across their web browsing," which they'd be able to adjust at any time. Digiday reports: Google executives are already discussing this pivot with regulators including the U.K.'s Competition and Markets Authority (CMA) and Information Commissioner's Office (ICO) and plan to do the same with the industry soon. For now, details on what this actually means remain light. And as for a timeline, Google seems to have learned its lesson from the numerous delays to its cookie-killing plans -- there isn't one. "As this moves forward, it remains important for developers to have privacy-preserving alternatives," Anthony Chavez, vp of the Privacy Sandbox, said in the blog post. "We'll continue to make the Privacy Sandbox APIs available and invest in them to further improve privacy and utility." For those who have poured time and effort into third-party cookie alternatives, fear not: Google will keep the APIs in the Sandbox. Your work isn't going to waste. In fact, the plan is to continue to invest in them, continued Chavez, to further improve "privacy and utility." Plus, additional privacy controls, like the recently announced IP Protection (i.e. IP masking for privacy protection) in Chrome's Incognito mode, will be added to the Sandbox. "We developed the Privacy Sandbox with the goal of finding innovative solutions that meaningfully improve online privacy while preserving an ad-supported internet that supports a vibrant ecosystem of publishers, connects businesses with customers, and offers all of us free access to a wide range of content," Chavez wrote in the blog post. Or, to put it another way, the Sandbox isn't going anywhere anytime soon.Read more of this story at Slashdot.