Slashdot

Slashdot reader zlives shared this report from BleepingComputer:Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit. The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device. While exploiting these flaws would likely need local access to devices, previous bootkit attacks like BlackLotus achieved this through malware infections. Miccrosoft titled its blog post "Analyzing open-source bootloaders: Finding vulnerabilities faster with AI." (And they do note that Micxrosoft disclosed the discovered vulnerabilities to the GRUB2, U-boot, and Barebox maintainers and "worked with the GRUB2 maintainers to contribute fixes... GRUB2 maintainers released security updates on February 18, 2025, and both the U-boot and Barebox maintainers released updates on February 19, 2025.") They add that performing their initial research, using Security Copilot "saved our team approximately a week's worth of time," Microsoft writes, "that would have otherwise been spent manually reviewing the content."Through a series of prompts, we identified and refined security issues, ultimately uncovering an exploitable integer overflow vulnerability. Copilot also assisted in finding similar patterns in other files, ensuring comprehensive coverage and validation of our findings... As AI continues to emerge as a key tool in the cybersecurity community, Microsoft emphasizes the importance of vendors and researchers maintaining their focus on information sharing. This approach ensures that AI's advantages in rapid vulnerability discovery, remediation, and accelerated security operations can effectively counter malicious actors' attempts to use AI to scale common attack tactics, techniques, and procedures (TTPs). This week Google also announced Sec-Gemini v1, "a new experimental AI model focused on advancing cybersecurity AI frontiers."Read more of this story at Slashdot.

The advent of LLMs and machine learning-based applications "opened the door to a new wave of security threats," argues Google's security blog. (Including model and data poisoning, prompt injection, prompt leaking and prompt evasion.) So as part of the Linux Foundation's nonprofit Open Source Security Foundation, and in partnership with NVIDIA and HiddenLayer, Google's Open Source Security Team on Friday announced the first stable model-signing library (hosted at PyPI.org), with digital signatures letting users verify that the model used by their application "is exactly the model that was created by the developers," according to a post on Google's security blog. [S]ince models are an uninspectable collection of weights (sometimes also with arbitrary code), an attacker can tamper with them and achieve significant impact to those using the models. Users, developers, and practitioners need to examine an important question during their risk assessment process: "can I trust this model?" Since its launch, Google's Secure AI Framework (SAIF) has created guidance and technical solutions for creating AI applications that users can trust. A first step in achieving trust in the model is to permit users to verify its integrity and provenance, to prevent tampering across all processes from training to usage, via cryptographic signing... [T]he signature would have to be verified when the model gets uploaded to a model hub, when the model gets selected to be deployed into an application (embedded or via remote APIs) and when the model is used as an intermediary during another training run. Assuming the training infrastructure is trustworthy and not compromised, this approach guarantees that each model user can trust the model... The average developer, however, would not want to manage keys and rotate them on compromise. These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy. By binding an OpenID Connect token to a workload or developer identity, Sigstore alleviates the need to manage or rotate long-lived secrets. Furthermore, signing is made transparent so signatures over malicious artifacts could be audited in a public transparency log, by anyone. This ensures that split-view attacks are not possible, so any user would get the exact same model. These features are why we recommend Sigstore's signing mechanism as the default approach for signing ML models. Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods. This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional software components), and handles signing models represented as a directory tree. The package provides CLI utilities so that users can sign and verify model signatures for individual models. The package can also be used as a library which we plan to incorporate directly into model hub upload flows as well as into ML frameworks. "We can view model signing as establishing the foundation of trust in the ML ecosystem..." the post concludes (adding "We envision extending this approach to also include datasets and other ML-related artifacts.")Then, we plan to build on top of signatures, towards fully tamper-proof metadata records, that can be read by both humans and machines. This has the potential to automate a significant fraction of the work needed to perform incident response in case of a compromise in the ML world... To shape the future of building tamper-proof ML, join the Coalition for Secure AI, where we are planning to work on building the entire trust ecosystem together with the open source community. In collaboration with multiple industry partners, we are starting up a special interest group under CoSAI for defining the future of ML signing and including tamper-proof ML metadata, such as model cards and evaluation results.Read more of this story at Slashdot.

Back in 2023 Python's infrastructure director called it "the first step in our plan to build financial support and long-term sustainability of PyPI" while giving users "one of our most requested features: organization accounts." (That is, "self-managed teams with their own exclusive branded web addresses" to make their massive Python Package Index repository "easier to use for large community projects, organizations, or companies who manage multiple sub-teams and multiple packages.") Nearly two years later, they've announced that they're "making progress" on its rollout...Over the last month, we have taken some more baby steps to onboard new Organizations, welcoming 61 new Community Organizations and our first 18 Company Organizations. We're still working to improve the review and approval process and hope to improve our processing speed over time. To date, we have 3,562 Community and 6,424 Company Organization requests to process in our backlog. They've also onboarded a PyPI Support Specialist to provide "critical bandwidth to review the backlog of requests" and "free up staff engineering time to develop features to assist in that review." (And "we were finally able to finalize our Terms of Service document for PyPI," build the tooling necessary to notify users, and initiate the Terms of Service rollout. [Since launching 20 years ago PyPi's terms of service have only been updated twice.] In other news the security developer-in-residence at the Python Software Foundation has been continuing work on a Software Bill-of-Materials (SBOM) as described in Python Enhancement Proposal #770. The feature "would designate a specific directory inside of Python package metadata (".dist-info/sboms") as a directory where build backends and other tools can store SBOM documents that describe components within the package beyond the top-level component."The goal of this project is to make bundled dependencies measurable by software analysis tools like vulnerability scanning, license compliance, and static analysis tools. Bundled dependencies are common for scientific computing and AI packages, but also generally in packages that use multiple programming languages like C, C++, Rust, and JavaScript. The PEP has been moved to Provisional Status, meaning the PEP sponsor is doing a final review before tools can begin implementing the PEP ahead of its final acceptance into changing Python packaging standards. Seth has begun implementing code that tools can use when adopting the PEP, such as a project which abstracts different Linux system package managers functionality to reverse a file path into the providing package metadata. Security developer-in-residence Seth Larson will be speaking about this project at PyCon US 2025 in Pittsburgh, PA in a talk titled "Phantom Dependencies: is your requirements.txt haunted?" Meanwhile InfoWorld reports that newly approved Python Enhancement Proposal 751 will also give Python a standard lock file format.Read more of this story at Slashdot.

Wikipedia remembers Dave Taht as "an American network engineer, musician, lecturer, asteroid exploration advocate, and Internet activist. He was the chief executive officer of TekLibre." But on X.com Eric S. Raymond called him "one of the unsung heroes of the Internet, and a close friend of mine who I will miss very badly."Dave, known on X as @mtaht because his birth name was Michael, was a true hacker of the old school who touched the lives of everybody using X. His work on mitigating bufferbloat improved practical TCP/IP performance tremendously, especially around video streaming and other applications requiring low latency. Without him, Netflix and similar services might still be plagued by glitches and stutters. Also on X, legendary game developer John Carmack remembered that Taht "did a great service for online gamers with his long campaign against bufferbloat in routers and access points. There is a very good chance your packets flow through some code he wrote." (Carmack also says he and Taht "corresponded for years".) Long-time Slashdot reader TheBracket remembers him as "the driving force behind ">the Bufferbloat project and a contributor to FQ-CoDel, and CAKE in the Linux kernel." Dave spent years doing battle with Internet latency and bufferbloat, contributing to countless projects. In recent years, he's been working with Robert, Frank and myself at LibreQoS to provide CAKE at the ISP level, helping Starlink with their latency and bufferbloat, and assisting the OpenWrt project. Eric Raymond remembered first meeting Taht in 2001 "near the peak of my Mr. Famous Guy years. Once, sometimes twice a year he'd come visit, carrying his guitar, and crash out in my basement for a week or so hacking on stuff. A lot of the central work on bufferbloat got done while I was figuratively looking over his shoulder..." Raymond said Taht "lived for the work he did" and "bore deteriorating health stoically. While I know him he went blind in one eye and was diagnosed with multiple sclerosis."He barely let it slow him down. Despite constantly griping in later years about being burned out on programming, he kept not only doing excellent work but bringing good work out of others, assembling teams of amazing collaborators to tackle problems lesser men would have considered intractable... Dave should have been famous, and he should have been rich. If he had a cent for every dollar of value he generated in the world he probably could have bought the entire country of Nicaragua and had enough left over to finance a space program. He joked about wanting to do the latter, and I don't think he was actually joking... In the invisible college of people who made the Internet run, he was among the best of us. He said I inspired him, but I often thought he was a better and more selfless man than me. Ave atque vale, Dave. Weeks before his death Taht was still active on X.com, retweeting LWN's article about "The AI scraperbot scourge", an announcement from Texas Instruments, and even a Slashdot headline. Taht was also Slashdot reader #603,670, submitting stories about network latency, leaving comments about AI, and making announcements about the Bufferbloat project.Read more of this story at Slashdot.

Wikipedia remembers Dave Taht as "an American network engineer, musician, lecturer, asteroid exploration advocate, and Internet activist. He was the chief executive officer of TekLibre." But on X.com Eric S. Raymond called him "one of the unsung heroes of the Internet, and a close friend of mine who I will miss very badly."Dave, known on X as @mtaht because his birth name was Michael, was a true hacker of the old school who touched the lives of everybody using X. His work on mitigating bufferbloat improved practical TCP/IP performance tremendously, especially around video streaming and other applications requiring low latency. Without him, Netflix and similar services might still be plagued by glitches and stutters. Also on X, legendary game developer John Carmack remembered that Taht "did a great service for online gamers with his long campaign against bufferbloat in routers and access points. There is a very good chance your packets flow through some code he wrote." (Carmack also says he and Taht "corresponded for years".) Raymond remembered first meeting Taht in 2001 "near the peak of my Mr. Famous Guy years. Once, sometimes twice a year he'd come visit, carrying his guitar, and crash out in my basement for a week or so hacking on stuff. A lot of the central work on bufferbloat got done while I was figuratively looking over his shoulder..." Raymond said Taht "lived for the work he did" and "bore deteriorating health stoically. While I know him he went blind in one eye and was diagnosed with multiple sclerosis."He barely let it slow him down. Despite constantly griping in later years about being burned out on programming, he kept not only doing excellent work but bringing good work out of others, assembling teams of amazing collaborators to tackle problems lesser men would have considered intractable... Dave should have been famous, and he should have been rich. If he had a cent for every dollar of value he generated in the world he probably could have bought the entire country of Nicaragua and had enough left over to finance a space program. He joked about wanting to do the latter, and I don't think he was actually joking... In the invisible college of people who made the Internet run, he was among the best of us. He said I inspired him, but I often thought he was a better and more selfless man than me. Ave atque vale, Dave. Weeks before his death Taht was still active on X.com, retweeting LWN's article about "The AI scraperbot scourge", an announcement from Texas Instruments, and even a Slashdot headline. Taht was also Slashdot reader #603,670, submitting stories about network latency, leaving comments about AI, and making announcements about the Bufferbloat project.Read more of this story at Slashdot.

Is OpenAI's ChatGPT violating copyrights? The New York Times sued OpenAI in December 2023. But Ars Technica summarizes OpenAI's response. The New York Times (or NYT) "should have known that ChatGPT was being trained on its articles... partly because of the newspaper's own reporting..." OpenAI pointed to a single November 2020 article, where the NYT reported that OpenAI was analyzing a trillion words on the Internet. But on Friday, U.S. district judge Sidney Stein disagreed, denying OpenAI's motion to dismiss the NYT's copyright claims partly based on one NYT journalist's reporting. In his opinion, Stein confirmed that it's OpenAI's burden to prove that the NYT knew that ChatGPT would potentially violate its copyrights two years prior to its release in November 2022... And OpenAI's other argument - that it was "common knowledge" that ChatGPT was trained on NYT articles in 2020 based on other reporting - also failed for similar reasons... OpenAI may still be able to prove through discovery that the NYT knew that ChatGPT would have infringing outputs in 2020, Stein said. But at this early stage, dismissal is not appropriate, the judge concluded. The same logic follows in a related case from The Daily News, Stein ruled. Davida Brook, co-lead counsel for the NYT, suggested in a statement to Ars that the NYT counts Friday's ruling as a win. "We appreciate Judge Stein's careful consideration of these issues," Brook said. "As the opinion indicates, all of our copyright claims will continue against Microsoft and OpenAI for their widespread theft of millions of The Times's works, and we look forward to continuing to pursue them." The New York Times is also arguing that OpenAI contributes to ChatGPT users' infringement of its articles, and OpenAI lost its bid to dismiss that claim, too. The NYT argued that by training AI models on NYT works and training ChatGPT to deliver certain outputs, without the NYT's consent, OpenAI should be liable for users who manipulate ChatGPT to regurgitate content in order to skirt the NYT's paywalls... At this stage, Stein said that the NYT has "plausibly" alleged contributory infringement, showing through more than 100 pages of examples of ChatGPT outputs and media reports showing that ChatGPT could regurgitate portions of paywalled news articles that OpenAI "possessed constructive, if not actual, knowledge of end-user infringement." Perhaps more troubling to OpenAI, the judge noted that "The Times even informed defendants 'that their tools infringed its copyrighted works,' supporting the inference that defendants possessed actual knowledge of infringement by end users."Read more of this story at Slashdot.

An anonymous reader shares a report: Yet another busy hurricane season is likely across the Atlantic this year -- but some of the conditions that supercharged storms like Hurricanes Helene and Milton in 2024 have waned, according to a key forecast issued Thursday. A warm -- yet no longer record-hot -- strip of waters across the Atlantic Ocean is forecast to help fuel development of 17 named tropical cyclones during the season that runs from June 1 through Nov. 30, according to Colorado State University researchers. Of those tropical cyclones, nine are forecast to become hurricanes, with four of those expected to reach "major" hurricane strength. That would mean a few more tropical storms and hurricanes than in an average year, yet slightly quieter conditions than those observed across the Atlantic basin last year. This time last year, researchers from CSU were warning of an "extremely active" hurricane season with nearly two dozen named tropical storms. The next month, the National Oceanic and Atmospheric Administration released an aggressive forecast, warning the United States could face one of its worst hurricane seasons in two decades. The forecast out Thursday underscores how warming oceans and cyclical patterns in storm activity have primed the Atlantic basin for what is now a decades-long string of frequent, above-normal -- but not necessarily hyperactive -- seasons, said Philip Klotzbach, a senior research scientist at Colorado State and the forecast's lead author.Read more of this story at Slashdot.

A new study shows bonobos can combine vocal calls in ways that mirror human language, producing phrases with meanings beyond the sum of individual sounds. "Human language is not as unique as we thought," said Dr Melissa Berthet, the first author of the research from the University of Zurich. Another author, Dr Simon Townsend, said: "The cognitive building blocks that facilitate this capacity is at least 7m years old. And I think that is a really cool finding."The Guardian reports: Writing in the journal Science, Berthet and colleagues said that in the human language, words were often combined to produce phrases that either had a meaning that was simply the sum of its parts, or a meaning that was related to, but differed from, those of the constituent words. "'Blond dancer' -- it's a person that is both blond and a dancer, you just have to add the meanings. But a 'bad dancer' is not a person that is bad and a dancer," said Berthet. "So bad is really modifying the meaning of dancer here." It was previously thought animals such as birds and chimpanzees were only able to produce the former type of combination, but scientists have found bonobos can create both. The team recorded 700 vocalizations from 30 adult bonobos in the Democratic Republic of the Congo, checking the context of each against a list of 300 possible situations or descriptions. The results reveal bonobos have seven different types of call, used in 19 different combinations. Of these, 15 require further analysis, but four appear to follow the rules of human sentences. Yelps -- thought to mean "'et's do that" -- followed by grunts -- thought to mean "look at what I am doing," were combined to make "yelp-grunt," which appeared to mean "let's do what I'm doing." The combination, the team said, reflected the sum of its parts and was used by bonobos to encourage others to build their night nests. The other three combinations had a meaning apparently related to, but different from, their constituent calls. For example, the team found a peep -- which roughly means "I would like to ..." -- followed by a whistle -- appeared to mean "let's stay together" -- could be combined to create "peep-whistle." This combination was used to smooth over tense social situations, such as during mating or displays of prowess. The team speculated its meaning was akin to "let's find peace." The team said the findings in bonobos, together with the previous work in chimps, had implications for the evolution of language in humans, given all three species showed the ability to combine words or vocalizations to create phrases.Read more of this story at Slashdot.

SpaceX's Fram2 mission returned safely after becoming the first crewed spaceflight to orbit directly over Earth's poles. From a report: Led by cryptocurrency billionaire Chun Wang, who is the financier of this mission, the Fram2 crew has been free-flying through orbit since Monday. The group splashed down at 9:19 a.m. PT, or 12:19 p.m. ET, off the coast of California -- the first West Coast landing in SpaceX's five-year history of human spaceflight missions. The company livestreamed the splashdown and recovery of the capsule on its website. During the journey, the Fram2 crew members were slated to carry out various research projects, including capturing images of auroras from space and documenting their experiences with motion sickness. [...] This trip is privately funded, and such missions allow for SpaceX's customers to spend their time in space as they see fit. For Fram2, the crew traveled to orbit prepared to carry out 22 research and science experiments, some of which were designed and overseen by SpaceX. Most of the research involves evaluating crew health.Read more of this story at Slashdot.

Indonesian President Prabowo Subianto's ambitious plan to create 1 million hectares of new rice farms in eastern Merauke Regency faces strong criticism from scientists who have warned it will fail due to unsuitable soils and climate. Military "food brigades" are currently guarding bulldozers clearing swampy forests in Indonesian New Guinea for the project, which aims to boost food self-sufficiency for the nation's 281 million people. Soil scientists warn that Merauke's conditions could lead to acidic soils unable to support economically viable rice farming, potentially resulting in abandoned fields vulnerable to wildfires. "Farmers will get no profit at all," said Dwi Andreas, a soil scientist at Bogor Agricultural University who tested 12 rice varieties in similar soils with poor results. The initiative mirrors past failed megaprojects, including a 1990s attempt to convert 1 million hectares of Borneo peatlands to rice paddies and a 2020 onion and potato farming expansion in North Sumatra that saw 90% of fields abandoned. A previous 2010 attempt to expand rice farming in Merauke also failed, destroying forests that Indigenous Papuans relied on and increasing childhood malnutrition, according to anthropologist Laksmi Adriani.Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: In a world filled with "vibe coding," Zach Yadegari, teen founder of Cal AI, stands in ironic, old-fashioned contrast. Ironic because Yadegari and his co-founder, Henry Langmack, are both just 18 years old and still in high school. Yet their story, so far, is a classic. Launched in May, Cal AI has generated over 5 million downloads in eight months, Yadegari says. Better still, he tells TechCrunch that the customer retention rate is over 30% and that the app generated over $2 million in revenue last month. [...] The concept is simple: Take a picture of the food you are about to consume, and let the app log calories and macros for you. It's not a unique idea. For instance, the big dog in calorie counting, MyFitnessPal, has its Meal Scan feature. Then there are apps like SnapCalorie, which was released in 2023 and created by the founder of Google Lens. Cal AI's advantage, perhaps, is that it was built wholly in the age of large image models. It uses models from Anthropic and OpenAI and RAG to improve accuracy and is trained on open source food calorie and image databases from sites like GitHub. "We have found that different models are better with different foods," Yadegari tells TechCrunch. Along the way, the founders coded through technical problems like recognizing ingredients from food packages or in jumbled bowls. The result is an app that the creators say is 90% accurate, which appears to be good enough for many dieters. The report says Yadegari began mastering Python and C# in middle school and went on to build his first business in ninth grade -- a website called Totally Science that gave students access to unblocked games (cleverly named to evade school filters). He sold the company at age 16 to FreezeNova for $100,000. Following the sale, Yadegari immersed himself in the startup scene, watching Y Combinator videos and networking on X, where he met co-founder Blake Anderson, known for creating ChatGPT-powered apps like RizzGPT. Together, they launched Cal AI and moved to a hacker house in San Francisco to develop their prototype.Read more of this story at Slashdot.

Web crawlers collecting training data for AI models are overwhelming Wikipedia's infrastructure, with bot traffic growing exponentially since early 2024, according to the Wikimedia Foundation. According to data released April 1, bandwidth for multimedia content has surged 50% since January, primarily from automated programs scraping Wikimedia Commons' 144 million openly licensed media files. This unprecedented traffic is causing operational challenges for the non-profit. When Jimmy Carter died in December 2024, his Wikipedia page received 2.8 million views in a day, while a 1.5-hour video of his 1980 presidential debate caused network traffic to double, resulting in slow page loads for some users. Analysis shows 65% of the foundation's most resource-intensive traffic comes from bots, despite bots accounting for only 35% of total pageviews. The foundation's Site Reliability team now routinely blocks overwhelming crawler traffic to prevent service disruptions. "Our content is free, our infrastructure is not," the foundation said, announcing plans to establish sustainable boundaries for automated content consumption.Read more of this story at Slashdot.

Software engineer and longtime Slashdot reader, Dmitry Grinberg (dmitrygr), shares a recent project they've been working on: "an interactive-speed Linux on a tiny board you can easily build with only 3 8-pin chips": There was a time when one could order a kit and assemble a computer at home. It would do just about what a contemporary store-bought computer could do. That time is long gone. Modern computers are made of hundreds of huge complex chips with no public datasheets and many hundreds of watts of power supplied to them over complex power delivery topologies. It does not help that modern operating systems require gigabytes of RAM, terabytes of storage, and always-on internet connectivity to properly spy on you. But what if one tried to fit a modern computer into a kit that could be easily assembled at home? What if the kit only had three chips, each with only 8 pins? Can it be done? Yes. The system runs a custom MIPS emulator written in ARMv6 assembly and includes a custom bootloader that supports firmware updates via FAT16-formatted SD cards. Clever pin-sharing hacks allow all components (RAM, SD, serial I/O) to work despite the 6 usable I/O pins. Overclocked to up to 150MHz, the board boots into a full Linux shell in about a minute and performs at ~1.65MHz MIPS-equivalent speed. It's not fast, writes Dmitry, but it's fully functional -- you can edit files, compile code, and even install Debian packages. A kit may be made available if a partner is found.Read more of this story at Slashdot.

Longtime Slashdot reader CyberSlugGump shares a support article from AT&T, writing: On June 17th, AT&T will stop supporting email-to-text messages. That means you won't be able to send a text message to an AT&T customer from an email address. You can still get in touch with AT&T customers using SMS (text), MMS, and standard email services.Read more of this story at Slashdot.

Midjourney's new V7 image model features a revamped architecture with smarter text prompt handling, higher image quality, and default personalization based on user-rated images. While some features like upscaling aren't yet available, it does come with a faster, cheaper Draft Mode. TechCrunch reports: To use it, you'll first have to rate around 200 images to build a Midjourney "personalization" profile, if you haven't already. This profile tunes the model to your individual visual preferences; V7 is Midjourney's first model to have personalization switched on by default. Once you've done that, you'll be able to turn V7 on or off on Midjourney's website and, if you're a member of Midjourney's Discord server, on its Discord chatbot. In the web app, you can quickly select the model from the drop-down menu next to the "Version" label. Midjourney CEO David Holz described V7 as a "totally different architecture" in a post on X. "V7 is ... much smarter with text prompts," Holz continued in an announcement on Discord. "[I]mage prompts look fantastic, image quality is noticeably higher with beautiful textures, and bodies, hands, and objects of all kinds have significantly better coherence on all details." V7 is available in two flavors, Turbo (costlier to run) and Relax, and powers a new tool called Draft Mode that renders images at 10x the speed and half the cost of the standard mode. Draft images are of lower quality than standard-mode images, but they can be enhanced and re-rendered with a click. A number of standard Midjourney features aren't available yet for V7, according to Holz, including image upscaling and retexturing. Those will arrive in the near future, he said, possibly within two months. "This is an entirely new model with unique strengths and probably a few weaknesses" Holz wrote on Discord. "[W]e want to learn from you what it's good and bad at, but definitely keep in mind it may require different styles of prompting. So play around a bit."Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: A technique that hostile nation-states and financially motivated ransomware groups are using to hide their operations poses a threat to critical infrastructure and national security, the National Security Agency has warned. The technique is known as fast flux. It allows decentralized networks operated by threat actors to hide their infrastructure and survive takedown attempts that would otherwise succeed. Fast flux works by cycling through a range of IP addresses and domain names that these botnets use to connect to the Internet. In some cases, IPs and domain names change every day or two; in other cases, they change almost hourly. The constant flux complicates the task of isolating the true origin of the infrastructure. It also provides redundancy. By the time defenders block one address or domain, new ones have already been assigned. "This technique poses a significant threat to national security, enabling malicious cyber actors to consistently evade detection," the NSA, FBI, and their counterparts from Canada, Australia, and New Zealand warned Thursday. "Malicious cyber actors, including cybercriminals and nation-state actors, use fast flux to obfuscate the locations of malicious servers by rapidly changing Domain Name System (DNS) records. Additionally, they can create resilient, highly available command and control (C2) infrastructure, concealing their subsequent malicious operations." There are two variations of fast flux described in the advisory: single flux and double flux. Single flux involves mapping a single domain to a rotating pool of IP addresses using DNS A (IPv4) or AAAA (IPv6) records. This constant cycling makes it difficult for defenders to track or block the associated malicious servers since the addresses change frequently, yet the domain name remains consistent. Double flux takes this a step further by also rotating the DNS name servers themselves. In addition to changing the IP addresses of the domain, it cycles through the name servers using NS (Name Server) and CNAME (Canonical Name) records. This adds an additional layer of obfuscation and resilience, complicating takedown efforts. "A key means for achieving this is the use of Wildcard DNS records," notes Ars. "These records define zones within the Domain Name System, which map domains to IP addresses. The wildcards cause DNS lookups for subdomains that do not exist, specifically by tying MX (mail exchange) records used to designate mail servers. The result is the assignment of an attacker IP to a subdomain such as malicious.example.com, even though it doesn't exist." Both methods typically rely on large botnets of compromised devices acting as proxies, making it challenging for defenders to trace or disrupt the malicious activity.Read more of this story at Slashdot.

Google has introduced Sec-Gemini v1, an experimental AI model built on its Gemini platform and tailored for cybersecurity. BetaNews reports: Sec-Gemini v1 is built on top of Gemini, but it's not just some repackaged chatbot. Actually, it has been tailored with security in mind, pulling in fresh data from sources like Google Threat Intelligence, the OSV vulnerability database, and Mandiant's threat reports. This gives it the ability to help with root cause analysis, threat identification, and vulnerability triage. Google says the model performs better than others on two well-known benchmarks. On CTI-MCQ, which measures how well models understand threat intelligence, it scores at least 11 percent higher than competitors. On CTI-Root Cause Mapping, it edges out rivals by at least 10.5 percent. Benchmarks only tell part of the story, but those numbers suggest it's doing something right. Access is currently limited to select researchers and professionals for early testing. If you meet that criteria, you can request access here.Read more of this story at Slashdot.

For the second time, President Trump has extended the deadline for ByteDance to divest TikTok's U.S. operations by 75 days. The TikTok deal "requires more work to ensure all necessary approvals are signed," said Trump in a post on his Truth Social platform. The extension will "keep TikTok up and running for an additional 75 days." "We hope to continue working in Good Faith with China, who I understand are not very happy about our Reciprocal Tariffs (Necessary for Fair and Balanced Trade between China and the U.S.A.!)," Trump added. CNBC reports: ByteDance has been in discussion with the U.S. government, the company told CNBC, adding that any agreement will be subject to approval under Chinese law. "An agreement has not been executed," a spokesperson for ByteDance said in a statement. "There are key matters to be resolved." Before Trump's decision, ByteDance faced an April 5 deadline to carry out a "qualified divestiture" of TikTok's U.S. business as required by a national security law signed by former President Joe Biden in April 2024. ByteDance's original deadline to sell TikTok was on Jan. 19, but Trump signed an executive order when he took office the next day that gave the company 75 more days to make a deal. Although the law would penalize internet service providers and app store owners like Apple and Google for hosting and providing services to TikTok in the U.S., Trump's executive order instructed the attorney general to not enforce it. "This proves that Tariffs are the most powerful Economic tool, and very important to our National Security!," Trump said in the Truth Social post. "We do not want TikTok to 'go dark.' We look forward to working with TikTok and China to close the Deal. Thank you for your attention to this matter!"Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: It took only seconds for the judges on a New York appeals court to realize that the man addressing them from a video screen -- a person about to present an argument in a lawsuit -- not only had no law degree, but didn't exist at all. The latest bizarre chapter in the awkward arrival of artificial intelligence in the legal world unfolded March 26 under the stained-glass dome of New York State Supreme Court Appellate Division's First Judicial Department, where a panel of judges was set to hear from Jerome Dewald, a plaintiff in an employment dispute. "The appellant has submitted a video for his argument," said Justice Sallie Manzanet-Daniels. "Ok. We will hear that video now." On the video screen appeared a smiling, youthful-looking man with a sculpted hairdo, button-down shirt and sweater. "May it please the court," the man began. "I come here today a humble pro se before a panel of five distinguished justices." "Ok, hold on," Manzanet-Daniels said. "Is that counsel for the case?" "I generated that. That's not a real person," Dewald answered. It was, in fact, an avatar generated by artificial intelligence. The judge was not pleased. "It would have been nice to know that when you made your application. You did not tell me that sir," Manzanet-Daniels said before yelling across the room for the video to be shut off. "I don't appreciate being misled," she said before letting Dewald continue with his argument. Dewald later penned an apology to the court, saying he hadn't intended any harm. He didn't have a lawyer representing him in the lawsuit, so he had to present his legal arguments himself. And he felt the avatar would be able to deliver the presentation without his own usual mumbling, stumbling and tripping over words. In an interview with The Associated Press, Dewald said he applied to the court for permission to play a prerecorded video, then used a product created by a San Francisco tech company to create the avatar. Originally, he tried to generate a digital replica that looked like him, but he was unable to accomplish that before the hearing. "The court was really upset about it," Dewald conceded. "They chewed me up pretty good." [...] As for Dewald's case, it was still pending before the appeals court as of Thursday.Read more of this story at Slashdot.

An anonymous reader shares a report: A Microsoft employee disrupted the company's 50th anniversary event to protest its use of AI. "Shame on you," said Microsoft employee Ibtihal Aboussad, speaking directly to Microsoft AI CEO Mustafa Suleyman. "You are a war profiteer. Stop using AI for genocide. Stop using AI for genocide in our region. You have blood on your hands. All of Microsoft has blood on its hands. How dare you all celebrate when Microsoft is killing children. Shame on you all."Read more of this story at Slashdot.

Hackers targeting Australia's major pension funds in a series of coordinated attacks have stolen savings from some members at the biggest fund, Reuters is reporting, citing a source, and compromised more than 20,000 accounts. From the report: National Cyber Security Coordinator Michelle McGuinness said in a statement she was aware of "cyber criminals" targeting accounts in the country's A$4.2 trillion ($2.63 trillion) retirement savings sector and was organising a response across the government, regulators and industry. The Association of Superannuation Funds of Australia, the industry body, said "a number" of funds were impacted over the weekend. While the full scale of the incident remains unclear, AustralianSuper, Australian Retirement Trust, Rest, Insignia and Hostplus on Friday all confirmed they suffered breaches.Read more of this story at Slashdot.

An anonymous reader shares a report: The gap between Windows 10 and Windows 11 continues to narrow, and Microsoft's flagship operating system is on track to finally surpass its predecessor by summer. The latest figures from Statcounter show the increase in Windows 11's market share accelerating, while Windows 10 declines. Before Champagne corks start popping in Redmond, it is worth noting that Windows 10 still accounts for over half the market -- 54.2 percent -- and Windows 11 now accounts for 42.69 percent. However, if the current trends continue, Windows 10 should finally drop below the 50 percent mark next month and be surpassed by Windows 11 shortly after. The cause is likely due to enterprises pushing the upgrade button rather than having to deal with extended support for Windows 10. Support for most Windows 10 versions ends on October 14, 2025, and Microsoft has shown no signs of deviating from its plan to retire the veteran operating system.[...] Whether users actually want the operating system is another matter. Windows 11 offers few compelling features that justify an upgrade and no killer application. The looming October 14 support cut-off date is likely to be the major driving factor behind the move to Windows 11.Read more of this story at Slashdot.

An anonymous reader shares a report: AI is projected to reach $4.8 trillion in market value by 2033, but the technology's benefits remain highly concentrated, according to the U.N. Trade and Development agency. In a report released on Thursday, UNCTAD said the AI market cap would roughly equate to the size of Germany's economy, with the technology offering productivity gains and driving digital transformation. However, the agency also raised concerns about automation and job displacement, warning that AI could affect 40% of jobs worldwide. On top of that, AI is not inherently inclusive, meaning the economic gains from the tech remain "highly concentrated," the report added. "The benefits of AI-driven automation often favour capital over labour, which could widen inequality and reduce the competitive advantage of low-cost labour in developing economies," it said. The potential for AI to cause unemployment and inequality is a long-standing concern, with the IMF making similar warnings over a year ago. In January, The World Economic Forum released findings that as many as 41% of employers were planning on downsizing their staff in areas where AI could replicate them. However, the UNCTAD report also highlights inequalities between nations, with U.N. data showing that 40% of global corporate research and development spending in AI is concentrated among just 100 firms, mainly those in the U.S. and China.Read more of this story at Slashdot.

Camera manufacturers continue to use different proprietary RAW file formats despite the 20-year existence of Adobe's open-source DNG (Digital Negative) format, creating ongoing compatibility challenges for photographers and software developers. Major manufacturers including Sony, Canon, and Panasonic defended their proprietary formats as necessary for maintaining control over image processing. Sony's product team told The Verge their ARW format allows them "to maximize performance based on device characteristics such as the image sensor and image processing engine." Canon similarly claims proprietary formats enable "optimum processing during image development." The Verge argues that this fragmentation forces editing software to specifically support each manufacturer's format and every new camera model -- creating delays for early adopters when new cameras launch. Each new device requires "measuring sensor characteristics such as color and noise," said Adobe's Eric Chan. For what it's worth, smaller manufacturers like Ricoh, Leica, and Sigma have adopted DNG, which streamlines workflow by containing metadata directly within a single file rather than requiring separate XMP sidecar files.Read more of this story at Slashdot.

China said Friday that it will impose reciprocal 34% tariffs on all imports from the United States from April 10, making good on a promise to strike back after US President Donald Trump escalated a global trade war. CNN: On Wednesday, Trump unveiled an additional 34% tariff on all Chinese goods imported into the US, in a move poised to cause a major reset of relations and worsen trade tensions between the world's two largest economies. "This practice of the US is not in line with international trade rules, seriously undermines China's legitimate rights and interests, and is a typical unilateral bullying practice," China's State Council Tariff Commission said in a statement announcing its retaliatory tariffs. Since returning to power in January, Trump had already levied two tranches of 10% additional duties on all Chinese imports, which the White House said was necessary to stem the flow of illicit fentanyl from the country to the US. Combined with pre-existing tariffs, that means Chinese goods arriving in the US would be effectively subject to tariffs of well over 54%.Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Visa has offered Apple roughly $100 million to take over the tech giant's credit card partnership from Mastercard, the Wall Street Journal reported on Tuesday, citing sources familiar with the matter. Visa has made a bold push to secure the Apple Card, offering an upfront payment typically reserved for the largest card programs, WSJ reported. American Express is also trying to unseat Mastercard to win the Apple card. Amex is looking to become the card's issuer as well as the network, the report said, citing the sources. Goldman Sachs ended its partnership with Apple in late 2023 as the Wall Street bank retreated from consumer lending.Read more of this story at Slashdot.

Coreboot 25.03 has been released with support for 22 new motherboards and several other significant updates, including enhanced display handling, USB debugging, RISC-V support, and RAM initialization for older Intel platforms. Phoronix reports: Coreboot 25.03 delivers display handling improvements, a better USB debugging experience, CPU topology updates, various improvements to the open-source RAM initialization for aging Intel Haswell platforms, improved USB Type-C and Thunderbolt handling, various embedded controller (EC) improvements, better RISC-V architecture support, DDR5-7500 support, and many bug fixes across the sprawling Coreboot codebase. More details, including a full list of the supported boards, can be found here.Read more of this story at Slashdot.

The M.T.A. has unveiled on Wednesday a revamped New York City subway map -- the first major redesign in nearly 50 years. As reported by the New York Times, the map draws inspiration from the modernist but controversial 1972 Unimark version, prioritizing clarity over geographic precision. It's also a part of a broader effort to refresh the system's image amid calls for infrastructure upgrades and political tensions over transit funding and congestion pricing. From the report: The updated version blends elements of the Unimark design with a successor known to some as the Tauranac map, after John Tauranac, a well-regarded New York mapmaker. That design was led by the firm Michael Hertz Associates. The new map is already being displayed on digital monitors, and will be posted in subway cars and platforms over the next several weeks, the M.T.A. said. For Janno Lieber, the authority's chairman, the occasion was also an opportunity to tie his ambitions for the system to a critical moment in its past. "This is a linchpin moment, like in 1979, when we started to fix the subway system," Mr. Lieber said, referring to the year before the M.T.A. debuted its first capital plan to upgrade the aging transit system. As then, the system is in dire need of new trains and infrastructure improvements. So far, the State Legislature has yet to fully fund the latest $68 billion plan. The Unimark subway map released in 1972. The latest iteration of New York City's map takes cues from the design. Two of the biggest alterations address the legibility of transfer points at some of the busiest hubs and the depiction of the system's accessibility features, said Shanifah Rieara, the authority's chief customer officer. Mr. Lieber declined to say how much the redesign cost, but said it was paid for "entirely in house," without a stand-alone budget.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: [...] The study, led by researchers at Brown University, found that the wealthiest Americans lived shorter lives than the wealthiest Europeans. In fact, wealthy Northern and Western Europeans had death rates 35 percent lower than the wealthiest Americans, whose lifespans were more like the poorest in Northern and Western Europe -- which includes countries such as France, the Netherlands, and Switzerland. "The findings are a stark reminder that even the wealthiest Americans are not shielded from the systemic issues in the US contributing to lower life expectancy, such as economic inequality or risk factors like stress, diet or environmental hazards," lead study author Irene Papanicolas, a professor of health services, policy and practice at Brown, said in a news release. The study looked at health and wealth data of more than 73,000 adults across the US and Europe who were 50 to 85 years old in 2010. There were more than 19,000 from the US, nearly 27,000 from Northern and Western Europe, nearly 19,000 from Eastern Europe, and nearly 9,000 from Southern Europe. For each region, participants were divided into wealth quartiles, with the first being the poorest and the fourth being the richest. The researchers then followed participants until 2022, tracking deaths. The US had the largest gap in survival between the poorest and wealthiest quartiles compared to European countries. America's poorest quartile also had the lowest survival rate of all groups, including the poorest quartiles in all three European regions. While less access to health care and weaker social structures can explain the gap between the wealthy and poor in the US, it doesn't explain the differences between the wealthy in the US and the wealthy in Europe, the researchers note. There may be other systemic factors at play that make Americans uniquely short-lived, such as diet, environment, behaviors, and cultural and social differences. "If we want to improve health in the US, we need to better understand the underlying factors that contribute to these differences -- particularly amongst similar socioeconomic groups -- and why they translate to different health outcomes across nations," Papanicolas said. The findings have been published in the New England Journal of Medicine.Read more of this story at Slashdot.

Microsoft is testing a new Windows 11 feature that resizes taskbar icons dynamically like on macOS, with options to shrink icons when the taskbar is full or keep them small at all times. The Verge reports: If you're on the beta, under Taskbar settings - Taskbar behaviors, you can now select options under Show smaller taskbar buttons: Always, Never, or When taskbar is full. The third option will scale down icons so that they all can fit and not get hidden away in a second menu. The behavior appears to be similar to macOS where icons on the dock get smaller as more applications or minimized windows are added. Microsoft is also testing an update to the Start menu. "Now, it has a larger layout that includes the ability to hide the recommended recent apps and can show all of your apps on the page," reports The Verge.Read more of this story at Slashdot.

Google's NotebookLM has added a new "Discover sources" feature that allows users to describe a topic and have the AI find and curate relevant sources from the web -- eliminating the need to upload documents manually. "When you tap the Discover button in NotebookLM, you can describe the topic you're interested in, and NotebookLM will bring back a curated collection of relevant sources from the web," says Google software engineer Adam Bignell. Click to add those sources to your notebook; "it's a fast and easy way to quickly grasp a new concept or gather essential reading on a topic." PCMag reports: You can still add your files. NotebookLM can ingest PDFs, websites, YouTube videos, audio files, Google Docs, or Google Slides and summarize, transcribe, narrate, or convert into FAQs and study guides. "Discover sources" helps incorporate information you may not have saved. [...] The imported sources stay within the notebook you created. You can read the entire original document, ask questions about it via chat, or apply other NotebookLM features to it. Google started rolling out both features on Wednesday. It should be available for all users in about "a week or so." For those concerned about privacy, Google says, "NotebookLM does not use your personal data, including your source uploads, queries, and the responses from the model for training." There's also an "I'm Feeling Curious" button (a reference to its iconic "I'm feeling lucky" search button) that generates sources on a random topic you might find interesting.Read more of this story at Slashdot.

An anonymous reader quotes a report from Techdirt: Walled Culture has been following closely Italy's poorly designed Piracy Shield system. Back in December we reported how copyright companies used their access to the Piracy Shield system to order Italian Internet service providers (ISPs) to block access to all of Google Drive for the entire country, and how malicious actors could similarly use that unchecked power to shut down critical national infrastructure. Since then, the Computer & Communications Industry Association (CCIA), an international, not-for-profit association representing computer, communications, and Internet industry firms, has added its voice to the chorus of disapproval. In a letter (PDF) to the European Commission, it warned about the dangers of the Piracy Shield system to the EU economy [...]. It also raised an important new issue: the fact that Italy brought in this extreme legislation without notifying the European Commission under the so-called "TRIS" procedure, which allows others to comment on possible problems [...]. As well as Italy's failure to notify the Commission about its new legislation in advance, the CCIA believes that: this anti-piracy mechanism is in breach of several other EU laws. That includes the Open Internet Regulation which prohibits ISPs to block or slow internet traffic unless required by a legal order. The block subsequent to the Piracy Shield also contradicts the Digital Services Act (DSA) in several aspects, notably Article 9 requiring certain elements to be included in the orders to act against illegal content. More broadly, the Piracy Shield is not aligned with the Charter of Fundamental Rights nor the Treaty on the Functioning of the EU -- as it hinders freedom of expression, freedom to provide internet services, the principle of proportionality, and the right to an effective remedy and a fair trial. Far from taking these criticisms to heart, or acknowledging that Piracy Shield has failed to convert people to paying subscribers, the Italian government has decided to double down, and to make Piracy Shield even worse. Massimiliano Capitanio, Commissioner at AGCOM, the Italian Authority for Communications Guarantees, explained on LinkedIn how Piracy Shield was being extended in far-reaching ways (translation by Google Translate, original in Italian). [...] That is, Piracy Shield will apply to live content far beyond sports events, its original justification, and to streaming services. Even DNS and VPN providers will be required to block sites, a serious technical interference in the way the Internet operates, and a threat to people's privacy. Search engines, too, will be forced to de-index material. The only minor concession to ISPs is to unblock domain names and IP addresses that are no longer allegedly being used to disseminate unauthorized material. There are, of course, no concessions to ordinary Internet users affected by Piracy Shield blunders. In the future, Italy's Piracy Shield will add: - 30-minute blackout orders not only for pirate sports events, but also for other live content;- the extension of blackout orders to VPNs and public DNS providers;- the obligation for search engines to de-index pirate sites;- the procedures for unblocking domain names and IP addresses obscured by Piracy Shield that are no longer used to spread pirate content;- the new procedure to combat piracy on the #linear and "on demand" television, for example to protect the #film and #serietv.Read more of this story at Slashdot.

The Louvre Museum will discontinue its use of Nintendo 3DS XL consoles as audio guides by September 2025, replacing them with a new system. NintendoSoup reports: For several years the Louvre has been using specially dedicated New Nintendo 3DS XL consoles to give visitors an audio guided tour of the famous museum. According to the museum's official website however, it seems that the program will be discontinued in September 2025, to be replaced by a new system. Presumably, this is due to Nintendo slowly phasing out the Nintendo 3DS line in general, having stopped supporting repairs for the console in a few countries. The consoles used by the Louvre would have broken down sooner or later, necessitating a change if they could no longer be sent in for repairs. At the time of this writing, it is not known what will become of the unique special edition consoles that were being used for this purpose.Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Ryan Whitwam: Researchers at DeepMind have ... released a new technical paper (PDF) that explains how to develop AGI safely, which you can download at your convenience. It contains a huge amount of detail, clocking in at 108 pages before references. While some in the AI field believe AGI is a pipe dream, the authors of the DeepMind paper project that it could happen by 2030. With that in mind, they aimed to understand the risks of a human-like synthetic intelligence, which they acknowledge could lead to "severe harm." This work has identified four possible types of AGI risk, along with suggestions on how we might ameliorate said risks. The DeepMind team, led by company co-founder Shane Legg, categorized the negative AGI outcomes as misuse, misalignment, mistakes, and structural risks. The first possible issue, misuse, is fundamentally similar to current AI risks. However, because AGI will be more powerful by definition, the damage it could do is much greater. A ne'er-do-well with access to AGI could misuse the system to do harm, for example, by asking the system to identify and exploit zero-day vulnerabilities or create a designer virus that could be used as a bioweapon. DeepMind says companies developing AGI will have to conduct extensive testing and create robust post-training safety protocols. Essentially, AI guardrails on steroids. They also suggest devising a method to suppress dangerous capabilities entirely, sometimes called "unlearning," but it's unclear if this is possible without substantially limiting models. Misalignment is largely not something we have to worry about with generative AI as it currently exists. This type of AGI harm is envisioned as a rogue machine that has shaken off the limits imposed by its designers. Terminators, anyone? More specifically, the AI takes actions it knows the developer did not intend. DeepMind says its standard for misalignment here is more advanced than simple deception or scheming as seen in the current literature. To avoid that, DeepMind suggests developers use techniques like amplified oversight, in which two copies of an AI check each other's output, to create robust systems that aren't likely to go rogue. If that fails, DeepMind suggests intensive stress testing and monitoring to watch for any hint that an AI might be turning against us. Keeping AGIs in virtual sandboxes with strict security and direct human oversight could help mitigate issues arising from misalignment. Basically, make sure there's an "off" switch. If, on the other hand, an AI didn't know that its output would be harmful and the human operator didn't intend for it to be, that's a mistake. We get plenty of those with current AI systems -- remember when Google said to put glue on pizza? The "glue" for AGI could be much stickier, though. DeepMind notes that militaries may deploy AGI due to "competitive pressure," but such systems could make serious mistakes as they will be tasked with much more elaborate functions than today's AI. The paper doesn't have a great solution for mitigating mistakes. It boils down to not letting AGI get too powerful in the first place. DeepMind calls for deploying slowly and limiting AGI authority. The study also suggests passing AGI commands through a "shield" system that ensures they are safe before implementation. Lastly, there are structural risks, which DeepMind defines as the unintended but real consequences of multi-agent systems contributing to our already complex human existence. For example, AGI could create false information that is so believable that we no longer know who or what to trust. The paper also raises the possibility that AGI could accumulate more and more control over economic and political systems, perhaps by devising heavy-handed tariff schemes. Then one day, we look up and realize the machines are in charge instead of us. This category of risk is also the hardest to guard against because it would depend on how people, infrastructure, and institutions operate in the future.Read more of this story at Slashdot.

Air conditioning will contribute more to rising global energy demand than data centers through 2030, according to an International Energy Agency. While attention has focused on computing power consumption, the IEA projects data centers will account for less than 10% of increased energy demand by 2030, significantly less than space cooling requirements. Global cooling degree days, a measure of air conditioning need, were 6% higher in 2024 than 2023 and 20% above the long-term average for the first two decades of the century. China, India and the United States saw particularly sharp increases. Air conditioning represented 7% of global electricity consumption in 2022, with some U.S. regions reporting that cooling can comprise over 70% of residential energy use during peak periods. The number of air conditioning units worldwide could nearly triple from fewer than 2 billion in 2016 to approximately 6 billion by 2050, creating a growing challenge for power grids.Read more of this story at Slashdot.

U.S. stock markets suffered their worst day since the Covid pandemic after Donald Trump announced sweeping new tariffs, triggering a global selloff and wiping out $470 billion in value from tech giants Apple and Nvidia. From a report: The tech-heavy Nasdaq fell 6%, while the S&P 500 and the Dow dropped 4.8% and 3.9%, respectively. [...] Meanwhile, the US dollar hit a six-month low, going down at least 2.2% on Thursday morning compared with other major currencies and oil prices sank on fears of a global slowdown. Though the US stock market has been used to tumultuous mornings over the last few weeks, US stock futures -- an indication of the market's likely direction -- had plummeted after the announcement. Hours later, Japan's Nikkei index slumped to an eight-month low and was followed by falls in stock markets in London and across Europe. Multiple major American business groups have spoken out against the tariffs, including the Business Roundtable, a consortium of leaders of major US companies including JP Morgan, Apple and IBM, which called on the White House to "swiftly reach agreements" and remove the tariffs. "Universal tariffs ranging from 10-50% run the risk of causing major harm to American manufacturers, workers, families and exporters," the Business Roundtable said in a statement. "Damage to the US economy will increase the longer the tariffs are in place and may be exacerbated by retaliatory measures."Read more of this story at Slashdot.

Intel and Taiwan Semiconductor Manufacturing Co. have reached a preliminary agreement to form a joint venture operating Intel's chipmaking facilities, with TSMC taking a 20% stake, The Information reports [non-paywalled source]. Intel and other U.S. semiconductor companies would hold the majority of shares in the proposed venture. Instead of capital investment, TSMC has discussed sharing chipmaking methods and training Intel personnel. The talks face internal opposition from some Intel executives concerned about widespread layoffs and the abandonment of Intel's own technology, according to the report. The deal could help TSMC neutralize a struggling competitor while potentially giving Taiwan more leverage with the U.S. administration, which recently imposed tariffs on Taiwanese goods excluding chips.Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft's business-oriented "Link" mini-desktop PC, which connects directly to the company's Windows 365 cloud service, is now available to buy for $349.99 in the US and in several other countries. Windows 365 Link, which was announced last November, is a device that is more easily manageable by IT departments than a typical computer while also reducing the needs of hands on support.Read more of this story at Slashdot.

An anonymous reader shares a report: Oracle has told customers that a hacker broke into a computer system and stole old client log-in credentials, according to two people familiar with the matter. It's the second cybersecurity breach that the software company has acknowledged to clients in the last month. Oracle staff informed some clients this week that the attacker gained access to usernames, passkeys and encrypted passwords, according to the people, who spoke on condition that they not be identified because they're not authorized to discuss the matter. Oracle also told them that the FBI and cybersecurity firm CrowdStrike are investigating the incident, according to the people, who added that the attacker sought an extortion payment from the company. Oracle told customers that the intrusion is separate from another hack that the company flagged to some health-care customers last month, the people said.Read more of this story at Slashdot.

The climate crisis is on track to destroy capitalism, a top insurer has warned, with the vast cost of extreme weather impacts leaving the financial sector unable to operate. From a report: The world is fast approaching temperature levels where insurers will no longer be able to offer cover for many climate risks, said GA1/4nther Thallinger, on the board of Allianz SE, one of the world's biggest insurance companies. He said that without insurance, which is already being pulled in some places, many other financial services become unviable, from mortgages to investments. Global carbon emissions are still rising and current policies will result in a rise in global temperature between 2.2C and 3.4C above pre-industrial levels. The damage at 3C will be so great that governments will be unable to provide financial bailouts and it will be impossible to adapt to many climate impacts, said Thallinger, who is also the chair of the German company's investment board and was previously CEO of Allianz Investment Management. The core business of the insurance industry is risk management and it has long taken the dangers of global heating very seriously. In recent reports, Aviva said extreme weather damages for the decade to 2023 hit $2tn, while GallagherRE said the figure was $400bn in 2024. Zurich said it was "essential" to hit net zero by 2050.Read more of this story at Slashdot.

Climate startup Aspiration, which boasted a roster of celebrity backers and arranged carbon credits for Meta Platforms, Microsoft and other large companies, filed bankruptcy weeks after its co-founder was arrested on fraud charges. From a report: CTN Holdings, as the company is now known, has about $170 million in debt. The goal of the bankruptcy is to sell its assets as quickly as possible in order to repay creditors, chief restructuring officer Miles Staglik said in a court filing. The pool of potential bidders is small and the nature of the CTN's ventures will likely require more cash and "long term horizons before any potential value could be realized for creditors," Staglik said. The bankruptcy was filed after co-founder Joseph Sanberg was charged by federal prosecutors with conspiring to defraud two investor funds of at least $145 million, according to a US Department of Justice announcement earlier this month. The charges involve his personal conduct and don't implicate CTN or its affiliates "in any criminal activity," said Staglik, a managing director at CR3 Partners that's been hired as CTN's restructuring adviser.Read more of this story at Slashdot.

Intel has unveiled a refresh of its iconic brand identity, introducing the slogan "That's the power of Intel Inside" to reconnect with consumers and highlight the chipmaker's role in modern computing. The new campaign resurrects the familiar "Intel Inside" theme that helped transform the company into a household name in the 1990s, when Intel's marketing strategy directly targeted consumers rather than system designers. Brett Hannath, Intel's chief marketing officer, said the message reflects the company's belief that its products can unlock potential for employees, customers, consumers and partners. The original "Intel Inside" campaign, launched in 1991, revolutionized tech marketing by making processors a key selling point for PCs with its recognizable sticker and five-note jingle. The strategy helped Intel differentiate itself from competitors like AMD and Cyrix during the PC market explosion.Read more of this story at Slashdot.

Despite promises of more efficient streaming, the AV1 video codec hasn't achieved widespread adoption seven years after its 2018 debut, even with backing from tech giants Netflix, Microsoft, Google, Amazon, and Meta. The Alliance for Open Media (AOMedia) claims AV1 is 30% more efficient than standards like HEVC, delivering higher-quality video at lower bandwidth while remaining royalty-free. Major services including YouTube, Netflix, and Amazon Prime Video have embraced the technology, with Netflix encoding approximately 95% of its content using AV1. However, adoption faces significant hurdles. Many streaming platforms including Max, Peacock, and Paramount Plus haven't implemented AV1, partly due to hardware limitations. Devices require specific decoders to properly support AV1, though recent products from Apple, Nvidia, AMD, and Intel have begun including them. "In order to get its best features, you have to accept a much higher encoding complexity," Larry Pearlstein, associate professor at the College of New Jersey, told The Verge. "But there is also higher decoding complexity, and that is on the consumer end."Read more of this story at Slashdot.

databasecowgirl writes: Commenting in The Times on the absurdity of Meta's copyright infringement claims, Caitlin Moran defines Schrodinger's economics: where a company is both [one of] the most valuable on the planet yet also too poor to pay for the materials it profits from. Ultimately "move fast and break things" means breaking other people's things. Or, possibly worse, going full 'The Talented Mr Ripley': slowly feeling so entitled to the things you are enamored of that you end up clubbing out the brains of your beloved in a boat.Read more of this story at Slashdot.

Microsoft has pulled back on data center projects around the world, suggesting the company is taking a harder look at its plans to build the server farms powering artificial intelligence and the cloud. From a report: The software company has recently halted talks for, or delayed development of, sites in Indonesia, the UK, Australia, Illinois, North Dakota and Wisconsin, according to people familiar with the situation. Microsoft is widely seen as a leader in commercializing AI services, largely thanks to its close partnership with OpenAI. Investors closely track Microsoft's spending plans to get a sense of long-term customer demand for cloud and AI services. It's hard to know how much of the company's data center pullback reflects expectations of diminished demand versus temporary construction challenges, such as shortages of power and building materials. Some investors have interpreted signs of retrenchment as an indication that projected purchases of AI services don't justify Microsoft's massive outlays on server farms. Those concerns have weighed on global tech stocks in recent weeks, particularly chipmakers like Nvidia which suck up a significant share of data center budgets.Read more of this story at Slashdot.

Longtime Slashdot reader theodp writes: A coalition of Washington state business leaders -- which includes Microsoft President Brad Smith and Amazon Chief Legal Officer David Zapolsky -- released a letter Wednesday urging state lawmakers to reconsider recently proposed tax and budget measures. "I actually think it's an almost unprecedented outpouring of support from across the business community," said Microsoft's Smith in an interview. In their letter, which reads in part like it could have been penned by a GenAI Marie Antoinette, the WA business leaders question whether any more spending is warranted given how poorly Washington's 4th and 8th graders compare to children in the rest of the nation on test scores. The letter also laments the increase in WA's homeless population as it celebrates WA Governor Bob Ferguson's announcement that he would not sign a proposed wealth tax. From the letter: "We have long partnered with you in many areas, including education funding. Despite more than doubling K-12 spending and increasing teacher salaries to some of the highest rates in the nation, 4th and 8th grade assessment scores in reading and math are among the worst in the country. Similarly, we have collaborated with you to address housing and homelessness. Despite historic investments in affordable housing and homelessness prevention since 2013, Washington's homeless population has grown by 71 percent, making it the third largest in the nation after California and New York, according to HUD. These outcomes beg the question of whether more investment is needed or whether we need different policies instead." Back in 2010, Smith teamed with then-Microsoft CEO Steve Ballmer and then-Amazon CEO Jeff Bezos to fund an effort to defeat an initiative for a WA state income that was pushed for by Bill Gates Sr. In 2023, Bezos moved out of WA state before being subjected to a 7% tax on gains of more than $250,000 from the sale of stocks and bonds, a move that reportedly saved him $1.2 billion in WA taxes on his 2024 Amazon stock sales.Read more of this story at Slashdot.

The European Space Agency's short film Space Debris: Is it a Crisis? highlights the growing danger of orbital clutter, warning that "70% of the 20,000 satellites ever launched remain in space today, orbiting alongside hundreds of millions of fragments left behind by collisions, explosions and intentional destruction." Inkl reports: The approximately eight-minute-long film "Space Debris: Is it a Crisis?" attempts to answer its conjecture with supportive statistics and orbital projections. [...] The film also mentions that the kind of Earth orbit matters when discussing whether we're in a space junk "crisis" -- though unfortunately, orbits at risk appear to be those with satellites that help with communication and navigation, as well as our fight against another primarily human-driven crisis: global warming. Still, the film emphasizes that solutions ought to be thought of carefully: "True sustainability is complex, and rushed solutions risk creating the problem of burden-shifting." You can watch the film on ESA's website.Read more of this story at Slashdot.

Amazon and United Launch Alliance will launch 27 full-scale satellites on April 9 as part of Amazon's Project Kuiper, marking the company's first major step toward building a global satellite internet network to rival SpaceX's Starlink. GeekWire reports: ULA said the three-hour window for the Atlas V rocket's liftoff from Cape Canaveral Space Force Station's Space Launch Complex 41 in Florida is scheduled to open at noon ET (9 a.m. PT) that day. ULA is planning a live stream of launch coverage via its website starting about 20 minutes ahead of liftoff. Amazon said next week's mission -- known as Kuiper-1 or KA-1 (for Kuiper Atlas 1) -- will put 27 Kuiper satellites into orbit at an altitude of 280 miles (450 kilometers). ULA launched two prototype Kuiper satellites into orbit for testing in October 2023, but KA-1 will mark Amazon's first full-scale launch of a batch of operational satellites designed to bring high-speed internet access to millions of people around the world. [...] According to Amazon, the Kuiper satellite design has gone through significant upgrades since the prototypes were launched in 2023. Amazon's primary manufacturing facility is in Kirkland, Wash., with some of the components produced at Project Kuiper's headquarters in nearby Redmond. The mission profile for KA-1 calls for deploying the satellites safely in orbit and establishing ground-to-space contact. The satellites would then use their electric propulsion systems to settle into their assigned orbits at an altitude of 392 miles (630 kilometers), under the management of Project Kuiper's mission operations team in Redmond. Under the current terms of its license from the Federal Communications Commission, Amazon is due to launch 3,232 Kuiper satellites by 2029, with half of those satellites going into orbit by mid-2026.Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: A "vibe coded" AI app developed by entrepreneur and Y Combinator group partner Tom Blomfield has generated recipes that gave users instruction on how to make "Cyanide Ice Cream," "Thick White Cum Soup," and "Uranium Bomb," using those actual substances as ingredients. Vibe coding, in case you are unfamiliar, is the new practice where people, some with limited coding experience, rapidly develop software with AI assisted coding tools without overthinking how efficient the code is as long as it's functional. This is how Blomfield said he made RecipeNinja.AI. [...] The recipe for Cyanide Ice Cream was still live on RecipeNinja.AI at the time of writing, as are recipes for Platypus Milk Cream Soup, Werewolf Cream Glazing, Cholera-Inspired Chocolate Cake, and other nonsense. Other recipes for things people shouldn't eat have been removed. It also appears that Blomfield has introduced content moderation since users discovered they could generate dangerous or extremely stupid recipes. I wasn't able to generate recipes for asbestos cake, bullet tacos, or glue pizza. I was able to generate a recipe for "very dry tacos," which looks not very good but not dangerous. In a March 20 blog on his personal site, Blomfield explained that he's a startup founder turned investor, and while he has experience with PHP and Ruby on Rails, he has not written a line of code professionally since 2015. "In my day job at Y Combinator, I'm around founders who are building amazing stuff with AI every day and I kept hearing about the advances in tools like Lovable, Cursor and Windsurf," he wrote, referring to AI-assisted coding tools. "I love building stuff and I've always got a list of little apps I want to build if I had more free time." After playing around with them, he wrote, he decided to build RecipeNinja.AI, which can take a prompt as simple as "Lasagna," and generate an image of the finished dish along with a step-by-stape recipe which can use ElevenLabs's AI generated voice to narrate the instruction so the user doesn't have to interact with a device with his tomato sauce-covered fingers. "I was pretty astonished that Windsurf managed to integrate both the OpenAI and Elevenlabs APIs without me doing very much at all," Blomfield wrote. "After we had a couple of problems with the open AI Ruby library, it quickly fell back to a raw ruby HTTP client implementation, but I honestly didn't care. As long as it worked, I didn't really mind if it used 20 lines of code or two lines of code." Having some kind of voice controlled recipe app sounds like a pretty good idea to me, and it's impressive that Blomfield was able to get something up and running so fast given his limited coding experience. But the problem is that he also allowed users to generate their own recipes with seemingly very few guardrails on what kind of recipes are and are not allowed, and that the site kept those results and showed them to other users.Read more of this story at Slashdot.

Robotics and machine learning engineer Naveen Kul developed WattWise, a lightweight open-source CLI tool that monitors power usage via smart plugs and throttles system performance based on electricity pricing and peak hours. Tom's Hardware reports: The simple program, called WattWise, came about when Naveen built a dual-socket EPYC workstation with plans to add four GPUs. It's a power-intensive setup, so he wanted a way to monitor its power consumption using a Kasa smart plug. The enthusiast has released the monitoring portion of the project to the public now, but the portion that manages clocks and power will be released later. Unfortunately, the Kasa Smart app and the Home Assistant dashboard was inconvenient and couldn't do everything he desired. He already had a terminal window running monitoring tools like htop, nvtop, and nload, and decided to take matters into his own hands rather than dealing with yet another app. Naveen built a terminal-based UI that shows power consumption data through Home Assistant and the TP-Link integration. The app monitors real-time power use, showing wattage and current, as well as providing historical consumption charts. More importantly, it is designed to automatically throttle CPU and GPU performance. Naveen's power provider uses Time-of-Use (ToU) pricing, so using a lot of power during peak hours can cost significantly more. The workstation can draw as much as 1400 watts at full load, but by reducing the CPU frequency from 3.7 GHz to 1.5 GHz, he's able to reduce consumption by about 225 watts. (No mention is made of GPU throttling, which could potentially allow for even higher power savings with a quad-GPU setup.) Results will vary based on the hardware being used, naturally, and servers can pull far more power than a typical desktop -- even one designed and used for gaming. WattWise optimizes the system's clock speed based on the current system load, power consumption as reported by the smart plug, and the time -- with the latter factoring in peak pricing. From there, it uses a Proportional-Integral (PI) controller to manage the power and adapts system parameters based on the three variables. A blog post with more information is available here. WattWise is also available on GitHub.Read more of this story at Slashdot.