RSS 생중계

Captchas have largely vanished from the web in 2025, replaced by invisible tracking systems that analyze user behavior rather than asking people to decipher distorted text or identify traffic lights in image grids. Google launched reCaptcha v3 in 2018 to generate risk scores based on behavioral signals during site interactions, making bot-blocking technology "completely invisible" for most users, according to Tim Knudsen, a director of product management at Google Cloud. Cloudflare followed in 2022 by releasing Turnstile, another invisible alternative that sometimes appears as a simple checkbox but actually gathers data from devices and software to determine if users are human. Both companies distribute their security tools for free to collect training data, and Cloudflare now sees 20% of all HTTP requests across the internet. The rare challenges that do surface have become increasingly bizarre, ranging from requests to identify dogs and ducks wearing various hats to sliding a jockstrap across a screen to find matching underwear on hookup sites.

Read more of this story at Slashdot.

An anonymous reader shares a report: The Content Overseas Distribution Association (CODA), an anti-piracy organization representing Japanese IP holders like Studio Ghibli and Bandai Namco, released a letter last week asking OpenAI to stop using its members' content to train Sora 2, as reported by Automaton. The letter states that "CODA considers that the act of replication during the machine learning process may constitute copyright infringement," since the resulting AI model went on to spit out content with copyrighted characters. Sora 2 generated an avalanche of content containing Japanese IP after it launched on September 30th, prompting Japan's government to formally ask OpenAI to stop replicating Japanese artwork. This isn't the first time one of OpenAI's apps clearly pulled from Japanese media, either -- the highlight of GPT-4o's launch back in March was a proliferation of "Ghibli-style" images. Altman announced last month that OpenAI will be changing Sora's opt-out policy for IP holders, but CODA claims that the use of an opt-out policy to begin with may have violated Japanese copyright law, stating, "under Japan's copyright system, prior permission is generally required for the use of copyrighted works, and there is no system allowing one to avoid liability for infringement through subsequent objections."

Read more of this story at Slashdot.

Barry Warsaw, writing for the Python steering council, has announced that PEP 810 ("Explicit lazy imports") has been approved, unanimously, by the four who could vote. Since Pablo Galindo Salgado was one of the PEP authors, he did not vote. The PEP provides a way to defer importing modules until the names defined in a module are needed by other parts of the program. We covered the PEP and the discussion around it a few weeks back. The council also had "recommendations about some of the PEP's details, a few suggestions for filling a couple of small gaps", including: Use lazy as the keyword. We debated many of the given alternatives (and some we came up with ourselves), and ultimately agreed with the PEP's choice of the lazy keyword. The closest challenger was defer, but once we tried to use that in all the places where the term is visible, we ultimately didn't think it was as good an overall fit. The same was true with all the other alternative keywords we could come up with, so... lazy it is!

What about from foo lazy import bar? Nope! We like that in both module imports and from-imports that the lazy keyword is the first thing on the line. It helps to visually recognize lazy imports of both varieties.

A developer operating under the handle @XenoPanther has stripped Windows 7 down to 69MB. The OS boots but runs almost nothing because critical files like common dialog boxes and common controls are missing. @XenoPanther described the project on X as "more of a fun proof of concept rather than something usable." The desktop appears and the genuine check remains intact.

Read more of this story at Slashdot.

Python already has several ways to run programs concurrently — including asynchronous functions, threads, subinterpreters, and multiprocessing — but all of those options have drawbacks of one kind or another. PEP 703 ("Making the Global Interpreter Lock Optional in CPython") removed a major barrier to running Python threads in parallel, but also exposed Python programmers to the same tricky synchronization problems found in other languages supporting multithreaded programs. A new draft proposal by Mark Shannon, PEP 805 ("Safe Parallel Python"), suggests a way for the CPython runtime to cut down on concurrency bugs, making it more practical for Python programmers to use versions of the language without the global interpreter lock (GIL).

An anonymous reader shares a report: arXiv, a preprint publication for academic research that has become particularly important for AI research, has announced it will no longer accept computer science articles and papers that haven't been vetted by an academic journal or a conference. Why? A tide of AI slop has flooded the computer science category with low-effort papers that are "little more than annotated bibliographies, with no substantial discussion of open research issues," according to a press release about the change. arXiv has become a critical place for preprint and open access scientific research to be published. Many major scientific discoveries are published on arXiv before they finish the peer review process and are published in other, peer-reviewed journals. For that reason, it's become an important place for new breaking discoveries and has become particularly important for research in fast-moving fields such as AI and machine learning (though there are also sometimes preprint, non-peer-reviewed papers there that get hyped but ultimately don't pass peer review muster). The site is a repository of knowledge where academics upload PDFs of their latest research for public consumption. It publishes papers on physics, mathematics, biology, economics, statistics, and computer science and the research is vetted by moderators who are subject matter experts.

Read more of this story at Slashdot.

Palantir launched a fellowship that recruited high school graduates directly into full-time work, bypassing college entirely. The company received more than 500 applications and selected 22 for the inaugural class. The four-month program began with seminars on Western civilization, U.S. history, and leaders including Abraham Lincoln and Winston Churchill. Fellows then embedded in client teams working on live projects for hospitals, insurance companies, defense contractors, and government agencies. CEO Alex Karp, who studied at Haverford and Stanford, said in August that hiring university students now means hiring people engaged in "platitudes." The program wraps up in November. Palantir executives said they had a clear sense by the third or fourth week of which fellows were succeeding in the company environment. Fellows who perform well will receive offers for permanent positions without college degrees.

Read more of this story at Slashdot.

Microsoft AI chief Mustafa Suleyman says only biological beings are capable of consciousness, and that developers and researchers should stop pursuing projects that suggest otherwise. From a report: "I don't think that is work that people should be doing," Suleyman told CNBC in an interview this week at the AfroTech Conference in Houston, where he was among the keynote speakers. "If you ask the wrong question, you end up with the wrong answer. I think it's totally the wrong question." Suleyman, Microsoft's top executive working on artificial intelligence, has been one of the leading voices in the rapidly emerging field to speak out against the prospect of seemingly conscious AI, or AI services that can convince humans they're capable of suffering.

Read more of this story at Slashdot.

An anonymous reader shares a report: Chinese President Xi Jinping joked about security backdoors while presenting a pair of Xiaomi smartphones to his South Korean counterpart, a rare moment of spontaneous levity captured during a week of tense trade negotiations with Donald Trump. Xi, in South Korea to meet Trump on the sidelines of the Asia-Pacific Economic Cooperation summit, presented the pair of devices to Korean President Lee Jae Myung. In a video circulated on social media, Lee asked: "Is the line secure?" Xi chuckled, pointed at the gadgets and replied through an interpreter: "You can check if there's a backdoor." The two leaders burst into laughter. The exchange was striking because the issue of security and alleged espionage is a sensitive one and a major thorn in US-Chinese relations. American lawmakers have raised the possibility that tech companies such as Huawei build backdoors -- ways to gain access to sensitive data -- into their equipment or services, something the firms have repeatedly denied.

Read more of this story at Slashdot.

Version 6.0 ("Excalibur") of the systemd-averse Devuan distribution has been released. It is based on Debian 13 ("trixie"), and includes some of the significant changes from that release, including the merged /usr hierarchy. See the release notes for details.

The kernel's namespaces feature is, among other things, a key part of the implementation of containers. Like much in the kernel, though, the namespace API evolved over time; there was no design at the outset. As a result, this API has some rough edges and missing features. Christian Brauner is working to straighten out the namespace situation somewhat with this daunting 72-part patch series that, among other things, adds a new system call to allow user space to query the namespaces present on the system.

Joel Severin has announced the availability of his port of the Linux kernel to WebAssembly; one can go to this page and watch it boot in a browser.

Wasm is similar to every other arch in Linux, but also different. One important difference is that there is no way to suspend execution of a task. There is a way around this though: Linux supports up to 8k CPUs (or possibly more...). We can just spin up a new CPU dedicated to each user task (process/thread) and never preempt it

OpenAI will pay Amazon $38 billion for computing power in a seven-year deal that marks the companies' first partnership. Amazon expects all of the computing capacity negotiated as part of the agreement will be available to OpenAI by the end of next year. The ChatGPT maker will train new AI models using Amazon's data centers and use them to process user queries. The deal is small compared with OpenAI's $300 billion agreement with Oracle and its $250 billion commitment to Microsoft. OpenAI ended its exclusive cloud-computing partnership with Microsoft last month and has since signed almost $600 billion in new cloud commitments. Amazon Web Services is the industry's largest cloud provider, but Microsoft and Google have reported faster cloud-revenue growth in recent years after capturing new demand from AI customers.

Read more of this story at Slashdot.

Microsoft has released a patch that fixes a longstanding bug in Windows 11 and Windows 10 where selecting "Update and shut down" would restart the computer instead of powering it off. The issue affected users across both operating systems since Windows 10's initial release. The fix arrived in Windows 11 25H2 Build 26200.7019 and the October 2025 optional update KB5067036. Microsoft confirmed the patch "addressed underlying issue which can cause 'Update and shutdown' to not actually shut down your PC after updating." The problem likely stemmed from the Windows Servicing Stack failing to carry the power-off command through the required reboot phase. During updates Windows must restart into an offline servicing mode to replace system files. The power-off instruction was either cleared or blocked during this transition.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, and webkit2gtk3), Debian (ruby-rack, strongswan, ublock-origin, and wordpress), Fedora (firefox, kea, openapi-python-client, openbao, python-uv-build, qt5-qtbase, ruby, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-backon, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, samba, skopeo, sssd, Thunar, unbound, uv, vgrep, and xorg-x11-server-Xwayland), Mageia (bind, libtiff, sope, and transfig), Oracle (compat-libtiff3, kernel, libtiff, redis, redis:6, and redis:7), Red Hat (kernel, kernel-rt, libssh, xorg-x11-server, and xorg-x11-server-Xwayland), Slackware (seamonkey), SUSE (bind, chromedriver, chromium, colord, coreboot-utils, git-bug, ImageMagick, java-11-openj9, java-17-openj9, java-21-openj9, java-25-openj9, kea, libmozjs-115-0, libmozjs-140-0, libssh, libtiff-devel-32bit, nodejs18, ongres-scram, poppler, python311-starlette, rav1e, squid, strongswan, webkit2gtk3, xorg-x11-server, and xwayland), and Ubuntu (linux-gcp-6.14 and linux-hwe-6.8).

"During the past two years or so I have been slow-rolling an effort to port the Linux kernel to WebAssembly," reads a surprising post on the Linux kernel mailing list. I'm now at the point where the kernel boots and I can run basic programs from a shell. As you will see if you play around with it for a bit, it's not very stable and will crash sooner or later, but I think this is a good first step. Wasm is not necessarily only targeting the web, but that's how I have been developing this project... This is Linux, booting in your browser tab, accelerated by Wasm. Phoronix warns that "there are stability issues and it didn't take me long either to trigger crashes for this Linux kernel WASM port when running within Google Chrome."

Read more of this story at Slashdot.

"Rockstar Games fired dozens of employees," reports Bloomberg, "in a move that a British trade union said was designed to prevent the workers from unionizing. The company said they were fired for misconduct." TheGrand Theft Automaker terminatedbetween 30 and 40 staffersacross multipleoffices in the UK and Canada on Thursday, according to aspokesperson for the Independent Workers' Union of Great Britain (IWGB). All of the employees were part of a private trade union chat groupon Discord and were either members of the union or attempting to organize at the company, the union spokesperson said. "Rockstar has just carried out one of the most blatant and ruthless acts of union busting in the history of the games industry," Alex Marshall, president of theIWGB, said in a statement. "This flagrant contempt for the law and for the lives of the workers who bring in their billions is an insult to their fans and the global industry." On BlueSky the IWGB union posted "We won't back down, and we're not scared — we will fight for every member to be reinstated." Bloomberg notes that Grand Theft Auto VIis slated for release on May 26, 2026, "and is expected to be one of the top-selling video games of all time."

Read more of this story at Slashdot.

"It finally happened," writes the GamingOnLinux site: Linux gamers on Steam as of the Steam Hardware & Software Survey for October 2025 have crossed over the elusive 3% mark. The trend has been clear for sometime, and with Windows 10 ending support, it was quite likely this was going to be the time for it to happen as more people try out Linux... Overall, 3% might not seem like much to some, but again — that trend is very clear and equates to millions of people. The last time Valve officially gave a proper monthly active user count was in 2022, and we know Steam has grown a lot since then, but even going by that original number would put monthly active Linux users at well over 4 million. Additional details from Phoronix: The only time Steam on Linux use was close to the 3% mark was when Steam on Linux initially debuted a decade ago and at that time the overall Steam user-base was much smaller than it is today. Long story short, thanks to the ongoing success of Valve's Steam Deck and other handhelds plus Steam Play (Proton) working out so well, these October numbers are the best yet... a hearty 0.41% increase to Linux... landing its overall marketshare at 3.05%. Windows meanwhile was at 94.84% (falling below 95% for the first time in a while) and macOS at 2.11%. For comparison, in October 2024 Steam on Linux was at 2.00%. The Linux-specific data shows SteamOS commanding around 27% of all the Linux installs at large. SteamOS most notably being on the Steam Deck hardware.

Read more of this story at Slashdot.

TechCrunch reports: OpenAI CEO Sam Altman recently said that the company is doing "well more" than $13 billion in annual revenue — and he sounded a little testy when pressed on how it will pay for its massive spending commitments. His comments came up during a joint interviewon the Bg2 podcast between Altman and Microsoft CEO Satya Nadella about the partnership between their companies. Host Brad Gerstner (who's also founder and CEO of Altimeter Capital) brought upreports that OpenAI is currently bringing in around $13 billion in revenue — a sizable amount, but one that's dwarfed by more than $1 trillion in spending commitments for computing infrastructure that OpenAI has made for the next decade. "First of all, we're doing well more revenue than that. Second of all, Brad, if you want to sell your shares, I'll find you a buyer," Altman said, prompting laughs from Nadella. "I just — enough. I think there are a lot of people who would love to buy OpenAI shares." Altman's answer continued, making the case for OpenAI's business model. "We do plan for revenue to grow steeply. Revenue is growing steeply. We are taking a forward bet that it's going to continue to grow and that not only will ChatGPT keep growing, but we will be able to become one of the important AI clouds, that our consumer device business will be a significant and important thing. That AI that can automate science will create huge value... "We carefully plan, we understand where the technology — where the capability — is going to go, and the products we can build around that and the revenue we can generate. We might screw it up — like, this is the bet that we're making, and we're taking a risk along with that." (That bet-with-risks seems to be the $1.4 trillion in spending commitments — but Altman suggests it's offset by another absolutely certain risk: "If we don't have the compute, we will not be able to generate the revenue or make the models at this kind of scale.") Satya Nadella, Microsoft's CEO, added his own defense, "as both a partner and an investor. There has not been a single business plan that I've seen from OpenAI that they have put in and not beaten it. So in some sense, this is the one place where in terms of their growth — and just even the business — it's been unbelievable execution, quite frankly..."

Read more of this story at Slashdot.

"An engineer got curious about how his iLife A11 smart vacuum worked and monitored the network traffic coming from the device," writes Tom's Hardware. "That's when he noticed it was constantly sending logs and telemetry data to the manufacturer — something he hadn't consented to." The user, Harishankar, decided to block the telemetry servers' IP addresses on his network, while keeping the firmware and OTA servers open. While his smart gadget worked for a while, it just refused to turn on soon after... He sent it to the service center multiple times, wherein the technicians would turn it on and see nothing wrong with the vacuum. When they returned it to him, it would work for a few days and then fail to boot again... [H]e decided to disassemble the thing to determine what killed it and to see if he could get it working again... [He discovered] a GD32F103 microcontroller to manage its plethora of sensors, including Lidar, gyroscopes, and encoders. He created PCB connectors and wrote Python scripts to control them with a computer, presumably to test each piece individually and identify what went wrong. From there, he built a Raspberry Pi joystick to manually drive the vacuum, proving that there was nothing wrong with the hardware. From this, he looked at its software and operating system, and that's where he discovered the dark truth: his smart vacuum was a security nightmare and a black hole for his personal data. First of all, it's Android Debug Bridge, which gives him full root access to the vacuum, wasn't protected by any kind of password or encryption. The manufacturer added a makeshift security protocol by omitting a crucial file, which caused it to disconnect soon after booting, but Harishankar easily bypassed it. He then discovered that it used Google Cartographer to build a live 3D map of his home. This isn't unusual, by far. After all, it's a smart vacuum, and it needs that data to navigate around his home. However, the concerning thing is that it was sending off all this data to the manufacturer's server. It makes sense for the device to send this data to the manufacturer, as its onboard SoC is nowhere near powerful enough to process all that data. However, it seems that iLife did not clear this with its customers. Furthermore, the engineer made one disturbing discovery — deep in the logs of his non-functioning smart vacuum, he found a command with a timestamp that matched exactly the time the gadget stopped working. This was clearly a kill command, and after he reversed it and rebooted the appliance, it roared back to life. Thanks to long-time Slashdot reader registrations_suck for sharing the article.

Read more of this story at Slashdot.