RSS 생중계

An anonymous reader quotes a report from CNN: A team of suspected Chinese hackers has infiltrated US software developers and law firms in a sophisticated campaign to collect intelligence that could help Beijing in its ongoing trade fight with Washington, cybersecurity firm Mandiant said Wednesday. The hackers have been rampant in recent weeks, hitting the cloud-computing firms that numerous American companies rely on to store key data, Mandiant, which is owned by Google, said. In a sign of how important China's hacking army is in the race for tech supremacy, the hackers have also stolen US tech firms' proprietary software and used it to find new vulnerabilities to burrow deeper into networks, according to Mandiant. [...] In some cases, the hackers have lurked undetected in the US corporate networks for over a year, quietly collecting intelligence, Mandiant said. The disclosure comes after the Trump administration escalated America's trade war with China this spring by slapping unprecedented tariffs on Chinese exports to the United States. The tit-for-tat tariffs set off a scramble in both governments to understand each other's positions. Mandiant analysts said the fallout from the breaches -- the task of kicking out the hackers and assessing the damage -- could last many months. They described it as a milestone hack, comparable in severity and sophistication to Russia's use of SolarWinds software to infiltrate US government agencies in 2020.

Read more of this story at Slashdot.

Amazon Fire TV devices will run the company's Linux-based Vega OS starting in 2025, according to a job listing that Amazon subsequently edited after press inquiries. The software development manager position originally sought someone to oversee "the Vega OS experience" and "the dedicated Prime Video app on Vega OS" launching in 2025. Amazon removed references to Vega after a reporter contacted the company for comment. The proprietary OS already powers the Echo Hub, Echo Show 5 third generation, and Echo Spot, running on Linux kernel 5.16 according to Amazon's source code notices. Current Fire TV devices won't receive Vega updates. The shift from Android would eliminate Google's influence over Amazon's streaming hardware business and remove smartphone code unnecessary for TV devices.

Read more of this story at Slashdot.

alternative_right writes: Americans are more likely to watch newly released movies from the comfort of their own homes instead of heading out to a theater, according to a new poll. About three-quarters of U.S. adults said they watched a new movie on streaming instead of in the theater at least once in the past year, according to the survey from The Associated Press-NORC Center for Public Affairs Research, including about 3 in 10 who watched new movies on streaming at least once a month. Meanwhile, about two-thirds of Americans said that they've watched a recently released movie in a theater in the past year, and only 16% said they went at least once a month. The results suggest that, on the whole, American moviegoers are more likely to stream a film than see it in the theaters, a shifting tide that was only accelerated during the COVID-19 pandemic and its aftermath.

Read more of this story at Slashdot.

The biggest trees in the Amazon are growing larger and more numerous, according to a new study that shows how an intact rainforest can help draw carbon dioxide out of the atmosphere and sequester it in bark, trunk, branch and root. From a report: Scientists said the paper, published in Nature Plants on Thursday, was welcome confirmation that big trees are proving more climate resilient than previously believed, and undisturbed tropical vegetation continues to act as an effective carbon sink despite rising temperatures and strong droughts. However, the authors warned this vital role was increasingly at risk from fires, fragmentation and land clearance caused by the expansion of roads and farms. "It is good news but it is qualified good news," said Prof Oliver Phillips from the University of Leeds. "Our results apply only to intact, mature forests, which is where we are watching closely. They suggest the Amazon forest is remarkably resilient to climate change. My fear is that may count for little, unless we can stop the deforestation itself."

Read more of this story at Slashdot.

Raspberry Pi has launched the Raspberry Pi 500 Plus for $200, more than doubling the $90 price of the standard model. The keyboard computer now includes an M.2 2280 SSD socket alongside the SD card slot, 256GB of storage and 16GB of LPDDR4x-4267 RAM instead of 8GB. The company added Gateron KS-33 Blue mechanical switches, replaceable low-profile keycaps finished to allow RGB lighting to shine through and an RP2040 microcontroller running QMK firmware. The 500 Plus retains Wi-Fi 5, Bluetooth, gigabit Ethernet, two micro HDMI ports, three USB-A ports, and USB-C power from the base model. A $220 Desktop Kit bundles necessary cables, power supply, and mouse.

Read more of this story at Slashdot.

Meta has rolled out Vibes, an endless feed of AI-generated videos within its Meta AI app and meta.ai website. Users can create short-form synthetic videos from scratch or remix existing AI content from the feed, adding music and adjusting styles before redistributing the artificial output to Instagram, Facebook Stories and Reels. The feed promises to become "more personalized over time" as it learns user preferences for machine-generated content. Meta positioned the feature as part of its broader AI video strategy, adding another stream of synthetic media to platforms already saturated with algorithmic content. The company says additional AI creation tools are coming.

Read more of this story at Slashdot.

The openSUSE project is nearing the release of Leap 16, its first major release since openSUSE Leap 15 in May 2018. This release brings some changes to the core of the distribution aside from the usual software upgrades; YaST has been retired, SELinux has replaced AppArmor as the default mandatory access control (MAC) system, and more. If all goes according to plan, Leap 16 final should be released in early October, with planned support through 2031.

Digital ID will be mandatory in order to work in the UK, as part of plans to tackle illegal migration. From a report: Sir Keir Starmer said the new digital ID scheme would make it tougher to work in the UK illegally and offer "countless benefits" to citizens. However, opposition parties argued the proposals would not stop people crossing the Channel in small boats. The prime minister set out his plans in a broader speech to a gathering of world leaders, in which he said it had been "too easy" for people to work illegally in the UK because the centre-left had been "squeamish" about saying things that were "clearly true." Addressing the Global Progressive Action Conference in London - attended by politicians including Australian Prime Minister Anthony Albanese and Canadian Prime Minister Mark Carney - Sir Keir said it was time to "look ourselves in the mirror and recognise where we've allowed our parties to shy away from people's concerns." "It is not compassionate left-wing politics to rely on labour that exploits foreign workers and undercuts fair wages," he said. "The simple fact is that every nation needs to have control over its borders. We do need to know who is in our country."

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (firefox, kernel, and thunderbird), Debian (ceph and thunderbird), Fedora (chromium, mingw-expat, python-deepdiff, python-orderly-set, python-pip, rust-az-cvm-vtpm, rust-az-snp-vtpm, rust-az-tdx-vtpm, and trustee-guest-components), Oracle (aide, kernel, and thunderbird), Red Hat (firefox, kernel, openssh, perl-YAML-LibYAML, and thunderbird), Slackware (expat), SUSE (jasper, libssh, openjpeg2, and python-pycares), and Ubuntu (linux-aws-6.14, linux-hwe-6.14, linux-azure, linux-hwe-6.8, linux-realtime-6.8, node-sha.js, and pcre2).

Longtime Slashdot reader hackingbear writes: President Donald Trump signed an executive order Thursday that he says will allow TikTok to continue operating in the United States in a way that meets national security concerns. Trump's order will enable an American-led of group of investors to "buy the app" (up to 80% ownership) from China's ByteDance, though the deal is not yet finalized and also requires China's approval. However, much about the deal is still unknown. So, did the U.S. successfully snatch TikTok from ByteDance? It is probably up to individual's interpretation. As with any deals between U.S. and China, the devil is in the details. According Shen Yi, an internet influencer and a professor at Shanghai's Fudan University, what the U.S. investor will eventually take control of is an entity known as TikTok U.S. Data Security Company ("USDS"), which is a subsidiary of TikTok U.S. and is exclusively responsible to handle data security in the U.S.. ByteDance will continue, through its U.S. subsidiary "ByteDance TikTok U.S. Company," to operate business and other related activities (such as e-commerce, advertising for brands, and cross-border commercial activities). It is important to stress that "Byte TikTok U.S. Company" remains 100% owned by ByteDance through its global TikTok subsidiary -- this arrangement has not changed. The TikTok algorithm remains the property of ByteDance, only licensed to USDS for use. This point was in fact explicitly clarified by a relevant official of China's Cyberspace Administration at the press conference following the Madrid talks. After reaching the TikTok deal, Beijing and Washington are now selling it to their respective domestic audience, each highlighting the part of the deal that it can characterize as a win. Shen's details are not in conflict with the widely-reported account given by Karoline Leavitt, the White House Press Secretary, who emphasized "a new board with six American directors out of seven." Observers can also find the TikTok arrangement being very similar to that of Apple's iCloud operation in China being run by GCBD (AIPO Cloud (Guizhou) Technology Co. Ltd.) while Apple retain controls of the brand and business.

Read more of this story at Slashdot.

Longtime Slashdot reader whoever57 writes: Birmingham City Council, the largest such entity in Europe, has been declared effectively bankrupt. There are a couple of reasons for this, but one of them is a disastrous project to replace the city's income management system using Oracle. The cost of this has risen to $230 million, while the initial estimate was $24 million. There was a failed rollout of the new system earlier this year. "Original plans for the replacement of SAP with Oracle Fusion set aside a 19.965 million-euro budget for three years implementation until the end of the 2021 financial year," reports The Register. "Go-live date was later put back until April 2022 and the budget increased to 40 million euros. After the council realized it would need to reimplement all of Oracle, the budget for running the old system and introducing the new one increased to 131 million euros." "In a hastily convened Audit Committee meeting this week, councilor heard how that date has now been put back until November, expressing their anger that the news hit the media before they were told." Testing failed with only a 73.3% pass rate and 10 severe deficits, "below the acceptance criteria of a 95 percent pass rate and zero severe deficits.

Read more of this story at Slashdot.

votsalo writes: A German company, Vay, offers a rental car service where the cars are driven by a remote driver to the customer, who then takes over driving the car. At the end of the rental, a remote driver takes over again to take the car away. The trained remote drivers sit in a driving station, with a steering wheel, foot pedals, screens, headphones, and even tactile feedback for things like bumps on the road. Vay says the rental rate cost would be "about half of what a current car-sharing service costs." If he is talking about car-rental services that deliver cars to customers by on-site drivers, like this defunct San Francisco car rental company, then the claim about half the cost seems right. Vay's founder used Las Vegas as a testing ground for the service and expects to launch in Germany soon. Las Vegas "had the necessary legal framework already in place," said von der Ohe, a graduate of computer science and entrepreneurship from Stanford. "It fitted on to three pages. Germany's ran to many more, but we've worked closely with the authorities here to make sure we can fulfil everything that's required of us, from technical to safety concerns. Now that the legislative landscape is in place, we're raring to go."

Read more of this story at Slashdot.

An anonymous reader quotes a report from MIT Technology Review: Flock Safety, whose drones were once reserved for police departments, is now offering them for private-sector security, the company announced today, with potential customers including including businesses intent on curbing shoplifting.Companies in the US can now place Flock's drone docking stations on their premises. If the company has a waiver from the Federal Aviation Administration to fly beyond visual line of sight (these are becoming easier to get), its security team can fly the drones within a certain radius, often a few miles. "Instead of a 911 call [that triggers the drone], it's an alarm call," says Keith Kauffman, a former police chief who now directs Flock's drone program. "It's still the same type of response." Kauffman walked through how the drone program might work in the case of retail theft: If the security team at a store like Home Depot, for example, saw shoplifters leave the store, then the drone, equipped with cameras, could be activated from its docking station on the roof. "The drone follows the people. The people get in a car. You click a button," he says, "and you track the vehicle with the drone, and the drone just follows the car." The video feed of that drone might go to the company's security team, but it could also be automatically transmitted directly to police departments. The defense tech startup Epirus has developed a cutting-edge, cost-efficient drone zapper that's sparking the interest of the US military. Now the company has to deliver. The company says it's in talks with large retailers but doesn't yet have any signed contracts. The only private-sector company Kauffman named as a customer is Morning Star, a California tomato processor that uses drones to secure its distribution facilities. Flock will also pitch the drones to hospital campuses, warehouse sites, and oil and gas facilities. It's worth noting that the FAA is currently drafting new rules for how it grants approval to pilots flying drones out of sight, and it's not clear if Flock's use case would be allowed under the currently proposed guidance.

Read more of this story at Slashdot.

Nine major European banks are creating a Netherlands-based company to launch a euro-backed stablecoin in 2026, aiming to counter U.S. dominance in the digital token market. Reuters reports: While global stablecoin issuance stands at nearly $300 billion, euro-denominated stablecoins totalled just $620 million, according to figures released last week by the Bank of Italy, with dollar-pegged tokens overwhelmingly dominant. "The initiative will provide a real European alternative to the U.S.-dominated stablecoin market, contributing to Europe's strategic autonomy in payments," the banks said. They launched the effort, which they said will create a token that can be used for quick, low-cost payments and settlements, even as the European Central Bank voices scepticism over stablecoins. ECB President Christine Lagarde in June told European policymakers that privately issued stablecoins posed risks for monetary policy and financial stability. As a safer alternative, she has urged European lawmakers to introduce legislation backing the launch of a digital version of the EU's single currency. Some commercial banks, however, have pushed back against the introduction of a digital euro, fearing that it would empty their coffers as customers transfer cash out of banks and into the safety of an ECB-guaranteed wallet. In addition to ING and UniCredit, the other banks participating in the new company include Banca Sella, KBC, DekaBank, Danske Bank, SEB, Caixabank, and Raiffeisen Bank International. They said that others could join the initiative, and a CEO for the company would be appointed soon. According to a recent report by Deutsche Bank, emerging market economies are adopting dollar-based stablecoins to replace local deposits and cash. "This has created a global monetary dilemma: countries should adopt stablecoins or risk being left behind. Europe is under particular pressure."

Read more of this story at Slashdot.

Spotify says it has has removed over 75 million fraudulent tracks in the past year as it works to combat "AI slop," deepfake impersonations, and spam uploads. Variety reports: Its new protections include a policy to police unauthorized vocal impersonation ("deepfakes") and fraudulent music uploaded to artists' official profiles; an enhanced spam filter to prevent mass uploads, duplicates, SEO hacks, artificially short tracks designed to fraudulently boost streaming numbers and payments. The company also says it's collaborating with industry partners to devise an industry standard in a song's credits to "clearly indicate where and how AI played a role in the creation of a track." "The pace of recent advances in generative AI technology has felt quick and at times unsettling, especially for creatives," the company writes in a just-published post on its official blog. "At its best, AI is unlocking incredible new ways for artists to create music and for listeners to discover it. At its worst, AI can be used by bad actors and content farms to confuse or deceive listeners, push 'slop' into the ecosystem, and interfere with authentic artists working to build their careers. The future of the music industry is being written, and we believe that aggressively protecting against the worst parts of Gen AI is essential to enabling its potential for artists and producers." In a press briefing on Wednesday, Spotify VP and Global Head of Music Product Charlie Hellman said, "I want to be clear about one thing: We're not here to punish artists for using AI authentically and responsibly. We hope that they will enable them to be more creative than ever. But we are here to stop the bad actors who are gaming the system. And we can only benefit from all that good side if we aggressively protect against the bad side."

Read more of this story at Slashdot.

Doug Bowser, president of Nintendo of America since 2019, will retire at the end of 2025 after overseeing major expansions including theme parks, films, and the launch of the Switch 2. He will be succeeded by Devon Pritchard, while Satoru Shibata will also take on a CEO role at Nintendo of America. "One of my earliest video game experiences was playing the arcade version of Donkey Kong," Bowser said in a statement. "Since that time, all things Nintendo have continued to be a passion for both me and my family. Leading Nintendo of America has been the honor of a lifetime, and I am proud of what our team has accomplished in both business results and the experiences we've created for consumers." Pritchard said that "Doug has been a fantastic mentor" and that he looks forward to "building on the incredible foundation he has helped establish."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models. But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report. TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app's founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery. Kiam told TechCrunch later Thursday that he took down the app's servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse. The Neon app stopped functioning soon after we contacted Kiam. TechCrunch found that the app's backend services didn't properly restrict access, allowing any logged-in user to request and receive data belong to other users. This included call transcripts, raw call recordings, and sensitive metadata, including phone numbers, the date/time of calls, and their durations.

Read more of this story at Slashdot.

Google has asked the U.S. Supreme Court to pause a judge's order requiring major changes to its Play Store after losing an antitrust case to Epic Games. The injunction would force Google to allow rival app stores, external billing links, and broader competition -- changes Google says could harm users and developers. Epic argues they're necessary to break Google's monopoly. Reuters reports: Google said it has urged the U.S. Supreme Court to halt key parts of a judge's order that would force major changes to its app store Play, as it prepares to appeal a decision in a lawsuit brought by "Fortnite" maker Epic Games. Google called the judge's order unprecedented, and said it would cause reputational harm, safety and security risks and put the company at a competitive disadvantage if allowed to take effect, according to a filing, opens new tab provided late on Wednesday by Google, which said it had submitted it to the court. [...] Google in its Supreme Court filing said that the changes will have enormous consequences for more than 100 million U.S. Android users and 500,000 developers. It asked the court to decide by October 17 whether to put the order on hold. Google said it plans to file its appeal to the Supreme Court by October 27, which could allow the justices to take up the case during their nine-month term that begins on October 6. Epic in a statement said Google is relying on what it called "flawed security claims" to justify its control over Android devices. "The court's injunction should go into effect as ordered so consumers and developers can benefit from competition, choices and lower prices," Epic said. The jury, siding with Epic in the trial, found that Google illegally stifled competition. Donato subsequently issued the order directing Google to make changes to its app store.

Read more of this story at Slashdot.

OpenAI introduced Pulse, a new ChatGPT feature that generates five to ten personalized daily reports overnight for Pro users on its $200/month plan. The goal is to eventually expand beyond summaries to agent-like tasks. TechCrunch reports: Pulse offers users five to 10 briefs that can get them up to speed on their day and is aimed at encouraging users to check ChatGPT first thing in the morning -- much like they would check social media or a news app. "We're building AI that lets us take the level of support that only the wealthiest have been able to afford and make it available to everyone over time," said OpenAI's new CEO of Applications, Fidji Simo, in a blog post. "And ChatGPT Pulse is the first step in that direction -- starting with Pro users today, but with the goal of rolling out this intelligence to all." Starting Thursday, OpenAI will roll out Pulse for subscribers to its $200-a-month Pro plan, for whom it will appear as a new tab in the ChatGPT app. The company says it would like to launch Pulse to all ChatGPT users in the future, with Plus subscribers to get access soon, but it first needs to make the product more efficient. Pulse's reports can be roundups of news articles on a specific topic -- like updates on a specific sports team -- as well as more personalized briefs based on a user's context.

Read more of this story at Slashdot.

Ruby Central, a non-profit organization committed to "driving innovation and building community within the Ruby programming ecosystem since 2001," removed all RubyGems maintainers from the project's GitHub repository on September 18, granting administrative access exclusively to its employees and contractors following alleged pressure from Shopify, one of its biggest backers, according to Ruby developer Joel Drapper. The nonprofit organization, which operates RubyConf and RailsConf, cited fiduciary responsibility and supply chain security concerns following a recent audit. The controversy began September 9 when HSBT (Hiroshi Shibata), a Ruby infrastructure maintainer, renamed the RubyGems GitHub enterprise to "Ruby Central" and added Director of Open Source Marty Haught as owner while demoting other maintainers. The action allegedly followed Shopify's threat to cut funding unless Ruby Central assumed full ownership of RubyGems and Bundler. Ruby Central had reportedly become financially dependent on Shopify after Sidekiq withdrew $250,000 annual sponsorship over the organization platforming Rails creator DHH at RailsConf 2025. Andre Arko, a veteran contributor on-call for RubyGems.org at the time, was among those removed. Maintainer Ellen Dash has characterized the action as a "hostile takeover" and also resigned. Executive Director Shan Cureton acknowledged poor communication in a YouTube video Monday, stating removals were temporary while finalizing operator agreements. Arko and others are launching Spinel, an alternative Ruby tooling project, though Shopify's Rafael Franca commented that Spinel admins shouldn't be trusted to avoid "sabotaging rubygems or bundler."

Read more of this story at Slashdot.