RSS 생중계

Inside this week's LWN.net Weekly Edition:

• Front: Firefox forks; Bend and Vine; FineIBT; Guard pages; Fedora's Flatpak packaging; Zotero.
• Briefs: LFS 12.3; FerretDB 2.0; Firefox; Fish 4.0; Incus 6.10; Thunderbird 136.0; Xen 4.20; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

Google announced Wednesday it is expanding its AI Overviews to more query types and users worldwide, including those not logged into Google accounts, while introducing a new "AI Mode" chatbot feature. AI Mode, which resembles competitors like Perplexity or ChatGPT Search, will initially be limited to Google One AI Premium subscribers who enable it through the Labs section of Search. The feature delivers AI-generated answers with supporting links interspersed throughout, powered by Google's search index. "What we're finding from people who are using AI Overviews is that they're really bringing different kinds of questions to Google," said Robby Stein, VP of product on the Search team. "They're more complex questions, that may have been a little bit harder before." Google is also upgrading AI Overviews with its Gemini 2.0 model, which Stein says will improve responses for math, coding and reasoning-based queries.

Read more of this story at Slashdot.

The Google Bug Hunters blog has a detailed description of how a vulnerability in AMD's microcode-patching functionality was discovered and exploited; the authors have also released a set of tools to assist with this kind of research in the future.

Secure hash functions are designed in such a way that there is no secret key, and there is no way to use knowledge of the intermediate state in order to generate a collision. However, CMAC was not designed as a hash function, and therefore it is a weak hash function against an adversary who has the key. Remember that every AMD Zen CPU has to have the same AES-CMAC key in order to successfully calculate the hash of the AMD public key and the microcode patch contents. Therefore, the key only needs to be revealed from a single CPU in order to compromise all other CPUs using the same key. This opens up the potential for hardware attacks (e.g., reading the key from ROM with a scanning electron microscope), side-channel attacks (e.g., using Correlation Power Analysis to leak the key during validation), or other software or hardware attacks that can somehow reveal the key. In summary, it is a safe assumption that such a key will not remain secret forever.

European nations have heightened security after a series of suspected sabotage attacks on submarine infrastructure in the Baltic Sea, with officials increasingly pointing to Russia as the likely culprit. Finnish authorities detained the tanker Eagle S in December after it allegedly damaged three undersea fiber-optic connections with Estonia and one with Germany. The vessel, carrying Russian oil as part of a "shadow fleet" evading sanctions, made suspicious course changes while crossing cable routes. In November, two more submarine cables in the Baltic were damaged, with investigations focusing on Chinese-owned cargo ship Yi Peng 3, which reduced speed near the cables and turned off its transponder. NATO launched Baltic Sentry in January to enhance surveillance, deploying ships and naval drones off Estonia's coast. The alliance also established a coordination cell following the 2022 Nord Stream pipeline sabotage. Russia has denied involvement, accusing NATO of using "myths" to increase its Baltic presence.

Read more of this story at Slashdot.

Nintendo has trumpeted its latest legal success in the company's ongoing fight against pirated games as "significant" not only for itself, "but for the entire games industry." From a report: The Mario maker today confirmed it had won a final victory over French file-sharing company Dstorage, which operates the website 1fichier.com, following years of legal wrangling and repeated appeals. Nintendo's victory means European file-sharing companies must now remove illegal copies of games when asked to do so, or be held accountable and cough up potentially sizable fines as punishment. In 2021, the Judicial Court of Paris ordered Dstorage pay Nintendo $1 million in damages after it was found to be hosting pirate games. Dstorage launched an appeal, which then failed in 2023, and was ordered to pay Nintendo further costs. But the case didn't end there. Dstorage finally took the matter to the highest French judiciary court, where it argued that a specific court order was required before it needed to remove content from its hosting services. This bid has also now failed, ending the long-running matter for good.

Read more of this story at Slashdot.

Geoffrey.landis writes: Over the last three months of 2024, more than 800 cases of GPS interference were recorded in Lithuanian airspace. Estonia and Finland have also raised concerns, accusing Russia of deploying technology to jam satellite navigation signals near Nato's eastern flank. A group of British scientists -- dubbed the "Time Lords" -- are working on a solution: to develop portable atomic clocks. By carrying a group of atoms cooled to -273C on the plane itself, rather than relying on an external signal, the technology can't be interfered with by jamming. But the problem is that the equipment is still too large to be used routinely on planes. The UK Hub for Quantum Enabled Position Navigation and Timing (QEPNT) was set up last December by the government to shrink the devices on to a chip, making them robust enough for everyday life and affordable for everyone. Henry White, part of the team from BAE Systems that worked on the test flight, told BBC News that he thought the first application could be aboard ships, "where there's a bit more space".

Read more of this story at Slashdot.

Half of the world's climate-heating carbon emissions come from the fossil fuels produced by just 36 companies, analysis has revealed. From a report: The researchers said the 2023 data strengthened the case for holding fossil fuel companies to account for their contribution to global heating. Previous versions of the annual report have been used in legal cases against companies and investors. The report found that the 36 major fossil fuel companies, including Saudi Aramco, Coal India, ExxonMobil, Shell and numerous Chinese companies, produced coal, oil and gas responsible for more than 20bn tonnes of CO2 emissions in 2023. If Saudi Aramco was a country, it would be the fourth biggest polluter in the world after China, the US and India, while ExxonMobil is responsible for about the same emissions as Germany, the world's ninth biggest polluter, according to the data. Global emissions must fall by 45% by 2030 if the world is to have a good chance of limiting temperature rise to 1.5C, the internationally agreed target. However, emissions are still rising, supercharging the extreme weather that is taking lives and livelihoods across the planet. The International Energy Agency has said new fossil fuel projects started after 2021 are incompatible with reaching net zero emissions by 2050. Most of the 169 companies in the Carbon Majors database increased their emissions in 2023, which was the hottest year on record at the time.

Read more of this story at Slashdot.

Version 2.0.0 of FerretDB has been released. FerretDB is an open-source alternative to MongoDB, which switched to a non-open license in 2018, built on top of PostgreSQL. This release utilizes the DocumentDB PostgreSQL extension for better performance, adds vector search, and replication.

Microsoft warned that an advanced Chinese hacking group is waging a campaign of supply-chain attacks. From a report: The company's threat intelligence division said in a blog post Wednesday that the group, known as Silk Typhoon, was targeting remote management tools and cloud applications in order to spy on a range of companies and organizations in the US and abroad. Microsoft said it observed in late 2024 that hackers were targeting cloud storage services, from which they would steal keys that could be used to access customer data. The group breached state and local government organizations and companies in the technology sector, seeking information on US government policy and documents related to law enforcement investigations. Silk Typhoon was behind a December hack that targeted the US Treasury Department, compromising more than 400 computers, Bloomberg News previously reported.

Read more of this story at Slashdot.

Functional programming languages have a long association with graphs. In the 1990s, it was even thought that parallel graph-reduction architectures could make functional programming languages much faster than their imperative counterparts. Alas, that prediction mostly failed to materialize. Even though graphs are still used as a theoretical formalism in order to define and optimize functional languages (such as Haskell's spineless tagless graph-machine), they are still mostly compiled down to the same old non-parallel assembly code that every other language uses. Now, two projects — Bend and Vine — have sprung up attempting to change that, and prove that parallel graph reduction can be a useful technique for real programs.

OpenAI is preparing to launch a tiered pricing structure for its AI agent products, with high-end research assistants potentially costing $20,000 per month, [alternative source] according to The Information. The AI startup, which already generates approximately $4 billion in annualized revenue from ChatGPT, plans three service levels: $2,000 monthly agents for "high-income knowledge workers," $10,000 monthly agents for software development, and $20,000 monthly PhD-level research agents. OpenAI has told some investors that agent products could eventually constitute 20-25% of company revenue, the report added.

Read more of this story at Slashdot.

The Xen Project has announced the release of Xen 4.20. This release adds support for AMD Zen 5 CPUs, improved compliance with the MISRA C standard, work on PCI-passthrough on Arm, and more. Xen 4.20 also removes support for Xeon Phi CPUs, which were discontinued in 2018. See the feature list and release notes for more information.

Apple has refreshed its MacBook Air lineup with the M4 processor, adding a new sky blue color option and reducing prices across the board. The 13-inch model now starts at $999, while the 15-inch begins at $1,199. Both models are available to order immediately and will ship on March 12. The updated MacBook Airs feature the same thin design as previous generations but now include the 12-megapixel Center Stage webcam found in current MacBook Pro models. Both variants come with the M4 chip, aligning them with Apple's recent Mac Mini, iMac, and MacBook Pro refreshes. Base configurations include an M4 with a 10-core CPU and 8-core GPU, 16GB of unified memory, and 256GB of storage. Customers can upgrade to a 10-core GPU (matching the base 14-inch MacBook Pro), 32GB of RAM, and up to 2TB of storage. A significant technical improvement is the support for two external 6K displays while keeping the laptop's lid open, addressing a limitation of previous Air models.

Read more of this story at Slashdot.

Version 136.0 of the Thunderbird Desktop mail client has been released. The release includes a quick toggle for adapting messages to dark mode, and a new "Appearance" setting to control message threading and sorting order globally, as well as a number of bug fixes. See the security advisory for a full list of security vulnerabilities addressed in Thunderbird 136.0.

Version 12.3 of Linux From Scratch (LFS) has been released, along with Beyond Linux From Scratch (BLFS) 12.3. LFS provides step-by-step instructions on building a customized Linux system entirely from source, and BLFS helps to extend an LFS installation into a more usable system. Notable changes in this release include toolchain updates to GNU Binutils 2.44, GNU C Library (glibc) 2.41, and Linux 6.13.2. The Changelog has a full list of changes since the previous stable release.

Google is urging officials at President Donald Trump's Justice Department to back away from a push to break up the search engine company, citing national security concerns, Bloomberg reported Wednesday, citing sources familiar with the discussions. From the report: Representatives for the Alphabet unit asked the government in a meeting last week to take a less aggressive stance as the US looks to end what a judge ruled to be an illegal online search monopoly, said the people, who asked not to be identified discussing the private deliberations. The Biden administration in November had called for Google to sell its Chrome web browser and make other changes to its business including an end to billions of dollars in exclusivity payments to companies including Apple. Although Google has previously pushed back on the Biden-era plan, the recent discussions may preview aspects of the company's approach to the case as it continues under the Trump administration. A federal judge is set to rule on how Google must change its practices following hearings scheduled for next month. Both sides are due to file their final proposals to the judge on Friday.

Read more of this story at Slashdot.

Security updates have been issued by Debian (libreoffice), Fedora (exim and fscrypt), Red Hat (kernel), Slackware (mozilla), SUSE (docker, firefox, and podman), and Ubuntu (linux, linux-lowlatency, linux-lowlatency-hwe-5.15, linux, linux-lowlatency, linux-lowlatency-hwe-6.8, linux, linux-oem-6.11, linux-aws, linux-aws-6.8, linux-oracle, linux-oracle-6.8, linux-raspi, linux-aws, linux-gcp, linux-hwe-6.11, linux-oracle, linux-raspi, linux-realtime, linux-aws, linux-gkeop, linux-ibm, linux-intel-iotg, linux-intel-iotg-5.15, linux-oracle, linux-oracle-5.15, linux-raspi, and linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop).

Reinforcement learning pioneers Andrew Barto and Richard Sutton have warned against the unsafe deployment of AI systems [alternative source] after winning computing's prestigious $1 million Turing Award Wednesday. "Releasing software to millions of people without safeguards is not good engineering practice," said Barto, professor emeritus at the University of Massachusetts, comparing it to testing a bridge by having people use it. Barto and Sutton developed reinforcement learning in the 1980s, inspired by psychological studies of human learning. The technique, which rewards AI systems for desired behaviors, has become fundamental to advances at OpenAI and Google. Sutton, a University of Alberta professor and former DeepMind researcher, dismissed tech companies' artificial general intelligence narrative as "hype." Both laureates also criticized President Trump's proposed cuts to federal research funding, with Barto calling it "wrong and a tragedy" that would eliminate opportunities for exploratory research like their early work.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Popular Science: On March 2, Firefly Aerospace's Blue Ghost made history, becoming the first commercial lunar lander to successfully touchdown on the moon's surface. The groundbreaking lander is wasting no time in getting to work. According to NASA, the joint public-private mission has already successfully demonstrated the ability to use Earth-based GPS signals on the lunar surface, marking a major step ahead of future Artemis missions. Accurate and reliable navigation will be vital for future astronauts as they travel across the moon, but traditional GPS tools aren't much good when you're around 225,000 miles from Earth. One solution could be transmitting data from the Global Navigation Satellite System (GNSS) to the lunar surface in order to autonomously measure time, velocity, and position. That's what mission engineers from NASA and the Italian Space Agency hoped to demonstrate through the Lunar GNSS Receiver Experiment (LuGRE), one of the 10 projects packed aboard Blue Ghost. [...] "On Earth we can use GNSS signals to navigate in everything from smartphones to airplanes," Kevin Coggins, deputy associate administrator for NASA's SCaN (Space Communications and Navigation) Program, said in a statement. "Now, LuGRE shows us that we can successfully acquire and track GNSS signals at the Moon." LuGRE relied on two GNSS constellations, GPS and Galileo, which triangulate positioning based on dozens of medium Earth orbit satellites that provide real-time tracking data. It performed its navigational fix at approximately 2 a.m. EST on March 3, while about 225,000 miles from Earth. Blue Ghost's LuGRE system will continue collecting information over the next two weeks almost continuously while the lander's other tools begin their own experiments.

Read more of this story at Slashdot.

Australian company Cortical Labs has launched the CL1, the world's first commercial "biological computer" that merges human brain cells with silicon hardware to form adaptable, energy-efficient neural networks. New Atlas reports: Known as a Synthetic Biological Intelligence (SBI), Cortical's CL1 system was officially launched in Barcelona on March 2, 2025, and is expected to be a game-changer for science and medical research. The human-cell neural networks that form on the silicon "chip" are essentially an ever-evolving organic computer, and the engineers behind it say it learns so quickly and flexibly that it completely outpaces the silicon-based AI chips used to train existing large language models (LLMs) like ChatGPT. "Today is the culmination of a vision that has powered Cortical Labs for almost six years," said Cortical founder and CEO Dr Hon Weng Chong. "We've enjoyed a series of critical breakthroughs in recent years, most notably our research in the journal Neuron, through which cultures were embedded in a simulated game-world, and were provided with electrophysiological stimulation and recording to mimic the arcade game Pong. However, our long-term mission has been to democratize this technology, making it accessible to researchers without specialized hardware and software. The CL1 is the realization of that mission." He added that while this is a groundbreaking step forward, the full extent of the SBI system won't be seen until it's in users' hands. "We're offering 'Wetware-as-a-Service' (WaaS)," he added -- customers will be able to buy the CL-1 biocomputer outright, or simply buy time on the chips, accessing them remotely to work with the cultured cell technology via the cloud. "This platform will enable the millions of researchers, innovators and big-thinkers around the world to turn the CL1's potential into tangible, real-word impact. We'll provide the platform and support for them to invest in R&D and drive new breakthroughs and research." These remarkable brain-cell biocomputers could revolutionize everything from drug discovery and clinical testing to how robotic "intelligence" is built, allowing unlimited personalization depending on need. The CL1, which will be widely available in the second half of 2025, is an enormous achievement for Cortical -- and as New Atlas saw recently with a visit to the company's Melbourne headquarters -- the potential here is much more far-reaching than Pong. [...]

Read more of this story at Slashdot.