Linux fréttir

All 20 of America's state-run healthcare marketplace sites "include advertising trackers that share information with Big Tech companies," reports Gizmodo, citing a report from Bloomberg: Per the report, seven million Americans bought their health insurance through state exchanges in 2026, and many of them may have had personal information shared with companies, including Meta, TikTok, Snap, Google, Nextdoor, and LinkedIn, among others. Some of the data collected and shared with those companies included ZIP codes, a person's sex and citizenship status, and race. In addition to potentially sensitive biographical details about a person, the trackers also may reveal additional details about their life based on the sites they visit. For instance, Bloomberg found trackers on Medicaid-related web pages in Rhode Island, which could reveal information about a person's financial status and need for assistance. In Maryland, a Spanish-language page titled "Good News for Noncitizen Pregnant Marylanders" and a page designed to help DACA recipients navigate their healthcare options were found to be transmitting data to Big Tech firms... Per Bloomberg, several states have already removed some trackers from their exchange websites following the report. Thanks to Slashdot reader JoeyRox for sharing the news.

Read more of this story at Slashdot.

CNN reports on a "sudden surge of claimed sightings" of "unidentified figures averaging 8 feet tall in wooded areas" along Ohio's Mahoning River. "And it stopped just as quickly as it started," says Jeremiah Byron, host of the Bigfoot Society Podcast, which collected and mapped the reports .... Byron doesn't take every report at face value, making sure he talks to people directly before publicizing their claims. Once word got out about the reports in Ohio, so did the obvious fakes. "I started to get a lot of AI-generated reports in my email. It got up to the point where I was probably getting about 1,000 emails a day," he says. But when Byron spoke by phone with people who made the initial reports, they convinced him they weren't making anything up. "It was obvious they weren't just wanting to get their name out there," says Byron. "They were just freaked out by what they experienced, and they didn't want anything else to do with it." [...] Local law enforcement in Ohio also seem to be enjoying the publicity. Portage County Sheriff Bruce D. Zuchowski made a series of gag posts purporting to show the arrest of Bigfoot and his detention by Immigration and Customs Enforcement, only for the creature to escape from custody at the Canadian border... Despite the levity, the sheriff's office really did get some calls from concerned residents, Zuchowski says. "Ten individual people were like, 'Yeah I was walking my dog at 4 a.m. and I saw this hairy figure and I smelled this musty odor and there was this big thing and all of a sudden it ran,'" the sheriff told CNN affiliate WOIO in March.

Read more of this story at Slashdot.

A chain of 30 U.S. newspapers including the Sacramento Bee, the Miami Herald and the Idaho Statesman "has started to use a new AI tool that can summarize traditional articles and spit out different versions for different audiences," reports the New York Times. And the chain's reporters "are not happy about it." Journalists in many of the company's newsrooms are now withholding their bylines from articles created by the new tool, meaning that those articles will run with a generic credit rather than a reporter's name, as is customary. They are also labeled AI-assisted. "We don't want to put our bylines on stories we did not actually write even if they're based on our work," said Ariane Lange, an investigative reporter at the Sacramento Bee and the vice chair of the Sacramento Bee News Guild. "That in itself feels like a lie." The reporters' byline strike is one of the sharpest conflicts yet between journalists and their companies over the use of AI. Related debates are playing out in newsrooms across the country, as publishers experiment with new AI tools to streamline work that used to take hours, and some even use it to write full articles... [E]xecutives have promoted the tool internally as a way to increase the number of articles published and ultimately gain new subscribers... [Eric Nelson, the vice president of local news] said using reporters' bylines on the AI-generated articles was a way to show "authority" on Google so the search engine would rank the articles higher in the results. He also said the company was experimenting with feeding in reporters' notes to create articles. "Journalists who embrace and experiment with this tool are going to win," Nelson said in the meeting. "Journalists who are defiant will fall behind".... McClatchy's public AI policy states that the company uses AI tools to summarize articles to "help readers quickly understand the main points of a single story or catch up on multiple stories about a larger topic," and that editors review the output before publication.

Read more of this story at Slashdot.

America's school districts "spent billions on technology during the pandemic," reports the Washington Post. "But now some states are limiting in-school screen time because of concerns about its impact on children." Nationwide [U.S.] schools invested at least $15 billion and possibly as much as $35 billion from federal pandemic relief funds on laptops, learning software and other technology between 2020 and 2024, according to an estimate by the Edunomics Lab, an education think tank. By last school year, 88% of public schools reported in a federal survey they had given every child a laptop, tablet or similar device. Now, some states and school districts are walking back their technology use following pressure from parents who claim too much in-school screen time has zapped children's attention spans and left them worse off academically. At least a dozen states introduced or adopted policies this year that attempt to regulate screen time in schools — from prescribing limits to allowing families to opt out of virtual instruction... In Missouri, a bill would require every school district in that state to come up with a screen time policy is making its way through the state legislature. "Ed tech is just big tech in a sweater vest," said Missouri state Rep. Tricia Byrnes (R), who introduced the legislation and blames what she described as the overuse of technology for middling test scores... Complicating the issue is research that shows students do not see any academic gains when provided with laptops. A meta-analysis of studies on reading comprehension suggests paper-based texts are better than digital-based reading... A body of research has established that excessive or unstructured screen time can have detrimental effects on children, including harming language development, weakening social skills and triggering anxiety and depression. But the effects of school-issued devices and in-school usage on children's development are less understood, said Tiffany Munzer, a developmental behavioral pediatrician and digital media researcher at the University of Michigan. Some studies report that high-quality digital tools can support students' learning goals, Munzer said. But "a lot of the apps that are marketed as educational ... are not actually educational and contain a lot of commercialized content."

Read more of this story at Slashdot.

The next major release of macOS looks likely to remove Apple Filing Protocol (AFP) support, stopping Time Capsules from working… but life FOSS, uh, finds a way. The current version of macOS "Tahoe" 26.4 already has network Time Machine issues, especially for folks using Apple Time Capsules. It looks like macOS 27 may completely remove the network protocol they need. However, the Time Capsules run NetBSD under the hood, and that means that the FOSS world has been able to come up with a workaround. It's called TimeCapsuleSMB, and it aims to keep older Time Capsules usable with modern macOS. It's eight months since Apple released macOS 26, and the company's annual release schedule means that macOS 27 is looming. Although Cupertino hasn't told the world much about it yet, it is warning sysadmins to "prepare your network environment for stricter security requirements." Reading the bulletin, we found it rather clixby: while it firmly warns that security checks will become stricter, it doesn't spell out what products will change or how. Happily, there are elder Mac gurus out there who interpret Apple's sometimes Delphic utterances, and Howard Oakley is one of the greatest. In a post about networking changes coming in macOS 27, he translates that it will require TLS 1.2 or above. (The Register explained TLS back in 2002, and version 1.2 appeared about six years later.) However, he also warns that it could mean the end of AFP, which is basically Appletalk-over-TCP/IP version 3.4. AppleTalk was the Mac network protocol for file sharing from System 6 onward. In 2013, OS X 10.9 "Mavericks" made Microsoft's SMB the default file-sharing protocol in place of AFP, and it looks like AFP now faces the ax: it was officially deprecated in macOS 15.5. To be fair, macOS 26 Macs started displaying a warning to Time Capsule users nearly a year ago. Apple introduced the first model of Time Capsule in 2008, and the fifth-generation version in 2013. The company discontinued the whole AirPort product line in 2018. All generations only support AFP and SMB version 1. That’s the original version that appeared with LAN Manager in 1987, and we reported on Samba dropping SMB1 back in 2022. The good news is that even if Apple kills its original file-sharing protocol next year, the FOSS community is on the case and won't let working kit die. The Time Capsule hardware is essentially a box containing a Wi-Fi access point and a hard disk, and an Arm chip with just enough software to share that HDD as network-attached storage. Apple didn't write this software from scratch: it picked up and customized NetBSD for the job. The first four generations of Time Capsule (flat square boxes) run NetBSD 4, and the fifth-gen devices – the tall tower-shaped models from 2013 onward – run NetBSD 6. That gave Microsoft's James Chang an opening. Since the devices run NetBSD, it's possible to compile a newer version of Samba, and copy it somewhere that the tiny embedded Arm computer can find it. Teaching such old kit a new trick is never that easy, though, and he faced a number of challenges, which he details in the design section of the project README. Among them are machines that only have about 900 KB of available disk space – less than 1 MB – and a tiny 16 MB RAMdisk. He settled on Samba 4.8, which dates back to 2018, the same year Apple discontinued the product line, but which includes the necessary Time Machine support, via a module named vfs_fruit. The TimeCapsuleSMB docs are worth a read. We found his descriptions of how he worked around the hardware's very significant limitations impressive. Notably, on the early models, you'll need to manually reload the software every time you reboot the Time Capsule. The final model can do this automatically. Don't fret at the thought of backing up to such an elderly spinning hard disk: iFixit has descriptions of how to replace the drive in both the early models and the later ones too. ®

A four-foot humanoid robot named Gabi has become a monk at a Buddhist temple in Seoul, participating in a modified initiation ceremony where it pledged to respect life, obey humans, act peacefully toward other robots and objects. "Robots are destined to collaborate with humans in every field in the future," Hong Min-suk, a manager at the Jogye Order, the largest sect of Buddhism in South Korea, tells the New York Times. "It will only be natural for them to be part of our festival." Smithsonian Magazine reports: For the temple, this marks the first time a robot has participated in the sugye initiation ceremony, when followers pledge their devotion to the Buddha and his teachings. Gabi -- a Buddhist name that refers to mercy, Yonhap News Agency reports -- was made by Unitree Robotics, a Chinese civilian robotics company. The model, G1, retails starting at $13,500. During the ceremony, Gabi agreed to five vows usually recited by human monks and slightly altered for the humanoid. The robot pledged to respect life, act with peace toward other robots and objects, listen to humans, refrain from acting or speaking in a deceptive manner and save energy. Gabi participated in a modified yeonbi purification ritual. While a human monk normally receives a small incense burn on the arm, instead Gabi received a lotus lantern festival sticker and a prayer bead necklace. The landmark event aligns with the promise made during a New Year's address by the Venerable Jinwoo, president of the Jogye Order of Korean Buddhism, to incorporate artificial intelligence into the Buddhist tradition. "We aim to fearlessly lead the A.I. era and redirect its achievements toward the path of attaining peace of mind and enlightenment," he said, per a statement.

Read more of this story at Slashdot.

Visitors to London’s iconic Telecom Tower might soon be able to go for a rooftop swim, according to plans revealed by the developer turning the building into a hotel. The iconic 177 meter (581 ft) high structure in Fitzrovia in London’s West End was sold off by BT Group in 2024 to US-based hotel owner-operator MCR Hotels for £275 million ($346 million). At the time, the firm said it wanted to preserve the Grade II listed building, while converting it into a hostelry. Now, MCR has announced a small number of public consultation events it is holding on May 11, 12, and 16 where those interested can view the emerging proposals for the site, meet the project team, and share any feedback on the plans. Those proposals include public access to the top of the tower and its podium buildings for the first time in almost half a century. The 34th floor was famously home to a revolving restaurant that gave diners a panoramic view of Britain’s capital as it slowly turned once every 22 mins, but this was closed in 1980. Also part of the proposals are a new publicly accessible square plus retail shops and restaurants at ground level, and a rooftop swimming pool. London is home to a number of high-rise swimming venues already. There is the vertigo-inducing Sky Pool which spans two apartment buildings ten stories up at the Embassy Gardens development in the Nine Elms region of Wandsworth. You will find an infinity pool at the Shangri-La hotel on the 52nd-floor of the Shard building near London Bridge, and there is also a pool on the roof of the Berkeley Hotel, overlooking Knightsbridge. The BT Tower was originally known as the Post Office Tower when it was first built in 1964, and its main purpose was to support microwave antennas used to beam telecom signals between London and the rest of the country. The tower will not be turned into a vertical hotel immediately. BT said payment for the site is spread over six years to 2030, during which time the company will gradually remove all of its telecoms equipment from the building. As we reported previously, the BT Tower also famously fell victim to a giant kitten in an episode of the British 1970s TV comedy series The Goodies. ®

The UK Home Office wants to talk to suppliers about its plans for two potential procurements for the Strategic Central and Bureau Platform (SCBP), its core biometrics system, worth up to £300 million. The department said the procurements could cover support, development, and ongoing modernization of SCBP after it shifted much of the platform to "more modern and widely adopted technology stacks." It said this could allow a broader range of suppliers to undertake support and development work, and split up the work ("potential disaggregation"), according to a preliminary market engagement notice. The notice quotes a total estimated value for the contracts of £296 million including VAT over up to 11 years from October 2027, although it adds that this is based on current annual charges – suggesting these are around £27 million – and should be seen as indicative. The Home Office is holding an event with TechUK on May 15 to start the discussion, with participants required to sign a non-disclosure agreement first. SCBP is part of the long-running Home Office Biometrics (HOB) program to bring together the government's collections of fingerprints, DNA profiles, and facial images. SCBP provides the core components of the Immigration and Asylum Biometrics System (IABS) used for passports, immigration and borders, and the corresponding Ident1 service used by law enforcement. The department's most recent assessment of the HOB program in December 2024 referred to a cost increase of £47.8 million, including £34 million of this covering Ident1 modernization "to deal with urgent obsolescence issues and security vulnerabilities" and £4.4 million for an upgrade to support Livescan, through which police officers collect fingerprints and facial images following arrests. The assessment said the overall cost of the HOB program from 2014-15 to 2034-35 then stood at £1.55 billion. According to Home Office permanent secretary Matthew Rycroft, benefits include searching crime marks (such as fingerprints left at crime scenes) against immigration databases, the police's mobile fingerprint identification service, and the ability to collaborate with other countries. ®

sciencehabit shares a report from Science Magazine: Cold War spies planted bugs in walls, lamps, and telephones. Now, scientists warn, the cables themselves could listen in. A fiber optic technique used to detect earthquakes can also pick up the faint vibrations of nearby speech, researchers reported this week here at the general assembly of the European Geosciences Union. Freely available artificial intelligence (AI) software turned the fiber optic data into intelligible, real-time transcripts. "Not many people realize that [fiber optic cables] can detect acoustic waves," says Jack Lee Smith, a geophysicist at the University of Edinburgh who presented the result. "We show that in almost every case where you use these fibers, this could be a privacy concern." Fiber optics can pick up on sound through a technique called distributed acoustic sensing (DAS). Using a machine called an interrogator, researchers fire laser pulses down a cable and record the pattern of reflections coming back from tiny glass defects along the length of the fiber optic. When an earthquake's seismic wave crosses a section of the fiber, it stretches and squeezes the defects, leading to shifts in the reflected light that researchers can use to build a picture of an earthquake. DAS essentially turns a fiber cable into a long chain of seismometers that can detect not only earthquakes, but also the rumblings of volcanoes, cars, and college marching bands. And although scientists set up dedicated fiber lines specifically for research, DAS can also be performed on "dark fiber" -- unused strands in the web of fiber optics that runs through cities and across oceans, carrying the world's internet traffic. DAS can also be used to eavesdrop, the work of Smith and his colleagues shows. They conducted a field test using an existing DAS setup used to study coastal erosion. They set a speaker next to the cable and played pure tones, music, and speech. Human speech contains frequencies ranging from a few hundred to several thousand hertz. The low end of the range could be pulled out of the data "even without any preprocessing," Smith says. "You can easily see acoustic waves." Getting higher frequency speech took a bit of postprocessing, but it was possible. Dumping the data directly into Whisper, a free AI transcription tool, provided accurate real-time transcription. However, this technique worked only for coiled cables, exposed at the surface, at distances of up to 5 meters from the speaker. Burying the cable under just 20 centimeters of dirt was enough to muddy the speech. And straight cables -- even exposed ones right next to the speaker -- did not record speech well.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: Walking into Mexico City's sprawling central Zocalo is a dizzying experience. At one end of the plaza, the capital's cathedral, with its soaring spires, slumps in one direction. An attached church, known as the Metropolitan Sanctuary, tilts in the other. The nearby National Palace also seems off-kilter. The teetering of many of the capital's historic buildings is the most visible sign of a phenomenon that has been ongoing for more than a century: Mexico City is sinking at an alarming rate. Now, the metropolis's descent is being tracked in real time thanks to one of the most powerful radar systems ever launched into space. Known as Nisar, the satellite can detect minute changes in Earth's surface, even through thick vegetation or cloud cover. "Nisar takes radar imaging observations of Earth to the next level," said Marin Govorcin, a scientist at Nasa's jet propulsion laboratory. "Nisar will see any change big or small that happens on Earth from week to week. No other imaging mission can claim this." Though not the first time that Mexico City's sinking has been observed from space, the Nisar mission has provided a greater sense of how far the sinking spreads and how it changes across different types of land than any other space-based sensor. It has also been able to penetrate areas on the outskirts of the city that were previously challenging to study because of the complex terrain. The implications of the imagery extend far beyond the Mexican capital. "This study of Mexico City speaks to the realm of possibilities that will open up thanks to the Nisar system," said Dario Solano-Rojas, an engineer at the National Autonomous University of Mexico (Unam). "And not just for sinking cities but also for studying volcanoes, for studying the deformation associated with earthquakes, for studying landslides." According to Nasa, the technology is also capable of monitoring the climate crisis, glacier sliding, agricultural productivity, soil moisture, forestry, coastal flooding and more. The Nisar system found that some parts of the city are dropping by more than 2cm a month. "First documented in 1925, the city's sinking is a result of centuries of exploitation of the groundwater," the report says. "Because Mexico City and its surrounds were built on an ancient lake bed, the soil beneath the city is extremely soft. When water is pumped out of the aquifer below, this clay-like earth compacts, resulting in a city that is quietly sinking." The crisis is also self-reinforcing: as the city sinks, aging pipes crack and leak, causing Mexico City to lose an estimated 40% of its water, even as drought and climate change make supplies more fragile.

Read more of this story at Slashdot.

This week was the best of times for Akamai and the worst of times for Cloudflare. On the same evening, content delivery network mainstay Cloudflare announced it was cutting about a fifth of its staff in a realignment around AI, its competitor Akamai announced a seven-year, $1.8 billion deal with a leading LLM provider that Bloomberg identified as Anthropic. Akamai CEO Tom Leighton said this was the largest deal in the company’s history and that it came after another large, unidentified frontier-model developer signed a $200 million deal last quarter. “These leaders in AI have chosen Akamai because their AI workloads need the scale, performance and reliability that our cloud platform provides,” he said during the company’s first quarter earnings call on Thursday. Akamai, which has 4,300 locations in 700 cities across 130 countries, won the deal against stiff competition from hyperscalers and neoclouds. He said Akamai’s ability to manage and scale complex distributed systems, as well as its low latency, tipped the scales in its favor. Given the supply chain constraints in datacenter space, especially as it relates to memory costs and the infrastructure needed inside of large datacenter buildouts, one analyst asked if Akamai planned any increase to its capital expenditures this year to pay for it. Akamai executive vice president and CFO Ed McGowan said that was not likely. “We’ve been able to get the supply chain ready. We anticipate receiving all the goods that we need to deliver this services over the next seven years within the next 12 months,” he said. “Now there’s always potential for slippage and delays, but we have mechanisms in our contracts to deal with, if, in say six months from now, prices were to go up. So we’ve taken that into consideration.” McGowan said it is a consumption-based contract over seven years, so as soon as Akamai ramps the necessary capacity, it will start taking revenue, which he expects to begin happening later this year. Winning this deal and ones like it has been Akamai’s goal in the AI era, Leighton said. “This has been the strategy all along. So we’re very pleased to be executing against it,” he said. “The goal has been to be deploying a distributed inference platform, distributed compute platform that would be desired by enterprises across the spectrum … The platform is to a point where we can do that, and I think you'll see more of this going forward.” On the same day, across the country, Cloudflare was spelling out the bad news to its employees that it planned to cut the workforce by 1,100, roughly 20 percent. Cloudflare co-founders Matthew Prince and Michelle Zatlyn said it was not about cutting costs, but about building a company that meets the AI moment. “We have to be intentional in how we architect our company for the agentic AI era in order to supercharge the value we deliver to our customers and to honor our mission to help build a better Internet for everyone, everywhere,” they wrote in a blog post. Cloudflare’s revenues grew 34 percent year over year to reach $639.8 million in the first quarter. It posted a net loss of $22.9 million. It expects to pay up to $150 million in severance and benefit payments related to the layoffs. While Akamai’s stock price surged 26 percent on Friday, Cloudflare dropped 23 percent. With a market cap of over $69 billion, Cloudflare still has more than three times Akamai’s market cap. ®

Longtime Slashdot reader cellocgw writes: Hiding inside another layoff report, Fidelity is reorganizing: "The changes are aimed at moving the teams away from an 'agile' makeup -- comprising smaller, siloed squads -- and toward larger teams built to move faster on projects." OMG, as they say: "Sudden outbreak of common sense." According to the Boston Globe, Fidelity is cutting about 1,000 jobs even as it plans to hire roughly 5,300 new workers, many of them early-career engineers. Half of the 3,300 new workers hired this year "will be in tech or product-related roles," the report says, noting that "about 2,000 of those jobs are currently open, and 400 of them are in tech/product-delivery." "The company also plans to add almost 2,000 new early-career workers, with the goal of making the tech and product-delivery teams more hands-on. In all, that means roughly 5,300 new jobs in the pipeline for Fidelity." The company says AI isn't driving the shift; as cellocgw noted, it's about moving toward larger teams that Fidelity says can move faster on priority projects. The financial services firm also reported a strong 2025 under CEO Abigail Johnson, with managed assets rising 19% from 2024 to $7.1 trillion and revenue climbing 15% to $37.7 billion. "Throughout the company's history, our investments in technology have fueled our growth and customer service capabilities," Johnson wrote in a letter (PDF) included in the company's annual report. "We will continue to prioritize technology initiatives that help us advance digital capabilities, simplify our technology ecosystem, and protect the firm and our customers."

Read more of this story at Slashdot.

BrianFagioli writes: Micron says it is now shipping the world's highest-capacity commercially available SSD, and the numbers are honestly hard to wrap your head around. The new Micron 6600 ION packs 245TB into a single drive and is aimed squarely at AI infrastructure, hyperscalers, and cloud providers dealing with exploding data growth. According to the company, the SSD can reduce rack counts by 82 percent compared to HDD deployments offering similar raw capacity, while also cutting power usage and cooling requirements. Micron says the drive tops out at roughly 30W, which it claims is about half the power draw of comparable hard drive setups. The announcement also feels like another warning sign for spinning disks in the enterprise. Hard drives still dominate bulk storage because of lower cost per terabyte, but SSD capacities keep climbing into territory that used to belong exclusively to HDDs. Micron is also touting major performance gains, claiming up to 84 times better energy efficiency for AI workloads and dramatically lower latency versus HDD-based systems. While nobody is dropping one of these into a home NAS anytime soon, the idea of a quarter petabyte on a single SSD no longer sounds like science fiction.

Read more of this story at Slashdot.

It's getting more expensive to use the latest models. OpenAI last month bumped the version number of its GPT model family to 5.5, and per-token prices rose too, in some cases doubling compared to its predecessor. For 1 million tokens, GPT-5.5 is priced at $5 (input), $0.50 (cached input), and $30 (output). Its predecessor GPT-5.4 charges $2.50 (input), $0.25 (cached input), and $15 (output) per 1 million tokens. The AI biz claims that the cost increase is offset to some extent by token processing efficiency – delivering better results using fewer tokens. "While GPT‑5.5 is priced higher than GPT‑5.4, it is both more intelligent and much more token efficient," the company said during the rollout. But the cost is still going up, more than efficiency improvements are reducing costs. According to an analysis conducted by OpenRouter, GPT-5.5 is anywhere from 50 percent more expensive to nearly twice as expensive, depending on prompt length. "Our analysis shows that GPT-5.5 actual costs increased 49 percent to 92 percent," OpenRouter said. "Longer prompts, over 10k tokens, saw costs offset by shorter completions. Shorter prompts, under 10k, experience a higher cost increase where completions did not get shorter." That range – 49 percent to 92 percent – factors in the model's token efficiency improvements, which are more relevant for longer prompts. According to OpenRouter's measurements, GPT-5.5 generates between 19 percent and 34 percent fewer completion tokens for longer prompts (10,000 tokens and up). If reports of OpenAI's projected $14 billion loss in 2026 prove accurate, costs will have to rise much more to balance its insistent spending. But this is a problem also faced by rival Anthropic, set to lose a reported $11 billion in 2026. Anthropic's Claude Opus 4.7 arrived without a visible list price change amid claims about an improved tokenizer. The result, according to OpenRouter, is potential savings for shorter prompts but larger bills for longer ones. "Our study of real Opus 4.7 usage shows that actual costs increased 12–27 percent for prompts above 2K tokens when cache absorption is taken into account," the biz said. "Short prompts under 2K were the exception, where significantly shorter completions offset the tokenizer overhead entirely." Expect further price increases for premium models. ®

mrspoonsi shares a report: Dirty Frag is a vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel), that can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. Dirty Frag extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high. Because the embargo has been broken, no patch or CVE currently exists. "As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions, and it chains two separate vulnerabilities," Kim said. Detailed technical information can be found here. BleepingComputer notes that the two vulnerabilities chained by Dirty Frag are "now tracked under the following CVE IDs: the xfrm-ESP one was assigned CVE-2026-43284, and the RxRPC isye is now CVE-2026-43500."

Read more of this story at Slashdot.

OPINION Twice this week we've been told by our would-be tech oligarchs that people are being paid to hate them. Alex Karp said 10 percent of the world professionally hates Palantir and Kevin O’Leary said paid agitators were protesting his Utah data center. This is the familiar language we hear in politics when someone needs a ready scapegoat to explain away unpopularity. We should pay attention to this argument as it transfers from politics to technology, because it is revealing the alleged victims' intent. They have done, and are going to do, some very unpopular things and, when people push back, those complaints need to be quickly marginalized. Just like in a mob trial when the defense lawyer tells the court what the rat is getting from the government to squeal, calling people paid agitators or professional haters invites us to question their motives. Just when we are shocked by Karp's audacity, saying that he doesn't care if the Iran war is unpopular and that Palantir will support it, with the next breath, he tells us to check the pockets of the people picketing. Just when the public stirs and demands to know why a Shark Tank star wants to gobble up all the electricity and water in a state, he says the only green initiative they care about is in their wallet. It's also a dog whistle to those like-minded souls who hunger for enemies and grievance, that even a simple billionaire – doing nothing wrong other than selling software that helps the government select targets to bomb – can be picked on by people that hate America. It lets their compatriots in Podcastistan know how to feel and where to stand if they want to be on the right side of the argument. Are you pro-Iran nuclear weapons blowing up Christian orphanages? Or are you going to be nice to Alex Karp? Are you in favor of being a boss and not even looking at the electricity bill, just sliding your titanium card across the meter like a baller? Or are you going to whine that the data center uses more electricity than everything that is plugged into an electrical outlet in the state of Utah? It makes the argument simple, not for everyone, but for just enough. For the loudest, the angriest, and the most ... patriotic. As those voices rise, reason gets drowned out. The debate gets confused and crucially, people move on. At this moment, the public's attention is fractured and emotions are spent. Focusing outrage on anything complex is next to impossible when there are so many unambiguous abuses of power. All you need to do is muddy the waters a bit and let them swim away. Anyone who sticks around? They're probably getting paid to do it. Getting paid is what this is all about after all. In the last 90 days, Palantir got $858 million from working on unpopular wars with unpopular governments. I mean look, like they say, it was all done to protect the ideal of western liberal democracies, of course. Nothing says you understand the teaching of democracy better than ignoring how the public feels when the warlord is jingling his purse. Why should haters be the only ones getting paid? When we published Karp’s comments about 10 percent professionally hating Palantir, savvy readers at The Register showed they are on to the grift. “I mean, it's the wording itself — 10% “professionally” hates Palantir," wrote commenter Pulled Tea. "Could be right! Bet you many of the people who are doing the hating are dedicated, high-level amateurs." ®

An anonymous reader quotes a report from Wired: Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, Zvi says, including medical information, financial data, corporate presentations, and strategy documents, as well as detailed logs of customer conversations with chatbots. "The end result is that organizations are actually leaking private data through vibe-coding applications," says Zvi. "This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world." Zvi says RedAccess' scouring for vulnerable web apps was surprisingly easy. Lovable, Replit, Base44, and Netlify all allow users to host their web apps on those AI companies' own domains, rather than the users'. So the researchers used straightforward Google and Bing searches for those AI companies' domains combined with other search terms to identify thousands of apps that had been vibe coded with the companies' tools. Of the 5,000 AI-coded apps that Zvi says were left publicly accessible to anyone who simply typed their URLs into a browser, he found close to 2,000 that, upon closer inspection, seemed to reveal private data: Screenshots of web apps he shared with WIRED -- several of which WIRED verified were still online and exposed -- showed what appeared to be a hospital's work assignments with the personally identifiable information of doctors, a company's detailed ad purchasing information, what appeared to be another firm's go-to-market strategy presentation, a retailer's full logs of its chatbot's conversations with customers, including the customers' full names and contact information, a shipping firm's cargo records, and assorted sales and financial records from a variety of other companies. In some cases, Zvi says, he found that the exposed apps would have allowed him to gain administrative privileges over systems and even remove other administrators. In the case of Lovable, Zvi says he also found numerous examples of phishing sites that impersonated major corporations, including Bank of America, Costco, FedEx, Trader Joe's, and McDonald's, that appeared to have been created with the AI coding tool and hosted on Lovable's domain. "Anyone from your company at any moment can generate an app, and this is not going through any development cycle or any security check," Zvi says. "People can just start using it in production without asking anyone. And they do."

Read more of this story at Slashdot.

The Pentagon has begun releasing new UFO/UAP files through a newly launched public website, starting with 162 documents from agencies including the FBI, State Department, NASA, and others. Officials say more files will be released on a rolling basis. The Associated Press reports: The Pentagon has begun releasing new files on UFOs, saying members of the public can draw their own conclusions on "unidentified anomalous phenomena" like an object that a drone pilot says shone a bright light in the sky and then vanished. It said in a post on X on Friday that while past administrations sought to discredit or dissuade the American people, President Donald Trump "is focused on providing maximum transparency to the public, who can ultimately make up their own minds about the information contained in these files." It said additional documents will be released on a rolling basis. Besides the Pentagon, the effort is led by the White House, the director of national intelligence, the Energy Department, NASA and the FBI. A newly unveiled website housing the documents on unidentified anomalous phenomena, or UAPs, has a decidedly retro feel, with black-and-white military imagery of flying objects displayed prominently on the page, with statements displayed in typewriter-like font. The first release includes 162 files, such as old State Department cables, FBI documents and transcripts from NASA of crewed flights into space. One document details an FBI interview with someone identified as a drone pilot who, in September 2023, reported seeing a "linear object" with a light bright enough to "see bands within the light" in the sky. "The object was visible for five to ten seconds and then the light went out and the object vanished," according to the FBI interview. Another file is a NASA photograph from the Apollo 17 mission in 1972, showing three dots in a triangular formation. The Pentagon says in an accompanying caption that "there is no consensus about the nature of the anomaly" but that a new, preliminary analysis indicated that it could be a "physical object."

Read more of this story at Slashdot.

Apple and Intel have reportedly reached a preliminary agreement (paywalled; alternative source) for Intel to manufacture some chips used in Apple devices, after more than a year of talks and pressure from the Trump administration. It's still unclear which Apple products would use Intel-made chips, but the deal would mark a major potential win for Intel's foundry ambitions and give Apple another manufacturing option beyond TSMC.

Read more of this story at Slashdot.

There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place. Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack for its habit of stealing previously compromised systems from TeamPCP, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. It stood out from known cloud hacktools, said SentinelLabs, because the first action it always takes is to eliminate tools associated with TeamPCP attacks. The script didn’t stop there, though. “We initially considered that this toolset could be a researcher removing TeamPCP’s infections,” SentielLabs said. “Analysis of the later-stage payloads indicates otherwise.” “Analyzing this script led us to discover a full framework dedicated to cloud credential harvesting and propagating onto other systems, both internal and external to the victim’s environment,” SentinelLabs continued. In other words, this thing will harvest credentials from everywhere it can get its hands on, and then find new, unsecured cloud environment targets to spread itself to. TeamPCP came onto the scene late last year, and since then has made a name for itself primarily by undertaking a successful compromise of the Trivy vulnerability scanner. That act spread credential-harvesting malware which attackers then used to pivot to more valuable targets, and became one of the most notable supply chain attacks in recent memory. Unlike TeamPCP’s campaign, which relied on the spread of compromised software by human actors, this one spreads on its own accord. Infections start when already-infected systems look for exposed services, including Docker, Kubernetes, Redis, MongoDB, and RayML, as well as exposed web applications. Once it finds a vulnerable environment, it runs a shell script on the target system that sets up an environment to download additional payloads and searches for TeamPCP processes and artifacts to kill. That part of the infection downloads the worm itself, along with modules to enable lateral movement, parse credentials and encrypt them for exfiltration, and for scanning the web for new environments to infect. From there, the worm goes to work with the second module in its kit that conducts the actual credential thefts. This portion of the infection targets environment variables, config files, SSH keys, Docker secrets, Kubernetes tokens, and credentials from a list of finance, enterprise, messaging, and cloud service targets so long that we recommend taking a look at it here, or just assuming whatever you’re using is probably being targeted. SentinelLabs noted that the lack of a cryptominer in the malware package is unusual, and said the particular services it targeted suggests its goal is either conduct its own spam campaigns and financial fraud with the stolen data, or to make the data it harvests available to those planning similar crimes. The worm's practice of removing TeamPCP files could be opportunistic, or could mean there’s drama going on in the cybercrime world. “We have no evidence to suggest whether this toolset represents someone associated with the group or familiar with their activities,” SentinelLabs noted. “However, the first toolset’s focus on disabling and replacing TeamPCP’s services implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.” Because this is a worm relying on unsecured cloud and web app instances ripe for targeting, mitigation recommendations are pretty simple: Keep your cloud platforms secure, and ensure authentication is required even for instances of things like Docker and Kubernetes that aren’t exposed to the internet. ®