Linux fréttir

Massive OPSEC fail from the side who brought you 'lock her up'

Senior Trump administration officials used the messaging app Signal to discuss secret government business – including detailed plans to attack Houthi rebels in Yemen - and accidentally invited a journalist to join the group in which they chatted.…

Microsoft is expanding its Security Copilot platform with six new AI agents designed to autonomously assist cybersecurity teams by handling tasks like phishing alerts, data loss incidents, and vulnerability monitoring. There are also five third-party AI agents created by its partners, including OneTrust and Tanium. The Verge reports: Microsoft's six security agents will be available in preview next month, and are designed to do things like triage and process phishing and data loss alerts, prioritize critical incidents, and monitor for vulnerabilities. "The six Microsoft Security Copilot agents enable teams to autonomously handle high-volume security and IT tasks while seamlessly integrating with Microsoft Security solutions," says Vasu Jakkal, corporate vice president of Microsoft Security. Microsoft is also working with OneTrust, Aviatrix, BlueVoyant, Tanium, and Fletch to enable some third-party security agents. These extensions will make it easier to analyze data breaches with OneTrust or perform root cause analysis of network outages and failures with Aviatrix. [...] While these latest AI agents in the Security Copilot are designed for security teams to take advantage of, Microsoft is also improving its phishing protection in Microsoft Teams. Microsoft Defender for Office 365 will start protecting Teams users against phishing and other cyberthreats within Teams next month, including better protection against malicious URLs and attachments.

Read more of this story at Slashdot.

An anonymous reader shares a Bloomberg column: Worries over China's "3D" problem -- that deflation, debt and demographics are structurally hampering growth -- are melting away. Instead, investors are talking about how the world's second-largest economy can take on the US and challenge its technological dominance. There is the prevailing sense that China's "engineer dividend" is finally paying off. Between 2000 and 2020, the number of engineers has ballooned from 5.2 million to 17.7 million, according to the State Council. That reservoir can help the nation move up the production possibility frontier, the thinking goes. In a way, DeepSeek shouldn't have come as a surprise. Size matters. A bigger talent pool alone gives China a better chance to disrupt. In 2022, 47% of the world's top 20th percentile AI researchers finished their undergraduate studies in China, well above the 18% share from the US, according to data from the Paulson Institute's in-house think tank, MacroPolo. Last year, the Asian nation ranked third in the number of innovation indicators compiled by the World Intellectual Property Organization, after Singapore and the US. What this also means is that innovative breakthroughs can pop out of nowhere. [...] More importantly, China's got the cost advantage. Those under the age of 30 account for 44% of the total engineering pool, versus 20% in the US, according to data compiled by Kaiyuan Securities. As a result, compensation for researchers is only about one-eighth of that in the US. Credit must be given to President Xi Jinping for his focus on higher education as he seeks to upgrade China's value chain. These days, roughly 40% of high-school graduates go to universities, versus 10% in 2000. Meanwhile, engineering is one of the most popular majors for post-graduate studies. It's a welcome reprieve for a government that has been struggling with a shrinking population.

Read more of this story at Slashdot.

FaunaDB, a serverless database combining relational and document features, will shut down by the end of May due to unsustainable capital demands. The company plans to open source its core technology, including its FQL query language, in hopes of continuing its legacy within the developer community. The Register reports: The startup pocketed $27 million in VC funding in 2020 and boasted that 25,000 developers worldwide were using its serverless database. However, last week, FaunaDB announced that it would sunset its database services. FaunaDB said it plans to release an open-source version of its core database technology. The system stores data in JSON documents but retains relational features like consistency, support for joins and foreign keys, and full schema enforcement. Fauna's query language, FQL, will also be made available to the open-source community. "Driving broad based adoption of a new operational database that runs as a service globally is very capital intensive. In the current market environment, our board and investors have determined that it is not possible to raise the capital needed to achieve that goal independently," the leadership team said. "While we will no longer be accepting new customers, existing Fauna customers will experience no immediate change. We will gradually transition customers off Fauna and are committed to ensuring a smooth process over the next several months," it added.

Read more of this story at Slashdot.

Be vewy vewy quiet, I'm hunting rackets

The FCC is investigating whether Chinese manufacturers black-listed on its so-called Covered List - including Huawei - are still somehow doing business in America, either by misreading the rules or willfully ignoring them.…

An anonymous reader quotes a report from 404 Media: 23andMe filed for Chapter 11 bankruptcy Sunday, leaving the fate of millions of people's genetic information up in the air as the company deals with the legal and financial fallout of not properly protecting that genetic information in the first place. The filing shows how dangerous it is to provide your DNA directly to a large, for-profit commercial genetic database; 23andMe is now looking for a buyer to pull it out of bankruptcy. 23andMe said in court documents viewed by 404 Media that since hackers obtained personal data about seven million of its customers in October 2023, including, in some cases "health-related information based upon the user's genetics," it has faced "over 50 class action and state court lawsuits," and that "approximately 35,000 claimants have initiated, filed, or threatened to commence arbitration claims against the company." It is seeking bankruptcy protection in part to simplify the fallout of these legal cases, and because it believes it may not have money to pay for the potential damages associated with these cases. CEO and cofounder Anne Wojcicki announced she is leaving the company as part of this process. The company has the genetic data of more than 15 million customers. According to its Chapter 11 filing, 23andMe owes money to a host of pharmaceutical companies, pharmacies, artificial intelligence companies (including a company called Aganitha AI and Coreweave), as well as health insurance companies and marketing companies. Shortly before the filing, California Attorney General Rob Bonta issued an "urgent" alert to 23andMe customers: "Given 23andMe's reported financial distress, I remind Californians to consider invoking their rights and directing 23andMe to delete their data and destroy any samples of genetic material held by the company." In a letter to customers Sunday, 23andMe said: "Your data remains protected. The Chapter 11 filing does not change how we store, manage, or protect customer data. Our users' privacy and data are important considerations in any transaction, and we remain committed to our users' privacy and to being transparent with our customers about how their data is managed." It added that any buyer will have to "comply with applicable law with respect to the treatment of customer data." 404 Media's Jason Koebler notes that "there's no way of knowing who is going to buy it, why they will be interested, and what will become of its millions of customers' DNA sequences. 23andMe has claimed over the years that it strongly resists law enforcement requests for information and that it takes customer security seriously. But the company has in recent years changed its terms of service, partnered with big pharmaceutical companies, and, of course, was hacked."

Read more of this story at Slashdot.

Ex-US Air Force officer says companies shouldn't wait for govt mandates

Interview Former US Air Force cyber officer Sarah Cleveland worries about the threat of a major supply-chain attack from China or another adversarial nation. So she installed solar panels on her house: "Because what if the electric grid goes down?" …

CERN faces a pivotal decision about its future as the Large Hadron Collider approaches the end of its usefulness by the early 2040s. Management proposes building the Future Circular Collider (FCC), a machine with a 90-kilometer circumference that would smash particles at eight times the energy of the LHC. This hugely consequential plan faces significant challenges. Much of the required technology doesn't exist yet, including superconducting magnets strong enough to bend high-energy particle beams. The project also lacks the clear rationale that the LHC had in finding the Higgs boson. The proposal has divided physicists. Critics worry about the decades-long timeline, potential cost overruns, and the risk of sacrificing other valuable CERN activities. Germany, which provides 20% of the lab's budget, has already indicated it won't increase contributions. A council-appointed group is now gathering input from the physics community before making recommendations in December. Nature's editorial board adds: Unless some nations step up with a major infusion of cash, the FCC faces an uncertain prospect of being funded. But waiting too long could mean that there will be a large gap between the new facility opening and the closure of the LHC, and precious expertise could end up being lost. Although physicists might disagree on what CERN should do, they nearly unanimously care about the lab's future. They and their leaders must now make the case for why European taxpayers, who fund most of the lab's yearly budget should care, too. The stakes are beyond science, and even beyond Europe.

Read more of this story at Slashdot.

Valve's early anti-piracy efforts, which eventually led to the Steam platform, were sparked by co-founder Monica Harrington's nephew using her money to buy a CD burner for copying games, she revealed at last week's Game Developers Conference. Harrington said her nephew's "lovely thank you note" about sharing games with friends represented a "generational shift" in piracy attitudes that could "put our entire business model at risk." Half-Life subsequently launched with CD key verification in 1998. When players complained about authentication failures, co-founder Mike Harrington discovered "none of them had actually bought the game," confirming the system worked. Although easily bypassed, this early protection influenced Steam's more robust DRM implemented with Half-Life 2 in 2004, which became the industry standard for PC game distribution.

Read more of this story at Slashdot.

Capital costs of creating document-relational serverless database take their toll

FaunaDB - the database that promised relational power with document flexibility - will shut down its service at the end of May. The biz says it plans to release an open-source version of its core tech.…

Scientists are developing biomarkers to objectively measure pain, addressing a fundamental medical challenge that has contributed to the opioid crisis and led to consistent underestimation of pain in women and minorities. Four research teams funded by the Department of Health and Human Services are developing technologies to quantify pain like other vital signs. Their approaches include a blood test for endometriosis pain, a device measuring nerve response through pupil dilation, microneedle patches sampling interstitial fluid, and a wearable sensor detecting pain markers in sweat. "When patients are told that the pain is all in their head, the implication is that it's imagined, but the irony is that's sort of right," said Adam Kepecs, a neuroscience professor at Washington University. "The pain only exists in your brain. It's neural activity, which is why it's invisible and uniquely personal. But it's still real." These innovations could transform treatment for the nearly 25% of Americans suffering from chronic pain, while potentially saving billions in healthcare costs.

Read more of this story at Slashdot.

Official PoE+ HAT+ for the Pi 5 still MIA

The Raspberry Pi team has launched a Power-over-Ethernet Injector aimed at users who are seeking to add some juice to their network but who lack a network switch capable of doing so.…

The Pentagon has canceled its troubled Defense Civilian Human Resources Management System after years of delays and budget overruns, Defense Secretary Pete Hegseth said. The project, launched in 2018 with a one-year timeline and $36 million budget, ultimately ran eight years and exceeded costs by $280 million, reaching 780% over budget. "We're not doing that anymore," Hegseth said in a video announcing the cancellation. Officials have 60 days to develop a new plan to modernize DoD's civilian HR systems. The cuts are part of a broader $580 million spending reduction that includes $360 million in diversity, climate change and COVID-19 grant programs, plus $30 million in consulting contracts with Gartner and McKinsey.

Read more of this story at Slashdot.

Google has confirmed that a technical issue has permanently deleted location history data for numerous users of its Maps application, with no recovery possible for most affected customers. The problem emerged after Google transitioned its Timeline feature from cloud to on-device storage in 2024 to enhance privacy protections. Users began reporting missing historical location data on support forums and social media platforms in recent weeks. "This is the result of a technical issue and not user error or an intentional change," said a Google spokesperson. Only users who manually enabled encrypted cloud backups before the incident can recover their data, according to Google. The company began shifting location storage policies in 2023, initially stopping collection of sensitive location data including visits to abortion clinics and domestic violence shelters.

Read more of this story at Slashdot.

$280 million of excess spending makes for a ripe - and reasonable - DOGE target

After blowing deadlines and budgets for years, the Pentagon has finally pulled the plug on a troubled project to overhaul its outdated civilian HR IT systems.…

schwit1 writes: A compact, deep-sea, cable-cutting device, capable of severing the world's most fortified underwater communication or power lines, has been unveiled by China -- and it could shake up global maritime power dynamics. The revelation marks the first time any country has officially disclosed that it has such an asset, capable of disrupting critical undersea networks. The tool, which is able to cut lines at depths of up to 4,000 metres (13,123 feet) -- twice the maximum operational range of existing subsea communication infrastructure -- has been designed specifically for integration with China's advanced crewed and uncrewed submersibles like the Fendouzhe, or Striver, and the Haidou series.

Read more of this story at Slashdot.

China's Cyberspace Administration and Ministry of Public Security have outlawed the use of facial recognition without consent. From a report: The two orgs last Friday published new rules on facial recognition and an explainer that spell out how orgs that want to use facial recognition must first conduct a "personal information protection impact assessment" that considers whether using the tech is necessary, impacts on individuals' privacy, and risks of data leakage. Organizations that decide to use facial recognition must data encrypt biometric data, and audit the information security techniques and practices they use to protect facial scans. Chinese that go through that process and decide they want to use facial recognition can only do so after securing individuals' consent. The rules also ban the use of facial recognition equipment in public places such as hotel rooms, public bathrooms, public dressing rooms, and public toilets. The measures don't apply to researchers or to what machine translation of the rules describes as "algorithm training activities" -- suggesting images of citizens' faces are fair game when used to train AI models.

Read more of this story at Slashdot.

Looking to sort through large volumes of security info? Redmond has your backend

Microsoft's Security Copilot is getting some degree of agency, allowing the underlying AI model to interact more broadly with the company's security software to automate various tasks.…

Countries must develop their own artificial intelligence infrastructure or risk significant economic losses as the technology transforms global economies, Mistral CEO Arthur Mensch said last week. "It will have an impact on GDP of every country in the double digits in the coming years," Mensch told the A16z podcast, warning that nations without domestic AI systems would see capital flow elsewhere. The French startup executive compared AI to electricity adoption a century ago. "If you weren't building electricity factories, you were preparing yourself to buy it from your neighbors, which creates dependencies," he said.

Read more of this story at Slashdot.

prisoninmate shares a report: Highlights of Linux 6.14 include Btrfs RAID1 read balancing support, a new ntsync subsystem for Win NT synchronization primitives to boost game emulation with Wine, uncached buffered I/O support, and a new accelerator driver for the AMD XDNA Ryzen AI NPUs (Neural Processing Units). Also new is DRM panic support for the AMDGPU driver, reflink and reverse-mapping support for the XFS real-time device, Intel Clearwater Forest server support, support for SELinux extended permissions, FUSE support for io_uring, a new fsnotify file pre-access event type, and a new cgroup controller for device memory.

Read more of this story at Slashdot.