RSS 생중계

The Drug Enforcement Administration has quietly ended its body camera program barely four years after it began, ProPublica reports, citing an internal email. From the report: On April 2, DEA headquarters emailed employees announcing that the program had been terminated effective the day before. The DEA has not publicly announced the policy change, but by early April, links to pages about body camera policies on the DEA's website were broken. The email said the agency made the change to be "consistent" with a Trump executive order rescinding the 2022 requirement that all federal law enforcement agents use body cameras. But at least two other federal law enforcement agencies within the Justice Department -- the U.S. Marshals Service and the Bureau of Alcohol, Tobacco, Firearms and Explosives -- are still requiring body cameras, according to their spokespeople.

Read more of this story at Slashdot.

Instagram co-founder Kevin Systrom says AI companies are trying too hard to "juice engagement" by pestering their users with follow-up questions, instead of providing actually useful insights. From a report: Systrom said the tactics represent "a force that's hurting us," comparing them to those used by social media companies to expand aggressively. "You can see some of these companies going down the rabbit hole that all the consumer companies have gone down in trying to juice engagement," he said at StartupGrind this week. "Every time I ask a question, at the end it asks another little question to see if it can get yet another question out of me."

Read more of this story at Slashdot.

Waymo's autonomous vehicles operating on Uber's platform in Austin are completing more trips per day than over 99% of human drivers in the market, according to Uber's Q1 2025 earnings report [PDF] released Wednesday. The fleet of approximately 100 autonomous Waymo vehicles, launched exclusively on Uber in March, has "exceeded expectations," CEO Dara Khosrowshahi stated in the report. He cited the performance to "Waymo's safety record and rider experience coupled with Uber's scale and reliability." Uber has rapidly expanded its autonomous vehicle operations, reaching an annual run-rate of 1.5 million mobility and delivery AV trips across its network. The company plans to scale to hundreds of vehicles in Austin in the coming months, while preparing for a launch in Atlanta by early summer. Khosrowshahi said that autonomous vehicle technology represents "the single greatest opportunity ahead for Uber."

Read more of this story at Slashdot.

The Debian project has the concept of essential packages, which provide the bare minimum functionality considered absolutely necessary (or "essential") for a system to function. Packages tagged as essential, and the packages that are required by the set of essential packages, are always installed as part of a Debian system. However, Debian's packaging rules do not require developers to explicitly declare dependencies on that set of packages (the essential set) but they can simply rely on the fact that those will always be present. That means that changing the essential set, as the project may wish to do occasionally, is more complicated than it should be. This came to light recently when a Debian developer asked what might be required to remove mawk to slim down the project's container images.

IBM CEO Arvind Krishna said the tech giant has used AI, and specifically AI agents, to replace the work of a couple hundred human resources workers. As a result, it has hired more programmers and salespeople, he said. From a report: Krishna's comments on Monday come as businesses sort through the workforce impacts of AI and AI agents, the independent bots that can autonomously perform tasks like analyze spreadsheets, conduct research and draft emails. While there haven't yet been widespread layoffs or downsizing as a result of AI across the economy, some business leaders have said they are holding down head count as they investigate the use of the technology. Meanwhile, the information-technology workforce has continued to shrink as AI weighs on hiring and some workers leave the field. For IBM, which this week hosts its annual Think conference in Boston, AI adoption has led it to boost hiring in some functions.

Read more of this story at Slashdot.

The SUSE Security Team has announced the removal of the Deepin Desktop from openSUSE due to violations of the project's packaging policy.

The discovery of the bypass of the security whitelistings via the deepin-feature-enable package marks a turning point in our assessment of Deepin. We don't believe that the openSUSE Deepin packager acted with bad intent when he implemented the "license agreement" dialog to bypass our whitelisting restrictions. The dialog itself makes the security concerns we have transparent, so this does not happen in a sneaky way, at least not towards users. It was not discussed with us, however, and it violates openSUSE packaging policies. Beyond the security aspect, this also affects general packaging quality assurance: the D-Bus configuration files and Polkit policies installed by the deepin-feature-enable package are unknown to the package manager and won't be cleaned up upon package removal, for example. Such bypasses are not deemed acceptable by us.

The combination of these factors led us to the decision to remove the Deepin desktop completely from openSUSE Tumbleweed and from the future Leap 16.0 release. In openSUSE Leap 15.6 we will remove the offending deepin-feature-enable package only. It is a difficult decision given that the Deepin desktop has a considerable number of users. We firmly believe the Deepin packaging and security assessment in openSUSE needs a reboot, however, ideally involving new people that can help get the Deepin packages into shape, establish a relationship with Deepin upstream and keep an eye on bugfixes, thus avoiding fruitless follow-up reviews that just waste our time. In such a new setup we would be willing to have a look at all the sensitive Deepin components again one by one.

The announcement goes into detail about the bypass of openSUSE packaging policy and the history of security reviews of Deepin components. It also offers guidance on continuing to use Deepin Desktop on openSUSE.

Security updates have been issued by Fedora (incus and nodejs20), Red Hat (freetype, kernel, kernel-rt, libsoup, libtiff, redis, redis:6, and thunderbird), SUSE (apparmor, chromium, grafana, ImageMagick, java-11-openjdk, java-17-openjdk, libsoup, libsoup2, libxslt, opensaml, rabbitmq-server, rubygem-rack-1_6, sqlite3, and thunderbird), and Ubuntu (kernel, libfcgi, libraw, libsoup2.4, linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-aws, linux-aws-5.4, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-aws-6.8, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oem-6.8, linux-oracle, linux-oracle-6.8, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-aws, linux-gcp, linux-gcp-6.11, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oracle, linux-raspi, linux-aws-fips, linux-fips, linux-gcp-fips, linux-azure, linux-azure, linux-azure-4.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-azure, linux-azure-6.11, linux-azure-6.8, linux-azure-fips, linux-intel-iot-realtime, linux-realtime, linux-oem-6.11, linux-raspi, linux-realtime, python, python-scrapy, and ruby-carrierwave).

An anonymous reader quotes a report from TechCrunch: The U.S. Federal Trade Commission (FTC) on Monday released new documentation detailing its new "Rule on Unfair or Deceptive Fees." The rule, set to take effect on May 12, prohibits hidden fees for live events, hotels, and short-term rentals. It also bans practices such as "bait-and-switch pricing" and any actions that conceal or misrepresent total prices and fees. In a newly published FAQ, the FTC offers a guide for these types of businesses, providing detailed information about pricing transparency. The rule will impact businesses, including live-event ticket sellers and short-term lodging providers, like hotels, motels, Airbnb, or VRBO. Third-party platforms, resellers, and travel agents are also covered by the new regulation. (Airbnb already updated its service in advance of this new regulation to show users the total cost of their stay upfront.) [...] Also included in the FTC's new FAQ are the types of fees that can be excluded, such as taxes or government fees, shipping charges, and charges for optional goods or services people may select to buy as part of the same transaction. (Note that handling charges aren't on this list.) However, the FTC notes that businesses must disclose that it has excluded charges from the total price before asking for payment. For example, if a business excludes shipping charges from the advertised price, it's required to clearly state the amount and purpose of those charges.

Read more of this story at Slashdot.

Researchers have discovered a mutation in the SIK3 gene that enables some people to function normally on just three to six hours of sleep. The finding, published this week in PNAS, adds to a growing list of genetic variants linked to naturally short sleepers. When University of California, San Francisco scientists introduced the mutation to mice, the animals required 31 minutes less sleep daily. The modified enzyme showed highest activity in brain synapses, suggesting it might support brain homeostasis -- the resetting process thought to occur during sleep. "These people, all these functions our bodies are doing while we are sleeping, they can just perform at a higher level than we can," said Ying-Hui Fu, the study's co-author. This marks the fifth mutation across four genes identified in naturally short sleepers. Fu's team hopes these discoveries could eventually lead to treatments for sleep disorders by revealing how sleep regulation functions in humans.

Read more of this story at Slashdot.

The Department of Defense is revamping its "outdated" software procurement systems through a new Software Fast Track initiative. The SWFT program aims to reform how software is acquired, tested, and authorized with security as the primary focus. "Widespread use of open source software, with contributions from developers worldwide, presents a significant and ongoing challenge," DoD CIO Katie Arrington wrote in the initiative memo. The DoD currently "lacks visibility into the origins and security of software code," hampering security assurance efforts. The initiative will establish verification procedures for software products and expedite authorization processes. Multiple requests for information are running until late May seeking industry input, including how to leverage AI for software authorization and define effective supply chain risk management requirements. The push comes amid recent DoD security incidents, from malware campaigns targeting procurement systems to sensitive information leaks.

Read more of this story at Slashdot.

Willy Tarreau and William Lallemand have posted an extensive white paper examining the landscape of the available SSL implementations.

OpenSSL 3.0 performs significantly worse than alternative SSL libraries, forcing organizations to provision more hardware just to maintain existing throughput. This raises important questions about performance, energy efficiency, and operational costs.

Examining alternatives—BoringSSL, LibreSSL, WolfSSL, and AWS-LC—reveals a landscape of trade-offs. Each offers different approaches to API compatibility, performance optimization, and QUIC support. For developers navigating the modern SSL ecosystem, understanding these trade-offs is crucial for optimizing performance, maintaining compatibility, and future-proofing their infrastructure.

On the 50th anniversary of the USENIX organization, its flagship Annual Technical Conference (ATC) is coming to an end.

For the past two decades, as more USENIX conferences have joined the USENIX calendar by focusing on specific topics that grew out of ATC itself, attendance at ATC has steadily decreased to the point where there is no longer a critical mass of researchers and practitioners joining us. Thus, after many years of experiments to adapt this conference to the ever-changing tech landscape and community, the USENIX Board of Directors has made the difficult decision to sunset USENIX ATC.

Many important technologies first saw the light of day at this event.

Stratolaunch successfully flew its uncrewed Talon-A2 prototype to hypersonic speeds twice -- once in December and again in March. "We've now demonstrated hypersonic speed, added the complexity of a full runway landing with prompt payload recovery and proven reusability," Stratolaunch President and CEO Zachary Krevor said in a statement on Monday. "Both flights were great achievements for our country, our company and our partners." Space.com reports: Microsoft co-founder Paul Allen established Stratolaunch in 2011, with the goal of air-launching satellites from a giant carrier plane called Roc, which has a wingspan of 385 feet (117 meters). That vision changed after Allen's 2018 death, however; the company is now using Roc as a platform to test hypersonic technology. Hypersonic vehicles are highly maneuverable craft capable of flying at least five times the speed of sound. Their combination of speed and agility make them much more difficult to track and intercept than traditional ballistic missiles. The United States, China and other countries view hypersonic tech as vital for national security, and are therefore developing and testing such gear at an ever-increasing pace. Stratolaunch, Roc and the winged, rocket-powered Talon-2A are part of this evolving picture, as the two newly announced test flights show. They were both conducted for the U.S. military's Test Resource Management Center Multi-Service Advanced Capability Hypersonic Test Bed (MACH-TB) program, under a partnership with the Virginia-based company Leidos. On both occasions, Roc lifted off from California and dropped Talon-2A over the Pacific Ocean. The hypersonic vehicle then powered its way to a landing at Vandenberg Space Force Base, on California's Central Coast. "These flights were a huge success for our program and for the nation," Scott Wilson, MACH-TB program manager, said in the same statement. "The data collected from the experiments flown on the initial Talon-A flight has now been analyzed and the results are extremely positive," he added. "The opportunity for technology testing at a high rate is highly valuable as we push the pace of hypersonic testing. The MACH-TB program is pleased with the multiple flight successes while looking forward to future flight tests with Stratolaunch."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Spyware maker NSO Group will have to pay more than $167 million in damages to WhatsApp for a 2019 hacking campaign against more than 1,400 users. On Tuesday, after a five-year legal battle, a jury ruled that NSO Group must pay $167,256,000 in punitive damages and around $444,719 in compensatory damages. This is a huge legal win for WhatsApp, which had asked for more than $400,000 in compensatory damages, based on the time its employees had to dedicate to remediate the attacks, investigate them, and push fixes to patch the vulnerability abused by NSO Group, as well as unspecified punitive damages. The trial, as well as the whole lawsuit, prompted a series of revelations, such as the location of the victims of the 2019 spyware campaign, as well as the names of some of NSO Group's customers. The ruling marks the end -- pending a potential appeal -- of a legal battle that started in more than five years ago, when WhatsApp filed a lawsuit against the spyware maker. The Meta-owned company accused NSO Group of accessing WhatsApp servers and exploiting an audio-calling vulnerability in the chat app to target around 1,400 people, including dissidents, human rights activists, and journalists. NSO Group's spokesperson Gil Lainer left the door open for an appeal. "We will carefully examine the verdict's details and pursue appropriate legal remedies, including further proceedings and an appeal," Lainer said in a statement.

Read more of this story at Slashdot.

Rep. Kat Cammack (R-FL) introduced the App Store Freedom Act [PDF] on Tuesday, legislation that would compel "large app store operators" with over 100 million US users to permit third-party app stores and allow them to be set as defaults. The bill directly challenges Apple's walled garden approach and Google's Play Store dominance by requiring both companies to allow developers to use alternative payment systems, bypassing the platforms' commission structures. It would also mandate equal access to development tools and interfaces without discrimination, while giving users the ability to remove pre-installed apps. Violations would trigger FTC enforcement with penalties up to $1 million per infraction. The legislation mirrors recent European Union regulations that have already forced Apple to permit third-party app stores and allow users to change default apps.

Read more of this story at Slashdot.

Amazon's Zoox said it has issued a software recall for 270 of its robotaxis after a crash in Las Vegas last month. CNBC reports: The recall surrounds a defect with the vehicle's automated driving system that could cause it to inaccurately predict the movement of another car, increasing "the risk of a crash," according to a report submitted to the National Highway Traffic Safety Administration on May 1. Zoox submitted the recall after an April 8 incident in Las Vegas in which an unoccupied Zoox robotaxi collided with a passenger vehicle, the NHTSA report states. There were no injuries in the crash and only minor damage occurred to both vehicles. "After analysis and rigorous testing, Zoox identified the root cause," the company said in a blog post. "We issued a software update that was implemented across all Zoox vehicles. All Zoox vehicles on the road today, including our purpose-built robotaxi and test fleet, have the updated software." Zoox paused all driverless vehicle operations while it reviewed the incident. It has since resumed operations after rolling out the software update.

Read more of this story at Slashdot.

According to the Washington Post (paywalled), the Trump administration plans to eliminate the Energy Star program -- a long-standing EPA initiative that has saved Americans over $500 billion in energy costs since 1992. "The organization states that the average American saves about $450 per year on energy bills by choosing appliances that have been Energy Star-certified," adds Engadget. From the report: The EPA hasn't said when this would go into effect and when consumers would stop seeing Energy Star certifications on home appliances. It's technically illegal for a presidential administration to end this program without Congress, but the same goes for many of Trump's pronouncements and executive orders. "Eliminating the Energy Star program would directly contradict this administration's promise to reduce household energy costs," Paula Glover, president of the nonprofit coalition Alliance to Save Energy, told CNN. "For just $32 million a year, Energy Star helps American families save over $40 billion in annual energy costs. That's a return of $350 for every federal dollar invested."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google's accelerated Android release cycle will soon deliver a new version of the software, and it might look quite different from what you'd expect. Amid rumors of a major UI overhaul, Google seems to have accidentally published a blog post detailing "Material 3 Expressive," which we expect to see revealed at I/O later this month. Google quickly removed the post from its design site, but not before the Internet Archive saved it. It has been a few years since Google introduced any major changes to its Material theming, but the design team wasn't just sitting idly this whole time. According to the leaked blog post, Google has spent the past three years working on a more emotionally engaging vision for Android design. While the original Material Design did an admirable job of leveraging colors and consistent theming, it could make apps look too similar. The answer to that, apparently, is Material 3 Expressive. Google says this is "the most-researched update to Google's design system, ever." The effort reportedly included 46 separate studies with hundreds of sample designs. The team showed these designs to more than 18,000 study participants to understand how the user experience would work. In these studies, the design team used a variety of metrics, including the following: - Eye tracking: Analyzing where users focus their attention - Surveys and focus groups: Gauging emotional responses to different designs - Experiments: Gathering sentiment and preferences - Usability: Seeing how quickly participants could understand and use an interface "The result of all this is an interface that appears much more varied than the previous Material Design," writes Ars. You can check out 9to5Google's article, which preserved many of the blog post's visuals before they were removed.

Read more of this story at Slashdot.

Longtime Slashdot reader RoccamOccam shares a blog post from the Trifecta Tech Foundation, a nonprofit organization that creates secure, open source building blocks for infrastructure software. The foundation is also the developer behind Sudo-rs. From the report: Ubuntu 25.10 is set to adopt sudo-rs by default. Sudo-rs is a memory-safe reimplementation of the widely-used sudo utility, written in the Rust programming language. This move is part of a broader effort by Canonical to improve the resilience and maintainability of core system components. [...] The decision to adopt sudo-rs is in line with Canonical's commitment to Carefully But Purposefully increase the resilience of critical system software, by adopting Rust. Rust is a programming language with strong memory safety guarantees that eliminates many of the vulnerabilities that have historically plagued traditional C-based software. Sudo-rs is part of the Trifecta Tech Foundation's Privilege Boundary initiative, which aims to handle privilege escalation with memory-safe alternatives.

Read more of this story at Slashdot.

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...] "The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."

Read more of this story at Slashdot.