RSS 생중계

The BPF verifier is not magic; it cannot solve the halting problem. Therefore, it has to err on the side of assuming that a program will run too long if it cannot prove that the program will not. The ultimate check on the size of a BPF program is the one-million-instruction limit — the verifier will refuse to process more than one-million instructions, no matter what a BPF program does. Alexei Starovoitov gave a talk at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit about that limit, why correctly written BPF programs shouldn't hit it, and how to make the user experience of large BPF programs better in the future.

Google has announced that it will begin phasing out country code top-level domains (ccTLDs) such as google.ng and google.com.br, redirecting all traffic to google.com. The change comes after improvements in Google's localization capabilities rendered these separate domains unnecessary. Since 2017, Google has provided identical local search experiences whether users visited country-specific domains or google.com. The transition will roll out gradually over the coming months, and users may need to re-establish search preferences during the migration.

Read more of this story at Slashdot.

About 18% of songs uploaded to Deezer are fully generated by AI, the French streaming platform said on Wednesday, underscoring the technology's growing use amid copyright risks and concerns about fair payouts to artists. From a report: Deezer said more than 20,000 AI-generated tracks are uploaded on its platform each day, which is nearly twice the number reported four months ago. "AI-generated content continues to flood streaming platforms like Deezer and we see no sign of it slowing down," said Aurelien Herault, the company's innovation chief.

Read more of this story at Slashdot.

Enterprise software optimization is accelerating as companies face potential budget freezes in 2025, according to new research from UBS reviewed by Slashdot. Following discussions with two leading SaaSOps vendors, analysts report that 21% of organizations cut their SaaS spend last year, with a staggering 30% of existing licenses sitting unused. SaaS rationalization efforts are targeting familiar categories: collaboration tools (Zoom, Teams, Slack), project management solutions, and sales engagement platforms. Back-office systems like Workday remain relatively insulated due to their stickiness and pricing leverage, while front-office software faces mixed pressures. "Companies were looking to return to spend growth in 2HF25 from cost cutting but now that might no longer be the case," one CEO told UBS.

Read more of this story at Slashdot.

Sergiu Gatlan reports that the US government has extended funding for the Common Vulnerabilities and Exposures (CVE) program, following yesterday's reports that funding would run out as of April 16.

"The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The article also mentions the launch of a CVE Foundation, to transition the CVE program to a dedicated foundation and eliminate "a single point of failure in the vulnerability management ecosystem", as well as a European vulnerability database (EUVD) backed by the European Union Agency for Cybersecurity (ENISA). Details on these initiatives are scant at the moment, and it is unclear whether restoration of funding will have any impact on these efforts.

As a system runs, its memory becomes fragmented; it does not take long before the allocation of large, physically contiguous memory ranges becomes difficult or impossible. The contiguous memory allocator (CMA) is a kernel subsystem that attempts to address this problem, but it has never worked as well as some would like. Two sessions in the memory-management track at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit looked at how CMA can be improved; the first looked at providing guaranteed allocations, while the second addressed some inefficiencies in CMA.

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience." The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.

Read more of this story at Slashdot.

More than half of the top privately held AI companies based in the U.S. have at least one immigrant founder, according to an analysis from the Institute for Progress. From the report: The IFP analysis of the top AI-related startups in the Forbes AI 2025 list found that 25 -- or 60% -- of the 42 companies based in the U.S. were founded or co-founded by immigrants. The founders of those companies "hail from 25 countries, with India leading (nine founders), followed by China (eight founders) and then France (three founders). Australia, the U.K., Canada, Israel, Romania, and Chile all have two founders each." Among them is OpenAI -- whose co-founders include Elon Musk, born in South Africa, and Ilya Sutskever, born in Russia -- and Databricks, whose co-founders were born in Iran, Romania and China. The analysis echoes previous findings about the key role foreign-born scientists and engineers have played in the U.S. tech industry and the broader economy.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (gvisor-tap-vsock, kernel, and kernel-rt), Fedora (chromium, dnf, dotnet9.0, golang, lemonldap-ng, mariadb10.11, perl-Crypt-URandom-Token, perl-DBIx-Class-EncodedColumn, php-tcpdf, podman-tui, and trunk), Red Hat (java-17-openjdk and kernel), Slackware (mozilla), SUSE (apache2-mod_auth_openidc, cosign, etcd, expat, flannel, kernel, libsqlite3-0, libvarnishapi3, mozjs52, Multi-Linux Manager 4.3: Server, Multi-Linux Manager 5.0: Server, Proxy and Retail Server, pgadmin4, rekor, rsync, rubygem-bundler, and webkit2gtk3), and Ubuntu (7zip, Docker, and quickjs).

Figma has confidentially filed for an IPO with the SEC, marking a major move more than a year after scrapping its $20 billion acquisition deal with Adobe due to regulatory pushback. CNBC reports: Figma's software is popular among designers inside companies who need to collaborate on prototypes for websites and apps. The company was valued at $12.5 billion in a 2024 tender offer. "There are two paths that venture-funded startups go down," Dylan Field, Figma's co-founder and CEO, said in an interview with The Verge last year. "You either get acquired or you go public. And we explored thoroughly the acquisition route." The announcement lands at a precarious moment for the tech IPO market, which has been largely dormant since late 2021. The Trump presidency was expected to revive new offerings due to promises of less burdensome regulations.

Read more of this story at Slashdot.

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract expires on April 16, 2025, with no confirmed renewal. Without continued funding, the ability to standardize, track, and respond to software vulnerabilities could collapse, leaving the cybersecurity community scrambling in a fragmented and dangerously opaque environment. Forbes reports: "Failure to renew MITRE's contract for the CVE program, seemingly set to expire on April 16, 2025, risks significant disruption," said Jason Soroko, Senior Fellow at Sectigo. "A service break would likely degrade national vulnerability databases and advisories. This lapse could negatively affect tool vendors, incident response operations, and critical infrastructure broadly. MITRE emphasizes its continued commitment but warns of these potential impacts if the contracting pathway is not maintained." MITRE has indicated that historical CVE records will remain accessible via GitHub, but without continued funding, the operational side of the program -- including assignment of new CVEs -- will effectively go dark. That's not a minor inconvenience. It could upend how the global cybersecurity community identifies, communicates, and responds to new threats. [...] MITRE has said that discussions with the U.S. government are active and that it remains committed to the CVE mission. But with the expiration date looming, time is running short -- and the consequences of even a temporary gap are severe.

Read more of this story at Slashdot.

Limited Run Games is releasing physical editions of Doom and Doom II, including a $666 "Will it Run Edition" that features a literal game box capable of playing Doom. Engadget reports: It costs $666, which is a nod to the devilish source material, and is being kept to a limited run of 666 copies. It comes with the aforementioned screen-enabled game box that runs Doom, but that's just the beginning. The combo pack ships with the soundtrack on cassette, a certificate of authenticity and a trading card park with five cards. It comes with a couple of toys based on one of the franchise's most iconic enemies. There's a detailed three-inch Cacodemon that connects to a five-inch base, which looks pretty nifty. There's a smaller handheld Cacodemon that, you'll never guess, also runs Doom. This edition is available for Switch, PS5, Xbox Series X/S and PC. The PC version, however, ships with a download code and not physical copies of both games. Preorders start on April 18 and end on May 18, with a release sometime after that.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Fears that smartphones, tablets and other devices could drive dementia in later life have been challenged by research that found lower rates of cognitive decline in older people who used the technology. An analysis of published studies that looked at technology use and mental skills in more than 400,000 older adults found that over-50s who routinely used digital devices had lower rates of cognitive decline than those who used them less. It is unclear whether the technology staves off mental decline, or whether people with better cognitive skills simply use them more, but the scientists say the findings question the claim that screen time drives what has been called "digital dementia". "For the first generation that was exposed to digital tools, their use is associated with better cognitive functioning," said Dr Jared Benge, a clinical neuropsychologist in UT Health Austin's Comprehensive Memory Center. "This is a more hopeful message than one might expect given concerns about brain rot, brain drain, and digital dementia." Benge and his colleague Dr Michael Scullin, a cognitive neuroscientist at Baylor University in Texas, analysed 57 published studies that examined the use of digital technology in 411,430 adults around the world. The average age was 69 years old and all had a cognitive test or diagnosis. The scientists found no evidence for the digital dementia hypothesis, which suggests that a lifetime of using digital technology drives mental decline. Rather, they found that using a computer, smartphone, the internet or some combination of these was associated with a lower risk of cognitive impairment. The details have been published in Nature Human Behaviour. "Using digital devices in the way that we use televisions -- passive and sedentary, both physically and mentally -- is not likely to be beneficial," said Scullin. "But, our computers and smartphones also can be mentally stimulating, afford social connections, and provide compensation for cognitive abilities that are declining with ageing. These latter types of uses have long been regarded as beneficial for cognitive ageing."

Read more of this story at Slashdot.

American Airlines announced today that it will add free in-flight Wi-Fi starting in 2026. However, Axios notes you'll need to be an AAdvantage member (American's loyalty program) to access it. From the report: American is partnering with AT&T to introduce free WiFi in January. It will be available on about 90% of the airlines' fleet, which will be planes equipped with Viasat and Intelsat high-speed satellite connectivity, per a press release. More than 500 of the airlines regional planes are expected to have high-speed WiFi capabilities by the end of the year.

Read more of this story at Slashdot.

Google is rolling out Veo 2 video generation in the Gemini app for Advanced subscribers, allowing users to create eight-second, 720p cinematic-style videos from text prompts. 9to5Google reports: Announced at the end of last year, Veo 2 touts "fluid character movement, lifelike scenes, and finer visual details across diverse subjects and styles," as well as "cinematic realism," thanks to an understanding of real-world physics and human motion. In Gemini, Veo 2 can create eight-second video clips at 720p resolution. Specifically, you'll get an MP4 download in a 16:9 landscape format. There's also the ability to share via a g.co/gemini/share/ link. To enter your prompt, select Veo 2 from the model dropdown on the web and mobile apps. Just describe the scene you want to create: "The more detailed your description, the more control you have over the final video." It takes 1-2 minutes for the clip to generate. [...] On the safety front, each frame features a SynthID digital watermark. Only available to Gemini Advanced subscribers ($19.99 per month), there is a "monthly limit" on how many videos you can generate, with Google notifying users when they're close. It is rolling out globally -- in all languages supported by Gemini -- starting today and will be fully available in the coming weeks.

Read more of this story at Slashdot.

4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.

Read more of this story at Slashdot.

In the first filesystem-track session at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), virtual filesystem (VFS) layer co-maintainer Christian Brauner had a few different topics he wanted to talk about. Issues on the agenda included iterating through anonymous mount namespaces, a needed feature for ID-mapped mounts, the perennial unprivileged mounts topic, potentially using hazard pointers for file reference counting, and Rust bindings. He did not expect to get through all of them in the 30 minutes allotted, but the session did move along pretty quickly to at least introduce them to the assembled filesystem developers.

An anonymous reader quotes a report from SecurityWeek: Insurance firm Lemonade is notifying roughly 190,000 individuals that their driver's license numbers were likely exposed due to a technical glitch. Copies of the notification letter that were submitted to regulators in several states show that the incident involved an online application that enables individuals to obtain car insurance quotes and purchase policies. According to the company, a vulnerability in the car insurance quote flow resulted in the exposure of certain driver's license numbers for identifiable individuals. The vulnerability has been addressed, Lemonade says. Between April 2023 and September 2024, the platform transmitted the information unencrypted, which the company says allowed driver's license numbers to be accessed without authorization. "We have no evidence to suggest that your driver's license number has been misused but we are providing this notice as a precaution to inform potentially affected individuals and share some steps you can take to help protect yourself," the company's notification letter reads. The insurer is providing the impacted individuals with 12 months of free credit monitoring and identity protection services.

Read more of this story at Slashdot.

Alamo Drafthouse will not implement Meta's new Movie Mate technology during the April 30 nationwide rerelease of Blumhouse's "M3GAN," Variety reports. The specialty theater chain confirmed it will maintain its strict no-phones policy despite Universal's promotion of the second-screen experience, with staff instructed to remove patrons attempting to access the feature during screenings. Movie Mate represents Meta's first integration of its interactive movie technology, which operates via Instagram direct messaging. Users message the film's official account to activate a chatbot delivering "sneak peeks, exclusive recorded messages from directors and talent" synchronized with the screening. The "M3GAN" event serves as Meta's technological debut ahead of potential wider theatrical implementation.

Read more of this story at Slashdot.

China's outing of alleged US National Security Agency hackers marks a major escalation in the ongoing tit-for-tat between Chinese and American intelligence agencies, according to analysts. From a report: Chinese authorities Tuesday said three NSA employees hacked the Asian Winter Games held this year in Harbin, accusing them of targeting systems that held vast amounts of personal information on people involved in the event. The hacks "severely endangered the security of China's critical information infrastructure, national defense, finance, society, production, as well as citizens' personal information," Chinese foreign ministry spokesman Lin Jian told reporters. While the US has repeatedly published names of alleged Chinese hackers and filed criminal charges against them, China has historically refrained from making similar accusations against American spies. Rafe Pilling, director of threat intelligence at the cyber firm Sophos' Secureworks unit, said the development may signal a broader policy change from Chinese security agencies, with allegations of US cyberattacks becoming more specific and timely. "This is an escalation in China's experimentation with 'name and shame' policies for the alleged perpetrators of cyberattacks, mirroring US pursuit of a similar policy for a number of years now," said Pilling.

Read more of this story at Slashdot.