news aggregator

One CVE under attack, one already disclosed by angry bug hunter, and 163 more

Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…

Long languishing API gets love from Mozilla

Firefox will soon be able to communicate directly with your 3D printer. Thirteen years after the idea was initially proposed, the Web Serial API has landed in Firefox Nightly, Mozilla's work-in-progress channel for its browser.…

alternative_right shares a report from 404 Media: An independent privacy audit of Microsoft, Meta, and Google web traffic in California found that the companies may be violating state regulations and racking up billions in fines. According to the audit from privacy search engine webXray, 55 percent of the sites it checked set ad cookies in a user's browser even if they opted out of tracking. Each company disputed or took issue with the research, with Google saying it was based on a "fundamental misunderstanding" of how its product works. The webXray California Privacy Audit viewed web traffic on more than 7,000 popular websites in California in the month of March and found that most tech companies ignore when a user asks to opt-out of cookie tracking. California has stringent and well defined privacy legislation thanks to its California Consumer Privacy Act (CCPA) which allows users to, among other things, opt out of the sale of their personal information. There's a system called Global Privacy Control (GPC), which includes a browser extension that indicates to a website when a user wants to opt out of tracking. According to the webXray audit, Google failed to let users opt out 87 percent of the time. "Google's failure to honor the GPC opt-out signal is easy to find in network traffic. When a browser using GPC connects to Google's servers it encodes the opt-out signal by sending the code 'sec-gpc: 1.' This means Google should not return cookies," the audit said. "However, when Google's server responds to the network request with the opt-out it explicitly responds with a command to create an advertising cookie named IDE using the 'set-cookie' command. This non-compliance is easy to spot, hiding in plain sight." The audit said that Microsoft fails to opt out users in the same way and has a failure rate of 50 percent in the web traffic webXray viewed. Meta's failure rate was 69 percent and a bit more comprehensive. "Meta instructs publishers to install the following tracking code on their websites. The code contains no check for globally standard opt-out signals -- it loads unconditionally, fires a tracking event, and sets a cookie regardless of the consumer's privacy preferences," the audit said. It showed a copy of Meta's tracking data which contains no GPC check at all.

Read more of this story at Slashdot.

Google is rolling out a Chrome feature called "Skills" that lets users save Gemini prompts as reusable one-click workflows they can run across multiple tabs. The feature also includes preset Skills from Google. It's launching first for Chrome desktop users set to US English. The Verge reports: Once you have access to the feature, it can be managed by typing a forward slash ( / ) in Gemini and clicking the compass icon. AI prompts can be saved as Skills directly from your Gemini chat history on desktop, where they'll then be available to reuse on any other desktop devices that are signed into the same Google account on Chrome. The aim is to spare Chrome users from having to manually retype frequently used Gemini prompts or having to copy and paste them over from a saved list. Some of the Skills made by early testers include commands for calculating the nutritional information of online recipes and creating a side-by-side comparison of product specifications while shopping across multiple tabs, according to Google. The company is also launching a library of preset Skills that you can save and use instead of making your own. These ready-to-use Skills can also be customized to better suit your needs, providing a starting point without requiring you to create your own from scratch.

Read more of this story at Slashdot.

One error in every thousand operations is one too many

Quantum computers promise major speedups for problems in materials science, logistics, and financial modeling, but first they need to be made reliable, something Nvidia believes its AI models can help with. When you've got a GPU hammer, every problem starts to look like an AI nail. …

A Chicago concert superfan Aadam Jacobs who has recorded more than 10,000 shows since the 1980s is working with Internet Archive volunteers to digitize the collection before the cassettes deteriorate. "So far, about 2,500 of these tapes have been posted on the Internet Archive, including some rare gems like a Nirvana performance from 1989," reports TechCrunch. From the report: For many of these recordings, Jacobs was using pretty mediocre equipment, but the volunteer audio engineers working with the Internet Archive have made these tapes sound great. One volunteer, Brian Emerick, drives to Jacobs' house once a month to pick up more boxes of tapes -- he has to use anachronistic cassette decks to play the tapes, which get converted into digital files. From there, other volunteers clean up, organize, and label the recordings, even tracking down song names from forgotten punk bands. The archive is available here.

Read more of this story at Slashdot.

With grid hookups slow and turbines scarce, on-site power is starting to look less optional

Bloom Energy says it has an expanded remit from Oracle to provide the energy for its US datacenter buildout plans with up to 2.8 GW of fuel cell systems.…

Proposed law could lock down open source tools and give vendors fresh reasons to inspect print files

California's proposed legislation to put the burden of blocking 3D-printed firearms onto printer manufacturers could effectively sideline open source tools and create new surveillance concerns, digital rights activists argue.…

Long-familiar workflow lets developers split big code changes into smaller, easier-to-review chunks

GitHub has unveiled Stacked PRs, a new feature aimed at making large pull requests easier to review, manage, and move through the pipeline faster.…

UK Prime Minister Keir Starmer said social media platforms should remove addictive infinite-scroll features for young users as Britain considers new child-safety measures. "We're consulting on whether there should be a ban for under 16s," Starmer told BBC Radio. "But I think equally important, the addictive scrolling mechanisms are really problematic to my mind. They need to go." Reuters reports: Britain, like other countries, is considering restricting access to social media for children and it is testing bans, curfews and app time limits to see how they impact sleep, family life and schoolwork. Social media companies had designed algorithms that were intended to encourage addictive behavior, and parents were asking the government to intervene, Starmer said. [...] More than 45,000 people had already responded to its consultation on children's online safety, the UK government said, adding that there was still time to contribute before a deadline of May 26. "We want to hear from mums and dads who are worried about the amount of time their children spend online and what they are viewing," Technology Secretary Liz Kendall said on Monday. "We want to hear from teenagers who know better than anyone what it is like to grow up in the age of social media. And we want to hear from families about their views on curfews, AI chatbots and addictive features."

Read more of this story at Slashdot.

Paper says a single binary operator could replace a lot of scientific heavy lifting

Every now and then, a researcher comes up with something that sounds either wrong or unoriginal to outsiders – yet carries just enough of a chance of being correct, novel, and consequential to demand a closer look.…

An anonymous reader quotes a report from Bloomberg: Alphabet's Google is facing billions of dollars in potential damage claims as part of mass arbitration tied to the company's online search and advertising technology businesses, which courts have ruled were illegal monopolies. Advertisers are banding together to seek payouts through mass arbitration proceedings. While many companies that displayed ads purchased through Google -- including USA Today Co. and Advance Publications -- have sued for damages since the rulings in 2024, advertiser contracts with the search giant require mandatory arbitration over legal disputes. In arbitration, legal disputes are handled by a mediator, a process that tends to favor companies in individual claims. Mass arbitration -- where 25 or more claims against the same company are pooled together -- have become more common and provide a greater likelihood of settlement awards for claimants. Ashley Keller, a Chicago lawyer whose firm has handled mass arbitrations against DoorDash, Postmates and TurboTax-maker Intuit, said he's already signed up a "significant number" of advertisers to participate in claims against Google. The first of those are expected to be filed this week. "Two federal judges have already adjudicated Google to be a monopolist," Keller said in an interview with Bloomberg. "It seems sensible to seek redress." Keller, who is also representing Texas and other states in a lawsuit against Google for monopolization of advertising technology, estimates potential claims for online search and display ads could reach $218 billion or more, based on calculations from an economist his firm has hired. Similar mass arbitrations have lasted 12 to 24 months between the filing of claims and resolution, he said. "Given the nature of these matters, we cannot estimate a possible loss," Google said in a recent corporate filing. "We believe we have strong arguments against these open claims and will defend ourselves vigorously."

Read more of this story at Slashdot.

Deal only comes with 24 operational sats, but also an Apple deal, spectrum licenses, and plenty of IP

Amazon has agreed to pay more than $11.5 billion to expand its satellite constellation by about two dozen units with the acquisition of Globalstar. But it's more about the underlying technology that Amazon hopes will help it catch Elon Musk's Starlink. …

Researchers at the University of Southern California say they've developed a memristor memory device that continued operating at 700 degrees Celsius. "And crucially, 700 degrees was not the limit, it was simply as hot as their testing equipment could go," adds ScienceAlert. "The device showed no signs of failing." From the report: The device is called a memristor and it's a nanoscale component that can both store information and perform computing operations. Think of it as a tiny sandwich with two electrode layers on the outside and a thin ceramic filling in the middle. The team built theirs from tungsten, the metal with the highest melting point of any element, combined with a ceramic called hafnium oxide, and with a layer of graphene at the bottom. Each material can withstand enormous heat. Together, they turned out to be extraordinary. What makes graphene the key ingredient is the way it interacts with tungsten at the atomic level. In a conventional device, heat causes metal atoms to drift slowly through the ceramic layer until they bridge the two electrodes, short circuiting everything and leaving the device permanently broken. Graphene stops that process dead. Its surface chemistry with tungsten is ... almost like oil and water. Tungsten atoms that drift toward the graphene find they simply cannot take hold, no anchor, no short circuit, no failure. The team used advanced electron microscopy and quantum level computer simulations to understand exactly why, turning a single lucky result into a repeatable principle. The findings have been published in the journal Science.

Read more of this story at Slashdot.

Honey, the skids are fighting again

Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.…

Veterans think Congress may swat cuts again, but uncertainty could still do lasting damage

As NASA's Artemis II mission headed for the Moon, the Trump administration unveiled another attempt to cut the agency's science budget. Yet some insiders, perhaps buoyed by déjà vu and a little post-traumatic resilience, are less alarmed than you might expect.…

Didn't admit liability, will cough $17M, still fighting age discrimination cases

IBM has become the first company to settle with the US government under the Trump administration's Civil Rights Fraud Initiative, a program aimed at ensuring diversity programs don't cross a line and result in discrimination.…

J. Allen Hynek started as an Air Force consultant brought in to help explain away early UFO reports, but over time he grew frustrated with what he saw as the government's effort to minimize unexplained cases rather than seriously investigate them. Longtime Slashdot reader schwit1 shares an article from Popular Mechanics, in collaboration with Biography.com, that argues Hynek's shift from skeptic to advocate helped shape modern ufology, and that the Air Force's attempts to control the narrative may have deepened the public distrust and conspiracy thinking that followed. From the report: Do you think the U.S. government is hiding, and possibly reverse-engineering, extraterrestrial technology? Think again. Or better yet, don't think about it at all. Nothing to see here. That's the underlying message of a report released in 2024 by the Department of Defense. The 63-page "Report on the Historical Record of U.S. Government Involvement with Unidentified Anomalous Phenomena (UAP) " concludes that the DoD's All-Domain Anomaly Resolution Office (AARO) "found no evidence that any [U.S. Government] investigation, academic-sponsored research, or official review panel has confirmed that any sighting of a UAP represented extraterrestrial technology." The AARO, as The Guardian summarizes, is "a government office established in 2022 to detect and, as necessary, mitigate threats including 'anomalous, unidentified space, airborne, submerged and transmedium objects.'" This report came on the heels of, and in contradiction to, what was arguably the most high-profile hearing on UAPs -- formerly known as unidentified flying objects, or UFOs -- in decades: the August 2023 testimony of "whistleblower" Dave Grusch. [...] The 2024 AARO report stated that during the time Hynek was working with Project Blue Book [the U.S. Air Force's best-known UFO investigation program], "about 75 percent of Americans trusted the [US government] 'to do the right thing almost always or most of the time.'" But, the report noted, since 2007, that number has never risen above 30 percent. "This lack of trust probably has contributed to the belief held by some subset of the U.S. population that the USG has not been truthful regarding knowledge of extraterrestrial craft." Ultimately, the Air Force's efforts to stifle Hynek -- pressuring him to offer the public standard responses to questions he wasn't even allowed to ask -- appears to have backfired. Ironically, the Air Force's attempts to quiet suspicions only fueled them, leading to more conspiracy theories and distrust. People came to believe that the government was hiding the truth, contrary to Hynek's actual revelation: that, in reality, the people at the top may not care much about finding the answers after all.

Read more of this story at Slashdot.

Entry-level models jump by up to £220, mirroring steeper hikes in US

Microsoft's memory squeeze has reached the shop floor, and Surface prices have been jacked up to match.…

20-year-old Texan also allegedly planned to kill everyone inside the OpenAI office building

The man accused of attacking Sam Altman's San Francisco home with a Molotov cocktail on April 10 now faces charges of attempted murder.…