RSS 생중계

OpenAI has released two new AI models that can "think with images" during their reasoning process. The o3 and o4-mini models represent a significant advancement in visual perception, enabling them to manipulate images -- cropping, zooming, and rotating -- as part of their analytical process. Unlike previous models, o3 and o4-mini can agentically use all of ChatGPT's tools, including web search, Python code execution, and image generation. This allows them to tackle multi-faceted problems by selecting appropriate tools based on the task at hand. The models have set new state-of-the-art performance benchmarks across multiple domains. On visual tasks, o3 achieved 86.8% accuracy on MathVista and 78.6% on CharXiv-Reasoning, while o4-mini scored 91.6% on AIME 2024 competitions. In expert evaluations, o3 made 20% fewer major errors than its predecessor on complex real-world tasks. ChatGPT Plus, Pro, and Team users will see o3, o4-mini, and o4-mini-high in the model selector starting today, replacing o1, o3â'mini, and o3â'miniâ'high.

Read more of this story at Slashdot.

The Trump administration plans to eliminate the IRS' Direct File program, an electronic system for filing tax returns directly to the agency for free, AP reported Wednesday, citing two people familiar with the decision. From the report: The program developed during Joe Biden's presidency was credited by users with making tax filing easy, fast and economical. But Republican lawmakers and commercial tax preparation companies complained it was a waste of taxpayer money because free filing programs already exist, although they are hard to use.

Read more of this story at Slashdot.

Debian's Advanced Package Tool (APT) is the suite of utilities that handle package management on Debian and Debian-derived operating systems. APT recently received a major upgrade to 3.0 just in time for inclusion in Debian 13 ("trixie"), which is planned for release sometime in 2025. The version bump is warranted; the latest APT has user-interface improvements, switches to Sequoia to verify package signatures, and includes solver3—a new solver that is designed to improve how it evaluates and resolves package dependencies.

GNOME contributor Michael Catanzaro has written a blog post about a noteworthy vulnerability in GNOME's help browser, Yelp.

I don't normally blog about particular CVEs, but Yelp CVE-2025-3155 is noteworthy because it is quite severe, public for several weeks now, and not yet fixed upstream. In short, help files can read your filesystem and execute arbitrary JavaScript code, allowing an attacker to exfiltrate any files your Unix user has access to.

The vulnerability was first reported on December 25, and it was made public on March 26 after the 90-day-disclosure deadline was reached. Patches have been proposed to fix the issue. The bug reporter has published a writeup demonstrating the attack. Catanzaro asks that Linux vendors "please consider applying the provided patches even though they have not yet been accepted upstream".

Allowing directories to be modified in parallel was the topic of Jeff Layton's filesystem-track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF). There are certain use cases, including for the NFS and Lustre filesystems, as mentioned in a patch set referenced in the topic proposal, where contention in creating multiple files in a directory is causing noticeable performance problems. In some testing, Layton has found that the inode read-write semaphore (i_rwsem) for the directory is serializing operations; he wanted to discuss alternatives.

The BPF verifier is not magic; it cannot solve the halting problem. Therefore, it has to err on the side of assuming that a program will run too long if it cannot prove that the program will not. The ultimate check on the size of a BPF program is the one-million-instruction limit — the verifier will refuse to process more than one-million instructions, no matter what a BPF program does. Alexei Starovoitov gave a talk at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about that limit, why correctly written BPF programs shouldn't hit it, and how to make the user experience of large BPF programs better in the future.

Google has announced that it will begin phasing out country code top-level domains (ccTLDs) such as google.ng and google.com.br, redirecting all traffic to google.com. The change comes after improvements in Google's localization capabilities rendered these separate domains unnecessary. Since 2017, Google has provided identical local search experiences whether users visited country-specific domains or google.com. The transition will roll out gradually over the coming months, and users may need to re-establish search preferences during the migration.

Read more of this story at Slashdot.

About 18% of songs uploaded to Deezer are fully generated by AI, the French streaming platform said on Wednesday, underscoring the technology's growing use amid copyright risks and concerns about fair payouts to artists. From a report: Deezer said more than 20,000 AI-generated tracks are uploaded on its platform each day, which is nearly twice the number reported four months ago. "AI-generated content continues to flood streaming platforms like Deezer and we see no sign of it slowing down," said Aurelien Herault, the company's innovation chief.

Read more of this story at Slashdot.

Enterprise software optimization is accelerating as companies face potential budget freezes in 2025, according to new research from UBS reviewed by Slashdot. Following discussions with two leading SaaSOps vendors, analysts report that 21% of organizations cut their SaaS spend last year, with a staggering 30% of existing licenses sitting unused. SaaS rationalization efforts are targeting familiar categories: collaboration tools (Zoom, Teams, Slack), project management solutions, and sales engagement platforms. Back-office systems like Workday remain relatively insulated due to their stickiness and pricing leverage, while front-office software faces mixed pressures. "Companies were looking to return to spend growth in 2HF25 from cost cutting but now that might no longer be the case," one CEO told UBS.

Read more of this story at Slashdot.

Sergiu Gatlan reports that the US government has extended funding for the Common Vulnerabilities and Exposures (CVE) program, following yesterday's reports that funding would run out as of April 16.

"The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The article also mentions the launch of a CVE Foundation, to transition the CVE program to a dedicated foundation and eliminate "a single point of failure in the vulnerability management ecosystem", as well as a European vulnerability database (EUVD) backed by the European Union Agency for Cybersecurity (ENISA). Details on these initiatives are scant at the moment, and it is unclear whether restoration of funding will have any impact on these efforts.

As a system runs, its memory becomes fragmented; it does not take long before the allocation of large, physically contiguous memory ranges becomes difficult or impossible. The contiguous memory allocator (CMA) is a kernel subsystem that attempts to address this problem, but it has never worked as well as some would like. Two sessions in the memory-management track at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit looked at how CMA can be improved; the first looked at providing guaranteed allocations, while the second addressed some inefficiencies in CMA.

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience." The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.

Read more of this story at Slashdot.

More than half of the top privately held AI companies based in the U.S. have at least one immigrant founder, according to an analysis from the Institute for Progress. From the report: The IFP analysis of the top AI-related startups in the Forbes AI 2025 list found that 25 -- or 60% -- of the 42 companies based in the U.S. were founded or co-founded by immigrants. The founders of those companies "hail from 25 countries, with India leading (nine founders), followed by China (eight founders) and then France (three founders). Australia, the U.K., Canada, Israel, Romania, and Chile all have two founders each." Among them is OpenAI -- whose co-founders include Elon Musk, born in South Africa, and Ilya Sutskever, born in Russia -- and Databricks, whose co-founders were born in Iran, Romania and China. The analysis echoes previous findings about the key role foreign-born scientists and engineers have played in the U.S. tech industry and the broader economy.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs).

Figma has confidentially filed for an IPO with the SEC, marking a major move more than a year after scrapping its $20 billion acquisition deal with Adobe due to regulatory pushback. CNBC reports: Figma's software is popular among designers inside companies who need to collaborate on prototypes for websites and apps. The company was valued at $12.5 billion in a 2024 tender offer. "There are two paths that venture-funded startups go down," Dylan Field, Figma's co-founder and CEO, said in an interview with The Verge last year. "You either get acquired or you go public. And we explored thoroughly the acquisition route." The announcement lands at a precarious moment for the tech IPO market, which has been largely dormant since late 2021. The Trump presidency was expected to revive new offerings due to promises of less burdensome regulations.

Read more of this story at Slashdot.

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract expires on April 16, 2025, with no confirmed renewal. Without continued funding, the ability to standardize, track, and respond to software vulnerabilities could collapse, leaving the cybersecurity community scrambling in a fragmented and dangerously opaque environment. Forbes reports: "Failure to renew MITRE's contract for the CVE program, seemingly set to expire on April 16, 2025, risks significant disruption," said Jason Soroko, Senior Fellow at Sectigo. "A service break would likely degrade national vulnerability databases and advisories. This lapse could negatively affect tool vendors, incident response operations, and critical infrastructure broadly. MITRE emphasizes its continued commitment but warns of these potential impacts if the contracting pathway is not maintained." MITRE has indicated that historical CVE records will remain accessible via GitHub, but without continued funding, the operational side of the program -- including assignment of new CVEs -- will effectively go dark. That's not a minor inconvenience. It could upend how the global cybersecurity community identifies, communicates, and responds to new threats. [...] MITRE has said that discussions with the U.S. government are active and that it remains committed to the CVE mission. But with the expiration date looming, time is running short -- and the consequences of even a temporary gap are severe.

Read more of this story at Slashdot.

Limited Run Games is releasing physical editions of Doom and Doom II, including a $666 "Will it Run Edition" that features a literal game box capable of playing Doom. Engadget reports: It costs $666, which is a nod to the devilish source material, and is being kept to a limited run of 666 copies. It comes with the aforementioned screen-enabled game box that runs Doom, but that's just the beginning. The combo pack ships with the soundtrack on cassette, a certificate of authenticity and a trading card park with five cards. It comes with a couple of toys based on one of the franchise's most iconic enemies. There's a detailed three-inch Cacodemon that connects to a five-inch base, which looks pretty nifty. There's a smaller handheld Cacodemon that, you'll never guess, also runs Doom. This edition is available for Switch, PS5, Xbox Series X/S and PC. The PC version, however, ships with a download code and not physical copies of both games. Preorders start on April 18 and end on May 18, with a release sometime after that.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Fears that smartphones, tablets and other devices could drive dementia in later life have been challenged by research that found lower rates of cognitive decline in older people who used the technology. An analysis of published studies that looked at technology use and mental skills in more than 400,000 older adults found that over-50s who routinely used digital devices had lower rates of cognitive decline than those who used them less. It is unclear whether the technology staves off mental decline, or whether people with better cognitive skills simply use them more, but the scientists say the findings question the claim that screen time drives what has been called "digital dementia". "For the first generation that was exposed to digital tools, their use is associated with better cognitive functioning," said Dr Jared Benge, a clinical neuropsychologist in UT Health Austin's Comprehensive Memory Center. "This is a more hopeful message than one might expect given concerns about brain rot, brain drain, and digital dementia." Benge and his colleague Dr Michael Scullin, a cognitive neuroscientist at Baylor University in Texas, analysed 57 published studies that examined the use of digital technology in 411,430 adults around the world. The average age was 69 years old and all had a cognitive test or diagnosis. The scientists found no evidence for the digital dementia hypothesis, which suggests that a lifetime of using digital technology drives mental decline. Rather, they found that using a computer, smartphone, the internet or some combination of these was associated with a lower risk of cognitive impairment. The details have been published in Nature Human Behaviour. "Using digital devices in the way that we use televisions -- passive and sedentary, both physically and mentally -- is not likely to be beneficial," said Scullin. "But, our computers and smartphones also can be mentally stimulating, afford social connections, and provide compensation for cognitive abilities that are declining with ageing. These latter types of uses have long been regarded as beneficial for cognitive ageing."

Read more of this story at Slashdot.

American Airlines announced today that it will add free in-flight Wi-Fi starting in 2026. However, Axios notes you'll need to be an AAdvantage member (American's loyalty program) to access it. From the report: American is partnering with AT&T to introduce free WiFi in January. It will be available on about 90% of the airlines' fleet, which will be planes equipped with Viasat and Intelsat high-speed satellite connectivity, per a press release. More than 500 of the airlines regional planes are expected to have high-speed WiFi capabilities by the end of the year.

Read more of this story at Slashdot.

Google is rolling out Veo 2 video generation in the Gemini app for Advanced subscribers, allowing users to create eight-second, 720p cinematic-style videos from text prompts. 9to5Google reports: Announced at the end of last year, Veo 2 touts "fluid character movement, lifelike scenes, and finer visual details across diverse subjects and styles," as well as "cinematic realism," thanks to an understanding of real-world physics and human motion. In Gemini, Veo 2 can create eight-second video clips at 720p resolution. Specifically, you'll get an MP4 download in a 16:9 landscape format. There's also the ability to share via a g.co/gemini/share/ link. To enter your prompt, select Veo 2 from the model dropdown on the web and mobile apps. Just describe the scene you want to create: "The more detailed your description, the more control you have over the final video." It takes 1-2 minutes for the clip to generate. [...] On the safety front, each frame features a SynthID digital watermark. Only available to Gemini Advanced subscribers ($19.99 per month), there is a "monthly limit" on how many videos you can generate, with Google notifying users when they're close. It is rolling out globally -- in all languages supported by Gemini -- starting today and will be fully available in the coming weeks.

Read more of this story at Slashdot.