RSS 생중계

An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly. In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted. [...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.

Read more of this story at Slashdot.

Chrome has extended its dominance in the browser wars, surpassing 70% market share on desktops while Edge, Safari, Firefox, and Opera trail far behind. Neowin reports: According to [Statcounter], in August 2025, Chrome kept on increasing its overwhelming market share, which is now above the 70% mark (70.25%, to be precise) in the desktop browser market. The gap between Chrome and its closest competitor, Microsoft Edge, is immense, with Edge holding just 11.8% (+0.01 points over the previous month). Apple's Safari is third with 6.34% (+1.04 points); Firefox has 4.94% (-0.36 points); and Opera is fifth with a modest 2.06% market share (-0.13 points). Things look similar on the mobile side of the market, with Google Chrome having 69.15% (+1.92 points) and Safari being second with 20.32% (-2.2 points). Samsung Internet is third with 3.33% (-0.17 points). As for Microsoft Edge, its mobile share is only 0.59% (+0.06 points). The findings can be found here.

Read more of this story at Slashdot.

SAP will invest over 20 billion euros ($23 billion) in European sovereign cloud infrastructure over the next decade. "Innovation and sovereignty cannot be two separate things -- it needs to come together," said Thomas Saueressig, SAP's board member tasked with leading customer services and delivery. CNBC reports: The company said it was expanding its sovereign cloud offerings to include an infrastructure-as-a-service (IaaS) platform enabling companies to access various computing services via its data center network. IaaS is a market dominated by players like Microsoft and Amazon. It will also roll out a new on-site option that allows customers to use SAP-operated infrastructure within their own data centers. The aim of the initiative is to ensure that customer data is stored within the European Union to maintain compliance with regional data protection regulations such as the General Data Protection Regulation, or GDPR. [...] Saueressig said that SAP is "closely" involved in the creation of the new AI gigafactories but would not be the lead partner for the initiative. He added that the company's more than 20-billion-euro investment in Europe's sovereign cloud capabilities will not alter the company's capital expenditure for the next year and has already been baked into its financial plans.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: OpenAI said on Tuesday it will acquire Statsig in an all-stock deal valuing the product testing startup at about $1.1 billion based on OpenAI's current valuation of $300 billion. The ChatGPT maker will also appoint Statsig's chief executive officer, Vijaye Raji, as OpenAI's tech chief of applications, in a push to build on its artificial intelligence products amid strong competition from rivals. [...] In his role, Vijaye will head product engineering for ChatGPT and the company's coding agent, Codex, with responsibilities that span core systems and product lines including infrastructure, the company said. Statsig builds tools to help software developers test and flag new features. It raised $100 million in funding earlier this year. Once the acquisition is finalized, Statsig employees will work for OpenAI but will continue operating independently out of its Seattle office, OpenAI said. The move follows the acquisition of iPhone designer Jony Ive's startup, io Products, in a $6.5 billion deal to usher in "a new family of products" for the age of artificial general intelligence.

Read more of this story at Slashdot.

A federal judge spared Google from the harshest penalties in its antitrust case. The search giant can keep Chrome and avoid breaking up Android, but it has been barred from exclusive contracts and ordered to limit data sharing with rivals. CNBC reports: U.S. District Judge Amit Mehta ruled against the most severe consequences that were proposed by the U.S. Department of Justice, including selling off its Chrome browser, which provides data that helps its advertising business deliver targeted ads. "Google will not be required to divest Chrome; nor will the court include a contingent divestiture of the Android operating system in the final judgment," the decision stated. "Plaintiffs overreached in seeking forced divesture of these key assets, which Google did not use to effect any illegal restraints." The company can make payments to preload products, but it cannot have exclusive contracts, the decision stated. The DOJ asked Google to stop the practice of "compelled syndication," which refers to the practice of making certain deals with companies to ensure its search engine remains the default choice in browsers and smartphones. [...] The judge ordered the parties to meet by September 10th for the final judgement. "Google will not be barred from making payments or offering other consideration to distribution partners for preloading or placement of Google Search, Chrome, or its GenAI products. Cutting off payments from Google almost certainly will impose substantial -- in some cases, crippling -- downstream harms to distribution partners, related markets, and consumers, which counsels against a broad payment ban." [...] Google said it will appeal the ruling, which would delay any potential penalties. Mehta ruled Tuesday that Google will have to make available certain search index data and user interaction data though "not ads data." The court narrowed the datasets Google will be required to share and said they must occur on "ordinary commercial terms that are consistent with Google's current syndication services."

Read more of this story at Slashdot.

An old school ransomware attack has a new twist: threatening to feed data to AI companies so it'll be added to LLM datasets. 404 Media reports: Artists&Clients is a website that connects independent artists with interested clients. Around August 30, a message appeared on Artists&Clients attributed to the ransomware group LunaLock. "We have breached the website Artists&Clients to steal and encrypt all its data," the message on the site said, according to screenshots taken before the site went down on Tuesday. "If you are a user of this website, you are urged to contact the owners and insist that they pay our ransom. If this ransom is not paid, we will release all data publicly on this Tor site, including source code and personal data of users. Additionally, we will submit all artwork to AI companies to be added to training datasets." LunaLock promised to delete the stolen data and allow users to decrypt their files if the site's owner paid a $50,000 ransom. "Payment is accepted in either Bitcoin or Monero," the notice put on the site by the hackers said. The ransom note included a countdown timer that gave the site's owners several days to cough up the cash. "If you do not pay, all files will be leaked, including personal user data. This may cause you to be subject to fines and penalties under the GDPR and other laws."

Read more of this story at Slashdot.

An anonymous reader shares a report: It's broadly understood that electric vehicles are more environmentally friendly than their counterparts that burn only gasoline. And yes -- that includes the impact of manufacturing batteries and generating power to charge them. But even then, such generalizations gloss over specifics, like which EVs are especially eco-friendly, not to mention where. The efficiency of an electric car varies greatly depending on ambient temperature, which is less compromising for gas-burning vehicles. We now have the data and math to answer these questions, courtesy of the University of Michigan. Last week, researchers there released a study along with a calculator that allows users to compare the lifetime difference in greenhouse gas emissions of various vehicle types and powertrains from "cradle to grave," as they say. That includes vehicle production and disposal, as well as use-phase emissions from "driving and upstream fuel production and/or electricity generation," per the university itself. What's more, these calculations can be skewed by where you live. So, if I punch in my location of Bucks County, Pennsylvania, I can see that my generic, pure-ICE "compact sedan" emits 309 grams of carbon dioxide equivalent (gCO2e) per mile. A compact hybrid would emit 20% less; a plug-in hybrid, 44% less; and an EV with a 200-mile range, a whopping 63% less. And, if I moved to Phoenix, the gains would be even larger by switching to pure electric, to the tune of a 79% reduced carbon impact.

Read more of this story at Slashdot.

UK weather agency Met Office, in a blog post: Provisional Met Office statistics confirm that summer 2025 is officially the warmest summer on record for the UK. Analysis by Met Office climate scientists has also shown that a summer as hot or hotter than 2025 is now 70 times more likely than it would be in a 'natural' climate with no human caused greenhouse gas emissions. The UK's mean temperature from 1 June to 31 August stands at 16.10C, which is 1.51C above the long-term meteorological average. This surpasses the previous record of 15.76C, set in 2018, and pushes the summer of 1976 out of the top five warmest summers in a series dating back to 1884.

Read more of this story at Slashdot.

Taylor Otwell, inventor and maintainer of popular PHP framework Laravel, is warning against overly complex code and the risks of bypassing the framework. From a report: Developers are sometimes drawn to building "cathedrals of complexity that aren't so easy to change," he said, speaking in a podcast for maintainable.fm, a series produced by Ruby on Rails consultancy Planet Argon. Software, he said, should be "simple and disposable and easy to change." Some problems are genuinely complex, but in general, if a developer finds a "clever solution" which goes beyond the standard documented way in a framework such as Laravel or Ruby on Rails, "that would be like a smell." A code smell -- for the uninitiated in the The Reg readership -- is a term developers use for code that works but may cause problems at a later date. Otwell described himself as a "pretty average programmer" but reckons many others are the same, solving basic problems as quickly and efficiently as they can.

Read more of this story at Slashdot.

For decades, the dry season in the Amazon rainforest has been getting drier. A new study, published on Tuesday, found that about 75% of the decrease in rainfall is directly linked to deforestation. From a report: The study, in Nature Communications, also found that tree loss was partly responsible for increased heat across the Amazon. Since 1985, the hottest days in the Amazon have warmed by about 2 degrees Celsius. About 16% of that increase, the researchers found, was because of deforestation. Marco Franco, an assistant professor at the University of Sao Paulo who led the study, said he was surprised by the findings. "We were expecting to see deforestation as a driver, but not this much," he said. "It tells us a lot about what's going on in the biome." The Amazon rainforest is often called the lungs of the planet because its trees help to regulate the global climate by absorbing planet-warming carbon dioxide. But decades of large-scale logging and burning in the forest have recently flipped that script, and parts of the region have become net producers of greenhouse gases.

Read more of this story at Slashdot.

An anonymous reader shares a report: If you're sharing an ad-free YouTube Premium or YouTube Music account with friends or family who live outside of your home, you could lose your premium privileges. Customers who lose these can still watch YouTube or listen to music with ads -- but let's be real, it's not the same. Multiple reports have shown people who have the service have been receiving notices that their premium service will be paused for 15 days due to violating a policy that's been in place since 2023. On its support page, YouTube says that an account manager can add up to five family members in a household to their Premium membership. But, the post says, "Family members sharing a YouTube family plan must live in the same household as the family manager."

Read more of this story at Slashdot.

Steam's August 2025 hardware survey shows 32GB RAM configurations reached 35.42% of users while 16GB systems fell to 41.67%, continuing a six-month trend that positions 32GB to become the dominant memory configuration among PC gamers before year's end. Windows 11 crossed 60% adoption among Steam users. The RTX 4060 continues gaining market share despite newer RTX 5060 availability. Display resolutions at 2560x1600 pixels saw the largest growth, primarily from gaming laptops.

Read more of this story at Slashdot.

America is becoming a nation of economic pessimists. WSJ reports: A new Wall Street Journal-NORC poll [PDF] finds that the share of people who say they have a good chance of improving their standard of living fell to 25%, a record low in surveys dating to 1987. More than three-quarters said they lack confidence that life for the next generation will be better than their own, the poll found. Nearly 70% of people said they believe the American dream -- that if you work hard, you will get ahead -- no longer holds true or never did, the highest level in nearly 15 years of surveys. Republicans in the survey were less pessimistic than Democrats, reflecting the longstanding trend that the party holding the White House has a rosier view of the economy. An index that combined six poll questions found that 55% of Republicans, as well as 90% of Democrats, held a negative view of prospects for themselves and their children. The discontent reaches across demographic lines. By large majorities, both women and men held a pessimistic view in the combined questions. So did both younger and older adults, those with and without a college degree and respondents with more than $100,000 in household income, as well as those with less.

Read more of this story at Slashdot.

Speaking of Amazon Prime, Amazon is axing the program that lets Prime members share their free shipping perk with people outside their household. The Verge: In an update to its support page, Amazon says it will cut off Prime benefit sharing on October 1st, 2025, prompting invitees who don't live with the account holder to sign up for their own subscription at a discounted $14.99 rate for an entire year (and then $14.99 per month after that). Instead, Amazon is replacing this program with Amazon Family, which lets account holders share Prime benefits -- but only with people they live with. Amazon says everyone in a "Family" must live at the same primary residential address, defined as "the address you consider to be your home and where you spend the majority of your time."

Read more of this story at Slashdot.

Developer Hugo Tunius, writing in a blog post: Sideloading has been a hot topic for the last decade. Most recently, Google has announced further restrictions on the practice in Android. Many hundreds of comment threads have discussed these changes over the years. One point in particular is always made: "I should be able to run whatever code I want on hardware I own." I agree entirely with this point, but within the context of this discussion it's moot. When Google restricts your ability to install certain applications they aren't constraining what you can do with the hardware you own, they are constraining what you can do using the software they provide with said hardware. It's through this control of the operating system that Google is exerting control, not at the hardware layer. You often don't have full access to the hardware either and building new operating systems to run on mobile hardware is impossible, or at least much harder than it should be. This is a separate, and I think more fruitful, point to make. Apple is a better case study than Google here. Apple's success with iOS partially derives from the tight integration of hardware and software. An iPhone without iOS is a very different product to what we understand an iPhone to be. Forcing Apple to change core tenets of iOS by legislative means would undermine what made the iPhone successful.

Read more of this story at Slashdot.

As a rule, if a package is shipped with a Debian release, users can count on it being available, and updated, for the entire life of the release. If package foo is included in the stable release—currently Debian 13 ("trixie")—a user can reasonably expect that it will continue to be available with security backports as long as that release is supported, though it may not be included in Debian 14 ("forky"). However, it is likely that the Guix package manager will soon be removed from the repositories for Debian 13 and Debian 12 ("bookworm", also called oldstable).

The FastCode site has a lengthy article on how large language models make open-source projects far more vulnerable to XZ-style attacks.

Open source maintainers, already overwhelmed by legitimate contributions, have no realistic way to counter this threat. How do you verify that a helpful contributor with months of solid commits isn't an LLM generated persona? How do you distinguish between genuine community feedback and AI created pressure campaigns? The same tools that make these attacks possible are largely inaccessible to volunteer maintainers. They lack the resources, skills, or time to deploy defensive processes and systems.

The detection problem becomes exponentially harder when LLMs can generate code that passes all existing security reviews, contribution histories that look perfectly normal, and social interactions that feel authentically human. Traditional code analysis tools will struggle against LLM generated backdoors designed specifically to evade detection. Meanwhile, the human intuition that spot social engineering attacks becomes useless when the "humans" are actually sophisticated language models.

An anonymous reader shares a report: The United States is on the precipice of a historic, if dubious, achievement. If current trends hold, 2025 could be the first year on record in which the US population actually shrinks. The math is straightforward. Population growth has two sources: natural increase (births minus deaths) and net immigration (arrivals minus departures). Last year, births outnumbered deaths by 519,000 people. That means any decline in net immigration in excess of half a million could push the U.S. into population decline. A recent analysis of Census data by the Pew Research Center found that between January and June, the US foreign-born population fell for the first time in decades by more than one million. While some economists have questioned the report, a separate analysis by the American Enterprise Institute predicted that net migration in 2025 could be as low as negative 525,000. In either case, annual population growth this year could easily turn negative.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (kernel, mod_http2, postgresql, postgresql:15, and python39:3.9), Debian (libsndfile), Mageia (ceph, glibc, and golang), Oracle (postgresql and python39:3.9), Red Hat (aide, postgresql:12, postgresql:13, postgresql:15, and postgresql:16), SUSE (git, govulncheck-vulndb, jetty-minimal, nginx, python-future, and ruby2.5), and Ubuntu (imagemagick).

An anonymous reader shares a report: Amazon doubled its Prime Day discount sales to four days this year and touted blowout numbers days after the event. But by one critical metric, it missed the mark. Sign-ups in the U.S. failed to meet last year's total and even the company's own target, according to internal company data reviewed by Reuters. The world's largest online retailer registered 5.4 million U.S. sign-ups over the 21-day run-up to Prime Day and its four-day sales event from July 8 to July 11. That was around 116,000 fewer than for the same period a year earlier and 106,000 below the company's own goal, a roughly 2% decline in both metrics.

Read more of this story at Slashdot.