RSS 생중계

Inside this week's LWN.net Weekly Edition:

• Front: Home Assistant; YaST; bpfilter; Flatpak; More LSFMM+BPF 2025 coverage.
• Briefs: Screen security; Guix on Codeberg; Postgres I/O; GNOME executive director; Nextcloud blog; Podman 5.5.0; OSL sustainability; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Google has warned that the hacker group known as "Scattered Spider," which recently disrupted UK retailer Marks & Spencer, is now targeting U.S. retailers with aggressive and sophisticated cyberattacks. "U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs," John Hultquist, an analyst at Google's cybersecurity arm, said in an email sent on Wednesday. The Guardian reports: Scattered Spider is widely reported to have been behind the particularly disruptive hack at M&S, one of the best-known names in British business, whose online operations have been frozen since 25 April. It has a history of focusing on a single sector at a time and is likely to target retail for a while longer, Hultquist said. Just a day before Google's warning, M&S announced that some customer data had been accessed, but this did not include usable payment or card details, or any account passwords. The Guardian understands the details taken are names, addresses and order histories. M&S said personal information had been accessed because of the "sophisticated nature of the incident." "Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken," the company said. Hackers from the Scattered Spider ecosystem have been behind a slew of disruptive break-ins on both sides of the Atlantic. In 2023, hackers tied to the group made headlines for hacking the casino operators MGM Resorts International and Caesars Entertainment. Law enforcement has struggled to get a handle on the Scattered Spider hacking groups, in part because of their amorphousness, the hackers' youth, and a lack of cooperation from cybercrime victims.

Read more of this story at Slashdot.

Netflix said its cheaper, ad-supporter tier now has 94 million monthly active users -- an increase of more than 20 million since its last public tally in November. CNBC reports: The company and its peers have been increasingly leaning on advertising to boost the profitability of their streaming products. Netflix first introduced the ad-supported plan in November 2022. Netflix's ad-supported plan costs $7.99 per month, a steep discount from its least-expensive ad-free plan, at $17.99 per month. Netflix also said its cheapest tier reaches more 18- to 34-year-olds than any U.S. broadcast or cable network. "When you compare us to our competitors, attention starts higher and ends much higher," Netflix president of advertising Amy Reinhard said in a statement. "Even more impressive, members pay as much attention to mid-roll ads as they do to the shows and movies themselves."

Read more of this story at Slashdot.

Apple's smartphone shipments in China plunged nearly 50% year-over-year in March 2025, as domestic brands like Huawei and Vivo surged ahead -- now controlling 92% of the market. MacRumors reports: The steep decline saw shipments fall to just 1.89 million units, down from 3.75 million during the same period last year. That shrinks Apple's share of the Chinese market to approximately 8%, while domestic brands now control 92% of smartphone shipments. For the entire first quarter, non-Chinese brand shipments declined over 25%, while total smartphone shipments in China actually increased by 3.3%. Apple's struggles come as domestic competitors have gained ground. Counterpoint Research reports Huawei now leads with a 19.4% share, followed by Vivo (17%), Xiaomi (16.6%), and Oppo (14.6%). Apple has slipped to fifth place with 14.1%. Several factors are driving Apple's declining fortunes. The company faces competition from rejuvenated local brands like Huawei, which has rebounded with proprietary chips and its HarmonyOS Next software. Chinese government policies appear to be playing a role too. Under government subsidies, consumers of electronics get a 15% refund of products that are priced under 6,000 yuan ($820). Apple's standard iPhone 16 starts at 5,999 yuan.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: Would you believe Microsoft has announced a new Linux distribution service for its Azure cloud service? You should. For many years, the most popular operating system on Azure has not been Windows Server, it's been Linux. Last time I checked, in 2024, Azure Linux Platforms Group Program Manager Jack Aboutboul told me that 60% of Azure Marketplace offerings and more than 60% of virtual machine cores use Linux. Those figures mean it's sensible for Microsoft to make it easier than ever for Linux distributors to release first-class Linux distros on Azure. The tech giant is taking this step, said Andrew Randall, principal manager for the Azure Core Linux product management team, by making "Azure Image Testing for Linux (AITL) available 'as a service' to distro publishers." ATIL is built on Microsoft's Linux Integration Services Automation project (LISA). Microsoft's Linux Systems Group originally developed this initiative to validate Linux OS images. LISA is a Linux quality validation system with two parts: a test framework to drive test execution and a set of test suites to verify Linux distribution quality. LISA is now open-sourced under the MIT License. The system enables continuous testing of Linux images, covering a wide range of scenarios from kernel updates to complex cloud-native workloads. [...] Specifically, the ATIL service is designed to streamline the deployment, testing, and management of Linux images on Azure. The service builds on the company's internal expertise and open-source tools to provide: - Curated, Azure-optimized, security-hardened Linux images - Automated quality assurance and compliance testing for Linux distributions - Seamless integration with Azure's cloud-native services and Kubernetes environments Krum Kashan, Microsoft Azure Linux Platforms Group program manager, said in a statement: "While numerous testing tools are available for validating Linux kernels, guest OS images, and user space packages across various cloud platforms, finding a comprehensive testing framework that addresses the entire platform stack remains a significant challenge. A robust framework is essential, one that seamlessly integrates with Azure's environment while providing coverage for major testing tools, such as LTP and kselftest, and covers critical areas like networking, storage, and specialized workloads, including Confidential VMs, HPC, and GPU scenarios. This unified testing framework is invaluable for developers, Linux distribution providers, and customers who build custom kernels and images."

Read more of this story at Slashdot.

BrianFagioli shares a report from BetaNews: For years, NordVPN made Linux users live in the terminal. Sure, the command-line interface technically worked, but let's not pretend it was ideal for everyone. Meanwhile, competitors like Surfshark and ExpressVPN had already given their Linux users full graphical interfaces. Now, NordVPN has finally caught up by launching its very own GUI for Linux. So, what exactly does this mean? Well, instead of typing in commands, users can now click their way through connection options, settings, and even theme preferences like light or dark mode. This will arguably make using the service on Linux much easier. [...] Just like on Windows and macOS, the NordVPN GUI lets you quickly connect to servers, activate features, and monitor your connection in a clean, modern interface. And yes, those features include fan favorites like Dedicated IP, Double VPN, Onion Over VPN, Kill Switch, and Threat Protection. In other words, the features are the same, only easier to access now. That said, some advanced tools, like Meshnet, are still CLI-only for the time being. But at least now there's a choice. And if you want to stick to the terminal, don't worry, that option hasn't gone away.

Read more of this story at Slashdot.

Uber is launching a fixed-route shuttle service in major U.S. cities that offers commuters up to 50% off UberX fares during weekday peak hours. Called "Route Share," the service aims to provide a more affordable, predictable alternative to standard ride-hailing. TechCrunch reports: The commuter shuttles will drive between pre-set stops every 20 minutes, according to Sachin Kansal, Uber's chief product officer. He noted that there will be dozens of routes in each launch city -- like between Williamsburg and Midtown in NYC. The routes, which are selected based on Uber's extensive data on popular travel patterns, might have one or two additional stops to pick up other passengers. To start, riders will only ever have to share the route with up to two other co-riders. Riders can book a seat anywhere from seven days to 10 minutes before a scheduled pickup, and the app will provide them with turn-by-turn directions to get them from their house to the corner where they'll be picked up. Uber is relying on the same underlying technology that it uses for Uber Share, its shared rides offering where riders can get 15% to 30% off the cost of an UberX ride by pooling with others. Kansal told TechCrunch that Uber completes millions of shared trips annually and has been seeing more traction lately as riders look for more ways to save. Hence, Route Share. Uber envisions a future where Route Share could qualify for pre-tax commuter benefits. However, as a spokesperson noted, the company would need to find a way to match those trips with Uber XL vehicles. That's because only six-seater vehicles would meet the eligibility requirements. A potential progression of Route Share would involve autonomous vehicles, particularly in chaotic cities like New York City, where no self-driving car companies have deigned to test.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: We've known for months now that Valve is expanding its Linux-based SteamOS operating system beyond the Steam Deck to other handheld PCs, starting with some versions of the Asus ROG Ally. This week, Valve began making some changes to its Steam storefront to prepare for a future when the Deck isn't the only hardware running SteamOS. A new "SteamOS Compatible" label will begin rolling out "over the next few weeks" to denote "whether a game and all of its middleware is supported on SteamOS," including "game functionality, launcher functionality, and anti-cheat support." Games that don't meet this requirement will be marked as "SteamOS Unsupported." As with current games and the Steam Deck, this label doesn't mean these games won't run, but it does mean there may be some serious compatibility issues that keep the game from running as intended. Valve says that "over 18,000 titles on Steam [will] be marked SteamOS compatible out of the gate," and that game developers won't need to do anything extra to earn the label if their titles already support the Steam Deck. SteamOS uses a collection of app translation technologies called Proton to make unmodified Windows applications run on SteamOS. This technology has dramatically improved SteamOS's game compatibility, compared to older SteamOS versions that required games to support Linux natively, but it still can't support every single game that Windows does. Valve says that the "SteamOS Compatible" label isn't meant to imply how well a game will run on the Steam Deck or any other SteamOS handheld but that this label is "just the first step." The company is "continuing to work on ways for people to have a better understanding of how games will run on their specific devices."

Read more of this story at Slashdot.

At the Linux Application Summit (LAS) in April, Sebastian Wick said that, by many metrics, Flatpak is doing great. The Flatpak application-packaging format is popular with upstream developers, and with many users. More and more applications are being published in the Flathub application store, and the format is even being adopted by Linux distributions like Fedora. However, he worried that work on the Flatpak project itself had stagnated, and that there were too few developers able to review and merge code beyond basic maintenance.

Palantir CEO Alex Karp criticized Europe's AI adoption while praising Saudi Arabia's engineering talent at Tuesday's Saudi-US Investment Forum in Riyadh. "It's like people have given up," Karp said of Europe, while commending Saudi engineers for their "meritocracy and patriotism" and "deep tradition in engineering excellence."

Read more of this story at Slashdot.

Version 5.5.0 of the Podman container-management tool has been released. Notable features include the addition of a podman machine cp command to copy files into a running Podman VM, a podman artifact extract command to copy contents of an OCI artifact to disk, and a --mount=artifact option to mount OCI artifacts into containers. See the release announcement for a full list of improvements and bug fixes.

A California judge slammed a pair of law firms for the undisclosed use of AI after he received a supplemental brief with "numerous false, inaccurate, and misleading legal citations and quotations." From a report: In a ruling submitted last week, Judge Michael Wilner imposed $31,000 in sanctions against the law firms involved, saying "no reasonably competent attorney should out-source research and writing" to AI, as pointed out by law professors Eric Goldman and Blake Reid on Bluesky. "I read their brief, was persuaded (or at least intrigued) by the authorities that they cited, and looked up the decisions to learn more about them -- only to find that they didn't exist," Judge Milner writes. "That's scary. It almost led to the scarier outcome (from my perspective) of including those bogus materials in a judicial order."

Read more of this story at Slashdot.

From servers in a data center to desktop computers, many devices communicating on a network will eventually have to filter network traffic, whether it's for security or performance reasons. As a result, this is a domain where a lot of work is put into improving performance: a tiny performance improvement can have considerable gains. Bpfilter is a project that allows for packet filtering to easily be done with BPF, which can be faster than other mechanisms.

Gilmoure shares a report: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. Power inverters, which are predominantly produced in China, are used throughout the world to connect solar panels and wind turbines to electricity grids. They are also found in batteries, heat pumps and electric vehicle chargers. [...] Using the rogue communication devices to skirt firewalls and switch off inverters remotely, or change their settings, could destabilise power grids, damage energy infrastructure, and trigger widespread blackouts, experts said. "That effectively means there is a built-in way to physically destroy the grid," one of the people said, The two people declined to name the Chinese manufacturers of the inverters and batteries with extra communication devices, nor say how many they had found in total.

Read more of this story at Slashdot.

Warner Bros. Discovery said Wednesday it will revert its streaming service name from Max back to HBO Max this summer, just two years after dropping the HBO branding. The decision, revealed at the company's upfront presentation to advertisers in New York, represents an admission that HBO's premium brand equity remains valuable in the streaming landscape. "Returning the HBO brand into HBO Max will further drive the service forward and amplify the uniqueness that subscribers can expect," WBD stated in a press release.

Read more of this story at Slashdot.

An anonymous reader shares a report: Sony just announced its financial forecast for the next year, and it's expecting to be impacted by tariffs to the tune of 100 billion yen (about $680 million). To compensate, the company says it's considering options including moving manufacturing to the US and increasing prices for consumers. Speaking to investors during the company's earnings call, Sony CFO Lin Tao confirmed that the company is considering "passing on" the price of tariffs to consumers in order to mitigate the impact on its bottom line. Tao didn't mention the PS5 by name though, and it's possible that Sony could try to protect pricing on its console through increases elsewhere in its electronics business. Sony has already increased the price of the PS5 this year, but only in the UK, Europe, Australia, and New Zealand.

Read more of this story at Slashdot.

Workers who secured substantial salary increases during the pandemic hiring frenzy are now confronting a stark reality: they're likely overpaid in today's cooling job market. According to new Korn Ferry data, two-thirds of U.S. workers believe they're compensated at or above their market value. The tech sector has experienced significant wage deflation, with expanding pay transparency laws making market corrections impossible to ignore. Only 60% of recent job switchers received raises in Q1 2025, down from 73% just one quarter earlier.

Read more of this story at Slashdot.

President Donald Trump's administration has taken a tougher stance on Chinese technology advances, warning companies around the world that using AI chips made by Huawei could trigger criminal penalties for violating US export controls. From a report: The commerce department issued guidance to clarify that Huawei's Ascend processors were subject to export controls because they almost certainly contained, or were made with, US technology. Its Bureau of Industry and Security, which oversees export controls, said on Tuesday it was taking a more stringent approach to foreign AI chips, including "issuing guidance that using Huawei Ascend chips anywhere in the world violates US export controls." But people familiar with the matter stressed that the bureau had not issued a new rule, but was making it clear to companies that Huawei chips are likely to have violated a measure that requires hard-to-get licences to export US technology to the Chinese company.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (emacs, firefox, gnutls, java-17-openjdk, java-21-openjdk, osbuild-composer, python39:3.9, and thunderbird), Arch Linux (screen), Debian (varnish), Fedora (chromium), Gentoo (Atop, FreeType, and Spidermonkey), Mageia (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, java-latest-openjdk and postgresql15, postgresql13), Oracle (389-ds-base, emacs, firefox, kernel, libsoup, libtiff, mod_auth_openidc:2.3, nodejs:20, nodejs:22, osbuild-composer, python39:3.9, qemu-kvm, ruby, ruby:3.1, ruby:3.3, and thunderbird), Red Hat (.NET 8.0, .NET 9.0, avahi, buildah, corosync, delve and golang, exiv2, expat, firefox, ghostscript, gimp, git, grafana, gvisor-tap-vsock, java-21-openjdk, kernel, kernel-rt, libarchive, libjpeg-turbo, libsoup, libsoup3, libxslt, mod_auth_openidc, nginx, nginx:1.22, nginx:1.24, nodejs22, nodejs:20, nodejs:22, opentelemetry-collector, osbuild-composer, perl, php, php:8.2, php:8.3, podman, python-jinja2, redis, redis:7, rhc, ruby:2.5, skopeo, sqlite, thunderbird, tomcat, tomcat9, valkey, vim, xorg-x11-server-Xwayland, xterm, xz, yelp, and yggdrasil), Slackware (screen), SUSE (apparmor, dirmngr, gimp, golang-github-prometheus-node_exporter, java-11-openj9, java-17-openj9, java-21-openj9, libxmp-devel, python311-Django4, rabbitmq-server313, rke2, and transfig), and Ubuntu (abseil and open-vm-tools).

An anonymous reader shares a report: U.K. retail giant Marks & Spencer has confirmed hackers stole its customers' personal information during a cyberattack last month. In a brief statement with London's stock exchange on Tuesday, the retailer said an unspecified amount of customer information was taken in the data breach. The BBC, which first reported the company's filing, cited a Marks & Spencer online letter as saying that the stolen data includes customer names, dates of birth, home and email addresses, phone numbers, household information, and online order histories. The company also said it was resetting the online account passwords of its customers. FT adds: Marks and Spencer could claim for losses of as much as $133 million from its cyber insurers following a sustained hack where some customer data was stolen. The UK retailer's cyber policy allows it to claim up to $133 million, according to people familiar with the situation. Allianz is the first insurer on the hook for M&S's losses, the people added, and is expected to pay at least the initial $13.3 million. Cyber specialist Beazley is also among the insurers exposed to losses at the FTSE 100 retailer, according to the people familiar with the situation.

Read more of this story at Slashdot.