Linux fréttir

Berlin's regional parliament has passed a far-reaching overhaul of its "security" law, giving police new authority to conduct both digital and physical surveillance. From a report: The CDU-SPD coalition, supported by AfD votes, approved the reform of the General Security and Public Order Act (ASOG), changing the limits that once protected Berliners from intrusive policing. Interior Senator Iris Spranger (SPD) argued that the legislation modernizes police work for an era of encrypted communication, terrorism, and cybercrime. But it undermines core civil liberties and reshapes the relationship between citizens and the state. One of the most controversial elements is the expansion of police powers under paragraphs 26a and 26b. These allow investigators to hack into computers and smartphones under the banner of "source telecommunications surveillance" and "online searches." Police may now install state-developed spyware, known as trojans, on personal devices to intercept messages before or after encryption. If the software cannot be deployed remotely, the law authorizes officers to secretly enter a person's home to gain access. This enables police to install surveillance programs directly on hardware without the occupant's knowledge. Berlin had previously resisted such practices, but now joins other federal states that permit physical entry to install digital monitoring tools.

Read more of this story at Slashdot.

And the earlier React2Shell patch is vulnerable

If you're running React Server Components, you just can't catch a break. In addition to already-reported flaws, newly discovered bugs allow attackers to hang vulnerable servers and potentially leak Server Function source code, so anyone using RSC or frameworks that support it should patch quickly.…

The Ninth Circuit Court of Appeals has almost entirely upheld a scathing April ruling that found Apple in willful violation of a 2021 injunction meant to open up iOS App Store payments in its long-running legal battle against Epic Games. A three-judge panel affirmed that Apple's 27% fee for developers using outside payment options had a "prohibitive effect" and that the company's design restrictions on external payment links were overly broad. The appeals court also agreed that Apple acted in "bad faith" by rejecting viable, compliant alternatives in internal discussions. One divergence from the lower court: the appeals court ruled that Apple should still be able to charge a "reasonable fee" based on its actual costs to ensure user security and privacy, rather than charging nothing at all. What qualifies as "reasonable" remains to be determined. Epic CEO Tim Sweeney told reporters he believes those fees should be "super super minor," on the order of "tens or hundreds of dollars" every time an iOS app update goes through Apple for review. "The Apple Tax is dead in the USA," he wrote on social media. Sweeney also alleged that a widespread "fear of retaliation" has kept many developers paying Apple's default 30% fees, claiming the company can effectively "ghost" apps by delaying reviews or burying them in search results.

Read more of this story at Slashdot.

China is leading research in nearly 90% of the crucial technologies that "significantly enhance, or pose risks to, a country's national interests," according to a technology tracker run by the Australian Strategic Policy Institute (ASPI) -- an independent think-tank. Nature: The ASPI's Critical Technology Tracker evaluated research on 74 current and emerging technologies this year, up from the 64 technologies it analyzed last year. China is ranked number one for research on 66 of the technologies, including nuclear energy, synthetic biology, small satellites, while the United States topped the remaining 8, including quantum computing and geoengineering. The results reflect a drastic reversal. At the beginning of this century, the United States led more than 90% of the assessed technologies, whereas China led less than 5% of them, according to the 2024 edition of the tracker. "China has made incredible progress on science and technology that is reflected in research and development, as well as in publications," says Ilaria Mazzocco, who researches China's industrial policy at the Center for Strategic and International Studies, a non-profit research organization based in Washington DC. Mazzocco says the general trend identified by the ASPI is not a surprise, but it is "remarkable" to see that China is so dominant and advanced in so many fields compared with the United States.

Read more of this story at Slashdot.

Executive order sidesteps Congress and sets up Litigation Task Force

President Trump and his patrons in big tech have long wanted to block states from implementing their own AI regulations. After failing twice to do so in Congress, the US president has issued an executive order that would attempt to punish states that try to restrain the bot business.…

Protests force disclosure of costs totaling $16,000 per student over 7 year rollout replacing 80 legacy systems

The total cost of a Workday implementation project at Washington University in St. Louis is set to hit almost $266 million, it was revealed after the project was the subject of protests from students.…

A new study of roughly 80,000 bachelor's degree recipients from a large urban public college system finds that characteristics of a graduate's first job can explain nearly two-thirds of the otherwise-unexplained earnings gap between students from low-income and high-income families five years after graduation. The research [PDF], published as an NBER working paper by economists at Columbia University, tracked graduates from 2010 to 2017 using administrative education data linked to state unemployment insurance records. Low-income students -- defined as those receiving Pell grants throughout their undergraduate enrollment -- earned about 12% less than their high-income peers at the five-year mark. A substantial gap of roughly $4,900 persisted even after the researchers controlled for GPA, college attended, major, and other pre-graduation characteristics. That residual gap fell to about $1,700 once first-job variables entered the equation. Graduates from lower-income families tended to start at employers paying lower average wages and were less likely to have their first job secured before graduation. Just 34% of low-income graduates continued at a pre-graduation employer compared to 40% of their higher-income peers. The firms employing low-income graduates paid average wages that were 18% lower than those employing high-income graduates. The researchers say that while the study cannot establish causation, the patterns suggest that supporting low-income students during their transition from college to the labor market may be a fruitful area for policy intervention.

Read more of this story at Slashdot.

The Washington Post's top standards editor Thursday decried "frustrating" errors in its new AI-generated personalized podcasts, whose launch has been met with distress by its journalists. From a report: Earlier this week, the Post announced that it was rolling out personalized AI-generated podcasts for users of the paper's mobile app. In a release, the paper said users will be able to choose preferred topics and AI hosts, and could "shape their own briefing, select their topics, set their lengths, pick their hosts and soon even ask questions using our Ask The Post AI technology." But less than 48 hours since the product was released, people within the Post have flagged what four sources described as multiple mistakes in personalized podcasts. The errors have ranged from relatively minor pronunciation gaffes to significant changes to story content, like misattributing or inventing quotes and inserting commentary, such as interpreting a source's quotes as the paper's position on an issue. According to four people familiar with the situation, the errors have alarmed senior newsroom leaders who have acknowledged in an internal Slack channel that the product's output is not living up to the paper's standards. In a message to other WaPo staff shared with Semafor, head of standards Karen Pensiero wrote that the errors have been "frustrating for all of us."

Read more of this story at Slashdot.

Carl Rinsch, the director behind the 2013 Keanu Reeves film "47 Ronin," has been found guilty of defrauding Netflix out of $11 million that was meant to fund a science fiction series called "Conquest," which the streaming company ultimately cancelled in 2021 after Rinsch failed to meet any production milestones. A jury in the Southern District of New York convicted the 48-year-old on seven charges: one count each of wire fraud and money laundering, and five counts of transacting in illicitly obtained property. Prosecutors alleged that Rinsch funneled the $11 million through multiple bank accounts into a personal brokerage account, lost more than half of it on securities within two months, and then began speculating on cryptocurrency. Court records show he also spent $2.4 million on a Ferrari and five Rolls Royces, $3.3 million on furniture and antiques, and $387,000 on a Swiss watch. Netflix has written off $55 million in total and has not recovered any funds. Rinsch faces up to 90 years in prison and is scheduled for sentencing on April 17, 2026.

Read more of this story at Slashdot.

It's getting crowded up there

Earth's orbit is starting to look like an LA freeway, with more and more satellites being launched each year. If you're worried about collisions and space debris making the area unusable – and you should be – scientists have proposed a new metric to contribute to your anxiety: the CRASH Clock.…

Bank sketches four scenarios in which monetization falters or demand swamps supply by 2030

Goldman Sachs warns that datacenter investments may fail to pay off if the industry is unable to monetize AI models, but hedges its bets by saying that demand could also overwhelm available capacity by 2030.…

Major automakers have urged Washington to prevent Chinese government-backed automakers and battery manufacturers from opening U.S. manufacturing plants, warning the industry's future is at stake. From a report: The Alliance for Automotive Innovation, which represents General Motors, Ford, Toyota Motor, Volkswagen, Hyundai, Stellantis and other major automakers, sounded the alarm and said Congress and the Trump administration needed to act. "China poses a clear and present threat to the auto industry in the U.S.," the group wrote in a statement for a U.S. House hearing on Chinese vehicles. The group also said lawmakers should maintain the U.S. Commerce Department's prohibition on importing information and communications technology and services from China that effectively bars the import of vehicles from Chinese manufacturers. "No amount of investment by automakers and battery manufacturers operating inside the U.S. can counter a China that is enabled by subsidies to chronically oversupply around the world. This is a recipe for dumping that Congress and the Trump Administration must prevent from happening inside the U.S.," the auto industry group said.

Read more of this story at Slashdot.

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move

Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.…

Justice Department alleges federal auditors were misled over compliance with FedRAMP and DoD requirements

The US is suing a former senior manager at Accenture for allegedly misleading the government about the security of an Army cloud platform.…

Competition Appeal Tribunal to decide if multibillion-pound overcharging case can go to trial

Stop us if you've heard this one before. Microsoft is in court regarding allegedly sharp software licensing practices.…

An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences." Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with." Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts."

Read more of this story at Slashdot.

Rights groups say digital-only record is leaking data and courting trouble

Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.…

Wiz says React2Shell attacks accelerating, ranging from cryptominers to state-linked crews

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.…

Analysts say the shift offers stability, but embedded usage caps ensure vendors keep control

Salesforce CEO Marc Benioff last week came closer to answering a multibillion-dollar question when he said seat-based pricing – with some caveats – was becoming the norm for its AI agents after flirting with pricing based on consumption and per-conversation payments.…

The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said. Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together."

Read more of this story at Slashdot.