Linux fréttir

'Minor issue' with showing accounting customers 'unrelated business information' required repairs

Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users.…

While Microsoft pushes AI PC experiences, Nvidia is busy wooing developers

Comment Nvidia is the uncontested champion of AI infrastructure — at least in the datacenter. In the emerging field of AI PCs, things aren't so clear cut.…

Amazon has angered its workers "after forcing them to return to the office five days a week," reports the New York Post. The problem? "Not enough desks for everyone." (As well as "packed parking lots" that are turning some workers away.) The Post cites interviews conducted with seven Amazon employees by Business Insider (which notes that in mid-December Amazon had already "delayed full return-to-office at dozens of locations, sometimes until as late as May, because of office-capacity issues). Here in mid-January, the Post writes, many returning-to-office workers still aren't happy: Some meeting rooms have not had enough chairs — and there also have not been enough meeting rooms for everyone, one worker told the publication... [S]imply reaching the office is a challenge in itself, according to the report. Some complained they were turned away from company parking lots that were full, while others griped about having to join meetings from the road due to excess traffic on their way to the office, according to the Slack messages. Once staffers conquer the challenges of reaching the office and finding a desk, some lamented the lack of in-person discussions since many of the meetings remain virtual, according to BI. Amazon acknowledged they had offices that were "not quite ready" to "welcome everyone back a full five days a week," according to Post, though Amazon believed the number of not-quite-ready offices were "relatively small". But the parking lot situation may continue. Business Insider says one employee from Amazon's Nashville office "said the wait time for a company parking pass was backed up for months." (Although another Nashville staffer said Amazon was handing out passes for them to take mass-transit for free, which they'd described as "incredibly generous.") There's also Amazon shuttle busses, according to the article. Although other staffers "said they were denied a spot on Amazon shuttle buses because the vehicles were full..." Others said they just drove back home, while some staffers found street parking nearby, according to multiple Slack messages seen by Business Insider... This month, some employees were still questioning the logic behind the policy. They said being in the office has had little effect on their work routine and has not generated much of a productivity gain. A considerable portion of their in-office work is still being done through video calls with customers who are elsewhere, these employees told BI. Many Amazon colleagues are at other office locations, so face-to-face meetings still don't happen very often, they added. The Post adds another drawback of returning to the office. "Employees at Amazon's Toronto office said their personal belongings have repeatedly been stolen from their desks."

Read more of this story at Slashdot.

PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more

Infosec in brief Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power of an online magician who made off with millions of customer records - except perhaps the wizardry of multifactor authentication.…

PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company

Asia In Brief When food delivery “superapps” started operations in Indonesia, users started putting on weight – and that’s not an entirely bad thing.…

"Engineers have showcased a prototype electric vehicle that can drive for up to 40 miles (64 kilometers) per day using just solar power," reports LiveScience. The production-ready "Aptera Launch Edition" made its first appearance this month at CES 2025, and "also offers up to 400 miles (640 km) of range from a single charge via an electrical output, company representatives said in a statement." LiveScience describes the vehicle as "lighter and more energy-efficient than conventional EVs, while offering a 50% reduction in aerodynamic resistance," with an energy efficiency rating of 100 Watt-hours per mile (Wh/mile). By contrast, a Tesla Model S (released in 2022) consumes 194 Wh/mile in the city in mild weather and 288 Wh/mile on the highway in mild weather, according to the EV Database. At a maximum range of 440 miles — including 40 miles using solar power and 400 miles using electricity — the Aptera EV may also overtake the current longest-range vehicles in production. The Mercedes-Benz EQS 450+ has a maximum range of 425 miles (684 km), according to the EV Database, followed by the Lucid Air Grand Touring at 410 miles (660 km). Aptera says it's raised $135 million "through equity crowdfunding" to fund its pre-production progress. "Since its launch, the Company has accepted $1.7 billion in pre-orders with nearly 50,000 vehicles reserved by future Aptera owners in the U.S. and internationally." MotorTrend writes that "nearly two decades in the making, the otherworldly three-wheel Aptera is headed to production this year as a $40,000, 400-mile EV that can capture up to 40 miles worth of free solar energy every day. Maybe." The California startup made similar promises in 2008, 2009, 2012, and 2022 and yet it has never delivered a single vehicle. Is anything different this time...? At CES, co-CEO (and one of Aptera's original founders) Chris Anthony told MotorTrend it will take another $60 million to finish the development work, buy the tooling, and build out the Carlsbad, California, assembly plant. "We're still in fundraising mode and we hope that we inspire some people in this beautiful building (Las Vegas Convention Center) to invest in Aptera," Anthony said. "We're trying to raise $20 million in the first quarter of this year. That will basically kick off all the long-lead items to get into production, but it's a $60 million plan to get into volume production." Anthony said the company has already made one of its largest purchases, the molds for the carbon-fiber sheet-molding composite body structure and the fiberglass sheet-molding composite body panels that will be made in Italy. The next $20 million will cover the tooling for the diecast metal suspension arms and the injection-molded interior components... It would be relatively easy for Aptera to hand build cars in a garage and announce the start of production, but the plan calls for building up to 80 cars per day per the guidance of engineering consultant and YouTuber Sandy Munro, who is an Aptera investor and adviser. "He really helped shepherd the design from what was an early prototype prove-out design into how to make the most manufacturable vehicle ever," Anthony said. The structure is built from just six parts and the entire car has been designed to be put together in a factory with just 12 stations. But that radical simplicity complicates the job at hand right now. In addition to developing the car, the small engineering team also has to create the machine that makes it. Anthony's plan has the factory ramping up to build 20,000 vehicles a year within nine months of starting production at the end of 2025. Before that can happen, Aptera needs to clear the same hurdle that tripped it up in 2011 and sent the company stumbling into liquidation — the money. "We would love one investor to be so inspired by what we're doing that they just hand us a $60 million check," Anthony told MotorTrend. "But it could be something that's kind of piecemeal over the next nine months to get that $60 million into the company." Are you convinced?

Read more of this story at Slashdot.

The Los Angeles Times calls it "a guns-blazingly funny documentary about two out-of-work British actors who spent a chunk of their COVID-19 lockdown staging Shakespeare's masterpiece on the mean streets of Grand Theft Auto V." Grand Theft Hamlet won SXSW's Jury Award for best documentary, and has now opened in U.S. theatres this weekend (and begun streaming on Mubi), after opening in the U.K. and Ireland. But nearly the entire film is set in Grand Theft Auto's crime-infested version of Los Angeles, the Times reports, "where even the good guys have weapons and a nihilistic streak — the vengeful Prince of Denmark fits right in." Yet when Sam Crane, a.k.a. @Hamlet_thedane, launches into one of the Bard's monologues, he's often murdered by a fellow player within minutes. Everyone's a critic. Crane co-directed the movie with his wife, Pinny Grylls, a first-time gamer who functions as the film's camera of sorts. What her character sees, where she chooses to stand and look, makes up much of the film, although the editing team does phenomenal work splicing in other characters' points of view. (We're never outside of the game until the last 30 seconds; only then do we see anyone's real face....) The Bard's story is only half the point. Really, this is a classic let's-put-on-a-pixilated-show tale about the need to create beauty in the world — even this violent world — especially when stage productions in England have shuttered, forcing Crane, a husband and father, and Mark Oosterveen, single and lonely, to kill time speeding around the digital desert... To our surprise (and theirs), the play's tussles with depression and anguish and inertia become increasingly resonant as the production and the pandemic limps toward their conclusions. When Crane and Oosterveen's "Grand Theft Auto" avatars hop into a van with an anonymous gamer and ask this online stranger for his thoughts on Hamlet's suicidal soliloquy, the man, a real-life delivery driver stuck at home with a broken leg, admits, "I don't think I'm in the right place to be replying to this right now...." In 2014 Hamlet was also staged in Guild Wars 2, the article points out. "This is, however, the first attempt I'm aware of that attempts to do the whole thing live in one go, no matter if one of the virtual actors falls to their doom from a blimp. "As Grylls says, 'You can't stop production just because somebody dies.'"

Read more of this story at Slashdot.

Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark

US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok’s stateside operations.…

America's outgoing national security adviser has "wide access to the world's secrets," writes Axios, adding that the security adviser delivered a "chilling" warning that "The next few years will determine whether AI leads to catastrophe — and whether China or America prevails in the AI arms race." But in addition, Sullivan "said in our phone interview that unlike previous dramatic technology advancements (atomic weapons, space, the internet), AI development sits outside of government and security clearances, and in the hands of private companies with the power of nation-states... 'There's going to have to be a new model of relationship because of just the sheer capability in the hands of a private actor,' Sullivan says..." Somehow, government will have to join forces with these companies to nurture and protect America's early AI edge, and shape the global rules for using potentially God-like powers, he says. U.S. failure to get this right, Sullivan warns, could be "dramatic, and dramatically negative — to include the democratization of extremely powerful and lethal weapons; massive disruption and dislocation of jobs; an avalanche of misinformation..." To distill Sullivan: America must quickly perfect a technology that many believe will be smarter and more capable than humans. We need to do this without decimating U.S. jobs, and inadvertently unleashing something with capabilities we didn't anticipate or prepare for. We need to both beat China on the technology and in shaping and setting global usage and monitoring of it, so bad actors don't use it catastrophically. Oh, and it can only be done with unprecedented government-private sector collaboration — and probably difficult, but vital, cooperation with China... There's no person we know in a position of power in AI or governance who doesn't share Sullivan's broad belief in the stakes ahead... That said, AI is like the climate: America could do everything right — but if China refuses to do the same, the problem persists and metastasizes fast. Sullivan said Trump, like Biden, should try to work with Chinese leader Xi Jinping on a global AI framework, much like the world did with nuclear weapons. "I personally am not an AI doomer," Sullivan says in the interview. "I am a person who believes that we can seize the opportunities of AI. But to do so, we've got to manage the downside risks, and we have to be clear-eyed and real about those risks." Thanks to long-time Slashdot reader Mr_Blank for sharing the article.

Read more of this story at Slashdot.

The Washington Post reports: Ruptures of undersea cables that have rattled European security officials in recent months were likely the result of maritime accidents rather than Russian sabotage, according to several U.S. and European intelligence officials. The determination reflects an emerging consensus among U.S. and European security services, according to senior officials from three countries involved in ongoing investigations of a string of incidents in which critical seabed energy and communications lines have been severed... [S]o far, officials said, investigations involving the United States and a half-dozen European security services have turned up no indication that commercial ships suspected of dragging anchors across seabed systems did so intentionally or at the direction of Moscow. Instead, U.S. and European officials said that the evidence gathered to date — including intercepted communications and other classified intelligence — points to accidents caused by inexperienced crews serving aboard poorly maintained vessels. U.S. officials cited "clear explanations" that have come to light in each case indicating a likelihood that the damage was accidental, and a lack of evidence suggesting Russian culpability. Officials with two European intelligence services said that they concurred with U.S. assessments. Despite initial suspicions that Russia was involved, one European official said there is "counter evidence" suggesting otherwise. The U.S. and European officials declined to elaborate and spoke on the condition of anonymity, citing the sensitivity of ongoing investigations... A Nordic official briefed on the investigation said conditions on the tanker were abysmal. "We've always gone out with the assumption that shadow fleet vessels are in bad shape," the official said. "But this was even worse than we thought...." European security officials said that Finland's main intelligence service is in agreement with Western counterparts that the Dec. 25 incident appears to have been an accident, though they cautioned that it may be impossible to rule out a Russian role. The article points out another reason Russia might not want to draw attention to the waterways around NATO countries. Doing so "could endanger oil smuggling operations Russia has relied on to finance the war in Ukraine, and possibly provoke more aggressive efforts by Western governments to choke off Russia's route to the North Atlantic."

Read more of this story at Slashdot.

"As large-scale solar farms crop up across the U.S.," reports ABC News, "the booming solar industry has found an unlikely mascot..." Sheep. In Milam County, outside Austin [Texas], SB Energy operates the fifth-largest solar project in the country, capable of generating 900 megawatts of power across 4,000 acres (1,618 hectares). How do they manage all that grass? With the help of about 3,000 sheep, which are better suited than lawnmowers to fit between small crevices and chew away rain or shine. The proliferation of sheep on solar farms is part of a broader trend — solar grazing — that has exploded alongside the solar industry. Agrivoltaics, a method using land for both solar energy production and agriculture, is on the rise with more than 60 solar grazing projects in the U.S., according to the National Renewable Energy Laboratory. The American Solar Grazing Association says 27 states engage in the practice. "The industry tends to rely on gas-powered mowers, which kind of contradicts the purpose of renewables," SB Energy asset manager James Hawkins said... Because solar fields use sunny, flat land that is often ideal for livestock grazing, the power plants have been used in coordination with farmers rather than against them.... Some agriculture experts say [solar sheepherders'] success reflects how solar farms have become a boon for some ranchers. Reid Redden, a sheep farmer and solar vegetation manager in San Angelo, Texas, said a successful sheep business requires agricultural land that has become increasingly scarce. "Solar grazing is probably the biggest opportunity that the sheep industry had in the United States in several generations," Redden said. The response to solar grazing has been overwhelmingly positive in rural communities near South Texas solar farms where Redden raises sheep for sites to use, he said. "I think it softens the blow of the big shock and awe of a big solar farm coming in," Redden said.

Read more of this story at Slashdot.

ABC News reported that the official newspaper of China's communist party is claiming TikTok refugees on RedNote found a "new home," and "openness, communication, and mutual learning are... the heartfelt desires of people from all countries." But in fact, Wired reports, "China's Cyberspace Administration, the country's top internet watchdog, has reportedly already grown concerned about content being shared by foreigners on Xiaohongshu," and "warned the platform earlier this week to 'ensure China-based users can't see posts from U.S. users,' according to The Information." And that's just the beginning. Wired reports that RedNote is now also "scrambling to hire English-speaking moderators." Social media platforms in China are legally required to remove a wide range of content, including nudity and graphic violence, but especially information that the government deems politically sensitive... "RedNote — like all platforms owned by Chinese companies — is subject to the Chinese Communist Party's repressive laws," wrote Allie Funk, research director for technology and democracy at the nonprofit human rights organization Freedom House, in an email to WIRED. "Independent researchers have documented how keywords deemed sensitive to those in power, such as discussion of labor strikes or criticism of Xi Jinping, can be scrubbed from the platform." But the influx of American TikTok users — as many as 700,000 in merely two days, according to Reuters — could be stretching Xiaohongshu's content moderation abilities thin, says Eric Liu, an editor at China Digital Times, a California-based publication documenting censorship in China, who also used to work as a content moderator himself for the Chinese social media platform Weibo... Liu reposted a screenshot on Bluesky showing that some people who recently joined Xiaohongshu have received notifications that their posts can only be shown to other users after 48 hours, seemingly giving the company time to determine whether they may be violating any of the platform's rules. This is a sign that Xiaohongshu's moderation teams are unable to react swiftly, Liu says... While the majority of the new TikTok refugees still appear to be enjoying their time on Xiaohongshu, some have already had their posts censored. Christine Lu, a Taiwanese-American tech entrepreneur who created a Xiaohongshu account on Wednesday, says she was suspended after uploading three provocative posts about Tiananmen, Tibet, and Taiwan. "I support more [Chinese and American] people engaging directly. But also, knowing China, I knew it wouldn't last for long," Lu tells WIRED. Despite the 700,000 signups in two days, "It's also worth nothing that the migration to RedNote is still very small, and only a fraction of the 170 million people in the US who use TikTok," notes The Conversation. (And they add that "The US government also has the authority to pressure Apple to remove RedNote from the US App Store if it thinks the migration poses a national security threat.") One nurse told the Los Angeles Times Americans signed up for the app because they "just don't want to give in" to "bullying" by the U.S. government. (The Times notes she later recorded a video acknowledging that on the Chinese-language app, "I don't know what I'm doing, I don't know what I'm reading, I'm just pressing buttons.") On Tuesday, the Wall Street Journal reported that Chinese officials had discussed the possibility of selling TikTok to a trusted non-Chinese party such as Elon Musk, who already owns social media platform X. However, analysts said that Bytedance is unlikely to agree to a sale of the underlying algorithm that powers the app, meaning the platform under a new owner could still look drastically different.

Read more of this story at Slashdot.

The S in LLM stands for Security

OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.…

CNN reports: TikTok appears to be coming back online just hours after President-elect Donald Trump pledged Sunday that he would sign an executive order Monday that aims to restore the banned app. Around 12 hours after first shutting itself down, U.S. users began to have access to TikTok on a web browser and in the app, although the page still showed a warning about the shutdown. The brief outage was "the first time in history the U.S. government has outlawed a widely popular social media network," reports NPR. Apple and Google removed TikTok from their app stores. (And Apple also removed Lemon8). The incoming president announced his pending executive order "in a post on his Truth Social account," reports the Associated Press, "as millions of TikTok users in the U.S. awoke to discover they could no longer access the TikTok app or platform." But two Republican Senators said Sunday that the incoming president doesn't have the power to pause the TikTok ban. Tom Cotton of Arkansas and Peter Ricketts of Nebraska posted on X.com that "Now that the law has taken effect, there's no legal basis for any kind of 'extension' of its effective date. For TikTok to come back online in the future, ByteDance must agree to a sale... severing all ties between TikTok and Communist China. Only then will Americans be protected from the grave threat posted to their privacy and security by a communist-controlled TikTok." The Associated Press reports that the incoming president offered this rationale for the reprieve in his Truth Social post. "Americans deserve to see our exciting Inauguration on Monday, as well as other events and conversations." The law gives the sitting president authority to grant a 90-day extension if a viable sale is underway. Although investors made a few offers, ByteDance previously said it would not sell. In his post on Sunday, Trump said he "would like the United States to have a 50% ownership position in a joint venture," but it was not immediately clear if he was referring to the government or an American company... "A law banning TikTok has been enacted in the U.S.," a pop-up message informed users who opened the TikTok app and tried to scroll through videos on Saturday night. "Unfortunately that means you can't use TikTok for now." The service interruption TikTok instituted hours earlier caught most users by surprise. Experts had said the law as written did not require TikTok to take down its platform, only for app stores to remove it. Current users had been expected to continue to have access to videos until the app stopped working due to a lack of updates... "We are fortunate that President Trump has indicated that he will work with us on a solution to reinstate TikTok once he takes office. Please stay tuned," read the pop-up message... Apple said the apps would remain on the devices of people who already had them installed, but in-app purchases and new subscriptions no longer were possible and that operating updates to iPhones and iPads might affect the apps' performance. In the nine months since Congress passed the sale-or-ban law, no clear buyers emerged, and ByteDance publicly insisted it would not sell TikTok. But Trump said he hoped his administration could facilitate a deal to "save" the app. TikTok CEO Shou Chew is expected to attend Trump's inauguration with a prime seating location. Chew posted a video late Saturday thanking Trump for his commitment to work with the company to keep the app available in the U.S. and taking a "strong stand for the First Amendment and against arbitrary censorship...." On Saturday, artificial intelligence startup Perplexity AI submitted a proposal to ByteDance to create a new entity that merges Perplexity with TikTok's U.S. business, according to a person familiar with the matter... The article adds that TikTok "does not operate in China, where ByteDance instead offers Douyin, the Chinese sibling of TikTok that follows Beijing's strict censorship rules." Sunday morning Republican House speaker Mike Johnson offered his understanding of Trump's planned executive order, according to Politico. Speaking on Meet the Press, Johnson said "the way we read that is that he's going to try to force along a true divestiture, changing of hands, the ownership. "It's not the platform that members of Congress are concerned about. It's the Chinese Communist Party and their manipulation of the algorithms." Thanks to long-time Slashdot reader ArchieBunker for sharing the news.

Read more of this story at Slashdot.

The JavaScript runtime Node.js can execute TypeScript (Microsoft's JavaScript-derived language with static typing). But now it can do it even better, explains Marco Ippolito of the Node.js steering committee: In August 2024 Node.js introduced a new experimental feature, Type Stripping, aimed at addressing a longstanding challenge in the Node.js ecosystem: running TypeScript with no configuration. Enabled by default in Node.js v23.6.0, this feature is on its way to becoming stable. TypeScript has reached incredible levels of popularity and has been the most requested feature in all the latest Node.js surveys. Unlike other alternatives such as CoffeeScript or Flow, which never gained similar traction, TypeScript has become a cornerstone of modern development. While it has been supported in Node.js for some time through loaders, they relied heavily on configuration and user libraries. This reliance led to inconsistencies between different loaders, making them difficult to use interchangeably. The developer experience suffered due to these inconsistencies and the extra setup required... The goal is to make development faster and simpler, eliminating the overhead of configuration while maintaining the flexibility that developers expect... TypeScript is not just a language, it also relies on a toolchain to implement its features. The primary tool for this purpose is tsc, the TypeScript compiler CLI... Type checking is tightly coupled to the implementation of tsc, as there is no formal specification for how the language's type system should behave. This lack of a specification means that the behavior of tsc is effectively the definition of TypeScript's type system. tsc does not follow semantic versioning, so even minor updates can introduce changes to type checking that may break existing code. Transpilation, on the other hand, is a more stable process. It involves converting TypeScript code into JavaScript by removing types, transforming certain syntax constructs, and optionally "downleveling" the JavaScript to allow modern syntax to execute on older JavaScript engines. Unlike type checking, transpilation is less likely to change in breaking ways across versions of tsc. The likelihood of breaking changes is further reduced when we only consider the minimum transpilation needed to make the TypeScript code executable — and exclude downleveling of new JavaScript features not yet available in the JavaScript engine but available in TypeScript... Node.js, before enabling it by default, introduced --experimental-strip-types. This mode allows running TypeScript files by simply stripping inline types without performing type checking or any other code transformation. This minimal technique is known as Type Stripping. By excluding type checking and traditional transpilation, the more unstable aspects of TypeScript, Node.js reduces the risk of instability and mostly sidesteps the need to track minor TypeScript updates. Moreover, this solution does not require any configuration in order to execute code... Node.js eliminates the need for source maps by replacing the removed syntax with blank spaces, ensuring that the original locations of the code and structure remain intact. It is transparent — the code that runs is the code the author wrote, minus the types... "As this experimental feature evolves, the Node.js team will continue collaborating with the TypeScript team and the community to refine its behavior and reduce friction. You can check the roadmap for practical next steps..."

Read more of this story at Slashdot.

In 2022 Google released a tool to easily scan for vulnerabilities in dependencies named OSV-Scanner. "Together with the open source community, we've continued to build this tool, adding remediation features," according to Google's security blog, "as well as expanding ecosystem support to 11 programming languages and 20 package manager formats... Users looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities..." Thursday they also announced an extensible library for "software composition analysis" scanning (as well as file-system scanning) named OSV-SCALIBR (Open Source Vulnerability — Software Composition Analysis LIBRary). The new library "combines Google's internal vulnerability management expertise into one scanning library with significant new capabilities such as: Software composition analysis for installed packages, standalone binaries, as well as source code OSes package scanning on Linux (COS, Debian, Ubuntu, RHEL, and much more), Windows, and Mac Artifact and lockfile scanning in major language ecosystems (Go, Java, Javascript, Python, Ruby, and much more) Vulnerability scanning tools such as weak credential detectors for Linux, Windows, and Mac Software Bill of Materials (SBOM) generation in SPDX and CycloneDX, the two most popular document formats Optimization for on-host scanning of resource constrained environments where performance and low resource consumption is critical "OSV-SCALIBR is now the primary software composition analysis engine used within Google for live hosts, code repos, and containers. It's been used and tested extensively across many different products and internal tools to help generate SBOMs, find vulnerabilities, and help protect our users' data at Google scale. We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface."

Read more of this story at Slashdot.