RSS 생중계

At the 39th Chaos Communication Congress (39C3) in December, researchers Lexi Groves ("49016") and Liam Wachter said that they had discovered a number of flaws in popular implementations of OpenPGP email-encryption standard. They also released an accompanying web site, gpg.fail, with descriptions of the discoveries. Most of those presented were found in GNU Privacy Guard (GPG), though the pair also discussed problems in age, Minisign, Sequoia, and the OpenPGP standard (RFC 9580) itself. The discoveries have spurred some interesting discussions and as well as responses from GPG and Sequoia developers.

New submitter BeaverCleaver shares a report: Japan has restarted operations at the world's largest nuclear power plant for the first time since the 2011 Fukushima disaster forced the country to shut all of its reactors. The decision to restart reactor number 6 at Kashiwazaki-Kariwa north-west of Tokyo was taken despite local residents' safety concerns. It was delayed by a day because of an alarm malfunction and is due to begin operating commercially next month. Japan, which had always heavily relied on energy imports, was an early adopter of nuclear power. But in 2011 all 54 of its reactors had to be shut after a massive earthquake and tsunami triggered a meltdown at Fukushima, causing one of the worst nuclear disasters in history. This is the latest installment in Japan's nuclear power reboot, which still has a long way to go. The seventh reactor at Kashiwazaki-Kariwa is not expected to be brought back on until 2030, and the other five could be decommissioned. That leaves the plant with far less capacity than it once had when all seven reactors were operational: 8.2 gigawatts.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (brotli and container-tools:rhel8), Debian (python-keystonemiddleware and python3.9), Fedora (cef, freerdp, golang-github-tetratelabs-wazero, and libpcap), Oracle (brotli, gpsd, kernel, and transfig), Red Hat (freerdp, golang, java-11-openjdk with Extended Lifecycle Support, libpng, libssh, mingw-libpng, and runc), SUSE (abseil-cpp, alloy, apache2, bind, cpp-httplib, curl, erlang, firefox, gpg2, grafana, haproxy, hauler, hawk2, libblkid-devel, libpng16, libraylib550, python-keystonemiddleware-doc, python-uv, python-weasyprint, squid, and tomcat), and Ubuntu (crawl and iperf3).

San Diego Comic-Con changed an AI art friendly policy following an artist-led backlash last week. From a report: It was a small victory for working artists in an industry where jobs are slipping away as movie and video game studios adopt generative AI tools to save time and money. Every year, tens of thousands of people descend on San Diego for Comic-Con, the world's premier comic book convention that over the years has also become a major pan-media event where every major media company announces new movies, TV shows, and video games. For the past few years, Comic-Con has allowed some forms of AI-generated art at this art show at the convention. According to archived rules for the show, artists could display AI-generated material so long as it wasn't for sale, was marked as AI-produced, and credited the original artist whose style was used. "Material produced by Artificial Intelligence (AI) may be placed in the show, but only as Not-for-Sale (NFS). It must be clearly marked as AI-produced, not simply listed as a print. If one of the parameters in its creation was something similar to 'Done in the style of,' that information must be added to the description. If there are questions, the Art Show Coordinator will be the sole judge of acceptability," Comic-Con's art show rules said until recently.

Read more of this story at Slashdot.

YouTube CEO Neal Mohan used his annual letter to creators, published Wednesday, to outline an ambitious 2026 vision that embraces AI-powered creative tools while simultaneously pledging to crack down on the low-quality AI content that has come to be known as "slop." Mohan identified four AI-related areas that YouTube "must get right in 2026." The platform is working on tools that will let creators use AI to generate Shorts featuring their own likenesses and to experiment with music. "Just as the synthesizer, Photoshop and CGI revolutionized sound and visuals, AI will be a boon to the creatives who are ready to lean in," he wrote. Features like autodubbing, he says, will "transform the viewer experience." But "the rise of AI has raised concerns about low-quality content, aka 'AI slop,'" he wrote. YouTube is building on its existing spam and clickbait detection systems to reduce the spread of such content. He also flagged deepfakes as a particular concern: "It's becoming harder to detect what's real and what's AI-generated." The platform plans to double down on AI labels and introduce tools that let creators protect their likenesses.

Read more of this story at Slashdot.

Companies are spending vast sums on AI expecting the technology to boost efficiency, but a new survey from AI consulting firm Section found that two-thirds of non-management workers among 5,000 white-collar respondents say they save less than two hours a week or no time at all, while more than 40% of executives report the technology saves them upward of eight hours weekly. Workers were far more likely to describe themselves as anxious or overwhelmed about AI than excited -- the opposite of C-suite respondents -- and 40% of all surveyed said they would be fine never using AI again. A separate Workday report of roughly 1,600 employees found that though 85% reported time savings of one to seven hours weekly, much of it was offset by correcting errors and reworking AI-generated content -- what the company called an "AI tax" on productivity. At the World Economic Forum in Davos this week, a PricewaterhouseCoopers survey of nearly 4,500 CEOs found more than half have seen no significant financial benefit from AI so far, and only 12% said the technology has delivered both cost and revenue gains.

Read more of this story at Slashdot.

An anonymous reader quotes a report from DroidLife: When the FCC cleared Verizon of its 60-day device unlock policy a week ago, we talked about how the government agency, which is as anti-consumer as it has ever been at the moment, was giving Verizon the power to basically create whatever unlock policy it wanted. We also expected Verizon to make a change to its policies in a hurry and they did not disappoint. Again, the FCC provided them a waiver 7 days ago and they are already starting to update policies. As of this morning, Verizon has implemented a new device unlock policy across its various prepaid brands and I'd imagine their postpaid policy change is right around the corner. Brands like Visible, Total Wireless, Tracfone, and StraightTalk, all have an updated device unlock policy today that extends to 365 days of paid and active service before they'll free your phone from the Verizon network. Starting January 20, Verizon says that devices purchased from their prepaid brands will only be unlocked upon request after 365 days and if you meet several requirements [...]. What exactly is changing here? Well, if you purchased a device from Verizon's value brands previously, they would automatically unlock them after 60 days. Now, you have to wait 365 days, request the unlock because it doesn't happen automatically, and also have active service. [...] The FCC mentioned in their waiver that by allowing Verizon to create whatever unlock policy they wanted that this would "benefit consumers." How does any of this benefit consumers?

Read more of this story at Slashdot.

Snap has settled a social media addiction lawsuit just days before trial, while Meta, TikTok, and Alphabet remain defendants and are headed to court. "Terms of the deal were not announced as it was revealed by lawyers at a California Superior Court hearing, after which Snap told the BBC the parties were 'pleased to have been able to resolve this matter in an amicable manner.'" From the report: The plaintiff, a 19-year old woman identified by the initials K.G.M., alleged that the algorithmic design of the platforms left her addicted and affected her mental health. In the absence of a settlement with the other parties, the trial is scheduled to go forward against the remaining three defendants, with jury selection due to begin on January 27. Meta boss Mark Zuckerberg is expected to testify, and until Tuesday's settlement, Snap CEO Evan Spiegel was also set to take the stand. Snap is still a defendant in other social media addiction cases that have been consolidated in the court. The closely watched cases could challenge a legal theory that social media companies have used to shield themselves. They have long argued that Section 230 of the Communications Decency Act of 1996 protects them from liability for what third parties post on their platforms. But plaintiffs argue that the platforms are designed in a way that leaves users addicted through choices that affect their algorithms and notifications. The social media companies have said the plaintiffs' evidence falls short of proving that they are responsible for alleged harms such as depression and eating disorders.

Read more of this story at Slashdot.

alternative_right shares a report from ScienceAlert: Thanks to a giant eruption on the Sun and a large opening in its atmosphere, we're currently experiencing G4 conditions -- a severe geomagnetic storm strong enough to disrupt power grids as energy from space weather disturbances drives electric currents through Earth's magnetic field and the ground. Experts say the storm could even reach G5 levels, the extreme category responsible for the spectacular auroral activity seen in May 2024. In fact, space weather bureaus around the world are forecasting powerful aurora conditions, with some suggesting aurora could be visible at unusually low latitudes, potentially rivaling the reach of 2024's historic superstorm. A livestream of the Northern Lights is available on YouTube. The Aurora forecast is available here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: The world has entered an era of "global water bankruptcy" that is harming billions of people, a UN report has declared. The overuse and pollution of water must be tackled urgently, the report's lead author said, because no one knew when the whole system could collapse, with implications for peace and social cohesion. All life depends on water but the report found many societies had long been using water faster than it could be replenished annually in rivers and soils, as well as over-exploiting or destroying long-term stores of water in aquifers and wetlands. This had led to water bankruptcy, the report said, with many human water systems past the point at which they could be restored to former levels. The climate crisis was exacerbating the problem by melting glaciers, which store water, and causing whiplashes between extremely dry and wet weather. Prof Kaveh Madani, who led the report, said while not every basin and country was water bankrupt, the world was interconnected by trade and migration, and enough critical systems had crossed this threshold to fundamentally alter global water risk. The result was a world in which 75% of people lived in countries classified as water-insecure or critically water-insecure and 2 billion people lived on ground that is sinking as groundwater aquifers collapse. Conflicts over water had risen sharply since 2010, the report said, while major rivers, such as the Colorado, in the US, and the Murray-Darling system, in Australia, were failing to reach the sea, and "day zero" emergencies -- when cities run out of water, such as in Chennai, India -- were escalating. Half of the world's large lakes had shrunk since the early 1990s, the report noted. Even damp nations, such as the UK, were at risk because of reliance on imports of water-dependent food and other products. "This report tells an uncomfortable truth: many critical water systems are already bankrupt," said Madani, of the UN University's Institute for Water, Environment and Health. "It's extremely urgent [because] no one knows exactly when the whole system would collapse." About 70% of fresh water taken by human withdrawals was used for agriculture, but Madani said: "Millions of farmers are trying to grow more food from shrinking, polluted or disappearing water sources. Water bankruptcy in India or Pakistan, for example, also means an impact on rice exports to a lot of places around the world." More than half of global food was grown in areas where water storage was declining or unstable, the report said. Madani said action to deal with water bankruptcy offered a chance to bring countries together in an increasingly fragmented world. "Water is a strategic, untapped opportunity to the world to create unity within and between nations. It is one of the very rare topics that left and right and north and south all agree on its importance." The UN report, which is based on a forthcoming paper in the peer-reviewed journal Water Resources Management, sets out how population growth, urbanization and economic growth have increased water demand for agriculture, industry, energy and cities. "These pressures have produced a global pattern that is now unmistakable," it said.

Read more of this story at Slashdot.

Ancient Slashdot reader jantangring shares a report from Swedish electronics industry news site Elektroniktidningen (translated to English), writing: "Open source code library cURL is removing the possibility to earn money by reporting bugs, hoping that this will reduce the volume of AI slop reports," reports etn.se. "Joshua Rogers -- AI wielding bug hunter of fame -- thinks it's a great idea." cURL maintainer Daniel Stenberg famously reported on the flood AI-generated bad bug reports last year -- "Death by a thousand slops." Now, cURL is removing the bounty payouts as of the end of January. "We have to try to brake the flood in order not to drown," says cURL maintainer Daniel Stenberg [...]. "Despite being an AI wielding bug hunter himself, Joshua Rogers -- slasher of a hundred bugs -- thinks removing the bounty money is an excellent idea. [...] I think it's a good move and worth a bigger consideration by others. It's ridiculous that it went on for so long to be honest, and I personally would have pulled the plug long ago," he says to etn.se.

Read more of this story at Slashdot.

According to the Wall Street Journal, OpenAI and ServiceNow signed a three-year deal to embed AI agents directly into ServiceNow's enterprise workflows. CNBC reports: As part of the deal, ServiceNow will integrate GPT-5.2 into its enterprise workflow platform and create AI voice technology harnessing these models. "Bringing together our engineering teams and our respective technologies will drive faster value for customers and more intuitive ways of working with AI," said Amit Zavery, president, chief operating officer, and chief product officer at ServiceNow.

Read more of this story at Slashdot.

This week, Google finally shut down the official Stadia Bluetooth conversion tool... but there's no need to panic! Developer Christopher Klay preserved a copy on his personal GitHub and is hosting a fully working version of the tool on a dedicated website to make it even easier to find. The Verge's Sean Hollister reports: I haven't tried Klay's mirror, as both of my gamepads are already converted, but here's my video on how easy the process is. It's worth doing now that the pads work relatively well with Steam! I maintain that while Google made a lot of mistakes, it's an amazing example of shutting down a service the right way.

Read more of this story at Slashdot.

An anonymous reader quotes a report from U.S. News & World Report: U.S. health officials plan a new study investigating whether radiation from cellphones may affect human health. A spokesperson for the U.S. Department of Health and Human Services (HHS) said the research will examine electromagnetic radiation and possible gaps in current science. The initiative stems from numerous concerns raised by Health Secretary Robert F. Kennedy Jr., who has linked cellphone use to neurological damage and cancer. "The [U.S. Food and Drug Administration] removed webpages with old conclusions about cell phone radiation while HHS undertakes a study on electromagnetic radiation and health research to identify gaps in knowledge, including on new technologies, to ensure safety and efficacy," HHS spokesman Andrew Nixon said. He added that the study was directed in a strategy report from the president's Make America Healthy Again Commission. Some webpages from the FDA and the U.S. Centers for Disease Control and Prevention say current research does not show clear harm from cellphone radiation. The National Cancer Institute, which is part of the National Institutes of Health, says that "evidence to date suggests that cellphone use does not cause brain or other kinds of cancer in humans.".

Read more of this story at Slashdot.

The UK government has launched a public consultation on whether to ban social media use for children under 16, drawing inspiration from Australia's recently enacted age-based restrictions. "It would also explore how to enforce that limit, how to limit tech companies from being able to access children's data and how to limit 'infinite scrolling,' as well as access to addictive online tools," reports Engadget. "In addition to seeking feedback from parents and young people themselves, the country's ministers are going to visit Australia to see the effects of the country's social media ban for kids, according to Financial Times."

Read more of this story at Slashdot.

A PwC survey of more than 4,500 CEOs found that over half report no revenue growth or cost savings from their AI investments so far, despite massive spending. Of the 4,454 business leaders surveyed, only 12% saw both lower costs and higher revenue, while 56% saw neither benefit. "26% saw reduced costs, but nearly as many experienced cost increases," adds The Register. From the report: AI adoption remains limited. Even in top use cases like demand generation (22 percent), support services (20 percent), and product development (19 percent), only a minority are deploying AI extensively. Last year, a separate PwC study found that only 14 percent of workers indicated they were using generative AI daily in their work. Despite the CEOs' repsonses, PwC concludes more investment is required. It claims that "isolated, tactical AI projects" often don't deliver measurable value, and that tangible returns instead come from enterprise-wide deployments consistent with business strategy. [...] In terms of the broader picture, PwC says it found CEO confidence has hit a five-year low, with only 30 percent optimistic about revenue growth (down from 38 percent last year). This points to growing geopolitical risk and intensifying cyber threats, as well as uncertainty over the benefits and downsides of AI. Unsurprisingly, concern remains over tariffs as the Trump administration continues its erratic approach to policy, with almost a third of company chiefs saying tariffs are expected to reduce their company's profit margin in the year ahead. In the U.S., 22 percent indicate their corporation is highly or extremely exposed to tariffs. PwC warns that companies avoiding major investments due to geopolitical uncertainty underperform peers by two percentage points in growth and three points in profit margins.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Meta's Oversight Board is tackling a case focused on Meta's ability to permanently disable user accounts. Permanent bans are a drastic action, locking people out of their profiles, memories, friend connections, and, in the case of creators and businesses, their ability to market and communicate with fans and customers. This is the first time in the organization's five-year history as an oversight body that permanent account bans have been a subject of the Oversight Board's focus, the organization notes. The case being reviewed isn't exactly one of an everyday user. Instead, the case involves a high-profile Instagram user who repeatedly violated Meta's Community Standards by posting visual threats of violence against a female journalist, anti-gay slurs against politicians, content depicting a sex act, allegations of misconduct against minorities, and more. The account had not accumulated enough strikes to be automatically disabled, but Meta made the decision to permanently ban the account. The Board's materials didn't name the account in question, but its recommendations could impact others who post content that targets public figures with abuse, harassment, and threats, as well as users who have their accounts permanently banned without receiving transparent explanations. Meta referred this specific case to the Board, which included five posts made in the year before the account was permanently disabled. The Board says it's looking for input about several key issues: how permanent bans can be processed fairly, the effectiveness of its current tools to protect public figures and journalists from repeated abuse and threats of violence, the challenges of identifying off-platform content, whether punitive measures effectively shape online behaviors, and best practices for transparent reporting on account enforcement decisions. [...] Whether the Oversight Board has any real sway to address issues on Meta's platform continues to be debated, of course. [...] After the Oversight Board issues its policy recommendations to Meta, the company has 60 days to respond. The Board is also soliciting public comments on this topic. The report notes that Meta's Oversight Board is able to overturn individual moderation decisions and offer recommendations, but largely sidelined from major policy shifts driven by Mark Zuckerberg.

Read more of this story at Slashdot.

Konstantin Ryabitsev has put up a blog post about korgalore, a tool he has written to circumvent delivery problems experienced by kernel developers using the large, centralized email systems.

We cannot fix email delivery, but we can sidestep it entirely. Public-inbox archives like lore.kernel.org store all mailing list traffic in git repositories. In its simplest configuration, korgalore can shallow-clone these repositories directly and upload any new messages straight to your mailbox using the provider's API.

More than half of companies haven't seen any financial benefit from their AI investments, according to PwC's latest Global CEO Survey [PDF], and yet the spending shows no signs of slowing down. Some 56% of the 4,454 chief executives surveyed across 95 countries said their companies have realized neither higher revenues nor lower costs from AI over the past year. Only 12% reported getting both benefits -- and those rare winners tend to be the ones who built proper enterprise-wide foundations rather than chasing one-off projects. CEO confidence in near-term growth has taken a notable hit. Just 30% feel strongly optimistic about revenue growth over the next 12 months, down from 38% last year and nowhere near the 56% who felt that way in 2022.

Read more of this story at Slashdot.

One would assume that most LWN readers stopped running network-accessible telnet services some number of decades ago. For the rest of you, this security advisory from Simon Josefsson is worthy of note:

The telnetd server invokes /usr/bin/login (normally running as root) passing the value of the USER environment variable received from the client as the last parameter.

If the client supplies a carefully crafted USER environment value being the string "-f root", and passes the telnet(1) -a or --login parameter to send this USER environment to the server, the client will be automatically logged in as root bypassing normal authentication processes.