RSS 생중계

Major video game publishers have abandoned plans to sell new releases at $80 after initially signaling support for the elevated price point earlier this year, according to Bloomberg. Microsoft reversed course in late July, announcing The Outer Worlds 2 and other holiday titles including Call of Duty will sell for $70 instead of the previously planned $80. Take-Two Interactive's Borderlands 4 and Sony's Ghost of Yotei were also priced at $70 after initial $80 expectations. Electronic Arts said it will not adjust prices for the near future, with the upcoming Battlefield 6 selling for $70. Production costs have grown tenfold over the past decade while sales have not increased proportionally.

Read more of this story at Slashdot.

Running a modern mail server is a complicated business. In part, this complication is caused by the series of incrementally developed practices designed to combat the huge flood of spam that dominates modern email communication. An unfortunate side effect is that it prevents people from running their own mail servers, concentrating people on a few big providers. NNCPNET is a suite of software written by John Goerzen based on the node-to-node copy (NNCP) protocol that aims to make running one's own mail servers as easy as it once was. While the default configurations communicates only with other NNCPNET servers, there is a public relay that connects the system to the broader internet mail ecosystem.

Microsoft researchers have identified 40 occupations [PDF] with the highest exposure to AI, ranking jobs by how closely their tasks align with AI's current capabilities. The study analyzed 200,000 real-world conversations from Copilot users and compared AI performance against occupational data. Interpreters and translators top the list, followed by historians and passenger attendants. Customer service and sales representatives, comprising about 5 million U.S. jobs, also face significant AI competition. Knowledge workers performing computer, math, or administrative tasks showed high vulnerability, as did sales positions involving information sharing and explanation. The research found occupations requiring Bachelor's degrees demonstrate higher AI applicability than those with lower educational requirements. First, the top 10 least affected occupations by generative AI: 1. Dredge Operators 2. Bridge and Lock Tenders 3. Water Treatment Plant and System Operators 4. Foundry Mold and Coremakers 5. Rail-Track Laying and Maintenance Equipment Operators 6. Pile Driver Operators 7. Floor Sanders and Finishers 8. Orderlies 9. Motorboat Operators 10. Logging Equipment Operators Now, the top 40 most affected occupations by generative AI:1. Interpreters and Translators 2. Historians 3. Passenger Attendants 4. Sales Representatives of Services 5. Writers and Authors 6. Customer Service Representatives 7. CNC Tool Programmers 8. Telephone Operators 9. Ticket Agents and Travel Clerks 10. Broadcast Announcers and Radio DJs 11. Brokerage Clerks 12. Farm and Home Management Educators 13. Telemarketers 14. Concierges 15. Political Scientists 16. News Analysts, Reporters, Journalists 17. Mathematicians 18. Technical Writers 19. Proofreaders and Copy Markers 20. Hosts and Hostesses 21. Editors 22. Business Teachers, Postsecondary 23. Public Relations Specialists 24. Demonstrators and Product Promoters 25. Advertising Sales Agents 26. New Accounts Clerks 27. Statistical Assistants 28. Counter and Rental Clerks 29. Data Scientists 30. Personal Financial Advisors 31. Archivists 32. Economics Teachers, Postsecondary 33. Web Developers 34. Management Analysts 35. Geographers 36. Models 37. Market Research Analysts 38. Public Safety Telecommunicators 39. Switchboard Operators 40. Library Science Teachers, Postsecondary.

Read more of this story at Slashdot.

Financial Times: The UK's highest court has partially overturned a landmark motor finance judgment that threatened to leave banks on the hook for tens of billions of pounds in compensation for allegedly deceiving consumers with hidden commissions on car loans. The Supreme Court's decision has been keenly awaited by investors as well as millions of consumers who were poised to claim redress from the banks. The government has been considering legislation to limit the fallout. The controversy over car finance shot to prominence after a bombshell Court of Appeal judgment in October that awarded compensation to three people who claimed they were misled by banks concealing the payment of commissions to dealerships. The $58.3 billion car finance scandal centers on hidden commissions paid by lenders to car dealers who arranged loans without disclosing the payment amounts and terms to borrowers. Under discretionary commission arrangements, dealers received larger payments when they persuaded car buyers to accept higher interest rates on loans. The practice affected roughly 90% of new car purchases and many secondhand vehicles, potentially exposing millions of motorists to mis-selling.

Read more of this story at Slashdot.

Internal Revenue Service Commissioner Bill Long said the agency will end its Direct File program after a limited pilot and one full filing season. From a report: President Donald Trump's massive spending and policy bill includes funding to research and "replace any direct e-file programs run by the Internal Revenue Service." Already, the program is "gone," Long said at a tax professional summit on July 28, Bloomberg Law reports. "You've heard of Direct File, that's gone," Long said. "Big beautiful Billy wiped that out. I don't care about Direct File. I care about direct audit."

Read more of this story at Slashdot.

Linuxiac reports that another malicious package has been uploaded to the Arch User Repository (AUR). This time around the package was google-chrome-stable, which installed a remote-access trojan along with Google Chrome.

The good news—if you can call it that—is that the google-chrome-stable package was available on the AUR only for a few hours before the malware hidden inside was discovered. Still, it did get a few upvotes, which suggests at least some users ended up installing it.

The Arch Linux project had to warn users about a similar attack less than a month ago when a user uploaded three browser packages that also installed a malicious script identified as a remote-access trojan.

Microsoft has discontinued Windows 11 SE, its education-focused operating system designed for low-cost school PCs. The company confirmed that Windows 11 SE will not receive the upcoming version 25H2 update and support will end in October 2026, including security updates and technical assistance. Launched in 2021 as a Chrome OS competitor, Windows 11 SE featured artificial limitations like reduced multitasking capabilities and restricted app installation to create a simplified experience for students. The discontinuation leaves Microsoft without a dedicated lightweight Windows edition for the education market, where Chromebooks have gained significant popularity over the past decade.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (firefox and thunderbird), Debian (libcommons-lang-java, node-form-data, redis, and sope), Fedora (chromium), Mageia (slurm), Oracle (apache-commons-beanutils, firefox, kernel, redis:6, and thunderbird), Red Hat (kernel, kernel-rt, libxml2, and redis), SUSE (chromium, docker, ffmpeg-7, gnutls, kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-t, libgcrypt, rav1e, and sccache), and Ubuntu (linux-lowlatency, linux-lowlatency-hwe-6.8).

Greg Kroah-Hartman has released the 6.15.9, 6.12.41, and 6.6.101 stable kernels.

Australia's spy chief has warned that defense workers are exposing themselves to foreign intelligence services through LinkedIn profiles that detail classified projects and security clearances. Director-General Mike Burgess said over 35,000 Australians on the platform indicate access to sensitive information, with 7,000 mentioning defense work and 400 listing involvement in the AUKUS nuclear submarine program. Foreign spies routinely scour professional networking sites posing as consultants and recruiters, Burgess said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: It's a strange glimpse into the human mind: If you filter search results on Google, Bing, and other search engines to only include URLs from the domain "https://chatgpt.com/share," you can find strangers' conversations with ChatGPT. Sometimes, these shared conversation links are pretty dull — people ask for help renovating their bathroom, understanding astrophysics, and finding recipe ideas. In another case, one user asks ChatGPT to rewrite their resume for a particular job application (judging by this person's LinkedIn, which was easy to find based on the details in the chat log, they did not get the job). Someone else is asking questions that sound like they came out of an incel forum. Another person asks the snarky, hostile AI assistant if they can microwave a metal fork (for the record: no), but they continue to ask the AI increasingly absurd and trollish questions, eventually leading it to create a guide called "How to Use a Microwave Without Summoning Satan: A Beginner's Guide." ChatGPT does not make these conversations public by default. A conversation would be appended with a "/share" URL only if the user deliberately clicks the "share" button on their own chat and then clicks a second "create link" button. The service also declares that "your name, custom instructions, and any messages you add after sharing stay private." After clicking through to create a link, users can toggle whether or not they want that link to be discoverable. However, users may not anticipate that other search engines will index their shared ChatGPT links, potentially betraying personal information (my apologies to the person whose LinkedIn I discovered). According to ChatGPT, these chats were indexed as part of an experiment. "ChatGPT chats are not public unless you choose to share them," an OpenAI spokesperson told TechCrunch. "We've been testing ways to make it easier to share helpful conversations, while keeping users in control, and we recently ended an experiment to have chats appear in search engine results if you explicitly opted in when sharing." A Google spokesperson also weighed in, telling TechCrunch that the company has no control over what gets indexed. "Neither Google nor any other search engine controls what pages are made public on the web. Publishers of these pages have full control over whether they are indexed by search engines."

Read more of this story at Slashdot.

Reddit wants to become a full-fledged search engine, leveraging its vast repository of human-generated content and expanding its AI-powered Reddit Answers tool. In its latest note (PDF) to investors, CEO Steve Huffman says the company is "concentrating our resources on the areas that will drive results for our most pressing needs," including "making Reddit a go-to search engine." The Verge reports: Huffman says that "every week, hundreds of millions of people come to Reddit looking for advice, and we're turning more of that intent into active users of Reddit's native search." Reddit's core search has more than 70 million weekly active unique users -- Reddit overall averages 416.4 million weekly active unique users -- and Reddit Answers, the platform's AI search tool that it launched in December, has 6 million weekly users, up from 1 million weekly users in the first quarter of this year. To continue to build out search, Reddit is "expanding Reddit Answers globally, integrating it more deeply into the core search experience, and making search a central feature across Reddit," Huffman says.

Read more of this story at Slashdot.

alternative_right shares a report from Phys.org: Researchers have created a microphone that listens with light instead of sound. Unlike traditional microphones, this visual microphone captures tiny vibrations on the surfaces of objects caused by sound waves and turns them into audible signals. In the journal Optics Express, the researchers describe the new approach, which applies single-pixel imaging to sound detection for the first time. Using an optical setup without any expensive components, they demonstrate that the technique can recover sound by using the vibrations on the surfaces of everyday objects such as leaves and pieces of paper. [...] To demonstrate the new visual microphone, the researchers tested its ability to reconstruct Chinese and English pronunciations of numbers as well as a segment from Beethoven's Fur Elise. They used a paper card and a leaf as vibration targets, placing them 0.5 meters away from the objects while a nearby speaker played the audio. The system was able to successfully reconstruct clear and intelligible audio, with the paper card producing better results than the leaf. Low-frequency sounds (1 kHz) showed slight distortion that improved when a signal processing filter was applied. Tests of the system's data rate showed it produced 4 MB/s, a rate sufficiently low to minimize storage demands and allow for long-term recording. "Currently, this technology still only exists in the laboratory and can be used in special scenarios where traditional microphones fail to work," said research team leader Xu-Ri Yao from Beijing Institute of Technology in China. "We aim to expand the system into other vibration measurement applications, including human pulse and heart rate detection, leveraging its multifunctional information sensing capabilities."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: A 515-mile (829km) lightning flash has set a new record as the longest ever identified. The World Meteorological Organization (WMO) confirmed the new world record for the flash registered on October 22, 2017, over the Great Plains in the US. It stretched from east Texas to near Kansas City, Missouri, roughly the distance between Paris and Venice. The previous record of 768km was also recorded in the Great Plains, a hotspot for severe thunderstorms, on April 29, 2020. Since 2016, scientific advances in space-based mapping have allowed for lightning flashes to be measured over a broader space, allowing these long flashes to be recorded. This event was one of the first flashes to be documented using the National Oceanic and Atmospheric Administration's latest model of orbital satellite, known as a geostationary operational environmental satellite. [...] The advances in technology have also allowed for the recording of the greatest duration for a single lightning flash. The record is a flash that lasted 17.1 seconds during a thunderstorm over Uruguay and northern Argentina on June 18, 2020. The findings have been published in the journal Bulletin of the American Meteorological Society.

Read more of this story at Slashdot.

Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing. The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent. [Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

Read more of this story at Slashdot.

fjo3 shares a report from the Associated Press: The Trump administration announced it is launching a new program that will allow Americans to share personal health data and medical records across health systems and apps run by private tech companies, promising that will make it easier to access health records and monitor wellness. More than 60 companies, including major tech companies like Google, Amazon and Apple as well as health care giants like UnitedHealth Group and CVS Health, have agreed to share patient data in the system. The initiative will focus on diabetes and weight management, conversational artificial intelligence that helps patients, and digital tools such as QR codes and apps that register patients for check-ins or track medications. Officials at the Centers for Medicare and Medicaid Services, who will be in charge of maintaining the system, have said patients will need to opt in for the sharing of their medical records and data, which will be kept secure. Those officials said patients will benefit from a system that lets them quickly call up their own records without the hallmark difficulties, such as requiring the use of fax machines to share documents, that have prevented them from doing so in the past. Popular weight loss and fitness subscription service Noom, which has signed onto the initiative, will be able to pull medical records after the system's expected launch early next year. That might include labs or medical tests that the app could use to develop an AI-driven analysis of what might help users lose weight, CEO Geoff Cook told The Associated Press. Apps and health systems will also have access to their competitors' information, too. Noom would be able to access a person's data from Apple Health, for example. "Right now you have a lot of siloed data," Cook said.

Read more of this story at Slashdot.

The SEC has launched "Project Crypto" to overhaul outdated securities regulations for a blockchain-based future, aiming to support tokenized assets, crypto trading, and "super apps." "To achieve President Trump's vision of making America the crypto capital of the world, the SEC must holistically consider the potential benefits and risks of moving our markets from an off-chain environment to an on-chain one," SEC chair Paul Atkins said at the "American Leadership in the Digital Finance Revolution" conference on Thursday. "I have directed the Commission staff to update antiquated agency rules and regulations to unleash the potential of on-chain software systems in our securities markets ... Federal securities laws have always assumed the involvement of intermediaries that require regulation, but this does not mean that we should interpose intermediaries for the sake of forcing intermediation where the markets can function without them." CNBC reports: Atkins, the SEC chair, highlighted "super apps" (such as one Coinbase introduced two weeks ago) as a priority of his chairmanship, noting the need to allow the apps to thrive with an "efficient licensing structure," rather than subject to multiple regulatory authorities. So-called super apps like WeChat and Alipay -- which bundle several different services and functionalities into a single mobile app -- have long been viewed as the holy grail of financial technology by the industry. They're central to everyday life in China but haven't been successfully replicated in the West. Meta Platforms and X have made attempts to realize that vision, integrating payments, messaging and social content, among other functions. Atkins also said the Trump administration will work to prevent "innovative" companies from being driven offshore by burdensome regulations, and said the SEC "will encourage our nation's builders rather than constrain them with red tape and one-size-fits-all rules."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: Efforts to introduce pirate site blocking to the United States continue with the introduction of the "Block BEARD" bill (PDF) in the Senate. The bipartisan proposal, backed by Senators Tillis, Coons, Blackburn, and Schiff, aims to create a new legal mechanism to combat foreign piracy websites. Block BEARD is similar to the previously introduced House bill "FADPA", but doesn't directly mention DNS resolvers. [...] The site-blocking proposal seeks to amend U.S. copyright law, enabling rightsholders to request federal courts to designate online locations as a "foreign digital piracy site". If that succeeds, courts can subsequently order U.S. service providers to block access to these sites. Pirate site designation would be dependent on rightsholders showing that they are harmed by a site's activities, that reasonable efforts had been made to notify the site's operator, and that a reasonable investigation confirms the operator is not located within the United States. Additionally, rightsholders must show that the site is primarily designed for piracy, has limited commercial purpose, or is intentionally marketed by its operator to promote copyright-infringing activities. If the court classifies a website as a foreign pirate site, rightsholders can go back to court to request a blocking order. At this stage, the court will determine whether it is technically and practically feasible for ISPs to block the site, and consider any potential harm to the public interest. The granted orders would stay in place for a year with the option to extend if necessary. If blocked sites switch to new locations, the court can also amend blocking orders to include new IP addresses and domain names. The Block BEARD bill broadly applies to service providers as defined in section 512(k)(1)(A) of the DMCA. This is a broad definition that applies to residential ISPs, but also to search engines, social media platforms, and DNS resolvers. Service providers with fewer than 50,000 subscribers are explicitly excluded, and the same applies to venues such as coffee shops, libraries, and universities that offer internet access to visitors. Unlike the FADPA bill introduced by Representative Lofgren earlier this year, the Senate bill does not specifically mention DNS resolvers. Block BEARD does not mention VPNs, but its broad definition of "service provider" could be interpreted to include them. The proposal states that providers have the option to contest their inclusion in a blocking order. Once an order is issued, they would have the freedom to choose their own blocking techniques. There are no transparency requirements mentioned in the bill, so if and how the public is informed is unclear.

Read more of this story at Slashdot.

Brazil has launched a massive program to release millions of laboratory-bred mosquitoes engineered to carry Wolbachia bacteria, which prevents them from transmitting dengue virus. The initiative aims to protect 140 million Brazilians across 40 municipalities over the next decade. The approach has already demonstrated significant results in Niteroi, where officials documented a roughly 90% drop in dengue cases when comparing the 10 years prior to the modified mosquitoes' introduction to the five years afterward. Nearly all mosquitoes in the city now carry the Wolbachia bacteria. Cases of chikungunya and Zika also fell by over 96% and 99% respectively. The World Mosquito Program operates high-tech breeding facilities, including one in Rio de Janeiro that produces mosquitoes by the millions. A new factory in Curitiba will produce 5 billion mosquitoes in its first year. The Wolbachia bacteria, naturally present in roughly half of all insect species, creates conditions where dengue virus cannot replicate inside mosquitoes, effectively breaking the transmission cycle when these modified insects bite humans.

Read more of this story at Slashdot.

CISA has publicly released Thorium, a powerful open-source platform developed with Sandia National Labs that automates malware and forensic analysis at massive scale. According to BleepingComputer, the platform can "schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission group." From the report: Security teams can use Thorium for automating and speeding up various file analysis workflows, including but not limited to: - Easily import and export tools to facilitate sharing across cyber defense teams, - Integrate command-line tools as Docker images, including open-source, commercial, and custom software, - Filter results using tags and full-text search, - Control access to submissions, tools, and results with strict group-based permissions, - Scale with Kubernetes and ScyllaDB to meet workload demands. Defenders can find installation instructions and get their own copy of Thorium from CISA's official GitHub repository.

Read more of this story at Slashdot.