RSS 생중계

The virtual memory area (VMA), represented by struct vm_area_struct, is one of the core abstractions of the kernel's memory-management subsystem; a VMA represents a portion of a process's address space with the same characteristics. A memory-mapped file will be represented by (at least) one VMA, as will the process's stack or a region of anonymous memory. Efficiently managing VMAs and the logic around them is crucial for good performance overall. Lorenzo Stoakes focused on one specific problem area: the merging of anonymous VMAs, during the memory-management track at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit.

Taiwanese authorities have accused 11 Chinese companies, including SMIC, of secretly setting up disguised entities in Taiwan to illegally recruit tech talent from firms like Intel and Microsoft. The Register reports: One of those companies is apparently called Yunhe Zhiwang (Shanghai) Technology Co., Ltd and develops high-end network chips. The Bureau claims its chips are used in China's "Data East, Compute West" strategy that, as we reported when it was announced in 2022, calls for five million racks full of kit to be moved from China's big cities in the east to new datacenters located near renewable energy sources in country's west. Datacenters in China's east will be used for latency-sensitive applications, while heavy lifting takes place in the west. Staff from Intel and Microsoft were apparently lured to work for Yunhe Zhiwang, which disguised its true ownership by working through a Singaporean company. The Investigation Bureau also alleged that China's largest chipmaker, Semiconductor Manufacturing International Corporation (SMIC), used a Samoan company to establish a presence in Taiwan and then hired local talent. That's a concerning scenario as SMIC is on the USA's "entity list" of organizations felt to represent a national security risk. The US gets tetchy when its friends and allies work with companies on the entity list. A third Chinese entity, Shenzhen Tongrui Microelectronics Technology, disguised itself so well Taiwan's Ministry of Industry and Information Technology lauded it as an important innovator and growth company. As a result of the Bureau's work, prosecutors' offices in seven Taiwanese cities are now looking into 11 Chinese companies thought to have hidden their ties to Beijing.

Read more of this story at Slashdot.

OpenAI plans to release a new open-weight language model -- its first since GPT-2 -- in the coming months and is seeking community feedback to shape its development. "That's according to a feedback form the company published on its website Monday," reports TechCrunch. "The form, which OpenAI is inviting 'developers, researchers, and [members of] the broader community' to fill out, includes questions like 'What would you like to see in an open-weight model from OpenAI?' and 'What open models have you used in the past?'" From the report: "We're excited to collaborate with developers, researchers, and the broader community to gather inputs and make this model as useful as possible," OpenAI wrote on its website. "If you're interested in joining a feedback session with the OpenAI team, please let us know [in the form] below." OpenAI plans to host developer events to gather feedback and, in the future, demo prototypes of the model. The first will take place in San Francisco within a few weeks, followed by sessions in Europe and Asia-Pacific regions. OpenAI is facing increasing pressure from rivals such as Chinese AI lab DeepSeek, which have adopted an "open" approach to launching models. In contrast to OpenAI's strategy, these "open" competitors make their models available to the AI community for experimentation and, in some cases, commercialization.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Google has agreed to pay $100 million in cash to settle a long-running lawsuit claiming it overcharged advertisers by failing to provide promised discounts and charged for clicks on ads outside the geographic areas the advertisers targeted. A preliminary settlement of the 14-year-old class action, which began in March 2011, was filed late Thursday in the San Jose, California, federal court, and requires a judge's approval. Advertisers who participated in Google's AdWords program, now known as Google Ads, accused the search engine operator of breaching its contract by manipulating its Smart Pricing formula to artificially reduce discounts. The advertisers also said Google, a unit of Mountain View, California-based Alphabet, misled them by failing to limit ad distribution to locations they designated, violating California's unfair competition law. Thursday's settlement covers advertisers who used AdWords between January 1, 2004, and December 13, 2012. Google denied wrongdoing in agreeing to settle. "This case was about ad product features we changed over a decade ago and we're pleased it's resolved," spokesman Jose Castaneda said in an emailed statement. Lawyers for the plaintiffs may seek fees of up to 33% of the settlement fund, plus $4.2 million for expenses. According to court papers, the case took a long time as the parties produced extensive evidence, including more than 910,000 pages of documents and multiple terabytes of click data from Google, and participated in six mediation sessions before four different mediators.

Read more of this story at Slashdot.

The Chrome extension Honey has lost over 4 million users after a viral video exposed it for hijacking affiliate codes and misleading users about finding the best coupon deals. 9to5Google reports: As we reported in early January, Honey had lost around 3 million users immediately after the video went viral, but ended up gaining back around 1 million later on. Now, as of March 2025, Honey is down to 16 million users on Chrome, down from its peak of 20 million. This drop comes after new Chrome policy has taken effect which prevents Honey, and extensions like it, from practices including taking over affiliate codes without disclosure or without benefit to the extension's users. Honey has since updated its extension listing with disclosure, and we found that the behavior shown in the December video no longer occurs.

Read more of this story at Slashdot.

OpenAI is having another viral moment after releasing Images for ChatGPT last week, with millions of people creating Studio Ghibli-inspired AI art. In a post on X today, CEO Sam Altman said the company has "added one million users in the last hour" alone. A few days prior he begged users to stop generating images because he said "our GPUs are melting."

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: The creator of an open source genetic database is shutting it down and deleting all of its data because he has come to believe that its existence is dangerous with "a rise in far-right and other authoritarian governments" in the United States and elsewhere. "The largest use case for DTC genetic data was not biomedical research or research in big pharma," Bastian Greshake Tzovaras, the founder of OpenSNP, wrote in a blog post. "Instead, the transformative impact of the data came to fruition among law enforcement agencies, who have put the genealogical properties of genetic data to use." OpenSNP has collected roughly 7,500 genomes over the last 14 years, primarily by allowing people to voluntarily submit their own genetic information they have downloaded from 23andMe. With the bankruptcy of 23andMe, increased interest in genetic data by law enforcement, and the return of Donald Trump and rise of authoritarian governments worldwide, Greshake Tzovaras told 404 Media he no longer believes it is ethical to run the database. "I've been thinking about it since 23andMe was on the verge of bankruptcy and been really considering it since the U.S. election. It definitely is really bad over there [in the United States]," Greshake Tzovaras told 404 Media. "I am quite relieved to have made the decision and come to a conclusion. It's been weighing on my mind for a long time." Greshake Tzovaras said that he is proud of the OpenSNP project, but that, in a world where scientific data is being censored and deleted and where the Trump administration has focused on criminalizing immigrants and trans people, he now believes that the most responsible thing to do is to delete the data and shut down the project. "Most people in OpenSNP may not be at particular risk right now, but there are people from vulnerable populations in here as well," Greshake Tzovaras said. "Thinking about gender representation, minorities, sexual orientation -- 23andMe has been working on the whole 'gay gene' thing, it's conceivable that this would at some point in the future become an issue." "Across the globe there is a rise in far-right and other authoritarian governments. While they are cracking down on free and open societies, they are also dedicated to replacing scientific thought and reasoning with pseudoscience across disciplines," Greshake Tzovaras wrote. "The risk/benefit calculus of providing free & open access to individual genetic data in 2025 is very different compared to 14 years ago. And so, sunsetting openSNP -- along with deleting the data stored within it -- feels like it is the most responsible act of stewardship for these data today." "The interesting thing to me is there are data preservation efforts in the U.S. because the government is deleting scientific data that they don't like. This is approaching that same problem from a different direction," he added. "We need to protect the people in this database. I am supportive of preserving scientific data and knowledge, but the data comes second -- the people come first. We prefer deleting the data."

Read more of this story at Slashdot.

An anonymous reader shares a report: The post-Covid rebound of live events is all the more evidence that movie theaters are never coming back, Netflix co-CEO Ted Sarandos told Semafor in an interview at the Paley Center for Media Friday. "Nearly every live thing has come back screaming," Sarandos said. "Broadway's breaking records right now, sporting events, concerts, all those things that we couldn't do during COVID are all back and bigger than ever. The theatrical box office is down 40 to 50% from pre-COVID, and this year is down 8% already, so the trend is not reversing. You've gotta look at that and say, 'What is the consumer trying to tell you?'"

Read more of this story at Slashdot.

Micron will raise prices for DRAM and NAND flash memory chips through 2026 as AI and data center demand strains supply chains, the U.S. chipmaker confirmed Monday. The move follows a market rebound from previous oversupply, with memory prices steadily climbing as producers cut output while AI and high-performance computing workloads grow. Rivals Samsung Electronics and SK Hynix are expected to implement similar increases. Micron cited "un-forecasted demand across various business segments" in communications to channel partners. The price hikes will impact sectors ranging from consumer electronics to enterprise data centers.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft has closed its IoT & AI Insider Lab in Shanghai's Zhangjiang hi-tech zone, marking the latest sign of the US tech giant's retreat from China amid rising geopolitical tensions. The Shanghai lab, meant to help with domestic development of the Internet of Things (IoT) and artificial intelligence (AI) technologies, closed earlier this year, according to people who work in the Zhangjiang AI Island area. Opened in May 2019, Microsoft's IoT & AI Insider Lab was touted as a flagship collaboration between the global tech giant and Zhangjiang, the innovation hub of Shanghai's Pudong district, where numerous domestic and international semiconductor and AI companies have set up shop. The lab covered roughly 2,800 square meters (30,000 square feet).

Read more of this story at Slashdot.

Learning to code has become sort of become pointless as AI increasingly dominates programming tasks, said Replit founder and chief executive Amjad Masad. "I no longer think you should learn to code," Masad wrote on X. The statement comes as major tech executives report significant AI inroads into software development. Google CEO Sundar Pichai recently revealed that 25% of new code at the tech giant is AI-generated, though still reviewed by engineers. Furthermore, Anthropic CEO Dario Amodei predicted AI could generate up to 90% of all code within six months. Masad called this shift a "bittersweet realization" after spending years popularizing coding through open-source work, Codecademy, and Replit -- a platform that now uses AI to help users build apps and websites. Instead of syntax-focused programming skills, Masad recommends learning "how to think, how to break down problems... how to communicate clearly, with humans and with machines."

Read more of this story at Slashdot.

Two scientific journals that experimented with paying peer reviewers found the practice sped up the review process without compromising quality, according to findings published this month. Critical Care Medicine offered $250 to half of 715 invited reviewers, with 53% accepting compared to 48% of unpaid reviewers. Paid reviews were completed one day faster on average. In a more dramatic result, Biology Open saw reviews completed in 4.6 business days when paying reviewers $284 per review, versus 38 days for unpaid reviews. "For the editors it has been extremely helpful because, prior to this, in some areas it was very difficult to secure reviewers," said Alejandra Clark, managing editor of Biology Open.

Read more of this story at Slashdot.

France's competition authority has fined Apple 150 million euros ($162 million) for abusing its market dominance through its App Tracking Transparency system, ruling the privacy initiative unfairly disadvantages app developers. The watchdog determined that requiring third-party developers to use two pop-ups for tracking permissions while Apple's own apps need just one tap creates an "excessively complex" process that particularly harms smaller publishers lacking sufficient proprietary data for alternative targeting. The authority acknowledged the system's privacy benefits, but concluded the framework is "neither necessary nor proportionate" with data protection goals. The regulator is not requiring Apple to modify the system, only imposing the fine for past practices. Apple must display a summary of the decision on its website for seven days.

Read more of this story at Slashdot.

Migration is the act of moving data from one location in physical memory to another. The kernel may migrate pages for many reasons, including defragmentation, improving NUMA locality, moving data to or from memory hosted on a peripheral device, or freeing a range of memory for other uses. Given the importance of migration to the memory-management subsystem, there is a lot of interest in improving its performance and removing impediments to its success. Several sessions in the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit were dedicated to this topic.

Microsoft has announced that it's overhauling its Blue Screen of Death error message in Windows 11. From a report: The new design drops the traditional blue color, frowning face, and QR code in favor of a simplified screen that looks a lot more like the black screen you see when Windows is performing an update. It's not immediately clear if this new BSOD will remain as a black screen once Microsoft ships the final version of this update. "We're previewing a new, more streamlined UI for unexpected restarts which better aligns with Windows 11 design principles and supports our goal of getting users back into productivity as fast as possible," explains Microsoft in a blog post about the change. "We've simplified your experience while preserving the technical information on the screen."

Read more of this story at Slashdot.

The effort to ensure that open-source software is reproducible has been gathering steam over the years, and gaining traction with major Linux distributions. Debian, for example, has been working toward reproducible builds for more than a decade; it can now produce official live CDs of the current stable release that are reproducible. Fedora started on the path much later, but it has progressed far enough that the project is now considering a change proposal for the Fedora 43 development cycle, expected to be released in October, with a goal of making 99% of Fedora's package builds reproducible. So far, reaction to the proposal seems favorable and focused primarily on how to achieve the goal—with minimal pain for packagers—rather than whether to attempt it.

An anonymous reader shares a report: A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer, Indiana University, and had his homes raided by the FBI. No one knows why. Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there. He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data.

Read more of this story at Slashdot.

Security updates have been issued by Debian (amd64-microcode, flatpak, intel-microcode, libdata-entropy-perl, librabbitmq, and vim), Fedora (augeas, containerd, crosswords-puzzle-sets-xword-dl, libssh2, libxml2, nodejs-nodemon, and webkitgtk), Red Hat (libreoffice and python-jinja2), SUSE (389-ds, apparmor, corosync, docker, docker-stable, erlang26, exim, ffmpeg-4, govulncheck-vulndb, istioctl, matrix-synapse, mercurial, openvpn, python3, rke2, and skopeo), and Ubuntu (ansible, linux, linux-hwe-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp, linux-azure-fips, linux-gcp-fips, linux-fips, linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips, linux-nvidia-tegra, linux-nvidia-tegra-igx, linux-realtime, linux-intel-iot-realtime, linux-xilinx-zynqmp, opensc, and ruby-doorkeeper).

California has 11.3% of America's population — but bought 30% of America's new zero-emission vehicles. That's according to figures from the California Air Resources Board, which also reports 1 in 4 Californians have chosen a zero-emission car over a gas-powered one... for the last two years in a row. But what about chargers? It turns out that California now has 48% more public and "shared" private EV chargers than the number of gasoline nozzles. (California has 178,000 public and "shared" private EV chargers, versus about 120,000 gas nozzles.) And beyond that public network, there's more than 700,000 Level 2 chargers installed in single-family California homes, according to the California Energy Commission. Of the 178,000 public/"shared" private chargers, "Over 162,000 are Level 2 chargers," according to an announcement from the governor's office, while nearly 17,000 are fast chargers. (A chart shows a 41% jump in 2024 — though the EV news site Electrek notes that of the 73,537 chargers added in 2024, nearly 38,000 are newly installed, while the other 35,554 were already plugged in before 2024 but just recently identified.) California approved a $1.4 billion investment plan in December to expand zero-emission transportation infrastructure. The plan funds projects like the Fast Charge California Project, which has earmarked $55 million of funding to install DC fast chargers at businesses and publicly accessible locations.

Read more of this story at Slashdot.

The Certification Authority/Browser Forum "is a cross-industry group that works together to develop minimum requirements for TLS certificates," writes Google's Security blog. And earlier this month two proposals from Google's forward-looking roadmap "became required practices in the CA/Browser Forum Baseline Requirements," improving the security and agility of TLS connections... Multi-Perspective Issuance Corroboration Before issuing a certificate to a website, a Certification Authority (CA) must verify the requestor legitimately controls the domain whose name will be represented in the certificate. This process is referred to as "domain control validation" and there are several well-defined methods that can be used. For example, a CA can specify a random value to be placed on a website, and then perform a check to verify the value's presence has been published by the certificate requestor. Despite the existing domain control validation requirements defined by the CA/Browser Forum, peer-reviewed research authored by the Center for Information Technology Policy of Princeton University and others highlighted the risk of Border Gateway Protocol (BGP) attacks and prefix-hijacking resulting in fraudulently issued certificates. This risk was not merely theoretical, as it was demonstrated that attackers successfully exploited this vulnerability on numerous occasions, with just one of these attacks resulting in approximately $2 million dollars of direct losses. The Chrome Root Program led a work team of ecosystem participants, which culminated in a CA/Browser Forum Ballot to require adoption of MPIC via Ballot SC-067. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on MPIC as part of their certificate issuance process. Some of these CAs are relying on the Open MPIC Project to ensure their implementations are robust and consistent with ecosystem expectations... Linting Linting refers to the automated process of analyzing X.509 certificates to detect and prevent errors, inconsistencies, and non-compliance with requirements and industry standards. Linting ensures certificates are well-formatted and include the necessary data for their intended use, such as website authentication. Linting can expose the use of weak or obsolete cryptographic algorithms and other known insecure practices, improving overall security... The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on linting as part of their certificate issuance process. Linting also improves interoperability, according to the blog post, and helps reduce the risk of non-compliance with standards that can result in certificates being "mis-issued". And coming up, weak domain control validation methods (currently permitted by the CA/Browser Forum TLS Baseline Requirements) will be prohibited beginning July 15, 2025. "Looking forward, we're excited to explore a reimagined Web PKI and Chrome Root Program with even stronger security assurances for the web as we navigate the transition to post-quantum cryptography."

Read more of this story at Slashdot.