Linux fréttir

Attack enters day 11 and still no public disclosure of what insider claims to be 'deep breach' of Active Directory

Exclusive Aviation insiders say Serbia's national airline, Air Serbia, was forced to delay issuing payslips to staff as a result of a cyberattack it is battling.…

Daniel Stenberg, creator of the curl utility, is considering ending its bug bounty program due to a surge in low-quality, AI-generated reports that are overwhelming the small volunteer team. Despite attempts to discourage AI-assisted submissions, these reports now make up about 20% of all entries in 2025, while genuine vulnerabilities have dropped to just 5%. The Register reports: "The general trend so far in 2025 has been way more AI slop than ever before (about 20 percent of all submissions) as we have averaged about two security report submissions per week," he wrote in a blog post on Monday. "In early July, about 5 percent of the submissions in 2025 had turned out to be genuine vulnerabilities. The valid-rate has decreased significantly compared to previous years." The situation has prompted Stenberg to reevaluate whether to continue curl's bug bounty program, which he says has paid out more than $90,000 for 81 awards since its inception in 2019. He said he expects to spend the rest of the year mulling possible responses to the rising tide of AI refuse. Presently, the curl bug bounty program -- outsourced to HackerOne - requires the bug reporter to disclose the use of generative AI. It does not entirely ban AI-assisted submissions, but does discourage them. "You should check and double-check all facts and claims any AI told you before you pass on such reports to us," the program's policy explains. "You are normally much better off avoiding AI." Two bug submissions per week on average may not seem like a lot, but the curl security team consists of only seven members. As Stenberg explains, three or four reviewers review each submission, a process that takes anywhere from 30 minutes to three hours. "I personally spend an insane amount of time on curl already, wasting three hours still leaves time for other things," Stenberg lamented. "My fellows however are not full time on curl. They might only have three hours per week for curl. Not to mention the emotional toll it takes to deal with these mind-numbing stupidities." [...] Stenberg says it's not clear what HackerOne should do to reduce reckless use of AI, but insists something needs to be done. His post ponders charging a fee to submit a report or dropping the bug bounty award, while also expressing reservations about both potential remedies. "As a lot of these reporters seem to genuinely think they help out, apparently blatantly tricked by the marketing of the AI hype-machines, it is not certain that removing the money from the table is going to completely stop the flood," he concludes.

Read more of this story at Slashdot.

Peter Kyle promised alternative to 'ball and chain' of legacy systems, but he has no plan and little power

Comment Last week, UK minister for science, innovation and technology Peter Kyle spoke at Google Cloud Summit in London to tell the audience: "Now, sometimes I'm accused of being 'too close to big tech'," with the Chocolate Factory's multi-colored logo looming behind him.…

Former staffers of struggling UK biz say they don’t expect to be paid for July

UK cybersecurity shop Adarma has confirmed it has entered administration.…

CEOs will chase illusory profits as workers are left to pick defective items from an agentic production line

Column Agentic AI will make jobs – but many will involve picking its failures off automated conveyor belts.…

America's largest corporations are increasingly listing AI among the major risks they must disclose in formal financial filings, despite bullish statements in public about the potential business opportunities it offers. The Register: According to a report from research firm The Autonomy Institute, three-quarters of companies listed in the S&P 500 stock market index have updated their official risk disclosures to detail or expand upon mentions of AI-related risk factors during the past year. The organization drew its findings from an analysis of Form 10-K filings that the top 500 companies submitted to the US Securities and Exchange Commission (SEC), in which they are required to outline any material risks that could negatively affect their business and its financial health.

Read more of this story at Slashdot.

Second major change in 18 months will be most unwelcome for many - as will critical flaws announced today

Exclusive VMware has advised partners its current channel program will end, and it seems that smaller players won’t be invited back.…

Network update reports median 25 ms latency – in the US – as capacity rockets upwards

Elon Musk’s space broadband service Starlink has hinted that Elon Musk’s Starship will be ready for commercial flights in 2026.…

Bruce66423 shares a report from The Guardian: They went viral, amassing more than 1m streams on Spotify in a matter of weeks, but it later emerged that hot new band the Velvet Sundown were AI-generated -- right down to their music, promotional images and backstory. The episode has triggered a debate about authenticity, with music industry insiders saying streaming sites should be legally obliged to tag music created by AI-generated acts so consumers can make informed decisions about what they are listening to. [...] Several figures told the Guardian that the present situation, where streaming sites, including Spotify, are under no legal obligation to identify AI-generated music, left consumers unaware of the origins of the songs they're listening to. Roberto Neri, the chief executive of the Ivors Academy, said: "AI-generated bands like Velvet Sundown that are reaching big audiences without involving human creators raise serious concerns around transparency, authorship and consent." Neri added that if "used ethically," AI has the potential to enhance songwriting, but said at present his organization was concerned with what he called "deeply troubling issues" with the use of AI in music. Sophie Jones, the chief strategy officer at the music trade body the British Phonographic Industry (BPI), backed calls for clear labelling. "We believe that AI should be used to serve human creativity, not supplant it," said Jones. "That's why we're calling on the UK government to protect copyright and introduce new transparency obligations for AI companies so that music rights can be licensed and enforced, as well as calling for the clear labelling of content solely generated by AI." Liz Pelly, the author of Mood Machine: The Rise of Spotify and the Costs of the Perfect Playlist, said independent artists could be exploited by people behind AI bands who might create tracks that are trained using their music. She referred to the 2023 case of a song that was uploaded to TikTok, Spotify and YouTube, which used AI-generated vocals claiming to be the Weeknd and Drake. Universal Music Group said the song was "infringing content created with generative AI" and it was removed shortly after it was uploaded. Aurelien Herault, the chief innovation officer at the music streaming service Deezer, said the company uses detection software that identifies AI-generated tracks and tags them. He said: "For the moment, I think platforms need to be transparent and try to inform users. For a period of time, what I call the "naturalization of AI', we need to inform users when it's used or not." Herault did not rule out removing tagging in future if AI-generated music becomes more popular and musicians begin to use it like an "instrument." At present, Spotify does not label music as AI-generated and has previously been criticized for populating some playlists with music by "ghost artists" -- fake acts that create stock music. Bruce66423 comments: "Artists demand 'a warning' on such material. Why? If it is what the people want..."

Read more of this story at Slashdot.

Coming soon, somewhere in the Middle East or Asia

Rideshare OG Uber has announced a plan to roll out “thousands” of robo-taxis from Chinese tech giant Baidu.…

The UK secretly relocated thousands of Afghans to the UK after their personal details were disclosed in one of the country's worst ever data breaches, putting them at risk of Taliban retaliation. The operation cost around $2.7 billion and remained under a court-imposed superinjunction until recently lifted. Reuters reports: The leak by the Ministry of Defence in early 2022, which led to data being published on Facebook the following year, and the secret relocation program, were subject to a so-called superinjunction preventing the media reporting what happened, which was lifted on Tuesday by a court. British defence minister John Healey apologised for the leak, which included details about members of parliament and senior military officers who supported applications to help Afghan soldiers who worked with the British military and their families relocate to the UK. "This serious data incident should never have happened," Healey told lawmakers in the House of Commons. It may have occurred three years ago under the previous government, but to all whose data was compromised I offer a sincere apology." The incident ranks among the worst security breaches in modern British history because of the cost and risk posed to the lives of thousands of Afghans, some of whom fought alongside British forces until their chaotic withdrawal in 2021. Healey said about 4,500 Afghans and their family members have been relocated or were on their way to Britain under the previously secret scheme. But he added that no-one else from Afghanistan would be offered asylum because of the data leak, citing a government review which found little evidence of intent from the Taliban to seek retribution against former officials.

Read more of this story at Slashdot.

Waiting for license approval but plans to resume shipments of the MI308 accelerator soon-ish

The US government has cleared AMD to resume exporting some accelerators to China.…

Anthropic has launched a specialized version of its Claude AI tools for the financial services sector, designed to assist professionals with investment decisions, market analysis, and research. The Financial Analysis Solution "includes Claude 4 models, Claude Code and Claude for Enterprise with expanded usage limits, implementation support and other features," reports CNBC. From the report: As part of its new Financial Analysis Solution, Claude will get real-time access to financial information through data providers like Box, PitchBook, Databricks, S&P Global and Snowflake. Anthropic said many of these integrations are available on Tuesday, with more to come. Anthropic's Financial Analysis Solution and Claude for Enterprise are available on AWS Marketplace. The company said Google Cloud Marketplace availability is coming soon. "What this is is a tailored version of Claude for Enterprise," Kate Jensen, Anthropic's head of revenue said at an event in New York City on Tuesday. "It's specifically built for financial analysts, and it's equipped for the nuance, accuracy and reasoning that you need to handle the complexity of your work."

Read more of this story at Slashdot.

Maintainers struggle to handle growing flow of low-quality bug reports written by bots

Daniel Stenberg, founder and lead developer of the open-source curl command line utility, just wants the AI slop to stop.…

Reddit has begun verifying users' ages in the UK to restrict access to "certain mature content" for minors, complying with the UK's Online Safety Act. The BBC reports: Reddit, known for its online communities and discussions, said that while it does not want to know who its audience is: "It would be helpful for our safety efforts to be able to confirm whether you are a child or an adult." Ofcom, the UK regulator, said: "We expect other companies to follow suit, or face enforcement if they fail to act." Reddit said that from 14 July, an outside firm called Persona will perform age verification for the social media platform either through an uploaded selfie or "a photo of your government ID," such as a passport. It said Reddit will not have access to the photo and will only retain a user's verification status and date of birth so people do not have to re-enter it each time they try to access restricted content. Reddit added that Persona "promises not to retain the picture for longer than seven days" and will not have access to a user's data on the site. The new rules in the UK come into force on 25 July. [...] Companies that fail to meet the rules face fines of up to 18 million pounds or 10% of worldwide revenue, "whichever is greater." [Ofcom] added that in the most serious cases, it can seek a court order for "business disruption measures," such as requiring payment providers or advertisers to withdraw their services from a platform, or requiring Internet Service Providers to block access to a site in the UK."

Read more of this story at Slashdot.

Plasma Bigscreen, KDE's TV-focused interface, is being revived after years of inactivity thanks to contributor Devin, who overhauled the UI, redesigned the Settings app, improved app launching, and updated key modules. While still in progress -- with features like HDMI-CEC remote support and a virtual keyboard pending -- the project aims to rejoin KDE's official Plasma release schedule, potentially in version 6.5. Neowin reports: If you have not heard of it, Plasma Bigscreen is a Plasma shell for televisions, with original support for the now-defunct Mycroft AI assistant. It used to provide a simple launcher for apps and custom "Mycroft Skills" before development stalled, causing most distributions to drop it. The project was left behind during the big transition to Plasma 6 last year because no one had ported it in time for the megarelease. After a friend of his started poking at the code, Devin stepped in to tackle the much-needed work. [...] For anyone who wants to test this out, you can do as Devin did by installing Plasma Bigscreen on a Raspberry Pi using postmarketOS, though you would have to compile it yourself or pull from the nightly repos to get the latest changes. Applications like Kodi and VacuumTube (smart TV version of YouTube) work well with remote navigation, and some games like SuperTuxKart are playable. Controller support exists, but getting TV remotes to work over HDMI CEC is still untested. The project is far from finished; it still needs an arrow-navigable virtual keyboard and a clearer long-term direction now that Mycroft is gone. Still, the goal is to get it back into the official Plasma release schedule, possibly for version 6.5.

Read more of this story at Slashdot.

File this one under what not to search if you've committed a crime

A former US Army soldier, who reportedly hacked AT&T, bragged about accessing President Donald Trump's call logs, and then Googled "can hacking be treason," and "US military personnel defecting to Russia," pleaded guilty to conspiring to break into telecom firms' databases and extort at least $1 million.…

An anonymous reader quotes a report from Phoronix: Merged yesterday to the latest development code for the LibreOffice open-source office suite is now recognizing Bitcoin "BTC" as a supported currency for use within the Calc spreadsheet program and elsewhere within this cross-platform free software office suite. Stemming from a recent bug report requesting Bitcoin as an official currency option within LibreOffice Calc, the necessary additions are now in place so it's a built-in preset like USD and EUR. Thus easier managing of Bitcoin transactions and the like from within LibreOffice Calc.

Read more of this story at Slashdot.

Let us delve swiftly into meticulous inquiry with our AI masters

Like it or not, ChatGPT and other large language models are changing the world, including affecting how we speak, claims a group of researchers, and the end results could be an erosion of linguistic and cultural diversity.…

U.S. prosecutors and the Commodity Futures Trading Commission (CFTC) have officially closed their investigations into Polymarket, the decentralized, blockchain-powered prediction market platform where users bet with real cryptocurrency on the outcomes of future events. "The DOJ was investigating Polymarket last year, reportedly for allowing U.S. users to place bets on the site despite Polymarket being required to block U.S. traders," reports CoinDesk. The FBI raided Polymarket CEO Shayne Coplan's Manhattan apartment last November, seizing his phone and electronic devices. A source close to the matter told The New York Post it was politically motivated due to Polymarket's successful prediction of Trump's election win. It's "grand political theater at its worst," the source said. "They could have asked his lawyer for any of these things. Instead, they staged a so-called raid so they can leak it to the media and use it for obvious political reasons."

Read more of this story at Slashdot.