RSS 생중계

Engineering and construction group Larsen & Toubro Chairman S.N. Subrahmanyan has urged employees in India to work 90 hours weekly, including Sundays, surpassing Infosys founder N.R. Narayana Murthy's recent 70-hour workweek proposal. "What do you do sitting at home? Go to the office and start working," Subrahmanyan said in a leaked internal video. He cited a conversation about Chinese workers' 90-hour weeks versus Americans' 50 hours to justify the stance.

Read more of this story at Slashdot.

Microsoft kicks off the new year with more job cuts, as fewer than 1% of employees reportedly face the axe. From a report: As first reported by Business Insider, Microsoft is trimming its workforce again, including roles in its security division, with the cuts targeting underperforming employees. A Microsoft spokesperson confirmed the layoffs with BI but declined to specify how many staffers are affected, stating, "At Microsoft, we focus on high-performance talent." "We are always working on helping people learn and grow. When people are not performing, we take the appropriate action," the spokesperson told The Register.

Read more of this story at Slashdot.

U.S. software giant Ivanti has warned that a zero-day vulnerability in its widely-used enterprise VPN appliance has been exploited to compromise the networks of its corporate customers. From a report: Ivanti said on Wednesday that the critical-rated vulnerability, tracked as CVE-2025-0282, can be exploited without any authentication to remotely plant malicious code on Ivanti's Connect Secure, Policy Secure, and ZTA Gateways products. Ivanti says its Connect Secure remote-access VPN solution is "the most widely adopted SSL VPN by organizations of every size, across every major industry." This is the latest exploited security vulnerability to target Ivanti's products in recent years. Last year, the technology maker pledged to overhaul its security processes after hackers targeted vulnerabilities in several of its products to launch mass-hacks against its customers. The company said it became aware of the latest vulnerability after its Ivanti Integrity Checker Tool (ICT) flagged malicious activity on some customer appliances.

Read more of this story at Slashdot.

The Software Freedom Conservancy is reporting that AVM has released the full source and installation scripts for its routers in response to a lawsuit, filed by Sebastian Steck, based on Lesser GNU Public License rights.

Historically, lawsuits have focused on the copyrights licensed under GPL (or the GPL and LGPL together). Steck's lawsuit uniquely focused exclusively on users' rights under the LGPL. Steck's work showed that despite being a "Lesser" license than GPL, LGPLv2.1 still guarantees users the right to repair, modify and reinstall modified versions of the software on their device. There is now no doubt that both GPL and LGPL mandate the device owner's ability to make changes to the software in the flash memory so those changes persist across reboots.

Attacks on the kernel can take many forms; one popular exploitation path is to find a way to overwrite some memory with attacker-supplied data. If the right memory can be targeted, one well-targeted stray write is all that is needed to take control of the system. Since the system's page tables regulate access to memory, they are an attractive target for this type of attack. This patch set from Kevin Brodsky is an attempt to protect page tables (and, eventually, other data structures) using the "memory protection keys" feature provided by a number of CPU architectures.

The 6.12.9, 6.6.70, 6.1.124, 5.15.176, 5.10.233, and 5.4.289 stable kernels have been released. As usual, they contain important fixes all over the kernel tree.

Unprecedented January wildfires in Los Angeles signal an emerging pattern of compound climate disasters, as record-breaking Santa Ana winds up to 100 mph combine with the driest start to a winter season in the city's history. The Palisades and Eaton fires have each burned over 10,000 acres amid drought conditions that climate scientists say are intensified by global warming. The blazes, occurring weeks earlier than historical fire patterns, come just 16 months after Los Angeles experienced its first tropical storm, illustrating what experts describe as increasingly unpredictable weather extremes driven by climate change.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (cups, kernel, and kernel-rt), Debian (chromium, firefox-esr, and webkit2gtk), Fedora (curl, firefox, gimp, mupdf, openjpeg2, and valkey), Red Hat (389-ds-base, cups, firefox, iperf3, kernel, kernel-rt, libreswan, python3.11-urllib3, thunderbird, and webkit2gtk3), Slackware (firefox, seamonkey, and thunderbird), SUSE (apptainer, firefox-esr, libopenjp2-7, libruby3_4-3_4, openjpeg2, and tomcat10), and Ubuntu (firefox, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-6.8, linux-azure, linux-intel-iotg-5.15, linux-azure-5.15, python2.7, thunderbird, and xfpt).

VLC media player, the popular open-source software developed by nonprofit VideoLAN, has topped 6 billion downloads worldwide and teased an AI-powered subtitle system. From a report: The new feature automatically generates real-time subtitles -- which can then also be translated in many languages -- for any video using open-source AI models that run locally on users' devices, eliminating the need for internet connectivity or cloud services, VideoLAN demoed at CES.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: Italy is in advanced talks with Elon Musk's SpaceX for a deal to provide secure telecommunications for the nation's government -- the largest such project in Europe, people with knowledge of the matter said Sunday. Discussions are ongoing, and a final agreement on the five-year contract hasn't been reached, said the people, who asked not to be identified citing confidential discussions. The project has already been approved by Italy's Intelligence Services as well as Italy's Defense Ministry, they said. Italy on Monday confirmed discussions are ongoing, saying no deal had yet been reached. "The talks with SpaceX are part of normal government business," the government said. The negotiations, which had stalled until recently, appeared to move forward after Italian Prime Minister Giorgia Meloni visited President-elect Donald Trump in Florida on Saturday. The Italian government said the two didn't discuss the issue during their meeting. Italian officials have been negotiating on a $1.6 billion deal aimed at supplying Italy with a full range of top-level encryption for telephone and Internet services used by the government, the people said. The plan also includes communications services for the Italian military in the Mediterranean area as well as the rollout of so-called direct-to-cell satellite services in Italy for use in emergencies like terror attacks or natural disasters, they said. The possible deal has been under review since mid-2023. It's been opposed by some Italian officials concerned about how the services may detract from local carriers.

Read more of this story at Slashdot.

Delta Air Lines has partnered with YouTube to provide ad-free YouTube Premium and YouTube Music to SkyMiles members on flights. "The deal includes a selection of curated content from key YouTube creators," notes Variety. The airline also said it would upgrade its fleet with better Wi-Fi and 4K HDR QLED displays, alongside AI-driven enhancements like a personal assistant on the Fly Delta app to improve travel experiences. From the report: Delta executives announced the YouTube deal and other flight-experience enhancements to its Delta Sync platform as the aviation giant gave an expansive presentation Tuesday evening at the Sphere in Las Vegas, in connection with the Consumer Electronics Show. Delta touted plans to mark the company's 100th anniversary this year, noting that it is the first airline to reach the centennial mark. It's also no surprise that Delta is leaning hard into AI tech. The company hopes its Delta Concierge AI-powered personal assistant feature that is rolling out this year on its Fly Delta app will make strides in improving the overall customer experience. The goal is that with repeated use the Concierge tool will come to anticipate individual consumers' needs and help them streamline the logistics of travel -- or what Delta dubbed "contextualized guidance" on everything from departure gates to baggage claim details to alerting travelers to weather conditions at their destinations. [...] Mary Ellen Coe, chief business officer of YouTube, emphasized that the ad-free YouTube offering will allow viewers to access streaming content as well as podcasts and music. She also asserted that consumers are increasingly gathering travel tips and inspiration through YouTube creators. "Creators are producing the must-see TV of today," Coe said.

Read more of this story at Slashdot.

NASA's Jet Propulsion Laboratory (JPL), located at the base of the San Gabriel Mountains just north of Los Angeles, has been temporarily shuttered due to the nearby Eaton fire. "JPL is closed except for emergency personnel. No fire damage so far (some wind damage) but it is very close to the lab. Hundreds of JPLers have been evacuated from their homes & many have lost homes. Special thx to our emergency crews. Pls keep us in your thoughts & stay safe," JPL Director Laurie Leshin announced via X today (Jan. 8). Space.com reports: JPL is federally funded but managed by the California Institute of Technology in Pasadena. The center runs many of NASA's high-profile robotic missions, such as the Perseverance and Curiosity Mars rovers and the $5 billion Europa Clipper, which recently launched to explore an intriguing ocean moon of Jupiter. The Eaton fire sparked up on Tuesday evening (Jan. 7) near Altadena, which is just north of Pasadena. It has burned at least 1,000 acres (400 hectares) to date, according to CBS News, which cited the California Department of Forestry and Fire Protection (CalFire). The Eaton fire is one of several big blazes churning through the Los Angeles area, driven and spread by record-setting winds. The biggest and most destructive is the Palisades Fire, which is laying waste to the Pacific Palisades neighborhood on the west side of the city.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: San Francisco startup Based Hardware announced during the Consumer Electronics Show in Las Vegas this week the launch of a new AI wearable, Omi, to boost productivity. The device can be worn as a necklace where Omi's AI assistant can be activated by saying "Hey Omi." The startup also claims Omi can be attached to the side of your head, using medical tape, using a "brain interface" to understand when you're talking to it. The startup's founder, Nik Shevchenko, started marketing this device on Kickstarter as "Friend," but changed the device's name after another San Francisco hardware maker launched his own Friend device and bought the domain name for $1.8 million. Shevchenko, a Thiel fellow with a history of eye-grabbing stunts, is taking a slightly different approach with Omi. Instead of seeing the device as a smartphone replacement or an AI companion, he wants Omi to be a complementary device to your phone that boosts your productivity. The Omi device itself is a small, round orb that looks like it fell out of a pack of Mentos. The consumer version costs $89 and will start shipping in Q2 of 2025. However, you can order a developer version for delivery today for roughly $70. Based Hardware says the Omi device can answer your questions, summarize your conversations, create to-do lists, and help schedule meetings. The device is constantly listening and running your conversations through GPT-4o, and it also can remember the context about each user to offer personalized advice. In an interview with TechCrunch, Shevchenko says he understands that there may be privacy concerns with a device that's always listening. That's why he built Omi on an open source platform where users can see where their data is going, or choose to store it locally. Omi's open source platform also allows developers to build their own applications or use the AI model of their choice. Shevchenko says developers have already created more than 250 apps on Omi's app store. [...] It's unclear if the "brain interface" of Omi actually works, but the startup is tackling a fairly simple use case to start. Shevchenko wants his device to understand whether a user is talking to Omi or not, without using one of its wake words.

Read more of this story at Slashdot.

Microsoft temporarily rolled back its Bing Image Creator upgrade from OpenAI's DALL-E 3 PR16 to the previous PR13 version after users reported degraded image quality, including cartoonish and "lifeless" results. TechCrunch reports: Ahead of the holidays, Microsoft said it was upgrading the AI model behind Bing Image Creator, the AI-powered image editing tool built into the company's Bing search engine. Microsoft promised that the new model -- the latest version of OpenAI's DALL-E 3 model, code-named PR16 -- would allow users to create images "twice as fast as before" with "higher quality." But it didn't deliver. Complaints quickly flooded X and Reddit. "The DALL-E we used to love is gone forever," said one Redditor. "I'm using ChatGPT now because Bing has become useless for me," wrote another. The blowback was such that Microsoft said it'll restore the previous model to Bing Image Creator until it can address the issues. "We've been able to [reproduce] some of the issues reported, and plan to revert to [DALL-E 3] PR13 until we can fix them," Jordi Ribas, head of search at Microsoft, said in a post on X Tuesday evening. "The deployment process is very slow unfortunately. It started over a week ago and will take 2-3 more weeks to get to 100%."

Read more of this story at Slashdot.

The LWN.net Weekly Edition for January 9, 2025 is available.

TikTok has been pushing the platform's sister app, Lemon8, encouraging users to migrate via sponsored posts amid a looming ban. Axios reports: In the last few weeks, Lemon8 has been promoting its app to TikTok users through sponsored TikTok videos. In one sponsored post, TikTok user @miller.dailylife shares a video with a creator saying, "TikTok actually has another backup app. It's called Lemon8 ... and it automatically signs you in with your TikTok so you can still keep the same TikTok name and things like that. And it's supposed to transfer your followers over. ... Once you add Lemon8, it automatically pops up on your TikTok bio, so that people can just click on it. So, just so you guys know, now that they're trying to do this ban, if you want to have somewhere else to go where the government is not 100% controlling what we see, what we consume ... Just go ahead and go on to Lemon8." In November, TikTok began informing users of its sister app, Lemon8, that beginning late that month Lemon8 would be powered by TikTok, and their TikTok usernames would also be used on Lemon8. "Some of your data on TikTok will be used to power services on lemon8," the notice says. "Your Lemon8 profile link will be shown to your TikTok profile publicly by default," it continues. "You can choose not to show it by editing your TikTok profile." Last March, Lemon8 jumped into the U.S. App Store's Top 10 list shortly after it launched in the U.S. It currently ranks as one of the top-ranking free apps on Apple's app store. The report notes that the TikTok ban law also applies to other apps owned by TikTok's Chinese parent ByteDance, like Lemon8. "ByteDance could be betting that regulators and app store companies are so focused on TikTok that they won't pay attention to its other apps," says Axios.

Read more of this story at Slashdot.

BleepingComputer's Sergiu Gatlan reports: "Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. The Cyber Trust Mark label, which will appear on smart products sold in the United States later this year, will help American consumers determine whether the devices they want to buy are safe to install in their homes. It's designed for consumer smart devices, such as home security cameras, TVs, internet-connected appliances, fitness trackers, climate control systems, and baby monitors, and it signals that the internet-connected device comes with a set of security features approved by NIST. Vendors will label their products with the Cyber Trust Mark logo if they meet the National Institute of Standards and Technology (NIST) cybersecurity criteria. These criteria include using unique and strong default passwords, software updates, data protection, and incident detection capabilities. Consumers can scan the QR code included next to the Cyber Trust Mark labels for additional security information, such as instructions on changing the default password, steps for securely configuring the device, details on automatic updates (including how to access them if they are not automatic), the product's minimum support period, and a notification if the manufacturer does not offer updates for the device. "Americans are worried about the rise of criminals remotely hacking into home security systems to unlock doors, or malicious attackers tapping into insecure home cameras to illicitly record conversations," the Biden administration said on Tuesday. "The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess the cybersecurity of such products, as well as incentivize companies to produce more cybersecure devise [sic], much as EnergyStar labels did for energy efficiency.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The Nobel peace prize winner Maria Ressa has said Meta's decision to end factchecking on its platforms and remove restrictions on certain topics means "extremely dangerous times" lie ahead for journalism, democracy and social media users. The American-Filipino journalist said Mark Zuckerberg's move to relax content moderation on the Facebook and Instagram platforms would lead to a "world without facts" and that was "a world that's right for a dictator." "Mark Zuckerberg says it's a free speech issue -- that's completely wrong," Ressa told the AFP news service. "Only if you're profit-driven can you claim that; only if you want power and money can you claim that. This is about safety." Ressa, a co-founder of the Rappler news site, won the Nobel peace prize in 2021 in recognition of her "courageous fight for freedom of expression." She faced multiple criminal charges and investigations after publishing stories critical of the former Philippine president Rodrigo Duterte. Ressa rejected Zuckerberg's claim that factcheckers had been "too politically biased" and had "destroyed more trust than they've created." "Journalists have a set of standards and ethics," Ressa said. "What Facebook is going to do is get rid of that and then allow lies, anger, fear and hate to infect every single person on the platform." The decision meant "extremely dangerous times ahead" for journalism, democracy and social media users, she said. [...] Ressa said she would do everything she could to "ensure information integrity." "This is a pivotal year for journalism survival," she said. "We'll do all we can to make sure that happens."

Read more of this story at Slashdot.

Telegram's Transparency Report reveals a sharp increase in U.S. government data requests, with 900 fulfilled requests affecting 2,253 users. "The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company's unwillingness to provide user data in a child abuse investigation," notes 404 Media. From the report: Between January 1 and September 30, 2024, Telegram fulfilled 14 requests "for IP addresses and/or phone numbers" from the United States, which affected a total of 108 users, according to Telegram's Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data. "Fulfilled requests from the United States of America for IP address and/or phone number: 900," Telegram's Transparency Reports bot said when prompted for the latest report by 404 Media. "Affected users: 2253," it added. A month after Durov's arrest in August, Telegram updated its privacy policy to say that the company will provide user data, including IP addresses and phone numbers, to law enforcement agencies in response to valid legal orders. Up until then, the privacy policy only mentioned it would do so when concerning terror cases, and said that such a disclosure had never happened anyway. Even though the data technically covers the entire of 2024, the jump from a total of 108 affected users in October to 2253 as of now, indicates that the vast majority of fulfilled data requests were in the last quarter of 2024, showing a huge increase in the number of law enforcement requests that Telegram completed. You can access the platform's transparency reports here.

Read more of this story at Slashdot.

The Register's Connor Jones reports: Marc Rogers, DEF CON's head of security, faces tens of thousands of dollars in medical bills following an accident that left him with a broken neck and temporary quadriplegia. The prominent industry figure, whose work has spanned roles at tech companies such as Vodafone and Okta, including ensuring the story lines on Mr Robot and The Real Hustle were factually sound, is recovering in hospital. [...] Rogers said it will be around four to six weeks before he returns to basic independence and is able to travel, but a full recovery will take up to six months. He begins a course of physical therapy today, but his insurance will only cover the first of three required weeks, prompting friends to set up a fundraiser to cover the difference. Rogers has an impressive cyber CV. Beginning life in cybersecurity back in the '80s when he went by the handle Cjunky, he has gone on to assume various high profile roles in the industry. In addition to the decade leading Vodafone UK's cybersecurity and being the VP of cybersecurity strategy at Okta, as already mentioned, Rogers has also worked as head of security at Cloudflare and founded Vectra, among other experiences. Now he heads up security at DEF CON, is a member of the Ransomware Taskforce, and is the co-founder and CTO at AI observability startup nbhd.ai. If you hadn't heard of him from any of these roles, or from his work in the entertainment biz, he's also known for his famous research into Apple's Touch ID sensor, which he was able to compromise on both the iPhone 5S and 6 during his time as principal researcher at Lookout. Other consumer-grade kit to get the Rogers treatment include the short-lived Google Glass devices, also while he was at Lookout, and the Tesla Model S back in 2015. "It's a sad fact that in the US GoFundMe has become the de facto standard for covering insurance shortfalls," Rogers said. "I will be forever grateful to my friends who stood it up for me and those who donated to it so that I can resume making bad guys cry as soon as feasibly possible." The cybersecurity community has rallied together to support Rogers' fundraiser, which has accrued over $83,000 in donations. The goal is $100,000.

Read more of this story at Slashdot.