RSS 생중계

Lovable, a Swedish startup that allows users to create websites and apps through natural language prompts, failed to address a critical security vulnerability for months after being notified, according to a new report. A study by Replit employees found that 170 of 1,645 Lovable-created applications exposed sensitive user information including names, email addresses, financial data, and API keys that could allow hackers to run up charges on customers' accounts. The vulnerability, published this week in the National Vulnerabilities Database, stems from misconfigured Supabase databases that Lovable's AI-generated code connects to for storing user data. Despite being alerted to the problem in March, Lovable initially dismissed concerns and only later implemented a limited security scan that checks whether database access controls are enabled but cannot determine if they are properly configured.

Read more of this story at Slashdot.

An anonymous reader shares a report: In a landmark ruling advancing efforts to hold major polluters accountable for transnational climate-related harms, on May 28 a German court concluded that a corporation can be held liable under civil law for its proportional contribution to global climate change, Climate Rights International said today. Filed in 2015, the case against German energy giant RWE AG challenged the corporation to pay for its proportional share of adaptation costs needed to protect the Andean city of Huaraz, Peru, from a flood from a glacial lake exacerbated by global warming. RWE AG, one of Europe's largest emitters, is estimated to be responsible for approximately 0.47% of global historical global greenhouse gas emissions. "This groundbreaking ruling confirms that corporate emitters can no longer hide behind borders, politics, or scale to escape responsibility," said Lotte Leicht, Advocacy Director at Climate Rights International. "The court's message is clear: major carbon polluters can be held legally responsible for their role in driving the climate crisis and the resulting human rights and economic harms. If the reasoning of this decision is adopted by other courts, it could lay the foundation for ending the era of impunity for fossil fuel giants and other big greenhouse gas emitters."

Read more of this story at Slashdot.

An anonymous reader shares a report: Some of the citations that underpin the science in the White House's sweeping "MAHA Report" appear to have been generated using artificial intelligence [non-paywalled source], resulting in numerous garbled scientific references and invented studies, AI experts said Thursday. Of the 522 footnotes to scientific research in an initial version of the report sent to The Washington Post, at least 37 appear multiple times, according to a review of the report by The Post. Other citations include the wrong author, and several studies cited by the extensive health report do not exist at all, a fact first reported by the online news outlet NOTUS on Thursday morning. Some references include "oaicite" attached to URLs -- a definitive sign that the research was collected using artificial intelligence. The presence of "oaicite" is a marker indicating use of OpenAI, a U.S. artificial intelligence company. A common hallmark of AI chatbots, such as ChatGPT, is unusually repetitive content that does not sound human or is inaccurate -- as well as the tendency to "hallucinate" studies or answers that appear to make sense but are not real.

Read more of this story at Slashdot.

The three largest U.S. airlines are charging solo travelers higher fares than passengers booking for two or more people on select domestic routes, a pricing strategy analysts believe targets business travelers, according to fare analysis by travel publication Thrifty Traveler. American Airlines, United Airlines and Delta Air Lines implement the practice by opening different fare categories based on passenger count. United charges $269 for a solo traveler flying from Chicago O'Hare to Peoria, while two passengers pay $181 each for identical seats. American's Charlotte-to-Fort Myers route costs solo travelers $422 versus $266 per person for pairs. The airlines appear to be "segmenting" customers by charging business travelers paying with corporate cards more while offering better deals to families booking together. Solo travelers are more likely to be business flyers using employer funds and "less likely to care about paying another $80 or more," according to the analysis.

Read more of this story at Slashdot.

Almost 40% of glaciers in existence today are already doomed to melt due to climate-heating emissions from fossil fuels, a study has found. The Guardian: The loss will soar to 75% if global heating reaches the 2.7C rise for which the world is currently on track. The massive loss of glaciers would push up sea levels, endangering millions of people and driving mass migration, profoundly affecting the billions reliant on glaciers to regulate the water used to grow food, the researchers said. However, slashing carbon emissions and limiting heating to the internationally agreed 1.5C target would save half of glacier ice. That goal is looking increasingly out of reach as emissions continue to rise, but the scientists said that every tenth-of-a-degree rise that was avoided would save 2.7tn tonnes of ice.

Read more of this story at Slashdot.

Google has begun automatically generating AI-powered email summaries for Gmail Workspace users, eliminating the need to manually trigger the feature that has been available since last year. The company's Gemini AI will now independently determine when longer email threads or messages with multiple replies would benefit from summarization, displaying these summaries above the email content itself. The automatic summaries currently appear only on mobile devices for English-language emails and may take up to two weeks to roll out to individual accounts, with Google providing no timeline for desktop expansion or availability to non-Workspace Gmail users.

Read more of this story at Slashdot.

An anonymous reader shares a report: Negotiations are under way between the UAE and OpenAI that may make the company's ChatGPT Plus artificial intelligence chatbot available to all residents free of charge, though a final deal has not been reached. An agreement involving ChatGPT Plus would be part of the recently announced Stargate UAE infrastructure plan to create an AI hub in Abu Dhabi, according to a source familiar with the country's AI strategy. Abu Dhabi's AI company G42 has partnered with OpenAI, Oracle and Nvidia to set up Stargate UAE, a 1-gigawatt computing cluster that will operate in the newly established 5GW UAE -- US AI Campus.

Read more of this story at Slashdot.

Mozilla has decided to throw in the towel on Pocket, a social-bookmarking service that it acquired in 2017. This has left many users scrambling for a replacement for Pocket before its shutdown in July. One possible option is wallabag, a self-hostable, MIT-licensed project for saving web content for later reading. It can import saved data from services like Pocket, share content on the web, export to various formats, and more. Even better, it puts users in control of their data long-term.

Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, firefox, ghostscript, gstreamer1-plugins-bad-free, libsoup3, mingw-freetype, perl, ruby, sqlite, thunderbird, unbound, valkey, and xz), Debian (chromium, firefox-esr, libavif, linux-6.1, modsecurity-apache, mydumper, systemd, and thunderbird), Fedora (coreutils, dnsdist, docker-buildx, maturin, mingw-python-flask, mingw-python-flit-core, ruff, rust-hashlink, rust-rusqlite, and thunderbird), Red Hat (pcs), SUSE (augeas, brltty, brotli, ca-certificates-mozilla, dnsdist, glibc, grub2, kernel, libsoup, libsoup2, libxml2, open-vm-tools, perl, postgresql13, postgresql15, postgresql16, postgresql17, python-cryptography, python-httpcore, python-h11, python311, runc, s390-tools, slurm, slurm_20_11, slurm_22_05, slurm_23_02, slurm_24_11, tomcat, and webkit2gtk3), and Ubuntu (linux-aws).

sinij shares a report from the BBC: France's National Assembly has voted to abolish low-emission zones, a key measure introduced during President Emmanuel Macron's first term to reduce city pollution. So-called ZFEs (zones a faibles emissions) have been criticized for hitting those who cannot afford less-polluting vehicles the hardest. A handful of MPs from Macron's party joined opposition parties from the right and far right in voting 98-51 to scrap the zones, which have gradually been extended across French cities since 2019. [...] The low-emission zones began with 15 of France's most polluted cities in 2019 and by the start of this year had been extended to every urban area with a population of more than 150,000, with a ban on cars registered before 1997. Those produced after 1997 need a round "Crit'Air" sticker to drive in low-emission zones, and there are six categories that correspond to various types of vehicle. The biggest restrictions have been applied in the most polluted cities, Paris and Lyon, as well as Montpellier and Grenoble. The BBC notes that while the abolition is expected to pass France's Senate, it must still be included in a broader bill approved by the lower house in June and cleared by the Constitutional Council, which isn't guaranteed.

Read more of this story at Slashdot.

For the first time, scientists have directly observed atmospheric sputtering in action on Mars -- an erosion process driven by solar wind ions that may have played a major role in the planet's atmospheric and water loss. ScienceAlert reports: The only spacecraft with the equipment and orbital configuration to make these observations is NASA's MAVEN. The researchers carefully pored over the data collected by the spacecraft since it arrived in Mars orbit in September 2014, looking to find simultaneous observations of the solar electric field and an upper atmosphere abundance of argon -- one of the sputtered particles, used as a tracer for the phenomenon. They found that, above an altitude of 350 kilometers (217 miles), argon densities vary depending on the orientation of the solar wind electric field, compared to argon densities at lower altitudes that remain consistent. The results showed that lighter isotopes of argon vary, leaving behind an excess of heavy argon -- a discrepancy that is best explained by active sputtering. This is supported by observations of a solar storm, the outflows of which arrived at Mars in January 2016. During this time, the evidence of sputtering became significantly more pronounced. Not only does this support the team's finding that argon density variations at high Martian altitudes are the result of sputtering, it demonstrates what conditions may have been like billions of years ago, when the Sun was younger and rowdier, undergoing more frequent storm activity. The findings have been published in the journal Science Advances.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Whether it is doing sums or working out what to text your new date, some tasks produce a furrowed brow. Now scientists say they have come up with a device to monitor such effort: an electronic tattoo, stuck to the forehead. The researchers say the device could prove valuable among pilots, healthcare workers and other professions where managing mental workload is crucial to preventing catastrophes. "For this kind of high-demand and high-stake scenario, eventually we hope to have this real-time mental workload decoder that can give people some warning and alert so that they can self-adjust, or they can ask AI or a co-worker to offload some of their work," said Dr Nanshu Lu, an author of the research from the University of Texas at Austin, adding the device may not only help workers avoid serious mistakes but also protect their health. Writing in the journal Device, Lu and colleagues describe how using questionnaires to investigate mental workload is problematic, not least as people are poor at objectively judging cognitive effort and they are usually conducted after a task. Meanwhile, existing electroencephalography (EEG) and electrooculography (EOG) devices, that can be used to assess mental workload by measuring brain waves and eye movements respectively, are wired, bulky and prone to erroneous measurements arising from movements. By contrast, the "e-tattoo" is a lightweight, flexible, wireless device. The black, wiggly path of the e-tattoo is composed of a graphite-based conductive material, and is attached to the forehead using conductive adhesive film. Four square EEG electrodes, positioned on the forehead, each detect a different region of brain activity -- with a reference electrode behind the ear -- while rectangular EOG electrodes, placed vertically and horizontally around the eyes, provide data about eye movements. Each of the stretchable electrodes is coated in an additional conductive material. The e-tattoo, which is bespoke and disposable, is connected to a reusable flexible printed circuit using conductive tape, while a lightweight battery can be clipped to the device. The device is expected to cost less than $200 and be accompanied with an app to alert the user if their mental workload is too high.

Read more of this story at Slashdot.

Amazon has launched a new innovation-focused team called ZeroOne, led by Xbox co-creator J Allard, to develop breakthrough consumer products across hardware and software. CNBC reports: The ZeroOne team is spread across Seattle, San Francisco and Sunnyvale, California, and is focused on both hardware and software projects, according to job postings from the past month. The name is a nod to its mission of developing emerging product ideas from conception to launch, or "zero to one." [...] The new group is being led by J Allard, who spent 19 years at Microsoft, most recently as technology chief of consumer products, a role he left in 2010, according to his LinkedIn profile. He was a key architect of the Xbox game console, as well as the Zune, a failed iPod competitor. Allard joined Amazon in September, and the company confirmed at the time that he would be part of the devices and services team under Panos Panay, who left Microsoft for Amazon in 2023 to lead the group. An Amazon spokesperson confirmed Allard oversees ZeroOne but declined to comment further on the group's work. The job postings provide few specific details about what ZeroOne is building, though one listing references working on "conceiving, designing, and bringing to market computer vision techniques for a new smart-home product." Another post for a senior customer insights manager in San Francisco says the job entails owning "the methodology and execution of concept testing and early feedback for ZeroOne programs." "You'll be part of a team that embraces design thinking, rapid experimentation, and building to learn," the description says. "If you're excited about working in small, nimble teams to create entirely new product categories and thrive in the ambiguity of breakthrough innovation, we want to talk to you." Amazon has pulled in staffers from other business units that have experience developing innovative technologies, including its Alexa voice assistant, Luna cloud gaming service and Halo sleep tracker, according to Linkedin profiles of ZeroOne employees. The head of a projection mapping startup called Lightform that Amazon acquired is helping lead the group. While Amazon is expanding this particular corner of its devices group, the company is scaling back other areas of the sprawling devices and services division.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: An accused movie pirate who stole more than 1,000 Blu-ray discs and DVDs while working for a DVD manufacturing company struck a plea deal (PDF) this week to lower his sentence after the FBI claimed the man's piracy cost movie studios millions. Steven Hale no longer works for the DVD company. He was arrested in March, accused of "bypassing encryption that prevents unauthorized copying" and ripping pre-release copies of movies he could only access because his former employer was used by major movie studios. As alleged by the feds, his game was beating studios to releases to achieve the greatest possible financial gains from online leaks. Among the popular movies that Hale is believed to have leaked between 2021 and 2022 was Spider-Man: No Way Home, which the FBI alleged was copied "tens of millions of times" at an estimated loss of "tens of millions of dollars" for just one studio on one movie. Other movies Hale ripped included animated hits like Encanto and Sing 2, as well as anticipated sequels like The Matrix: Resurrections and Venom: Let There Be Carnage. The cops first caught wind of Hale's scheme in March 2022. They seized about 1,160 Blu-rays and DVDs in what TorrentFreak noted were the days just "after the Spider-Man movie leaked online." It's unclear why it took close to three years before Hale's arrest, but TorrentFreak suggested that Hale's case is perhaps part of a bigger investigation into the Spider-Man leaks. A plea deal for Hale significantly reduced the estimated damages from his piracy case to under $40,000 and led to the dismissal of two charges, though he still faces up to five years in prison and a $250,000 fine for one remaining copyright infringement charge. His final sentence and restitution amount will be decided at a court hearing in Tennessee at the end of August.

Read more of this story at Slashdot.

Google's Gemini AI can now analyze and summarize video files stored in Google Drive, letting users ask questions about content like meeting takeaways or product updates without watching the footage. The Verge reports: The Gemini in Drive feature provides a familiar chatbot interface that can provide quick summaries describing the footage or pull specific information. For example, users can ask Gemini to list action items mentioned in recorded meetings or highlight the biggest updates and new products in an announcement video, saving time spent on manually combing through and taking notes. The feature requires captions to be enabled for videos, and can be accessed using either Google Drive's overlay previewer or a new browser tab window. It's available in English for Google Workspace and Google One AI Premium users, and anyone who has previously purchased Gemini Business or Enterprise add-ons, though it may take a few weeks to fully roll out. You can learn more about the update in Google's blog post.

Read more of this story at Slashdot.

A Texas jury ruled that Intel may hold a license to patents owned by VLSI Technology through its agreement with Finjan Inc., both controlled by Fortress Investment Group -- potentially nullifying over $3 billion in previous patent infringement verdicts against Intel. Reuters reports: VLSI has sued Intel in multiple U.S. courts for allegedly infringing several patents covering semiconductor technology. A jury in Waco, Texas awarded VLSI $2.18 billion in their first trial in 2021, which a U.S. appeals court has since overturned and sent back for new proceedings. An Austin, Texas jury determined that VLSI was entitled to nearly $949 million from Intel in a separate patent infringement trial in 2022. Intel has argued in that case that the verdicts should be thrown out based on a 2012 agreement that gave it a license to patents owned by Finjan and other companies "under common control" with it. U.S. District Judge Alan Albright held the latest jury trial in Austin to determine whether Finjan and VLSI were under the "common control" of Fortress. VLSI said it was not subject to the Finjan agreement, and that the company did not even exist until four years after it was signed.

Read more of this story at Slashdot.

The SEC on Thursday voluntarily dismissed its lawsuit against Binance, the world's largest cryptocurrency exchange. It brings an end to one of the last remaining crypto enforcement actions brought by the agency. Reuters reports: The SEC had accused the defendants in 2023 of artificially inflating trading volumes, diverting customer funds, failing to restrict U.S. customers from Binance's platform, and misleading investors about its market surveillance controls. It also accused Binance of unlawfully facilitating trading of several tokens that prior SEC leadership deemed unregistered securities. Developing...

Read more of this story at Slashdot.

An anonymous reader quotes a report from SC Media: Thousands of ASUS routers have been compromised with malware-free backdoors in an ongoing campaign to potentially build a future botnet, GreyNoise reported Wednesday. The threat actors abuse security vulnerabilities and legitimate router features to establish persistent access without the use of malware, and these backdoors survive both reboots and firmware updates, making them difficult to remove. The attacks, which researchers suspect are conducted by highly sophisticated threat actors, were first detected by GreyNoise's AI-powered Sift tool in mid-March and disclosed Thursday after coordination with government officials and industry partners. Sekoia.io also reported the compromise of thousands of ASUS routers in their investigation of a broader campaign, dubbed ViciousTrap, in which edge devices from other brands were also compromised to create a honeypot network. Sekoia.io found that the ASUS routers were not used to create honeypots, and that the threat actors gained SSH access using the same port, TCP/53282, identified by GreyNoise in their report. The backdoor campaign affects multiple ASUS router models, including the RT-AC3200, RT-AC3100, GT-AC2900, and Lyra Mini. GreyNoise advises users to perform a full factory reset and manually reconfigure any potentially compromised device. To identify a breach, users should check for SSH access on TCP port 53282 and inspect the authorized_keys file for unauthorized entries.

Read more of this story at Slashdot.

An anonymous reader shares a report: China's Ministry of Commerce is meeting with some of the country's biggest automakers to discuss whether the industry is using a loophole to mask weakening sales. Reuters adds: It comes after Great Wall Motor's Chairman Wei Jianjun said in an interview with Sina Finance last week that a phenomenon called "secondhand cars with zero mileage" had emerged in the Chinese market as a result of the industry's years-long price war. The phenomenon, he said, involved cars that had been registered and had licence plates -- marking them as sold -- but had never been driven being sold in the secondhand market. Wei said that at least 3,000 to 4,000 vendors on Chinese used car platforms were selling such cars. The source said the tactic was seen as a potential method within the industry for automakers and dealers to support new car sales as they try to meet aggressive sales targets.

Read more of this story at Slashdot.

As of this writing, 5,546 non-merge changesets have been pulled into the mainline kernel repository for the 6.16 release. This is a bit less than half of the total commits for 6.15, so the merge window is well on its way. Read on for our summary of the first half of the 6.16 merge window.