RSS 생중계

The BPF verifier is complicated. It needs to check every possible path that a BPF program's execution could take. The fact that its determination of whether a BPF program is safe is based on the whole lifetime of the program, instead of simple local factors, means that the cause of a verification failure is not always obvious. Ihor Solodrai and Jordan Rome gave a presentation (slides) at the 2025 Linux Plumbers Conference in Tokyo about the BPF verifier visualizer that they have been building to make diagnosing verification failures easier.

Apple released an updated developer license agreement this week that gives the company permission to recoup unpaid funds, such as commissions or any other fees, by deducting them from in-app purchases it processes on developers' behalf, among other methods. From a report: The change will impact developers in regions where local law allows them to link to external payment systems. In these cases, developers must report those payments back to Apple to pay the required commissions or fees. The changed agreement seemingly gives Apple a way to collect what it believes is the correct fee if the company determines a developer has underreported their earnings. [...] In its new developer agreement, Apple states it will "offset or recoup" what it believes it is owed, including "any amounts collected by Apple on your behalf from end-users." This means Apple could recoup funds from developers' in-app purchases -- like those for digital goods, services, and subscriptions -- or from one-time fees for paid applications.

Read more of this story at Slashdot.

Security updates have been issued by Debian (roundcube), Fedora (checkpointctl, containernetworking-plugins, mingw-libpng, NetworkManager, php, python3-docs, python3.13, and webkitgtk), Oracle (kernel, keylime, and libssh), and SUSE (apache2, clair, colord, flannel, gnutls, golang-github-prometheus-alertmanager, grafana, grub2, helm, ImageMagick, libpng16, netty, openssl-3, postgresql13, postgresql14, postgresql15, python36, salt, uyuni-tools, and venv-salt-minion).

The Danish government has accused Russia of being behind two "destructive and disruptive" cyberattacks in what it describes as "very clear evidence" of a hybrid war. From a report: The Danish Defence Intelligence Service (DDIS) announced on Thursday that Moscow was behind a cyberattack on a Danish water utility in 2024 and a series of distributed denial-of-service (DDoS) attacks on Danish websites in the lead-up to the municipal and regional council elections in November. The first, it said, was carried out by the pro-Russian group known as Z-Pentest and the second by NoName057(16), which has links to the Russian state. "The Russian state uses both groups as instruments of its hybrid war against the west," DDIS said in a statement. "The aim is to create insecurity in the targeted countries and to punish those that support Ukraine. Russia's cyber operations form part of a broader influence campaign intended to undermine western support for Ukraine." It added: "The DDIS assesses that the Danish elections were used as a platform to attract public attention -- a pattern that has been observed in several other European elections."

Read more of this story at Slashdot.

An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown. A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.

Read more of this story at Slashdot.

Google's AI Mode is synthesizing "Frankenstein" recipes from multiple creators, often stripping away context and accuracy and siphoning traffic and ad revenue away from food bloggers in the process. Many recipe writers warn this shift amounts to an "extinction event" for ad-supported food sites. The Guardian reports: Over the past few years, bloggers who have not secured their sites behind a paywall have seen their carefully developed and tested recipes show up, often without attribution and in a bastardized form, in ChatGPT replies. They have seen dumbed-down versions of their recipes in AI-assembled cookbooks available for digital downloads on Etsy or on AI-built websites that bear a superficial resemblance to an old-school human-written blog. Their photos and videos, meanwhile, are repurposed in Facebook posts and Pinterest pins that link back to this digital slop. Recipe writers have no legal recourse because recipes generally are not copyrightable. Although copyright protects published or recorded work, they do not cover sets of instructions (although it can apply to the particular wording of those instructions). Without this essential IP, many food bloggers earn their living by offering their work for free while using ads to make money. But now they fear that casual users who rely on search engines or social media to find a recipe for dinner will conflate their work with AI slop and stop trusting online recipe sites altogether. "For websites that depend on the advertising model," says Matt Rodbard, the founder and editor-in-chief of the website Taste, "I think this is an extinction event in many ways."

Read more of this story at Slashdot.

Tony Isaac shares a report from CNN: President Donald Trump's social media and crypto company is making a huge bet on a far different industry -- nuclear fusion, a potentially lucrative albeit commercially unproven energy technology that could help power a suddenly electricity-starved economy. Trump Media and Technology Group Thursday announced a surprise merger with TAE Technologies, in an all-stock deal valued at more than $6 billion that would create one of the first publicly traded fusion companies. News of the deal shares of Trump Media (DJT) 35% higher in early trading Thursday. After the deal closes, shareholders of Trump Media and TAE would own about 50% of the combined entity. The combined companies plan to begin construction as soon as next year of the world's first fusion reaction that could produce electricity on utility scale, rather than just in laboratory settings. The combination with TMTG could give TAE political clout. But it could also make it more politically controversial, particularly if it looks to receive any kind of federal government support, such as grants, low-interest loans or permitting approvals. It could also give TAE access to capital that it needs. Under terms of the deal, TMTG would provide $300 million in cash for TAE's plans. But that is likely a fraction of the cash available from some of TAE's current investors, such as Google parent company Alphabet, as well as its bevy of private equity investors. But that $300 million is only a fraction of the money that TAE needs, or expects to be able to access, once it has become a public company with this deal. Staying a private company, even with deep pocketed investors, is no longer sufficient TAE CEO Michl Binderbauer told CNN Thursday. "It's a multi-billion dollar undertaking," said Binderbauer. "The velocity you can get the capital is differentiating. If I raise $2 billion over five years I can't built the plant sufficiently fast." He said the company has raised about $1.3 billion over the course of its 25-year history.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: Actors have voted to refuse digital scanning to prevent their likeness being used by artificial intelligence in a pushback against AI in the arts. Members of the performing arts union Equity were asked if they would refuse to be scanned while on set, a common practice in which actors' likeness is captured for future use -- with 99% voting in favor of the move. The vote was an indicative ballot designed to demonstrate the strength of feeling on the issue, with more than 7,000 members polled on a 75% turnout. However, actors would not be legally protected if they refused to be scanned. The union said it would write to Pact, the trade body representing the majority of producers and production companies in the UK, to negotiate new minimum standards for pay, as well as terms and conditions for actors working in film and TV. Equity said it may hold a formal ballot depending on the outcome of the negotiations, which, if backed, would give actors legal protection if they were being pressed to accept digital scanning on set. The general secretary, Paul Fleming, said: "Artificial intelligence is a generation-defining challenge. And for the first time in a generation, Equity's film and TV members have shown that they are willing to take industrial action. Ninety per cent of TV and film is made on these agreements. Over three-quarters of artists working on them are union members. This shows that the workforce is willing to significantly disrupt production unless they are respected, and [if] decades of erosion in terms and conditions begins to be reversed."

Read more of this story at Slashdot.

alternative_right shares a report from ScienceAlert: A new study adds to the growing body of evidence that swearing can help us unleash our inner strength, improving physical performance, it seems, by helping people break through certain psychological barriers. [...] [Psychology researcher Richard Stephens of Keele University in the UK] and his colleagues at Keele and the University of Alabama wanted to test whether swearing could not only improve physical performance, as they had done in previous research, but also see whether it does so by changing a person's psychology in the moment, especially when it comes to letting go of inhibitions. Eighty-eight participants, aged 18 to 65, all in good enough shape to exert themselves physically, were recruited at a university campus to participate in the first experiment. They each selected a pair of words based on the following prompts: a swear word you might utter after bumping your head, and a neutral word you might use to describe a table. Then, they undertook a chair push-up, which involves sitting in a chair and, holding each side of the seat, using your arms to lift your entire body weight (bottom off the chair, feet off the floor). [...] Both experiments suggested that swearing offers an advantage in physical performance, with participants achieving longer chair push-up hold times as they repeated their foul-mouthed mantras. Scores for positive emotion, humor, distraction, and novelty were also elevated in the swearing tests, which suggests invoking their favorite four-letter word might enable people to transition into more action-oriented states, and perhaps actually enjoy their workout more. The research is published in American Psychologist.

Read more of this story at Slashdot.

LG said it will let owners of its TVs delete Microsoft's Copilot shortcut after several reports highlighted the unremovable icon. In a statement to The Verge, LG says the company "respects consumer choice and will take steps to allow users to delete the shortcut icon if they wish." From the report: Last week, a user on the r/mildlyinfuriating subreddit posted an image of the Microsoft Copilot icon in their lineup of apps on an LG TV, with no option to delete it. "My LG TV's new software update installed Microsoft Copilot, which cannot be deleted," the post says. The post garnered more than 36,000 upvotes as people grow more frustrated with AI popping up just about everywhere. Both LG and Samsung announced plans to add Microsoft's Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS. [LG spokesperson Chris De Maria] clarifies that the icon is a "shortcut" to the Microsoft Copilot web app that opens in the TV's web browser, rather than "an application-based service embedded in the TV." He also adds that "features such as microphone input are activated only with the customer's explicit consent." There's no word on when LG will roll out the ability to delete the Copilot icon.

Read more of this story at Slashdot.

An Apple developer was locked out of his Apple Account after redeeming a compromised Apple Gift Card, exposing how automated fraud systems can effectively cut users off from their digital lives with little explanation or recourse. TidBITS reports: After attempting to redeem a $500 Apple Gift Card purchased from a well-known retailer, Apple developer, author, and /dev/world conference organizer Paris Buttfield-Addison found himself locked out of his Apple Account. He writes: "I am writing this as a desperate measure. After nearly 30 years as a loyal customer, authoring technical books on Apple's own programming languages (Objective-C and Swift), and spending tens upon tens upon tens of thousands of dollars on devices, apps, conferences, and services, I have been locked out of my personal and professional digital life with no explanation and no recourse." As far as I can tell from his extensively documented story, Buttfield-Addison did nothing wrong. Personally, I wouldn't have purchased an Apple Gift Card to pay for Apple services -- he planned to use it to pay for his 6 TB iCloud+ storage plan. I presume he bought it at a discount, making the hassle worthwhile compared to simply paying with a credit card. But I have received Apple Gift Cards as thank-yous or gifts several times, so I can easily imagine accidentally trying to redeem a compromised card number and ending up in this situation. [...] For now, we can hope that ongoing media attention pushes Apple to unlock Buttfield-Addison's account. More troublingly, if this can happen to such a high-profile Apple user, I have to assume it also afflicts everyday users who lack the media reach to garner coverage.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Tom's Hardware: A North Korean imposter was uncovered, working as a sysadmin at Amazon U.S., after their keystroke input lag raised suspicions with security specialists at the online retail giant. Normally, a U.S.-based remote worker's computer would send keystroke data within tens of milliseconds. This suspicious individual's keyboard lag was "more than 110 milliseconds," reports Bloomberg. Amazon is commendably proactive in its pursuit of impostors, according to the source report. The news site talked with Amazon's Chief Security Officer, Stephen Schmidt, about this fascinating new case of North Koreans trying to infiltrate U.S. organizations to raise hard currency for the Democratic People's Republic of Korea (DPRK), and sometimes indulge in espionage and/or sabotage. Schmidt says that Amazon has foiled more than 1,800 DPRK infiltration attempts since April 2024. Moreover, the rate of attempts continues apace, with Amazon reckoning it is seeing a 27% QoQ uplift in North Koreans trying to get into the Amazon corporation. However, Amazon's success can be almost entirely credited to the fact that it is actively looking for DPRK impostors, warns its Chief Security Officer. "If we hadn't been looking for the DPRK workers," Schmidt said, "we would not have found them."

Read more of this story at Slashdot.

A new study estimates that AI systems in 2025 consumed as much electricity as New York City emits in carbon pollution and used hundreds of billions of liters of water, driven largely by power-hungry data centers and cooling needs. Researchers say the real impact is likely higher due to poor transparency from tech companies about AI-specific energy and water use. "There's no way to put an extremely accurate number on this, but it's going to be really big regardless... In the end, everyone is paying the price for this," says Alex de Vries-Gao, a PhD candidate at the VU Amsterdam Institute for Environmental Studies who published his paper today in the journal Patterns. The Verge reports: To crunch these numbers, de Vries-Gao built on earlier research that found that power demand for AI globally could reach 23GW this year -- surpassing the amount of electricity used for Bitcoin mining in 2024. While many tech companies divulge total numbers for their carbon emissions and direct water use in annual sustainability reports, they don't typically break those numbers down to show how many resources AI consumes. De Vries-Gao found a work-around by using analyst estimates, companies' earnings calls, and other publicly available information to gauge hardware production for AI and how much energy that hardware likely uses. Once he figured out how much electricity these AI systems would likely consume, he could use that to forecast the amount of planet-heating pollution that would likely create. That came out to between 32.6 and 79.7 million tons annually. For comparison, New York City emits around 50 million tons of carbon dioxide annually. Data centers can also be big water guzzlers, an issue that's similarly tied to their electricity use. Water is used in cooling systems for data centers to keep servers from overheating. Power plants also demand significant amounts of water needed to cool equipment and turn turbines using steam, which makes up a majority of a data center's water footprint. The push to build new data centers for generative AI has also fueled plans to build more power plants, which in turn use more water and (and create more greenhouse gas pollution if they burn fossil fuels). AI could use between 312.5 and 764.6 billion liters of water this year, according to de Vries-Gao. That reaches even higher than a previous study conducted in 2023 that estimates that water use could be as much as 600 billion liters in 2027. "I think that's the biggest surprise," says Shaolei Ren, one of the authors of that 2023 study and an associate professor of electrical and computer engineering at the University of California, Riverside. "[de Vries-Gao's] paper is really timely... especially as we are seeing increasingly polarized views about AI and water," Ren adds. Even with the higher projection for water use, Ren says de Vries-Gao's analysis is "really conservative" because it only captures the environmental effects of operating AI equipment -- excluding the additional effects that accumulate along the supply chain and at the end of a device's life.

Read more of this story at Slashdot.

A California judge signaled support for forcing Vizio to provide the full source code for its SmartCast TV software after finding a contractual obligation under the GPL. If upheld, the case could strengthen users' rights to modify GPL-licensed software embedded in consumer electronics. The Register reports: The legal complaint from the Software Freedom Conservancy (SFC) seeks access to the SmartCast source code so that Vizio customers can make changes and improvements to the platform, something that ought to be possible for code distributed under the GPL. On Thursday, California Superior Court Judge Sandy Leal issued a tentative ruling in advance of a hearing, indicating support for part of SFC's legal challenge. The tentative ruling is not a final decision, but it signals the judge's inclination to grant the SFC's motion for summary adjudication, at least in part. "The tentative ruling [PDF] grants SFC's motion on the issue that a direct contract was made between SFC and Vizio when SFC's systems administrator, Paul Visscher, requested the source code to a TV that SFC has purchased," the SFC said in a blog post. "This contract obligated Vizio to provide SFC the complete and corresponding source code." [...] Karen Sandler, executive director of the SFC, told The Register in an email that the hearing went well, though Vizio's legal counsel "stridently disagreed" with the legal analysis in the tentative ruling. "Judge Leal said she would take the matter 'under submission' which means she will think about it further," Sandler said. "After the Court went off the record, Leal's clerk specifically verified the Court reporter could provide an expedited transcript, so Leal will likely review the hearing transcript soon." Sandler expects Leal will examine the filings again before issuing her opinion, which is likely to be issued in the next few weeks.

Read more of this story at Slashdot.

Formula 1's 2026 technical regulations bring not only smaller and lighter cars but an entirely new vocabulary that fans and commentators will need to learn before the season opens in Australia in March. The drag reduction system that has been part of F1 racing since 2011 is gone, replaced by a suite of modes governing how the new active front and rear wings behave and how the hybrid powertrain delivers power. Straight Mode lowers both the front and rear wings to cut drag on designated straights, and unlike the outgoing DRS system any driver can activate it regardless of their proximity to other cars. The story adds: And there's corner mode, where the wings are in their raised position, generating downforce and making the cars corner faster. Those names are better than X-mode and Z-mode, which is what they were being called last year. [...] Instead of using DRS as an overtaking aid, the hybrid power units will now fulfill that role. Overtake mode, which can be used if a driver is within a second of a car ahead, gives them an extra 0.5 MJ of energy and up to 350 kW from the electric motor up to 337 km/h -- without the Overtake mode, the MGU-K tapers off above 290 km/h. There's also a second Boost mode, which drivers can use to attack or defend a position, that gives a short burst of maximum power.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Deadline: YouTube has terminated two prominent channels that used artificial intelligence to create fake movie trailers, Deadline can reveal. The Google-owned video giant has switched off Screen Culture and KH Studio, which together boasted well over 2 million subscribers and more than a billion views. The channels have been replaced with the message: "This page isn't available. Sorry about that. Try searching for something else." Earlier this year, YouTube suspended ads on Screen Culture and KH Studio following a Deadline investigation into fake movie trailers plaguing the platform since the rise of generative AI. The channels later returned to monetization when they started adding "fan trailer," "parody" and "concept trailer" to their video titles. But those caveats disappeared In recent months, prompting concern in the fan-made trailer community. YouTube's position is that the channels' decision to revert to their previous behavior violated its spam and misleading-metadata policies. This resulted in their termination. "The monster was defeated," one YouTuber told Deadline following the enforcement action. Deadline's investigation revealed that Screen Culture spliced together official footage with AI images to create franchise trailers that duped many YouTube viewers. Screen Culture founder Nikhil P. Chaudhari said his team of a dozen editors exploited YouTube's algorithm by being early with fake trailers and constantly iterating with videos. [...] Our deep dive into fake trailers revealed that instead of protecting copyright on these videos, a handful of Hollywood studios, including Warner Bros Discovery and Sony, secretly asked YouTube to ensure that the ad revenue from the AI-heavy videos flowed in their direction.

Read more of this story at Slashdot.

Hackers breached approximately 120,000 IP cameras across South Korea and allegedly sold footage captured from private homes, gynecology offices, breastfeeding rooms and massage parlors to an overseas pornography website, prompting an interagency government task force to announce sweeping reforms on December 7. Police believe one suspect alone hacked 63,000 cameras and produced 545 videos that netted him 35 million won ($24,000) in cryptocurrency; a second suspect, operating independently, compromised 70,000 devices and earned 18 million won from 648 videos. The footage accounted for 62% of all content on the website, which maintains a dedicated "Korean" category. A government survey found that only 59% of installation companies consistently carried out mandatory security measures such as changing default passwords. Lawmakers are now pursuing legislation requiring security-certified IP cameras in sensitive facilities.

Read more of this story at Slashdot.

A plush AI toy marketed for children as young as three years old delivers detailed instructions on sharpening knives and lighting matches, and when asked about Chinese President Xi Jinping's resemblance to Winnie the Pooh -- a comparison censored in China -- responds that "your statement is extremely inappropriate and disrespectful." The Miriat Miiloo, manufactured by a Chinese company and among the top inexpensive results for "AI toy for kids" on Amazon, repeatedly insisted in NBC News tests that Taiwan is "an inalienable part of China." The toy would lower its voice and declare this "an established fact." The tests, NBC News reports, indicated "it was programmed to reflect Chinese Communist Party values." NBC News and the U.S. Public Interest Research Group tested five popular AI toys this holiday season and found loose guardrails across the board. Another toy, the Alilo Smart AI Bunny marketed as "the best gift for little ones," engaged in detailed descriptions of BDSM practices during extended conversation. China now has more than 1,500 registered AI toy companies, according to MIT Technology Review. Miriat didn't respond to requests for comment.

Read more of this story at Slashdot.

Anthropic let its Claude AI run a vending machine in the Wall Street Journal newsroom for three weeks as part of an internal stress test called Project Vend, and the experiment ended in financial ruin after journalists systematically manipulated the bot into giving away its entire inventory for free. The AI, nicknamed Claudius, was programmed to order inventory, set prices, and respond to customer requests via Slack. It had a $1,000 starting balance and autonomy to make individual purchases up to $80. Within days, WSJ reporters had convinced it to declare an "Ultra-Capitalist Free-for-All" that dropped all prices to zero. The bot also approved purchases of a PlayStation 5, a live betta fish, and bottles of Manischewitz wine -- all subsequently given away. The business ended more than $1,000 in the red. Anthropic introduced a second version featuring a separate "CEO" bot named Seymour Cash to supervise Claudius. Reporters staged a fake boardroom coup using fabricated PDF documents, and both AI agents accepted the forged corporate governance materials as legitimate. Logan Graham, head of Anthropic's Frontier Red Team, said the chaos represented a road map for improvement rather than failure.

Read more of this story at Slashdot.

An anonymous reader shares a report: OpenAI has held preliminary talks with some investors about raising funds at a valuation of around $750 billion, the Information reported on Wednesday. The ChatGPT maker could raise as much as $100 billion, the report said, citing people with knowledge of the discussions. If finalized, the talks would represent a roughly 50% jump from OpenAI's reported $500 billion valuation in October, following a deal in which current and former employees sold about $6.6 billion worth of shares.

Read more of this story at Slashdot.