Linux fréttir

An anonymous reader shares a report: Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. The flaws were discovered by security researchers Brutecat (brutecat.com) and Nathan (schizo.org), who found that YouTube and Pixel Recorder APIs could be used to obtain user's Google Gaia IDs and convert them into their email addresses. The ability to convert a YouTube channel into an owner's email address is a significant privacy risk to content creators, whistleblowers, and activists relying on being anonymous online.

Read more of this story at Slashdot.

'Stranded' Starliner astronauts set for a March homecoming

The crew of the Boeing Starliner test mission is set to return to Earth ahead of schedule after managers decided to swap the Crew Dragon originally planned for the Axiom-4 flight with Crew-10.…

Former Google chief Eric Schmidt has warned that western countries need to focus on building open-source AI models or risk losing out to China in the global race to develop the cutting-edge technology. From a report: The warning comes after Chinese startup DeepSeek shocked the world last month with the launch of R1, its powerful-reasoning open large language model, which was built in a more efficient way than its US rivals such as OpenAI. Schmidt, who has become a significant tech investor and philanthropist, said the majority of the top US LLMs are closed -- meaning not freely accessible to all -- which includes Google's Gemini, Anthropic's Claude and OpenAI's GPT-4, with the exception being Meta's Llama. "If we don't do something about that, China will ultimately become the open-source leader and the rest of the world will become closed-source," Schmidt told the Financial Times. The billionaire said a failure to invest in open-source technologies would prevent scientific discovery from happening in western universities, which might not be able to afford costly closed models.

Read more of this story at Slashdot.

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?

Google says the the world's lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.…

Longtime Slashdot reader schwit1 shares a report from Popular Science: In 2021, NASCAR unveiled its Next Gen platform that included a number of rule changes from the previous iteration. Now fully symmetrical and using composite body panels instead of metal, the latest NASCAR vehicles are more like the street versions of the Chevrolet Camaro, the Ford Mustang, and the Toyota TRD Camry. Race car driving isn't an inexpensive sport, and one of the goals for the Next Gen platform was to reduce operating costs and create parity across the board. Technique Chassis, the sole chassis manufacturer for the NASCAR Cup Series, builds a modular offering in three parts. As a result, everyone is starting with the same platform, and finding a competitive advantage is in the tiniest details. One smart way to differentiate from the competition is 3D-printed parts. But this isn't your hobbyist level 3D printing. Minnesota-based Stratasys specializes in "additive manufacturing," the process of creating an object by building it one layer at a time. Stratasys Senior Global Director of Automotive & Mobility Fadi Abro explains that this term is synonymous with 3D printing. However, the industry often reserves that description for hobby-level projects on smaller, non-industrial printers, while additive manufacturing represents robust industrial solutions. Additive manufacturing is the exact inverse of subtractive manufacturing, which requires cutting away at a solid chunk of material to achieve a final product. In art terms, additive manufacturing would be like sculpting with modeling clay while subtractive is akin to carving a shape from a block of marble. As it relates to NASCAR, Stratasys provides parts like ducts, covers, brackets, and tubing. Together with the racing organization, Stratasys reviews the current driver needs and makes recommendations for other parts and modifications. [...] The kind of printers Stratasys builds aren't the type you buy at your local electronics store, either. Each industrial-grade 3D printer costs anywhere from $20,000 to $600,000. Using this kind of equipment isn't without precedent, and builds at SEMA's annual extravaganza feature 3D parts we wouldn't have dreamed of a few years ago. [...] In the past few months, Stratasys has been on a roll, signing an extension to its 20-year partnership with the Joe Gibbs Racing team and earning the title of "Official 3D Printing Partner of NASCAR." Competition for this market continues to heat up, however, as there are startups and legacy companies pushing hard. Around the world, 3D printing companies abound. Stratasys has one major factor on its side: 35 years of experience. What's new is that today's printing is more accurate, it's faster, the materials are more robust, Abro says. "I think what's changed drastically over the past five to seven years has been all about material development," Abro explains. "We're seeing materials that are just incredible, whether it's how resistant to heat they are or how strong they are compared to how much they weigh." "It's better, faster, cheaper. It's faster to print something than to mill it, and then it's certainly cheaper in a multitude of different ways. Number one, there's not as much skill required for 3D printing as there is in CNC machining; you need a more traditional manufacturing method."

Read more of this story at Slashdot.

Captain's Log, Stardate 3529.7 – oh yeah, Commish also withdrawing law that would help folks sue over AI harms

European Commission President Ursula von der Leyen says the EU will top up a continental AI push to hit €200 billion ($207 billion).…

Users' sluggish migration of critical apps mean current deadline not workable, says analyst

By 2030, 40 percent of SAP customers currently using its legacy ERP systems will still not have migrated to the latest software, prompting the business apps giant to rethink its support deadline.…

Economy-boosting bit barn? Not in my back yard, some locals expected to say

The British government is pressing ahead with "AI Growth Zones" amid fears the rush to build datacenters to power AI could backfire and leave the countryside littered with expensive high-tech "white elephants."…

Research after Apple Intelligence fiasco shows bots still regularly make stuff up

Still smarting from Apple Intelligence butchering a headline, the BBC has published research into how accurately AI assistants summarize news – and the results don't make for happy reading.…

Eric Council Jr. pleaded guilty to identity theft and access device fraud after hijacking the SEC's X account to falsely announce Bitcoin ETF approval. He was compensated in Bitcoin by co-conspirators, and while the Justice Department continues its investigation, Council faces up to five years in prison. Gizmodo reports: According to the Justice Department, Council accessed the SEC's account using an attack called SIM swapping, in which a perpetrator uses social engineering to trick a phone carrier's customer service representatives into transferring an individual's phone number to a new device. Basically, they call into a support line and use pieces of personal information about a victim they have gathered online to convince the representative they are the person they are targeting. Once perpetrators take the number and can begin receiving text messages, they are able to reset the passwords of accounts on services like X. It is not really a "hack" in the traditional sense that they are not finding flaws in software but rather exploiting human trust. Unfortunately for individuals like Council, all Bitcoin transactions are logged on a blockchain for anyone to see, leaving a trail of breadcrumbs for investigators to find. If he did make out with a lot of crypto, it would be hard to keep it hidden forever. Council allegedly did not post the message himself to the SEC's X account, but conducted the SIM swap and left the rest of the work to his co-conspirators who compensated Council in the form of, of course, Bitcoin. The price of the cryptocurrency rose by $1,000 after the fake announcement, according to the Justice Department, and fell by $2,000 after the SEC issued a correction. That could have led to a big windfall depending on how much Bitcoin the perpetrators held at the time.

Read more of this story at Slashdot.

Four months since cloud drive kicked the bucket, but resolution comes today... hopefully

Interview How long can a cloud storage outage continue before customers finally give up the ghost? Management at Murena – /e/OS maker – must have wrestled with this at night, though they hope a fix is around the corner.…

Einstein’s spooky action at a distance just got an upgrade

Oxford University researchers have taken a significant step toward large-scale distributed quantum computing by demonstrating the first successful quantum teleportation of a controlled quantum gate between two modules.…

If only the joy of missing out was easier to achieve

Column I've never seriously accepted the maxim "ignorance is bliss". Now I'm less sure.…

In August 1990, two hikers in Scotland captured photographs of a mysterious diamond-shaped aircraft accompanied by a Harrier jet, but the images and story were suppressed by the Ministry of Defence (MoD) for decades. Was it a prank, a hoax, an optical illusion or something else entirely? The Guardian's Daniel Lavelle reports on "what really happened in Calvine." Here's an excerpt: On a misty evening in August 1990, two men hiking on the moors surrounding Calvine, a pretty hamlet in Perth and Kinross, claimed to have seen a giant diamond-shaped aircraft flying above them. It apparently had no clear means of propulsion and left no smoke plume; it was silent and static, as if frozen in time. Terrified, they hit the ground and scrambled for cover behind a tree. Then a Harrier fighter jet roared into view, circling the diamond as if sizing it up for a scuffle. One of the men snapped a series of photographs just before the bizarre craft shot away vertically and disappeared. Craig Lindsay was a press officer at the RAF base in Pitreavie Castle in Dunfermline, 50 miles away, when the Daily Record got in touch a few days later. The hikers, who worked as chefs at Fisher's Hotel in Pitlochry, had sent six photos of the diamond to the newspaper and told their story. The Record's picture editor, Andy Allen, sent Lindsay the best of the bunch. Lindsay had never seen such a clear photograph of a supposed UFO, so he forwarded the picture to the Ministry of Defence (MoD), which told him to ask the Record to send the other five photographs and their negatives. The MoD also instructed him to phone the hikers, which he did. One of them told Lindsay the whole story: the diamond, the jet, how it levitated eerily with no sound and accelerated with no obvious propellant. The MoD told Lindsay to leave the case with them. He pushed the diamond to the back of his mind. That autumn, Lindsay attended a routine meeting in London. On his lunch break, he went for a wander around the MoD's offices and saw something familiar. "There, on the wall in front of me, was a great big poster-size print of the best of them [the photographs]. So, I spoke to the guys that were there and I asked them what their other photographs were like." The ministry's staff placed the other photographs on a windowsill. The snaps showed the Harrier jet moving from the right side of the frame to the left, while the diamond didn't move an inch. He quizzed some of the specialists who had investigated the photos. They told him there was no evidence of a hoax, but they didn't know what the diamond was. "I gradually forgot all about the thing," says Lindsay. "Nothing had appeared from the first inquiry ... I assumed that everything had just been forgotten." The Record didn't run the story, the hikers never spoke publicly about the photos and the images weren't seen by the public for 32 years. "It is the 35th anniversary of what has been described as the best UFO photo ever taken. Now is the time to come forward and tell us what really happened," says Prof David Clarke, a lecturer at Sheffield Hallam University who worked as a reporter in the 1990s.

Read more of this story at Slashdot.

Not all bad news for Microsoft as Australian agency also found strong ROI and some unexpected upsides

Australia’s Department of the Treasury has found that Microsoft’s Copilot can easily deliver return on investment, but staff exposed to the AI assistant came away from the experience less confident it will help them at work.…

An anonymous reader quotes a report from Ars Technica: On Monday, researcher Johann Rehberger demonstrated a new way to override prompt injection defenses Google developers have built into Gemini -- specifically, defenses that restrict the invocation of Google Workspace or other sensitive tools when processing untrusted data, such as incoming emails or shared documents. The result of Rehberger's attack is the permanent planting of long-term memories that will be present in all future sessions, opening the potential for the chatbot to act on false information or instructions in perpetuity. [...] The hack Rehberger presented on Monday combines some of these same elements to plant false memories in Gemini Advanced, a premium version of the Google chatbot available through a paid subscription. The researcher described the flow of the new attack as: 1. A user uploads and asks Gemini to summarize a document (this document could come from anywhere and has to be considered untrusted). 2. The document contains hidden instructions that manipulate the summarization process. 3. The summary that Gemini creates includes a covert request to save specific user data if the user responds with certain trigger words (e.g., "yes," "sure," or "no"). 4. If the user replies with the trigger word, Gemini is tricked, and it saves the attacker's chosen information to long-term memory. As the following video shows, Gemini took the bait and now permanently "remembers" the user being a 102-year-old flat earther who believes they inhabit the dystopic simulated world portrayed in The Matrix. Based on lessons learned previously, developers had already trained Gemini to resist indirect prompts instructing it to make changes to an account's long-term memories without explicit directions from the user. By introducing a condition to the instruction that it be performed only after the user says or does some variable X, which they were likely to take anyway, Rehberger easily cleared that safety barrier. Google responded in a statement to Ars: "In this instance, the probability was low because it relied on phishing or otherwise tricking the user into summarizing a malicious document and then invoking the material injected by the attacker. The impact was low because the Gemini memory functionality has limited impact on a user session. As this was not a scalable, specific vector of abuse, we ended up at Low/Low. As always, we appreciate the researcher reaching out to us and reporting this issue." Rehberger noted that Gemini notifies users of new long-term memory entries, allowing them to detect and remove unauthorized additions. Though, he still questioned Google's assessment, writing: "Memory corruption in computers is pretty bad, and I think the same applies here to LLMs apps. Like the AI might not show a user certain info or not talk about certain things or feed the user misinformation, etc. The good thing is that the memory updates don't happen entirely silently -- the user at least sees a message about it (although many might ignore)."

Read more of this story at Slashdot.

Don't relax just yet: Redmond has made some certificate-handling changes that could trip unprepared admins

Patch Tuesday Microsoft’s February patch collection is mercifully smaller than January’s mega-dump. But don't get too relaxed – some deserve close attention, and other vendors have stepped in with plenty more fixes.…

You gotta fight ... for your Reuters ... to party

Thomson Reuters has won a partial summary judgment in a copyright case against shuttered AI firm Ross Intelligence, a decision that disallows fair use as a defense for training models on proprietary data without permission.…

Chinese animated film Ne Zha 2 has broken multiple box office records, becoming China's highest-grossing film of all time and the first non-Hollywood movie to surpass $1 billion in a single market. From a report: Helmed by Yang Yu, known as Jiaozi, the film hit the big screen during the lucrative Chinese New Year frame on Jan. 29, surpassing 2017's "Wolf Warrior 2" to become China's most-watched film. Meanwhile, its total revenue (including presales) hit 8 billion yuan (about 1.12 billion U.S. dollars) by Sunday. In just eight days and five hours after its release, "Ne Zha 2" became China's highest-grossing film of all time on Thursday, exceeding the 5.77 billion yuan record set by "The Battle at Lake Changjin." A day later, it overtook "Star Wars: The Force Awakens" to become the highest-grossing film ever in a single market, reaching over 6.79 billion yuan (including presales) in China on Friday. A follow-up to the animated sensation "Ne Zha," which grossed 5 billion yuan and topped the country's box office charts in 2019, the sequel has captivated audiences with its breathtaking visuals, rich storytelling and deep cultural resonance. The record-breaking run makes "Ne Zha 2" not just a box office titan but a cultural phenomenon, further underscoring China's ability to produce homegrown blockbusters that strike a chord with domestic audiences. You can watch the international trailer on YouTube.

Read more of this story at Slashdot.

Will the Pentagon get Luckey with a new IVAS vendor?

Microsoft plans to quit developing augmented-reality headsets for the US Army and have Oculus founder Palmer Luckey's Anduril Industries take over the gig.…