RSS 생중계

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...] Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'" For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

Read more of this story at Slashdot.

Google is investing in training over 100,000 new U.S. electricians through a $10 million grant, aiming to address a critical labor shortage driven by AI-fueled data center growth and rising electricity demands. Reuters reports: A lack of access to power supplies has become the biggest problem for giant technology companies racing to develop artificial intelligence in energy-intensive data centers, which are driving up U.S. electricity demand after nearly 20 years of stagnation. The situation has led President Donald Trump to declare a national energy emergency aimed at speeding up permitting for generation and transmission projects. Google's funding, which includes a $10 million grant for electrical worker nonprofits, is the latest in a series of recent moves by giant technology companies to alleviate power project backlogs and electricity shortfalls across the United States. [...] The Google grant will be used for electrician apprenticeship programs and the training of existing workforce through organizations, including the Electrical Training Alliance, International Brotherhood of Electrical Workers and the National Electrical Contractors Association. It could increase the pipeline of electrical workers by 70% by the end of the decade, the company said. "This initiative with Google and our partners at NECA and the Electrical Training Alliance will bring more than 100,000 sorely needed electricians into the trade to meet the demands of an AI-driven surge in data centers and power generation," said Kenneth Cooper, international president of the IBEW labor union.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Raspberry Pi boards have a combination of surface-mount devices (SMDs) and through-hole bits. SMDs allow for far more tiny chips, resistors, and other bits to be attached to boards by their tiny pins, flat contacts, solder balls, or other connections. For those things that are bigger, or subject to rough forces like clumsy human hands, through-hole soldering is still required, with leads poked through a connective hole and solder applied to connect and join them securely. The Raspberry Pi board has a 40-pin GPIO header on it that needs through-hole soldering, along with bits like the Ethernet and USB ports. These require robust solder joints, which can't be done the same way as with SMT (surface-mount technology) tools. "In the early days of Raspberry Pi, these parts were inserted by hand, and later by robotic placement," writes Roger Thornton, director of applications for Raspberry Pi, in a blog post. The boards then had to go through a follow-up wave soldering step. Now Pi boards have their tiny bits and bigger pieces soldered at the same time through an intrusive reflow soldering process undertaken with Raspberry Pi's UK manufacturing partner, Sony. After adjusting component placement, the solder stencil, and the connectors, the board makers could then place and secure all their components in the same stage. Intrusive reflow soldering this way involves putting solder paste on both the pads for SMD bits and into the through-hole pins. The through-hole parts are pushed onto the paste, and the whole board then goes into a reflow oven, where the solder paste melts, the connectors fall in more fully, and joints are formed for all the SMD and through-hole parts at once. You can watch the process up close in this mesmerizing video from Surface Mount Process. Intrusive reflow soldering is not a brand-new process, but what it did for the Raspberry Pi is notable, according to Thornton. The company saw "a massive 50% reduction in product returns," and it sped up production by 15 percent by eliminating the break between the two soldering stages. By removing the distinct soldering bath from its production line, the company also reduced its carbon dioxide output by 43 tonnes per year (or 47.4 US tons).

Read more of this story at Slashdot.

Lance Albertson writes that the Oregon State University Open Source Lab, the home of many prominent free-software projects over the years, has run into financial trouble:

I am writing to inform you about a critical and time-sensitive situation facing the Open Source Lab. Over the past several years, we have been operating at a deficit due to a decline in corporate donations. While OSU's College of Engineering (CoE) has generously filled this gap, recent changes in university funding have led to a significant reduction in CoE's budget. As a result, our current funding model is no longer sustainable and CoE needs to find ways to cut programs.

Earlier this week, I was informed that unless we secure $250,000 in committed funds, the OSL will be forced to shut down later this year.

NIST: Clocks on Earth are ticking a bit more regularly thanks to NIST-F4, a new atomic clock at the National Institute of Standards and Technology (NIST) campus in Boulder, Colorado. This month, NIST researchers published a journal article establishing NIST-F4 as one of the world's most accurate timekeepers. NIST has also submitted the clock for acceptance as a primary frequency standard by the International Bureau of Weights and Measures (BIPM), the body that oversees the world's time. NIST-F4 measures an unchanging frequency in the heart of cesium atoms, the internationally agreed-upon basis for defining the second since 1967. The clock is based on a "fountain" design that represents the gold standard of accuracy in timekeeping. NIST-F4 ticks at such a steady rate that if it had started running 100 million years ago, when dinosaurs roamed, it would be off by less than a second today. By joining a small group of similarly elite time pieces run by just 10 countries around the world, NIST-F4 makes the foundation of global time more stable and secure. At the same time, it is helping to steer the clocks NIST uses to keep official U.S. time. Distributed via radio and the internet, official U.S. time is critical for telecommunications and transportation systems, financial trading platforms, data center operations and more.

Read more of this story at Slashdot.

Microsoft CEO Satya Nadella said that 20%-30% of code inside the company's repositories was "written by software" -- meaning AI -- during a fireside chat with Meta CEO Mark Zuckerberg at Meta's LlamaCon conference on Tuesday. From a report: Nadella gave the figure after Zuckerberg asked roughly how much of Microsoft's code is AI-generated today. The Microsoft CEO said the company was seeing mixed results in AI-generated code across different languages, with more progress in Python and less in C++.

Read more of this story at Slashdot.

Many eyebrows were raised recently when three vulnerabilities were announced that allegedly impact GNU Mailman 2.1, since many folks assumed that it was no longer being supported. That's not quite the case. Even though version 3 of the GNU Mailman mailing-list manager has been available since 2015, and version 2 was declared (mostly) end of life (EOL) in 2020, there are still plenty of users and projects still using version 2.1.x. There is, as it turns out, a big difference between mostly EOL and actually EOL. For example: WebPros, the company behind the cPanel server and web-site-management platform, still maintains a port of Mailman 2.1.x to Python 3 for its customers and was quick to respond to reports of vulnerabilities. However, the company and upstream Mailman project dispute that the CVEs are valid.

Finland has passed legislation to restrict the use of phones and other mobile devices during the school day amid fears over their impact on student wellbeing and learning. From a report: Under the changes, which were approved by the Finnish parliament on Tuesday and will come into effect on 1 August, mobile devices will be heavily restricted during lesson times. Pupils will be allowed to use them only with the teacher's permission for healthcare or learning purposes. Finland is the latest European country to impose legal restrictions on the use of phones and other mobile devices in schools amid growing evidence of their impact on children and young people, including attention and self-esteem. Earlier this year, Denmark said it would ban mobile phones from all schools. The chair of the country's wellbeing commission, Rasmus Meyer, told the Guardian the measure was necessary to stop schools from being "colonised by digital platforms" and urged the rest of Europe to follow suit.

Read more of this story at Slashdot.

Modern compilers perform a lot of optimizations, which can complicate debugging. Song Liu and Thierry Treyer spoke about a potential improvement to BPF Type Format (BTF) debugging information that could partially combat that problem at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit. They want to add information on selectively inlined functions to BTF in order to better support tracing tools. Treyer participated remotely.

Alphabet CEO Sundar Pichai told a judge who found that Google illegally monopolizes online search that a Justice Department proposal to share search data with rivals would be a "de facto" divestiture of the company's search engine. From a report: If Google were required to share both its search data and the information on how it ranks results, rivals could reverse engineer "every aspect of our technology," Pichai testified on Wednesday. "The proposal on data sharing is so far reaching, so extraordinary," Pichai said. It "feels like de facto divestiture of search" and its entire intellectual property and technology over 25 years of research, he said. During testimony in federal court in Washington, Pichai asserted that a package of antitrust remedies proposed by the government is too extreme and will undermine Google's ability to compete in the market.

Read more of this story at Slashdot.

The Free Software Foundation has announced the completion of the review of its board of directors; the process resulted in the reconfirmation of all five sitting board members.

The review examined board members Ian Kelling, Geoffrey Knauth, Henry Poole, Richard Stallman, and Gerald Sussman. The process generated detailed philosophical and policy discussions between board members and the FSF's global associate members on topics ranging from the firmness of the Free Software Definition, developments in machine learning, to the board's president position.

Wikipedia will employ AI to enhance the work of its editors and volunteers, it said Wednesday, also asserting that it has no plans to replace those human roles. The Wikimedia Foundation plans to implement AI specifically for automating tedious tasks, improving information discovery, facilitating translations, and supporting new volunteer onboarding, it said.

Read more of this story at Slashdot.

Electronic Arts is laying off hundreds of workers and canceling a Titanfall game that was in development at its Respawn Entertainment subsidiary. From a report: Between 300 and 400 positions were eliminated, including around 100 at Respawn, according to a person familiar with the cuts. The company had about 13,700 employees at the end of March 2024. "As part of our continued focus on our long-term strategic priorities, we've made select changes within our organization that more effectively aligns teams and allocates resources in service of driving future growth," Justin Higgs, a spokesman for the Redwood City, California-based company, said in a statement. The canceled project, code-named R7, was an extraction shooter set in the Titanfall universe, according to people familiar with its development. It was not close to being released.

Read more of this story at Slashdot.

Just over six months ago, The Economist described the US economy as "the envy of the world". That headline would be unlikely to appear now. The economic boom referenced in that article feels like a distant memory, markets are falling, and uncertainty is at an all-time high. Like everybody else, LWN is affected by the current turbulence in the political and economic spheres; we expect to get through this period, but there will be some challenges.

Microsoft has pledged to take the US government to court if necessary [alternative source] to protect European customers' access to its cloud services, as concerns mount over potential technology disruptions under President Donald Trump. Brad Smith, Microsoft's president and vice-chair, announced five "digital commitments" to Europe on Wednesday, responding to regional anxieties following Trump's temporary suspension of military support to Ukraine. "We as a company need to be a source of digital stability during a period of geopolitical volatility," Smith said. The commitments include contesting any government order to cease European cloud services through legal channels and establishing European oversight of its continental operations. Microsoft will increase its European data center capacity by 40% over the next two years, expanding in 16 countries with investments of "tens of billions of dollars" annually. The Seattle-based company, which derives more than a quarter of its business from Europe, becomes the first major American tech firm to proactively address European concerns amid escalating trade tensions.

Read more of this story at Slashdot.

Security updates have been issued by Debian (glibc and libraw), Fedora (digikam, icecat, mingw-LibRaw, perl, perl-Devel-Cover, and perl-PAR-Packer), Red Hat (ghostscript, kernel, and kernel-rt), Slackware (mozilla), SUSE (augeas, firefox, and java-11-openjdk), and Ubuntu (binutils, libxml2, and nodejs).

An anonymous reader quotes a report from The Register: Instead of depressing wages or taking jobs, generative AI chatbots like ChatGPT, Claude, and Gemini have had almost no wage or labor impact so far -- a finding that calls into question the huge capital expenditures required to create and run AI models. In a working paper released earlier this month, economists Anders Humlum and Emilie Vestergaard looked at the labor market impact of AI chatbots on 11 occupations, covering 25,000 workers and 7,000 workplaces in Denmark in 2023 and 2024. Many of these occupations have been described as being vulnerable to AI: accountants, customer support specialists, financial advisors, HR professionals, IT support specialists, journalists, legal professionals, marketing professionals, office clerks, software developers, and teachers. Yet after Humlum, assistant professor of economics at the Booth School of Business, University of Chicago, and Vestergaard, a PhD student at the University of Copenhagen, analyzed the data, they found the labor and wage impact of chatbots to be minimal. "AI chatbots have had no significant impact on earnings or recorded hours in any occupation," the authors state in their paper. The report should concern the tech industry, which has hyped AI's economic potential while plowing billions into infrastructure meant to support it. Early this year, OpenAI admitted that it loses money per query even on its most expensive enterprise SKU, while companies like Microsoft and Amazon are starting to pull back on their AI infrastructure spending in light of low business adoption past a few pilots. The problem isn't that workers are avoiding generative AI chatbots -- quite the contrary. But they simply aren't yet equating to actual economic benefits. "The adoption of these chatbots has been remarkably fast," Humlum told The Register. "Most workers in the exposed occupations have now adopted these chatbots. Employers are also shifting gears and actively encouraging it. But then when we look at the economic outcomes, it really has not moved the needle." Humlum said while there are gains and time savings to be had, "there's definitely a question of who they really accrue to. And some of it could be the firms -- we cannot directly look at firm profitability. Some of it could also just be that you save some time on existing tasks, but you're not really able to expand your output and therefore earn more. So it's like it saves you time writing emails. But if you cannot really take on more work or do something else that is really valuable, then that will put a damper on how much we should actually expect those time savings to affect your earning ability, your total hours, your wages." "In terms of economic outcomes, when we're looking at hard metrics -- in the administrative labor market data on earnings, wages -- these tools have really not made a difference so far," said Humlum. "So I think that that puts in some sense an upper bound on what return we should expect from these tools, at least in the short run. My general conclusion is that any story that you want to tell about these tools being very transformative, needs to contend with the fact that at least two years after [the introduction of AI chatbots], they've not made a difference for economic outcomes."

Read more of this story at Slashdot.

Firefly Aerospace's sixth Alpha rocket launch failed on April 29, 2025, after an upper-stage anomaly prevented a Lockheed Martin satellite demo from reaching orbit. Both the stage and payload fell into the Pacific Ocean near Antarctica. Space.com reports: The two-stage, 96.7-foot-tall (29.6 meters) Alpha lifted off from California's Vandenberg Space Force Base this morning (April 29), carrying a technology demonstration for aerospace giant Lockheed Martin toward low Earth orbit (LEO). But the payload never got there. Alpha suffered an anomaly shortly after its two stages separated, which led to the loss of the nozzle extension for the upper stage's single Lightning engine. This significantly reduced the engine's thrust, dooming the mission, Firefly said in an update several hours after launch. Today's mission, which Firefly called "Message in a Booster," was the first of up to 25 that the company will conduct for Lockheed Martin over the next five years. The flight aimed to send a satellite technology demonstrator to LEO. This demo payload "was specifically built to showcase the company's pathfinding efforts for its LM 400 mid-sized, multi-mission satellite bus, and to demonstrate the space vehicle's operational capabilities on orbit for potential customers," Firefly wrote in a prelaunch mission description. "Initial indications showed Alpha's upper stage reached 320 km [199 miles] in altitude. However, upon further assessment, the team learned the upper stage did not reach orbital velocity, and the stage and payload have now safely impacted the Pacific Ocean in a cleared zone north of Antarctica," an update reads. "Firefly recognizes the hard work that went into payload development and would like to thank our mission partners at Lockheed Martin for their continued support," it continues. "The team is working closely with our customers and the FAA [Federal Aviation Administration] to conduct an investigation and determine root cause of the anomaly. We will provide more information on our mission page after the investigation is completed."

Read more of this story at Slashdot.

Kosmos 482, a failed Soviet Venus probe, is expected to make an uncontrolled reentry in mid-May after orbiting Earth for 53 years. Gizmodo reports: The lander module from an old Soviet spacecraft is expected to reenter Earth's atmosphere during the second week of May, according to Marco Langbroek, a satellite tracker based in Leiden, the Netherlands. "As this is a lander that was designed to survive passage through the Venus atmosphere, it is possible that it will survive reentry through the Earth atmosphere intact, and impact intact," Langbroek wrote in a blog update. "The risks involved are not particularly high, but not zero." Kosmos 482 launched on March 31, 1972 from the Baikonur Cosmodrome spaceport in Kazakhstan. The mission was an attempt by the Soviet space program to reach Venus, but it failed to gain enough velocity to enter a transfer trajectory toward the scorching-hot planet. A malfunction resulted in an engine burn that wasn't sufficient to reach Venus' orbit and left the spacecraft in an elliptical Earth orbit, according to NASA. The spacecraft broke apart into four different pieces, with two of the smaller fragments reentering over Ashburton, New Zealand, two days after launch. Meanwhile, two remaining pieces, believed to be the payload and the detached upper-stage engine unit, entered a higher orbit measuring 130 by 6,089 miles (210 by 9,800 kilometers). The failed mission consisted of a carrier bus and a lander probe, which together form a spherical pressure vessel weighing more than 1,000 pounds (495 kilograms). Considering its mass, "risks are similar to that of a meteorite impact," Langbroek wrote. As of now, it's hard to determine exactly when the spacecraft will reenter. Langbroek estimates that the reentry will take place on May 10, but a more precise date will get clearer as the reentry date nears.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Hill: Daily exposure to certain chemicals used to manufacture household plastics may be connected to more than 356,000 cardiovascular-related deaths in 2018 alone, a new analysis has found. These chemicals, called phthalates, are present in products around the world but have particular popularity in the Middle East, South Asia, East Asia and the Pacific -- regions that collectively bore about 75 percent of the global death total, according to the research, published on Tuesday in the Lancet eBioMedicine. Phthalates, often used in personal care products, children's toys and food packaging and processing materials, are known to disrupt hormone function and have been linked to birth defects, infertility, learning disabilities and neurological disorders. The NYU Langone Health team focused in the analysis on a kind of phthalate called di-2-ethylhexyl phthalate (DEHP), which is used to make items like food containers and medical equipment softer and more flexible. Scientists have already shown that exposure to DEHP can trigger an overactive immune response in the heart's arteries, which over time can be linked to increased risk of heart attack or stroke. In the new analysis, the researchers estimated that DEHP exposure played a role in 356,238 global deaths in 2018, or nearly 13.5 percent of heart disease mortality among men and women ages 55 through 64. [...] These findings are in line with the team's previous research, which in 2021 determined that phthalates were connected to more than 50,000 premature deaths each year among older Americans -- most of whom succumbed to heart conditions. But this latest analysis is likely the first global estimate of cardiovascular mortality resulting from exposure to these environmental contaminants [...]. In a separate report from the New York Times, author Nina Agrawal highlights some of the caveats with the data. First of all, the study relies heavily on statistical modeling and assumptions, drawing from prior research that may include biases and confounding factors like diet or socioeconomic status. It also uses U.S.-based risk estimates that may not generalize globally and focuses only on one type of phthalate (DEHP). Additionally, as Agrawal points out, this is an observational study, showing correlation rather than causation. As such, more direct, long-term research is needed to clarify the true health impact of phthalate exposure.

Read more of this story at Slashdot.