Linux fréttir

Investigative journalist and cybersecurity expert Brian Krebs reports: A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims. Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world's largest technology companies. Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. The complain against Buchanan is available here (PDF).

Read more of this story at Slashdot.

This couldn't possibly be about Chinese model builders taking some of the shine off US rivals, could it?

+Comment Anthropic has urged the White House to further tighten so-called AI diffusion rules – which are already set to hurt Nvidia and co by limiting or blocking the sale of higher-end GPUs and accelerators outside the US and a select few allies from mid-May.…

New submitter LDA6502 writes: The Republican chairman of the House Transportation and Infrastructure Committee is proposing a new annual federal vehicle registration fee of $200 for full EVs, $100 for hybrid EVs, and $20 for combustion vehicles. The tax would be tied to inflation, would be collected by the states, and would expire in 2035. Critics of the proposal note that it could result in low mileage EVs paying a far higher tax rate than heavy ICE trucks and SUVs. Ars Technica notes that the bill "exempts commercial vehicles, which should see a rush from tax avoiders to register their vehicles under their businesses [...]." Farm vehicles will also be exempt from the tax. "The Eno Center for Transportation calculates that this new tax will contribute an extra $110 billion to the highway Trust Fund by 2035 but that cuts to other taxes and more spending mean that the fund will still be $222 billion short of its commitments -- assuming that this added fee doesn't further dampen EV adoption in the U.S., that is."

Read more of this story at Slashdot.

After 10 consecutive quarters of rising AI-related investment, Microsoft has put on the brakes, spending over $1 billion less than the previous quarter (source paywalled; alternative source). Despite the slight slowdown, Microsoft posted stronger-than-expected results with $70 billion in revenue and $25.8 billion in profit. The New York Times reports: In the first three months of 2025, Microsoft spent $21.4 billion on capital expenses, down more than $1 billion from the previous quarter. The company is still on track to spend more than $80 billion on capital expenses in the current fiscal year, which ends in June. But the pullback, though slight, is an indication that the tech industry's appetite for spending on A.I. is not limitless. Overall, Microsoft's results showed unexpected strength in its business. Sales surpassed $70 billion, up 13 percent from the same period a year earlier. Profit rose to $25.8 billion, up 18 percent. The results far surpassed Wall Street's expectations. "Cloud and A.I. are the essential inputs for every business to expand output, reduce costs, and accelerate growth," Satya Nadella, Microsoft's chief executive, said in a statement.

Read more of this story at Slashdot.

For now it's a potential bug-finder and friend to defenders

RSAC Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.…

An anonymous reader quotes a report from TechCrunch: Apple sent notifications this week to several people who the company believes were targeted with government spyware, according to two of the alleged targets. In the past, Apple has sent similar notifications to targets and victims of spyware, and directed them to contact a nonprofit that specializes in investigating such cyberattacks. Other tech companies, like Google and WhatsApp, have in recent years also periodically sent such notifications to their users. As of Wednesday, only two people appear to have come forward to reveal they were among those who received the notifications from Apple this week. One is Ciro Pellegrino, an Italian journalist who works for online news outlet Fanpage. Pellegrino wrote in an article that he received an email and a text message from Apple on Tuesday notifying him that he was targeted with spyware. The message, according to Pellegrino, also said he wasn't the only person targeted. "Today's notification is being sent to affected users in 100 countries," the message read, according to Pellegrino's article. "Did this really happen? Yes, it is not a joke," Pellegrino wrote. The second person to receive an Apple notification is Eva Vlaardingerbroek, a Dutch right-wing activist, who posted on X on Wednesday. "Apple detected a targeted mercenary spyware attack against your iPhone," the Apple alert said, according to a screenshot shown in a video that Vlaardingerbroek posted on X. "This attack is likely targeting you specifically because of who you are or what you do. Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning -- please take it seriously." Reacting to the notification, Vlaardingerbroek said that this was an "attempt to intimidate me, an attempt to silence me, obviously."

Read more of this story at Slashdot.

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...] Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'" For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

Read more of this story at Slashdot.

Google is investing in training over 100,000 new U.S. electricians through a $10 million grant, aiming to address a critical labor shortage driven by AI-fueled data center growth and rising electricity demands. Reuters reports: A lack of access to power supplies has become the biggest problem for giant technology companies racing to develop artificial intelligence in energy-intensive data centers, which are driving up U.S. electricity demand after nearly 20 years of stagnation. The situation has led President Donald Trump to declare a national energy emergency aimed at speeding up permitting for generation and transmission projects. Google's funding, which includes a $10 million grant for electrical worker nonprofits, is the latest in a series of recent moves by giant technology companies to alleviate power project backlogs and electricity shortfalls across the United States. [...] The Google grant will be used for electrician apprenticeship programs and the training of existing workforce through organizations, including the Electrical Training Alliance, International Brotherhood of Electrical Workers and the National Electrical Contractors Association. It could increase the pipeline of electrical workers by 70% by the end of the decade, the company said. "This initiative with Google and our partners at NECA and the Electrical Training Alliance will bring more than 100,000 sorely needed electricians into the trade to meet the demands of an AI-driven surge in data centers and power generation," said Kenneth Cooper, international president of the IBEW labor union.

Read more of this story at Slashdot.

Oligarch's crew makes audits harder, US comptroller general tells Congress

The US Government Accountability Office has confirmed it launched audits of Elon Musk's Trump-blessed cost-trimming DOGE unit amid concerns that its access to agency systems may be complicating oversight and involving sensitive data.…

An anonymous reader quotes a report from Ars Technica: Raspberry Pi boards have a combination of surface-mount devices (SMDs) and through-hole bits. SMDs allow for far more tiny chips, resistors, and other bits to be attached to boards by their tiny pins, flat contacts, solder balls, or other connections. For those things that are bigger, or subject to rough forces like clumsy human hands, through-hole soldering is still required, with leads poked through a connective hole and solder applied to connect and join them securely. The Raspberry Pi board has a 40-pin GPIO header on it that needs through-hole soldering, along with bits like the Ethernet and USB ports. These require robust solder joints, which can't be done the same way as with SMT (surface-mount technology) tools. "In the early days of Raspberry Pi, these parts were inserted by hand, and later by robotic placement," writes Roger Thornton, director of applications for Raspberry Pi, in a blog post. The boards then had to go through a follow-up wave soldering step. Now Pi boards have their tiny bits and bigger pieces soldered at the same time through an intrusive reflow soldering process undertaken with Raspberry Pi's UK manufacturing partner, Sony. After adjusting component placement, the solder stencil, and the connectors, the board makers could then place and secure all their components in the same stage. Intrusive reflow soldering this way involves putting solder paste on both the pads for SMD bits and into the through-hole pins. The through-hole parts are pushed onto the paste, and the whole board then goes into a reflow oven, where the solder paste melts, the connectors fall in more fully, and joints are formed for all the SMD and through-hole parts at once. You can watch the process up close in this mesmerizing video from Surface Mount Process. Intrusive reflow soldering is not a brand-new process, but what it did for the Raspberry Pi is notable, according to Thornton. The company saw "a massive 50% reduction in product returns," and it sped up production by 15 percent by eliminating the break between the two soldering stages. By removing the distinct soldering bath from its production line, the company also reduced its carbon dioxide output by 43 tonnes per year (or 47.4 US tons).

Read more of this story at Slashdot.

Caffeine addicts evidently not thrilled to see cafes become walk-in vending machines

Starbucks, smarting from disappointing second-quarter earnings, says that trying to replace staff with machines was a mistake.…

NIST: Clocks on Earth are ticking a bit more regularly thanks to NIST-F4, a new atomic clock at the National Institute of Standards and Technology (NIST) campus in Boulder, Colorado. This month, NIST researchers published a journal article establishing NIST-F4 as one of the world's most accurate timekeepers. NIST has also submitted the clock for acceptance as a primary frequency standard by the International Bureau of Weights and Measures (BIPM), the body that oversees the world's time. NIST-F4 measures an unchanging frequency in the heart of cesium atoms, the internationally agreed-upon basis for defining the second since 1967. The clock is based on a "fountain" design that represents the gold standard of accuracy in timekeeping. NIST-F4 ticks at such a steady rate that if it had started running 100 million years ago, when dinosaurs roamed, it would be off by less than a second today. By joining a small group of similarly elite time pieces run by just 10 countries around the world, NIST-F4 makes the foundation of global time more stable and secure. At the same time, it is helping to steer the clocks NIST uses to keep official U.S. time. Distributed via radio and the internet, official U.S. time is critical for telecommunications and transportation systems, financial trading platforms, data center operations and more.

Read more of this story at Slashdot.

Cybersecurity is national security, says Jen Easterly

RSAC America's top cyber-defense agency is "being undermined" by personnel and budget cuts under the Trump administration, some of which are being driven by an expectation of perfect loyalty to the President rather than the nation.…

Feds say $970K scheme defrauded 13+ companies

A Maryland man has pleaded guilty to fraud after landing a job with a contractor working on US government software, and then outsourcing the work to a self-described North Korean developer in China.…

Microsoft CEO Satya Nadella said that 20%-30% of code inside the company's repositories was "written by software" -- meaning AI -- during a fireside chat with Meta CEO Mark Zuckerberg at Meta's LlamaCon conference on Tuesday. From a report: Nadella gave the figure after Zuckerberg asked roughly how much of Microsoft's code is AI-generated today. The Microsoft CEO said the company was seeing mixed results in AI-generated code across different languages, with more progress in Python and less in C++.

Read more of this story at Slashdot.

Asus implements droop detector for PCIe slots as GPUs now so heavy they risk toppling out

Graphics cards are now getting so bulky and heavy that device maker Asus has decided customers need a way to detect any sagging or movement of the GPU in its PCIe slot.…

Finland has passed legislation to restrict the use of phones and other mobile devices during the school day amid fears over their impact on student wellbeing and learning. From a report: Under the changes, which were approved by the Finnish parliament on Tuesday and will come into effect on 1 August, mobile devices will be heavily restricted during lesson times. Pupils will be allowed to use them only with the teacher's permission for healthcare or learning purposes. Finland is the latest European country to impose legal restrictions on the use of phones and other mobile devices in schools amid growing evidence of their impact on children and young people, including attention and self-esteem. Earlier this year, Denmark said it would ban mobile phones from all schools. The chair of the country's wellbeing commission, Rasmus Meyer, told the Guardian the measure was necessary to stop schools from being "colonised by digital platforms" and urged the rest of Europe to follow suit.

Read more of this story at Slashdot.

Alphabet CEO Sundar Pichai told a judge who found that Google illegally monopolizes online search that a Justice Department proposal to share search data with rivals would be a "de facto" divestiture of the company's search engine. From a report: If Google were required to share both its search data and the information on how it ranks results, rivals could reverse engineer "every aspect of our technology," Pichai testified on Wednesday. "The proposal on data sharing is so far reaching, so extraordinary," Pichai said. It "feels like de facto divestiture of search" and its entire intellectual property and technology over 25 years of research, he said. During testimony in federal court in Washington, Pichai asserted that a package of antitrust remedies proposed by the government is too extreme and will undermine Google's ability to compete in the market.

Read more of this story at Slashdot.

We'll see if messaging client can keep up with sibling browser

Mozilla has lobbed out Firefox 138, and subsidiary MZLA's Thunderbird 138 isn't far behind. The venerable messaging client is picking up the pace and finally syncing its stride with the browser that spawned it.…

Wikipedia will employ AI to enhance the work of its editors and volunteers, it said Wednesday, also asserting that it has no plans to replace those human roles. The Wikimedia Foundation plans to implement AI specifically for automating tedious tasks, improving information discovery, facilitating translations, and supporting new volunteer onboarding, it said.

Read more of this story at Slashdot.