RSS 생중계

In a major victory for ride-hail companies, California Supreme Court upheld a law classifying gig workers as independent contractors, maintaining their ineligibility for benefits such as sick leave and workers' compensation. This decision concludes a prolonged legal battle and supports the 2020 ballot measure Proposition 22, despite opposition from labor groups who argued it was unconstitutional. Politico reports: Thursday's ruling capped a yearslong battle between labor and the companies over the status of workers who are dispatched by apps to deliver food, buy groceries and transport customers. A 2018 Supreme Court ruling and a follow-up bill would have compelled the gig companies to treat those workers as employees. A collection of five firms then spent more than $200 million to escape that mandate by passing the 2020 ballot measure Proposition 22 in one of the most expensive political campaigns in American history. The unanimous ruling on Thursday now upholds the status quo of the gig economy in California. As independent contractors, gig workers are not entitled to benefits like sick leave, overtime and workers' compensation. The SEIU union and four gig workers, ultimately, challenged Prop 22 based on its conflict with the Legislature's power to administer workers' compensation, specifically. The law, which passed with 58 percent of the vote in 2020, makes gig workers ineligible for workers' comp, which opponents of Prop 22 argued rendered the entire law unconstitutional. [...] Beyond the implications for gig workers, the heavily-funded Prop 22 ballot campaign pushed the limits of what could be spent on an initiative, ultimately becoming the most expensive measure in California history. Uber and Lyft have both threatened to leave any states that pass laws not classifying their drivers as independent contractors. The decision Thursday closes the door to that possibility for California.

Read more of this story at Slashdot.

snydeq shares a report from CIO.com: ServiceNow has reported potential compliance issues to the US Department of Justice "related to one of its government contracts" as well as the hiring of the then-CIO of the US Army to be its head of global public sector, the company said in regulatory filings on Wednesday. The DOJ is looking into the matter. Following an internal investigation, ServiceNow said, its President and COO, CJ Desai, has resigned, while "the other individual has also departed the company." That executive, Raj Iyer, told CIO.com, "I resigned because I didn't want to be associated with this fiasco in any way. It's not my fault." CEO Bill McDermott told financial analysts in a conference call Wednesday that someone within ServiceNow had complained about the situation and that an internal probe "determined that our company policy was violated." "Acting with total transparency, the company proactively disclosed the findings of the investigation to the proper government entities. And as a result, today, we're announcing the departure of the individual whose hiring was the subject of the original complaint," McDermott said. "We also came to a mutual agreement that CJ Desai, our President and COO, would offer his resignation from the company effective immediately. While we believe this was an isolated incident, we are further sharpening our hiring policies and procedures as a result of the situation."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Hollywood's video game performers voted to go on strike Thursday, throwing part of the entertainment industry into another work stoppage after talks for a new contract with major game studios broke down over artificial intelligence protections. The strike -- the second for video game voice actors and motion capture performers under the Screen Actors Guild-American Federation of Television and Radio Artists -- will begin at 12:01 a.m. Friday. The move comes after nearly two years of negotiations with gaming giants, including divisions of Activision, Warner Bros. and Walt Disney Co., over a new interactive media agreement. SAG-AFTRA negotiators say gains have been made over wages and job safety in the video game contract, but that the studios will not make a deal over the regulation of generative AI. Without guardrails, game companies could train AI to replicate an actor's voice, or create a digital replica of their likeness without consent or fair compensation, the union said. Fran Drescher, the union's president, said in a prepared statement that members would not approve a contract that would allow companies to "abuse AI." "Enough is enough. When these companies get serious about offering an agreement our members can live -- and work -- with, we will be here, ready to negotiate," Drescher said. [...] The last interactive contract, which expired November 2022, did not provide protections around AI but secured a bonus compensation structure for voice actors and performance capture artists after an 11-month strike that began October 2016. That work stoppage marked the first major labor action from SAG-AFTRA following the merger of Hollywood's two largest actors unions in 2012. The video game agreement covers more than 2,500 "off-camera (voiceover) performers, on-camera (motion capture, stunt) performers, stunt coordinators, singers, dancers, puppeteers, and background performers," according to the union. Amid the tense interactive negotiations, SAG-AFTRA created a separate contract in February that covered indie and lower-budget video game projects. The tiered-budget independent interactive media agreement contains some of the protections on AI that video game industry titans have rejected. "Eighteen months of negotiations have shown us that our employers are not interested in fair, reasonable AI protections, but rather flagrant exploitation," said Interactive Media Agreement Negotiating Committee Chair Sarah Elmaleh. The studios have not commented.

Read more of this story at Slashdot.

Lindsay Clark reports via The Register: Only 14 percent of Oracle Java subscribers plan to stay on Big Red's runtime environment, according to a study following the introduction of an employee-based subscription model. At the same time, 36 percent of the 663 Java users questioned said they had already moved to the employee-based pricing model introduced in January 2023. Shortly after the new model was implemented, experts warned that it would create a significant price hike for users adopting it. By July, global tech research company Gartner was forecasting that those on the new subscription package would face between two and five times the costs compared with the previous usage-based model. As such, among the 86 percent of respondents using Oracle Java SE who are currently moving or plan to move all or some of their Java applications off Oracle environments, 53 percent said the Oracle environment was too expensive, according to the study carried out by independent market research firm Dimensional Research. Forty-seven percent said the reason for moving was a preference for open source, and 38 percent said it was because of uncertainty created by ongoing changes in pricing, licensing, and support. [...] To support OpenJDK applications in production, 46 percent chose a paid-for platform such as Belsoft Liberica, IBM Semeru, or Azul Platform Core; 45 percent chose a free supported platform such as Amazon Corretto or Microsoft Build of OpenJDK; and 37 percent chose a free, unsupported platform. Of the users who have already moved to OpenJDK, 25 percent said Oracle had been significantly more expensive, while 41 percent said Big Red's licensing had made it somewhat more expensive than the alternative. The survey found three-quarters of Java migrations were completed within a year, 23 percent within three months.

Read more of this story at Slashdot.

Yesterday, iFixit CEO Kyle Wiens asked AI company Anthropic why it was clogging up their server bandwidth without permission. "Do you really need to hit our servers a million times in 24 hours?" Wiens wrote on X. "You're not only taking our content without paying, you're tying up our DevOps resources. Not cool." PC Gamer's Jacob Fox reports: Assuming Wiens isn't massively exaggerating, it's no surprise that this is "typing up our devops resources." A million "hits" per day would do it, and would certainly be enough to justify more than a little annoyance. The thing is, putting this bandwidth chugging in context only makes it more ridiculous, which is what Wiens is getting at. It's not just that an AI company is seemingly clogging up server resources, but that it's been expressly forbidden from using the content on its servers anyway. There should be no reason for an AI company to hit the iFixit site because its terms of service state that "copying or distributing any Content, materials or design elements on the Site for any other purpose, including training a machine learning or AI model, is strictly prohibited without the express prior written permission of iFixit." Unless it wants us to believe it's not going to use any data it scrapes for these purposes, and it's just doing it for... fun? Well, whatever the case, iFixit's Wiens decided to have some fun with it and ask Anthropic's own AI, Claude, about the matter, saying to Anthropic, "Don't ask me, ask Claude!" It seems that Claude agrees with iFixit, because when it's asked what it should do if it was training a machine learning model and found the above writing in its terms of service, it responded, in no uncertain terms, "Do not use the content." This is, as Wiens points out, something that could be seen if one simply accessed the terms of service.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot. Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro. Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases." Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

Read more of this story at Slashdot.

The U.S. Department of Commerce is ignoring Kaspersky's latest proposal to address cybersecurity concerns, despite the Russian firm's efforts to prove its products are free from Kremlin influence. Kaspersky's new framework includes localizing data processing in the U.S. and allowing third-party reviews. However, the Commerce Department hasn't responded to the security firm, which was recently banned by the U.S. Kaspersky told The Register it's pursuing legal options.

Read more of this story at Slashdot.

UN: The UN Secretary-General's Call to Action on Extreme Heat brings together the diverse expertise and perspectives of ten specialized UN entities (FAO, ILO, OCHA, UNDRR, UNEP, UNESCO, UN-Habitat, UNICEF, WHO, WMO) in a first-of-its-kind joint product, underscoring the multi-sectoral impacts of extreme heat. Earth is becoming hotter and more dangerous for everyone, everywhere. Billions of people around the world are wilting under increasingly severe heatwaves driven largely by a fossil-fuel charged, human-induced climate crisis. Extreme heat is tearing through economies, widening inequalities, undermining the Sustainable Development Goals, and killing people. The Call for Action calls for an urgent and concerted effort to enhance international cooperation to address extreme heat in four critical areas: Caring for the vulnerable - Protecting workers - Boosting resilience of economies and societies using data and science - Limiting temperature rise to 1.5C by phasing out fossil fuels and scaling up investment in renewable energy. From earlier today: Monday Was Hottest Recorded Day on Earth: 'Uncharted Territory'.

Read more of this story at Slashdot.

Minnesota has become the second state to pass what it's calling a "Jetsons law," establishing rules for cars that can take to the sky. New Hampshire was the first to enact a "Jetsons" law. From a report: The new road rules in Minnesota address "roadable aircraft," which is basically any aircraft that can take off and land at an airfield but is also designed to be operated on a public highway. The law will let owners of these vehicles register them as cars and trucks, but they won't have to obtain a license plate. The tail number will suffice instead. As for operation, flying cars won't be allowed to take off or land on public roadways, Minnesota officials declared (an exception is made in the case of emergency). Those shenanigans are restricted to airports. While the idea of a Jetsons-like sky full of flying cars is still firmly rooted in the world of science fiction, the concept of flying cars isn't quite as distant as it might seem (though it has some high-profile skeptics). United Airlines, two years ago, made a $10 million bet on the technology, putting down a deposit for 200 four-passenger flying taxis from Archer Aviation, a San Francisco-based startup working on the aircraft/auto hybrid.

Read more of this story at Slashdot.

A U.S. appeals court has ruled that the Federal Communications Commission's Universal Service Fund, which collects fees on phone bills to support telecom network expansion and affordability programs, is unconstitutional, potentially upending the $8 billion-a-year system. The 5th Circuit Court's 9-7 decision, which creates a circuit split with previous rulings in the 6th and 11th circuits, found that the combination of Congress's delegation to the FCC and the FCC's subsequent delegation to a private entity violates the Constitution's Legislative Vesting Clause. FCC Chairwoman Jessica Rosenworcel criticized the ruling as "misguided and wrong," vowing to pursue all available avenues for review.

Read more of this story at Slashdot.

OpenAI is launching an online search tool in a direct challenge to Google, opening up a new front in the tech industry's race to commercialise advances in generative artificial intelligence. From a report: The experimental product, known as SearchGPT [non-paywalled], will initially only be available to a small group of users, with the San Francisco-based company opening a 10,000-person waiting list to test the service on Thursday. The product is visually distinct from ChatGPT as it goes beyond generating a single answer by offering a rail of links -- similar to a search engine -- that allows users to click through to external websites. [...] SearchGPT will "provide up-to-date information from the web while giving you clear links to relevant sources," according to OpenAI. The new search tool will be able to access sites even if they have opted out of training OpenAI's generative AI tools, such as ChatGPT.

Read more of this story at Slashdot.

North Korean hackers have conducted a global cyber espionage campaign to try to steal classified military secrets to support Pyongyang's banned nuclear weapons programme, the United States, Britain and South Korea said in a joint advisory on Thursday. From a report: The hackers, dubbed Anadriel or APT45 by cybersecurity researchers, have targeted or breached computer systems at a broad variety of defence or engineering firms, including manufacturers of tanks, submarines, naval vessels, fighter aircraft, and missile and radar systems, the advisory said. "The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various industry sectors worldwide, including but not limited to entities in their respective countries, as well as in Japan and India," the advisory said. It was co-authored by the U.S. Federal Bureau of Investigation (FBI), the U.S. National Security Agency (NSA) and cyber agencies, Britain's National Cyber Security Centre (NCSC), and South Korea's National Intelligence Service (NIS). "The global cyber espionage operation that we have exposed today shows the lengths that DPRK state-sponsored actors are willing to go to pursue their military and nuclear programmes," said Paul Chichester at the NCSC, a part of Britain's GCHQ spy agency. The FBI also issued an arrest warrant for one of the alleged North Korean hackers, and offered a reward of up to $10 million for information that would lead to his arrest. He was charged with hacking and money laundering, according to a poster uploaded to the FBI's Most Wanted website on Thursday.

Read more of this story at Slashdot.

Southwest Airlines announced Thursday that it will get rid of open seating in a sweeping change from its decades-long practice. Instead, it will begin assigning seats and offer premium seating with extra leg room. From a report: Southwest CEO Bob Jordan said, "Our implementation of assigned and premium seating is part of an ongoing and comprehensive upgrade to the Customer Experience, one that research shows Customers overwhelmingly prefer." The low-fare airline has had a tradition of open seating for more than 50 years. Customers taking longer flights preferred assigned seats, according to Southwest. Airlines can also charge more for assigned and premium seating, enabling them to boost profits.

Read more of this story at Slashdot.

Google DeepMind has announced that its AI systems, AlphaProof and AlphaGeometry 2, have achieved silver medal performance at the 2024 International Mathematical Olympiad (IMO), solving four out of six problems and scoring 28 out of 42 possible points in a significant breakthrough for AI in mathematical reasoning. This marks the first time an AI system has reached such a high level of performance in this prestigious competition, which has long been considered a benchmark for advanced mathematical reasoning capabilities in machine learning. AlphaProof, a system that combines a pre-trained language model with reinforcement learning techniques, demonstrated its new capability by solving two algebra problems and one number theory problem, including the competition's most challenging question. Meanwhile, AlphaGeometry 2 successfully tackled a complex geometry problem, Google wrote in a blog post. The systems' solutions were formally verified and scored by prominent mathematicians, including Fields Medal winner Prof Sir Timothy Gowers and IMO Problem Selection Committee Chair Dr Joseph Myers, lending credibility to the achievement. The development of these AI systems represents a significant step forward in bridging the gap between natural language processing and formal mathematical reasoning, the company argued. By fine-tuning a version of Google's Gemini model to translate natural language problem statements into formal mathematical language, the researchers created a vast library of formalized problems, enabling AlphaProof to train on millions of mathematical challenges across various difficulty levels and topic areas. While the systems' performance is impressive, challenges remain, particularly in the field of combinatorics where both AI models were unable to solve the given problems. Researchers at Google DeepMind continue to investigate these limitations, the company said, aiming to further improve the systems' capabilities across all areas of mathematics.

Read more of this story at Slashdot.

In the previous episode of the vgetrandom() story, Jason Donenfeld had put together a version of the getrandom() system call that ran in user space, significantly improving performance for applications that need a lot of random data while retaining all of the guarantees provided by the system call. At that time, it seemed that a consensus had built around the implementation and that it was headed toward the mainline in that form. A few milliseconds after that article was posted, though, a Linus-Torvalds-shaped obstacle appeared in its path. That obstacle has been overcome and this work has now been merged for the 6.11 kernel, but its form has changed somewhat.

Early termination fees are "a bit like heroin for Adobe," according to an Adobe executive quoted in the FTC's newly unredacted complaint against the company for allegedly hiding fees and making it too hard to cancel Creative Cloud. The Verge: "There is absolutely no way to kill off ETF or talk about it more obviously" in the order flow without "taking a big business hit," this executive said. That's the big reveal in the unredacted complaint, which also contains previously unseen allegations that Adobe was internally aware of studies showing its order and cancellation flows were too complicated and customers were unhappy with surprise early termination fees. In a short interview, Adobe's general counsel and chief trust officer, Dana Rao, pushed back on both the specific quote and the FTC's complaint more generally, telling me that he was "disappointed in the way they're continuing to take comments out of context from non-executive employees from years ago to make their case."

Read more of this story at Slashdot.

On July 12, Jocelyn Falempe proposed a change to the configuration options that Fedora sets for its kernels, in order to make kernel panics easier to report. Falempe would like to enable the kernel's recently added DRM-panic feature, which adds a graphical crash screen that is reminiscent of the infamous Windows "blue screen of death" for kernel panics. The feature introduces a few tradeoffs, including currently limited driver support, so the proposal spawned a good deal of discussion.

samleecole writes: A leaked document obtained by 404 Media shows company-wide effort at generative AI company Runway, where employees collected thousands of YouTube videos and pirated content for training data for its Gen-3 Alpha model. The model -- initially codenamed Jupiter and released officially as Gen-3 -- drew widespread praise from the AI development community and technology outlets covering its launch when Runway released it in June. Last year, Runway raised $141 million from investors including Google and Nvidia, at a $1.5 billion valuation. The spreadsheet of training data viewed by 404 Media and our testing of the model indicates that part of its training data is popular content from the YouTube channels of thousands of media and entertainment companies, including The New Yorker, VICE News, Pixar, Disney, Netflix, Sony, and many others. It also includes links to channels and individual videos belonging to popular influencers and content creators, including Casey Neistat, Sam Kolder, Benjamin Hardman, Marques Brownlee, and numerous others.

Read more of this story at Slashdot.

Version 1.80.0 of the Rust language has been released. Changes include the new LazyCell and LazyLock types (which delay data initialization until the first access), the stabilization of the exclusive-range syntax for match patterns, and more.

World temperature reached the hottest levels ever measured on Monday, beating the record that was set just one day before, data suggests. From a report: Provisional data published on Wednesday by the Copernicus Climate Change Service, which holds data that stretches back to 1940, shows that the global surface air temperature reached 62.87F (17.15C), compared with 62.76F (17.09C) on Sunday. Earlier this month, Copernicus found that global temperatures between July 2023 and July 2024 were the highest on record. The previous record before this week was set a year ago on 6 July. Before that, the previous recorded hottest day was in 2016, according to the Associated Press.

Read more of this story at Slashdot.