RSS 생중계

Linux has many security features and tools that have evolved over the years to address threats as they emerge and security gaps as they are discovered. Linux security is all, as Lennart Poettering observed at the All Systems Go! conference held in Berlin, somewhat random and not a "clean" design. To many observers, that may also appear to be the case for systemd; however, Poettering said that he does have a vision for how all of the security-related pieces of systemd are meant to fit together. He wanted to use his talk to explain "how the individual security-related parts of systemd actually fit together and why they exist in the first place".

Brazil is set to announce Thursday the establishment of a multibillion-dollar fund designed to pay countries to keep their tropical forests standing. The Tropical Forest Forever Facility would deliver $4 billion per year to as many as 74 countries that maintain their forest cover. The fund requires $25 billion from governments and philanthropies to begin operations. Private investors would contribute the remaining $100 billion. Brazil has committed $1 billion. Countries would receive around $4 per hectare of standing forest after using satellite imagery to verify forests remain in place. Nations with annual deforestation rates above 0.5% are ineligible for payouts. Indonesia, which has rapidly lost forests to palm-oil cultivation and mining, cannot participate. One-fifth of the payments are designated for forest communities. The World Bank is managing the fund.

Read more of this story at Slashdot.

Version 1.3 of the Open Container Initiative (OCI) Runtime Specification has been released. The specification covers the configuration, execution environment, and lifecycle of containers. The most notable change in 1.3 is the addition of FreeBSD to the specification, which the FreeBSD Foundation calls "a watershed moment for FreeBSD":

The addition of cloud-native container support complements FreeBSD's already robust virtualization capabilities, particularly the powerful FreeBSD jails technology that has been a cornerstone of the operating system for over two decades. In fact, OCI containers on FreeBSD are implemented using jails as the underlying isolation mechanism, bringing together the security and resource management benefits of jails with the portability and ecosystem advantages of OCI-compliant containers.

Security updates have been issued by Debian (bind9 and gimp), Fedora (chromium, fastapi-cli, fastapi-cloud-cli, gherkin, libnbd, maturin, openapi-python-client, python-annotated-doc, python-cron-converter, python-fastapi, python-inline-snapshot, python-jiter, python-openapi-core, python-platformio, python-pydantic, python-pydantic-core, python-pydantic-extra-types, python-rignore, python-starlette, python-typer, python-typing-inspection, python-uv-build, ruff, rust-astral-tokio-tar, rust-attribute-derive, rust-attribute-derive-macro, rust-collection_literals, rust-get-size-derive2, rust-get-size2, rust-interpolator, rust-jiter, rust-manyhow, rust-manyhow-macros, rust-proc-macro-utils, rust-quote-use, rust-quote-use-macros, rust-regex, rust-regex-automata, rust-reqsign, rust-reqsign-aws-v4, rust-reqsign-command-execute-tokio, rust-reqsign-core, rust-reqsign-file-read-tokio, rust-reqsign-http-send-reqwest, rust-serde_json, rust-speedate, rust-tikv-jemalloc-sys, rust-tikv-jemallocator, and uv), Mageia (golang and libavif), Red Hat (bind9.16, pcs, and qt6-qtsvg), SUSE (colord, ffmpeg, govulncheck-vulndb, jasper, openjpeg, poppler, qatengine, qatlib, runc, sccache, and tiff), and Ubuntu (keystone, libssh, linux-hwe-6.14, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-raspi, runc-app, runc-stable, squid, squid3, and unbound).

DRAM contract prices surged 171.8% year-over-year as of the third quarter of 2025. The increase now exceeds the rate at which gold prices have climbed. ADATA chairman Chen Libai stated that the fourth quarter of 2025 will mark the beginning of a major DRAM bull market. He expects severe shortages to materialize in 2026. Memory manufacturers have shifted production priorities toward datacenter-focused memory types like RDIMM and HBM. Consumer DDR5 production has declined as a result. A Corsair Vengeance RGB dual-channel DDR5 kit that sold for $91 dollars in July now costs a $183 dollars on Newegg. The pricing trend extends to NAND flash and hard drives. Analysts project the increases will persist for at least four years, matching the duration of supply contracts that some companies have signed with Samsung and SK Hynix.

Read more of this story at Slashdot.

President Trump has re-nominated tech billionaire and private astronaut Jared Isaacman to lead NASA, reversing his earlier withdrawal over concerns about Isaacman's political affiliations. CBS News reports: Mr. Trump nominated Isaacman to the Senate-confirmed post last year, but announced in late May he had decided to withdraw Isaacman after a "thorough review" of his "prior associations." Weeks after the withdrawal, the president went further in expressing his concerns about Isaacman's credentials. At the time, Mr. Trump acknowledged that he thought Isaacman "was very good," but had been "surprised to learn" that Isaacman was a "blue-blooded Democrat, who had never contributed to a Republican before." [...] Mr. Trump made no mention of his previous decision to nominate and then withdraw Isaacman in his Tuesday evening announcement of the re-nomination on his Truth Social platform. "This evening, I am pleased to nominate Jared Isaacman, an accomplished business leader, philanthropist, pilot, and astronaut, as Administrator of NASA," Trump posted. "Jared's passion for Space, astronaut experience, and dedication to pushing the boundaries of exploration, unlocking the mysteries of the universe, and advancing the new Space economy, make him ideally suited to lead NASA into a bold new Era."

Read more of this story at Slashdot.

Longtime Slashdot reader hackingbear writes: South China Morning Post, citing Chinese state media, reported that an experimental reactor developed in the Gobi Desert by the Chinese Academy of Sciences' Shanghai Institute of Applied Physics has achieved thorium-to-uranium fuel conversion, paving the way for an almost endless supply of nuclear energy. It is the first time in the world that scientists have been able to acquire experimental data on thorium operations from inside a molten salt reactor according to a report by Science and Technology Daily. Thorium is much more abundant and accessible than uranium and has enormous energy potential. One mine tailings site in Inner Mongolia is estimated to hold enough of the element to power China entirely for more than 1,000 years. At the heart of the breakthrough is a process known as in-core thorium-to-uranium conversion that transforms naturally occurring thorium-232 into uranium-233 -- a fissile isotope capable of sustaining nuclear chain reactions within the reactor itself. Thorium (Th-232) is not itself fissile and so is not directly usable in a thermal neutron reactor. Thorium fuels therefore need a fissile material as a 'driver' so that a chain reaction (and thus supply of surplus neutrons) can be maintained. The only fissile driver options are U-233, U-235 or Pu-239. (None of these are easy to supply.) In the 1960s, the Oak Ridge National Laboratory (USA) designed and built a demonstration MSR using U-233, derived externally from thorium as the main fissile driver.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Although Google DeepMind's Weather Lab only started releasing cyclone track forecasts in June, the company's AI forecasting service performed exceptionally well. By contrast, the Global Forecast System model, operated by the US National Weather Service and is based on traditional physics and runs on powerful supercomputers, performed abysmally. The official data comparing forecast model performance will not be published by the National Hurricane Center for a few months. However, Brian McNoldy, a senior researcher at the University of Miami, has already done some preliminary number crunching. The results are stunning: A little help in reading the graphic is in order. This chart sums up the track forecast accuracy for all 13 named storms in the Atlantic Basin this season, measuring the mean position error at various hours in the forecast, from 0 to 120 hours (five days). On this chart, the lower a line is, the better a model has performed. The dotted black line shows the average forecast error for official forecasts from the 2022 to 2024 seasons. What jumps out is that the United States' premier global model, the GFS (denoted here as AVNI), is by far the worst-performing model. Meanwhile, at the bottom of the chart, in maroon, is the Google DeepMind model (GDMI), performing the best at nearly all forecast hours. The difference in errors between the US GFS model and Google's DeepMind is remarkable. At five days, the Google forecast had an error of 165 nautical miles compared to 360 nautical miles for the GFS model, more than twice as bad. This is the kind of error that causes forecasters to completely disregard one model in favor of another. But there's more. Google's model was so good that it regularly beat the official forecast from the National Hurricane Center (OFCL), which is produced by human experts looking at a broad array of model data. The AI-based model also beat highly regarded "consensus models," including the TVCN and HCCA products. For more information on various models and their designations, see here.

Read more of this story at Slashdot.

Google has delisted over 749 million URLs from Anna's Archive, a shadow library and meta-search engine for pirated books, representing 5% of all copyright takedown requests ever filed with the company. TorrentFreak reports: Google's transparency report reveals that rightsholders asked Google to remove 784 million URLs, divided over the three main Anna's Archive domains. A small number were rejected, mainly because Google didn't index the reported links, resulting in 749 million confirmed removals. The comparison to sites such as The Pirate Bay isn't fair, as Anna's Archive has many more pages in its archive and uses multiple country-specific subdomains. This means that there's simply more content to take down. That said, in terms of takedown activity, the site's three domain names clearly dwarf all pirate competition. Since Google published its first transparency report in May 2012, rightsholders have flagged 15.1 billion allegedly infringing URLs. That's a staggering number, but the fact that 5% of the total targeted Anna's Archive URLs is remarkable. Penguin Random House and John Wiley & Sons are the most active publishers targeting the site, but they are certainly not alone. According to Google data, more than 1,000 authors or publishers have sent DMCA notices targeting Anna's Archive domains. Yet, there appears to be no end in sight. Rightsholders are reporting roughly 10 million new URLs per week for the popular piracy library, so there is no shortage of content to report.

Read more of this story at Slashdot.

Apple has officially launched a web-based version of its App Store that lets users browse apps across all Apple devices through a redesigned interface. "There's no way to download apps from the App Store on the web, however," notes The Verge. "Apple just gives you the option to share an app or open it directly inside the App Store installed on your device." From the report: Now, when you navigate to apps.apple.com, you'll see the revamped interface instead of a webpage that just contains information about the App Store. [...] Along with the ability to switch between listings of apps for the iPhone, iPad, Mac, Vision Pro, Apple Watch, and Apple TV, you can check out recommendations on the Today tab as well as sort apps by category, such as productivity, entertainment, adventure, and more. The new web-based App Store also serves as a portal where you can search for apps, too.

Read more of this story at Slashdot.

A massive cyberattack on Swedish IT supplier Miljodata exposed personal data from up to 1.5 million citizens, prompting a national privacy investigation and scrutiny into security failures across multiple municipalities. BleepingComputer reports: MiljÃdata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it. The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skelleftea, Kalmar, Karlstad, and Monsteras. Because of the large impact, the state monitored the situation from the time of disclosure, with CERT-SE and the police starting to investigate immediately. According to IMY, the attacker exposed on the dark web data that corresponds to 1.5 million people in the country, creating the basis for investigating potential General Data Protection Regulation (GDPR) violations. [...] Although no ransomware groups had claimed the attack when Miljodata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13. The leaked database has been added to Have I Been Pwned, which contains information such as names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.

Read more of this story at Slashdot.

Longtime Slashdot reader dbialac shares a report from EL PAIS: For decades, the progress of electronics has followed a simple rule: smaller is better. Since the 1960s, each new generation of chips has packed more transistors into less space, fulfilling the famous Moore's Law. Formulated by Intel co-founder Gordon Moore in 1965, this law predicted that the number of transistors in an integrated circuit approximately doubles each year. But this race to the minuscule is reaching its physical limits. Now, an international team of scientists is proposing a solution as obvious as it is revolutionary: if we can't keep reducing the size of chips, let's build them up. Xiaohang Li, a researcher at King Abdullah University of Science and Technology (KAUST) in Saudi Arabia, and his team have designed a chip with 41 vertical layers of semiconductors and insulating materials, approximately ten times higher than any previously manufactured chip. The work, recently published in the journal Nature Electronics, not only represents a technical milestone but also opens the door to a new generation of flexible, efficient, and sustainable electronic devices. "Having six or more layers of transistors stacked vertically allows us to increase circuit density without making the devices smaller laterally," Li explains. "With six layers, we can integrate 600% more logic functions in the same area than with a single layer, achieving higher performance and lower power consumption."

Read more of this story at Slashdot.

Apple will officially discontinue support for its original Home architecture (formerly HomeKit) on February 10, 2026. As MacRumors points out, Apple has informed users that they need to "update now to avoid interruptions." AppleInsider reports: The underlying HomeKit architecture was revamped in March 2023 alongside iOS 16.4, so Apple has been supporting both the new and old architecture for the last two years. There were initial problems with stability that may have discouraged some users from upgrading, but those problems have now been addressed. When Apple stops supporting the original HomeKit architecture, it will break support for the Home app on devices running older versions of iOS, iPadOS, and macOS. iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2, and watchOS 9.2 are the minimum versions of Apple's platforms that work with the updated Apple Home app, and older devices will lose access. The update includes support for features like guest access, support for robot vacuum cleaners, and Activity History. Apple says it also provides faster, more reliable performance, especially for smart homes with a lot of HomeKit and Matter accessories installed.

Read more of this story at Slashdot.

Google's new "Project Suncatcher" aims to launch Tensor Processing Units (TPUs) into space, creating a solar-powered, satellite-based AI network capable of scaling machine learning beyond Earth's limits. Google says a "solar panel can be up to 8 times more productive than on earth" for near-continuous power using a "dawn-dusk sun-synchronous low earth orbit" that reduces the need for batteries and other power generation. 9to5Google reports: These satellites would connect via free-space optical links, with large-scale ML workloads "distributing tasks across numerous accelerators with high-bandwidth, low-latency connections." To match data centers on Earth, the connection between satellites would have to be tens of terabits per second, and they'd have to fly in "very close formation (kilometers or less)." Google has already conducted radiation testing on TPUs (Trillium, v6e), with "promising" results: "While the High Bandwidth Memory (HBM) subsystems were the most sensitive component, they only began showing irregularities after a cumulative dose of 2 krad(Si) -- nearly three times the expected (shielded) five year mission dose of 750 rad(Si). No hard failures were attributable to TID up to the maximum tested dose of 15 krad(Si) on a single chip, indicating that Trillium TPUs are surprisingly radiation-hard for space applications." Finally, Google believes that launch costs will "fall to less than $200/kg by the mid-2030s." At that point, the "cost of launching and operating a space-based data center could become roughly comparable to the reported energy costs of an equivalent terrestrial data center on a per-kilowatt/year basis."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Today, Samsung provided details about the next version of the HDR10 format, which introduces six new features. Among HDR10+ Advanced's most interesting features is HDR10+ Intelligent FRC (frame rate conversion), which is supposed to improve motion smoothing. A TV using motion smoothing analyzes each video frame and tries to determine what additional frames would look like if the video were playing at a frame rate that matched the TV's refresh rate. The TV then inserts those frames into the video. A 60Hz TV with motion smoothing on, for example, would attempt to remove judder from a 24p film by inserting frames so that the video plays as if it were shot at 60p. For some, this appears normal and can make motion, especially camera panning or zooming, look smoother. However, others will report movies and shows that look more like soap operas, or as if they were shot on higher-speed video cameras instead of film cameras. Critics, including some big names in Hollywood, argue that motion smoothing looks unnatural and deviates from the creator's intended vision. Intelligent FRC takes a more nuanced approach to motion smoothing by letting content creators dictate the level of motion smoothing used in each scene, Forbes reported. The feature is also designed to adjust the strength of motion interpolation based on ambient lighting.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft officially ended mainstream support for Windows 10 last month, nudging users to upgrade to Windows 11. While that led to almost an overnight technological revolution in Japan, elsewhere, it has caused a lot of confusion. Certain versions of Windows 10, like Enterprise LTSC -- and those enrolled in the ESU program -- are still scheduled to receive security updates through at least 2027, but they're starting to see out-of-support messages in Settings. Various users over the past few days reported that they're being subjected to end-of-life warnings in Windows, despite already qualifying for extended security updates through the ESU program. Windows 10 Enterprise LTSC 2021 and âIoT Enterprise are business-oriented editions of the OS, so they're already supported up to 2032, but even they saw these incorrect messages. This widespread bug started to occur after the KB5066791 updates were pushed on October 14, 2025. Microsoft has already acknowledged this mishap and said, "The message, 'Your version of Windows has reached the end of support, might incorrectly display in the Windows Update Settings page," confirming it as a mistake. The company has already released a cloud config fix that should remove the message, but you need to be connected to the internet for that, and a restart is also required.

Read more of this story at Slashdot.

Ferrari is tapping into crypto markets and tech-rich youngsters with a planned new digital token that its wealthiest fans will be able to use in an auction for a Ferrari 499P, the endurance car that won three straight Le Mans titles. From a report: The plan for now is limited in scope and is an effort by the Italian sports car maker to tap into a trend among luxury brands seeking access to the growing wealth of younger tech entrepreneurs, as AI and data centres drive investment and markets around the world. It comes after Ferrari, which is also developing its first electric car, began accepting Bitcoin, ethereum and USDC for car purchases in the United States in 2023 and extended the service to Europe last year. Ferrari is working with Italian fintech Conio to launch the 'Token Ferrari 499P' for members of its Hyperclub -- which groups 100 of its most exclusive clients, with a passion for endurance races -- to trade amongst themselves and bid on the racing model.

Read more of this story at Slashdot.

IBM will cut thousands of roles this quarter while it continues to shift focus to higher-growth software and services, Bloomberg News reported on Tuesday. From a report: "We routinely review our workforce through this lens and at times rebalance accordingly," Bloomberg quoted a company spokesperson saying. "In the fourth quarter we are executing an action that will impact a low single-digit percentage of our global workforce."

Read more of this story at Slashdot.

Three employees at cybersecurity companies spent years moonlighting as criminal hackers, launching their own ransomware attacks in a plot to extort millions of dollars from victims around the country, US prosecutors alleged in court filings. From a report: Ryan Clifford Goldberg, a former incident response supervisor at Sygnia Consulting, and Kevin Tyler Martin, who was a ransomware negotiator for DigitalMint, were charged with working together to hack five businesses starting in May 2023. In one instance, they, along with a third person, received a ransom payment of nearly $1.3 million worth of cryptocurrency from a medical device company based in Tampa, Florida, according to prosecutors. The trio worked in a part of the cybersecurity industry that has sprung up to help companies negotiate with hackers to unfreeze their computer networks -- sometimes by paying ransom. They are also accused of sharing their illicit profits with the developers of the type of ransomware they allegedly used on their victims. DigitalMint informed some customers about the charges last week, according to a document seen by Bloomberg News. The other person who was allegedly involved in the scheme was also a ransomware negotiator at the same firm as Martin but wasn't charged, according to court records. The person wasn't identified in court records, nor were the companies that were the defendants' former employers. Sygnia confirmed Goldberg had worked there. Martin last year gave a talk at a law school, which listed him as an employee of DigitalMint.

Read more of this story at Slashdot.

Amazon has sent a cease-and-desist letter to Perplexity AI demanding that the AI search startup stop allowing its AI browser agent, Comet, to make purchases online for users. From a report: The e-commerce giant is accusing Perplexity of committing computer fraud by failing to disclose when its AI agent is shopping on a user's behalf, in violation of Amazon's terms of service, according to people familiar with the letter sent on Friday. The document also said Perplexity's tool degraded the Amazon shopping experience and introduced privacy vulnerabilities, said the people, who spoke on condition of anonymity to discuss internal matters. In response, Perplexity said Amazon is bullying a smaller competitor with a rival AI agent shopping product. The clash between Amazon and Perplexity offers an early glimpse into a looming debate over how to handle the proliferation of so-called AI agents that field more complex tasks online for users, including shopping. Like OpenAI and Alphabet's Google, Perplexity has pushed to rethink the traditional web browser around AI, with the goal of having it streamline more actions for users, such as drafting emails and conducting research.

Read more of this story at Slashdot.