Linux fréttir

Race on to patch as researchers warn of mass exploitation of directory traversal bug

Various infosec researchers have released proof-of-concept (PoC) exploits for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways.…

Except in China, where customers accounted for almost half of the photolithography giant's top line

Chipmaking kit maestro ASML generated almost half of its sales from China in calendar Q1, amid a wider downturn in orders and plunging profits.…

An anonymous reader quotes a report from The Register: In a Monday post, Broadcom CEO Hock Tan restated his belief that VMware's portfolio was too complex, and too poorly integrated, for the virtualization giant to represent true competition for hyperscale clouds. Broadcom's injection of R&D cash, he insisted, will see VMware's flagship Cloud Foundation suite evolve to become more powerful and easy to operate. He also admitted that customers aren't enjoying the ride. "As we roll out this strategy, we continue to learn from our customers on how best to prepare them for success by ensuring they always have the transition time and support they need," he wrote. "In particular, the subscription pricing model does involve a change in the timing of customers' expenditures and the balance of those expenditures between capital and operating spending." Customers also told Tan that "fast-moving change may require more time, so we have given support extensions to many customers who came up for renewal while these changes were rolling out." That's one of the changes -- Broadcom has previously not publicly suggested such extensions would be possible. "We have always been and remain ready to work with our customers on their specific concerns," Tan wrote. The other change is providing some ongoing security patches for VMware customers who persist with their perpetual licenses instead of shifting to Broadcom's subs. "We are announcing free access to zero-day security patches for supported versions of vSphere, and we'll add other VMware products over time," Tan wrote, describing the measure as aimed at ensuring that customers "whose maintenance and support contracts have expired and choose to not continue on one of our subscription offerings." The change means such customers "are able to use perpetual licenses in a safe and secure fashion."

Read more of this story at Slashdot.

Anticompetitive remedies? We've heard of them

Apple is turning on Web Distribution for iOS apps, allowing EU users to download applications directly from developer websites.…

Fusion software misses another deadline, one external auditors for Birmingham City Council described as 'absolutely crucial'

Birmingham City Council has failed to enter the new financial year with auditable accounting software after a disastrous implementation of Oracle Fusion, which has seen its expected project costs mushroom from around £20 million ($26 million) to around £131 million ($163 million).…

For when the AI service cannot grok what it's being asked

Logitech has launched a free software tool to help existing users of its kit with ChatGPT prompts, but those that splash out on the upcoming Signature AI Edition Mouse, get a... dedicated AI prompt button.…

While some other LLMs appear to flat-out suck

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.…

The SEC has blocked third-party messaging apps and texts from employees' work phones, "bringing its own practices closer to the standards it's enforcing for the industry," reports Bloomberg. From the report: The SEC's decision to block disappearing-messaging apps will help improve record-keeping and address potential security vulnerabilities at the agency, which saw one of its social-media accounts compromised earlier this year. It follows about $3 billion in fines imposed on financial firms to settle allegations that they failed to keep adequate records of work-related communications on mobile devices and apps such as Signal and Meta's WhatsApp. The scrutiny prompted Wall Street to overhaul how employees communicate on business matters using mobile phones. Meanwhile, the SEC took a hard look at policies covering its own staff's communications on agency-issued phones. The agency has restricted access to third-party messaging applications, as well as SMS (short message service) and iMessage texts "to lower risk that our systems could be compromised and to enhance recordkeeping," an SEC spokeswoman said in an emailed statement. The process of blocking the apps began in September and has continued over the past several months, she added.

Read more of this story at Slashdot.

Proper old-school Unix, not like those lazy, decadent Linux types

FOSDEM 2024 NetBSD 10 marks a new level of maturity for this venerable open source Unix system, which somehow manages to be both modern and retro at the same time.…

The answer is not to hide from AI, but to be honest about it

It's taken less than eighteen months for human- and AI-generated media to become impossibly intermixed. Some find this utterly unconscionable, and refuse to have anything to do with any media that has any generative content within it. That ideological stance betrays a false hope: that this is a passing trend, an obsession with the latest new thing, and will pass.…

Comms services and AI contributing to increase, but vendors are taking 'risks'

Gartner expects global IT spending to grow 8 percent in 2024 to $5.06 trillion in a revised forecast from the 6.8 percent uptick which the analyst predicted in January.…

NASA has confirmed that a piece of metal that tore through a Florida home last month was space junk from the International Space Station. NBC News reports: The agency confirmed Monday that the 1.6-pound object was debris from a cargo pallet that had been intentionally released from the space station three years ago. The pallet, packed with aging batteries, was supposed to burn up harmlessly in Earth's atmosphere, but a piece survived -- the piece that smashed into a house in Naples, Florida, on March 8. WINK News, a CBS News affiliate in southwestern Florida, first reported the incident. Naples resident Alejandro Otero told the outlet that the object crashed through the roof and two floors of his home. Otero was not home at the time, he told WINK News, but the metal object nearly hit his son, who was two rooms away. In a blog post about the incident, NASA said it had analyzed the object at the Kennedy Space Center in Florida and confirmed that it was part of the equipment used to mount the batteries on the cargo pallet. The piece of space junk is roughly cylindrical in shape and is about 4-inches tall and 1.6-inches wide. NASA said agency staff studied the object's features and metal composition and matched it to the hardware that had been jettisoned from the space station in 2021. At that time, new lithium-ion batteries had recently been installed at the space station, so the old nickel hydrogen batteries were packed up for disposal. The space station's robotic arm released the 5,800-pound cargo pallet containing the batteries over the Pacific Ocean, as the outpost orbited 260 miles above the Earth's surface, according to NASA. NASA said it will perform a detailed investigation of the latest debris incident to determine how the object withstood the extreme trip through the atmosphere.

Read more of this story at Slashdot.

Not all at once, of course

Google will eventually invest $100 billion in AI, according to DeepMind CEO Demis Hassabis.…

Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Japan's government has considered the proposed security improvements developed by Yahoo!, found them wanting, and ordered the onetime web giant to take new measures.…

Almost 2,000 customers experienced outages

Tencent Cloud has apologized for an outage that impacted customers last week – an unusual act by a Chinese cloud – and signalled it will review some aspects of its ops in the hope of avoiding future incidents of this nature.…

An anonymous reader quotes a report from Wired: Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT. Tuesday's actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer's relationship with the Israeli government, especially in light of Israel's ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians. Just over a dozen people gathered outside Google's offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel's managing director at March's Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of "trespassing" and disrupting work, prompting several people to leave while others vowed to remain until they were forced out. The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google's work on Project Nimbus involves providing direct services to the Israel Defense Forces. [...] On March 4, more than600 other Googlers signed a petition opposing the company's sponsorship of the conference. After Hatfield was fired three days later, Google trust-and-safety-policy employee Vidana Abdel Khalek resigned from her position in opposition to Project Nimbus. Then, in late March, more than 300 Apple workers signed an open letter that alleged retaliation against workers who have expressed support for Palestinians, and urged company leadership to show public support for Palestinians. Hasan Ibraheem, a Google software engineer, is participating in the sit-in at his local Google office in New York. "This has really been a culmination of our efforts," he tells WIRED. Since joining No Tech for Apartheid in December, Ibraheem says, he has been participating in weekly "tabling" actions being held at Google office cafes in New York, Sunnyvale, San Francisco, and Mountain View, California. It involves holding a sign that says "Ask me about Project Nimbus" during lunch break, passing out flyers, and answering questions from coworkers. "It's actually shocking how many people at Google don't even know that this contract exists," Ibraheem says. "A lot of people who don't know about it, who then learn about it through us, are reasonably upset that this contract exists. They just didn't know that it existed beforehand."

Read more of this story at Slashdot.

AI is so good at drawing pictures and driving cars, why not let it govern a country?

India's prime minister, Narendra Modi, used AI to help develop the nation's 25-year development roadmap, according to comments made during a live-streamed interview with news agency ANI on Monday.…

State tax collectors, particularly in New York, have intensified their audit efforts on high earners, leveraging artificial intelligence to compensate for a reduced number of auditors. CNBC reports: In New York, the tax department reported 771,000 audits in 2022 (the latest year available), up 56% from the previous year, according to the state Department of Taxation and Finance. At the same time, the number of auditors in New York declined by 5% to under 200 due to tight budgets. So how is New York auditing more people with fewer auditors? Artificial Intelligence. "States are getting very sophisticated using AI to determine the best audit candidates," said Mark Klein, partner and chairman emeritus at Hodgson Russ LLP. "And guess what? When you're looking for revenue, it's not going to be the person making $10,000 a year. It's going to be the person making $10 million." Klein said the state is sending out hundreds of thousands of AI-generated letters looking for revenue. "It's like a fishing expedition," he said. Most of the letters and calls focused on two main areas: a change in tax residency and remote work. During Covid many of the wealthy moved from high-tax states like California, New York, New Jersey and Connecticut to low-tax states like Florida or Texas. High earners who moved, and took their tax dollars with them, are now being challenged by states who claim the moves weren't permanent or legitimate. Klein said state tax auditors and AI programs are examining cellphone records to see where the taxpayers spent most of their time and lived most of their lives. "New York is being very aggressive," he said.

Read more of this story at Slashdot.

Framework, the company known for designing and selling upgradeable, modular laptops, has struggled with providing up-to-date software for its products. Ars Technica's Andrew Cunningham spoke with CEO Nirav Patel to discuss how the company is working on fixing these issues. Longtime Slashdot reader snikulin shares the report: Driver bundles remain un-updated for years after their initial release. BIOS updates go through long and confusing beta processes, keeping users from getting feature improvements, bug fixes, and security updates. In its community support forums, Framework employees, including founder and CEO Nirav Patel, have acknowledged these issues and promised fixes but have remained inconsistent and vague about actual timelines. [...] Patel says Framework has taken steps to improve the update problem, but he admits that the team's initial approach -- supporting existing laptops while also trying to spin up firmware for upcoming launches -- wasn't working. "We started 12th-gen [Intel Framework Laptop] development, basically the 12th-gen team was also handling looking back at 11th-gen [Intel Framework Laptop] to do firmware updates there," Patel told Ars. "And it became clear, especially as we continued to add on more platforms, that just wasn't a sustainable path to proceed on." Part of the issue is that Framework relies on external companies to put together firmware updates. Some components are provided by Intel, AMD, and other chip companies to all PC companies that use their chips. Others are provided by Insyde, which writes UEFI firmware for Framework and others. And some are handled by Compal, the contract manufacturer that actually produces Framework's systems and has also designed and sold systems for most of the big-name PC companies. As far back as August 2023, Patel has written that the plan is to work with Compal and Insyde to hire dedicated staff to provide better firmware support for Framework laptops. However, the benefits of this arrangement have been slow to reach users. "[Compal] started recruiting on their side towards the end of last year," Patel told Ars. "And now, just at the beginning of this year, we've been able to get that whole team into place and start onboarding them. And especially after Lunar New Year, which is in early February, that team is now up and running at full speed." The goal, Patel says, is to continuously cycle through all of Framework's actively supported laptops, updating each of them one at a time before looping back around and starting the process over again. Functionality-breaking problems and security fixes will take precedence, while additional features and user requests will be lower-priority. ... snikulin adds: "As a recent Framework 13/AMD owner, I can confirm that it does not sleep properly on a default Windows 11 install. When I close the lid in the evening, the battery is dead the next morning. It's interesting to hear from Linus Sebastian (LTT) on the topic because he is a stakeholder in Framework."

Read more of this story at Slashdot.

With Apple lawsuit behind it, focussed on finalizing its designs

RISC-V chip designer Rivos has raised $250 million in series-A funding to bankroll production of its first accelerator for generative AI and data analytics workloads.…