RSS 생중계

For years we have had occasional requests to be able to receive LWN in a format for ebook readers. It took a while, but we are now happy to announce that all of LWN's feature content is available, to subscribers at the "professional hacker" level and above, in the EPUB format. To obtain the weekly edition as an EPUB file, just click the "Download EPUB" link in the left column. There is a separate RSS feed for the EPUB format as well. Any other feature content can be turned into an ebook by appending /epub to its URL.

We will also be creating special EPUB books at times. As an example of what is possible, our complete coverage from Kangrejos 2024 and the 2024 Linux Storage, Filesystem, Memory Management, and BPF Summit are available to all readers.

There are surely places where our EPUB books can be improved; please feel free to drop us a note (at lwn@lwn.net) with suggestions.

The U.S. Copyright Office declared Wednesday that the use of AI tools to assist in the creative process does not undermine the copyright of a work. Variety: The announcement clears the way for continued adoption of AI in post-production, where it has become increasingly common, such as in the enhancement of Hungarian-language dialogue in "The Brutalist." Studios, whose business model is founded on strong copyright protections, have expressed concern that AI tools could be inhibited by regulatory obstacles. In a 41-page report [PDF], the Copyright Office also reiterated that human authorship is essential to copyright, and that merely entering text prompts into an AI system is not enough to claim authorship of the resulting output.

Read more of this story at Slashdot.

New Zealand has relaxed its visitor visa rules to attract so-called "digital nomads" in a bid to boost tourism and the economy. From a report: Visitor visas will now allow people to work remotely for a foreign employer while they are visiting New Zealand for up to 90 days. The visa can be extended up to nine months but visitors may need to pay tax during this time. Economic growth minister Nicola Willis said making it easier for digital nomads -- people who work remotely while travelling -- to work in New Zealand, will boost the country's appeal as a destination. The visa would extend to influencers, as long as they are being paid by an overseas company.

Read more of this story at Slashdot.

Security researcher RyotaK has shared a series of vulnerabilities that all have to do with how Git interfaces with external credential managers. In short, while Git guards against newline characters (\n) being injected into a repository's URL, some programming languages also treat carriage return characters (\r) as being newlines. Adding a carriage return to a repository's URL can cause Git and the credential manager to disagree on how the URL should be parsed, ultimately resulting in Git credentials being sent to the wrong host. Malicious repositories could include Git submodules with malformed URLs, triggering the bug. Only password-based authentication with an external credential manager is vulnerable to this attack; SSH-based authentication remains secure. The Git project has chosen to consider this a vulnerability in Git, given the large amount of external software affected. The project has fixed the bug on its end by releasing updates for all supported versions that ban carriage returns in URLs entirely.

Affected software includes GitHub Desktop, Git LFS, and possibly other Git utilities:

Since Git itself doesn't use .lfsconfig file, specifying the URL that contains the newline character in .lfsconfig causes Git LFS to insert the newline character into the message, while bypassing [...] Git's validation.

Earthstar is a privacy-oriented, offline-first, LGPL-licensed database intended to support distributed applications. Unlike other distributed storage libraries, it focuses on providing mutable data with human-meaningful names and modification times, which gives it an interface similar to many non-distributed key-value databases. Now, the developers are looking at switching to a new synchronization protocol — one that is general enough that it might see wider adoption.

Virgin Money's AI-powered chatbot has reprimanded a customer who used the word "virgin," underlining the pitfalls of rolling out external AI tools. From a report: In a post last week on social media site LinkedIn, David Birch, a fintech commentator and Virgin Money customer, shared a picture of his online conversation with the bank in which he asked: "I have two ISAs with Virgin Money, how do I merge them?" The bank's customer service tool responded: "Please don't use words like that. I won't be able to continue our chat if you use this language," suggesting that it deemed the word "virgin" inappropriate.

Read more of this story at Slashdot.

A group of scientific integrity experts is calling for urgent action to combat "paper mills" -- companies that sell fraudulent research papers and fake peer reviews. In a Nature comment piece published January 27, the experts warn that at least 400,000 papers published between 2000 and 2022 show signs of being produced by paper mills, while only 55,000 were retracted or corrected during that period.

Read more of this story at Slashdot.

Ubuntu will be moving its "official realtime communications channels" from IRC to Matrix, beginning March 1, 2025, following a discussion on the ubuntu-devel mailing list.

"Official" communication, such as making realtime requests of privileged Ubuntu developer teams, could be expected to be actioned if requested on Matrix only. Similarly, you can consider your social responsibility to other developers in relation to your work in Ubuntu development to be fulfilled if you are present on that platform. And Canonical will follow in its requirement for its employed Ubuntu developers to be present on that agreed platform during their working hours.

Security updates have been issued by AlmaLinux (bzip2, gimp:2.8, keepalived, mariadb:10.11, mariadb:10.5, python-jinja2, and redis), Debian (iperf3, libtar, and pdns-recursor), Fedora (abseil-cpp, dotnet8.0, dotnet9.0, golang, libsoup3, and vaultwarden), Oracle (gimp:2.8, iperf3, keepalived, kernel, redis:7, and unbound), Red Hat (libsoup), SUSE (amazon-ssm-agent, go1.22, go1.23, iperf, java-21-openjdk, nginx, openvpn, and python311-asteval), and Ubuntu (kernel, libmicrodns, linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux, linux-azure, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi, linux, linux-azure, linux-gcp, linux-gcp-6.8, linux-gke, linux-gkeop, linux-hwe-6.8, linux-ibm, linux-lowlatency, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8, linux-raspi, linux, linux-azure, linux-gcp, linux-oem-6.11, linux-raspi, linux-realtime, linux, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-oem-6.8, rsync, and tcpreplay).

OpenAI says it has evidence suggesting Chinese AI startup DeepSeek used its proprietary models to train a competing open-source system through "distillation," a technique where smaller models learn from larger ones' outputs. The San Francisco-based company, along with partner Microsoft, blocked suspected DeepSeek accounts from accessing its API last year after detecting potential terms of service violations. DeepSeek's R1 reasoning model has achieved comparable results to leading U.S. models despite claiming minimal resources.

Read more of this story at Slashdot.

A new update to CVS's mobile app includes a feature that allows some customers to access items on locked shelves using their phone -- "without having to summon an overworked employee to open it first," reports The Verge. The feature is currently being trialed in a handful of stores, but will be expanded to many more locations later this year if it goes well. From the report: According to The Wall Street Journal, "app users need to be logged in, on the local store Wi-Fi, and with their device's Bluetooth enabled to activate the feature." You've also got to be a member of the CVS loyalty program if you want the convenience of grabbing secured merchandise without calling for help. Signing up for that gives CVS plenty of insight into your shopping habits, so keep that in mind as you weigh the convenience of not waiting around. "People really, really dislike locked cabinets," Tilak Mandadi, executive vice president of ventures at CVS Health, told the Journal. Walmart has apparently come to the same realization, as the massive US retailer conducted a similar test last year. CVS aims to expand the program to around 15 stores soon and eventually reach national availability if all goes well.

Read more of this story at Slashdot.

A team of biologists have found that it takes microplastics consumed by mice just a few hours to reach their brains. "Wondering if the plastic in their brains was causing any impairment, the researchers tested several of the mice and found that many of them experienced memory loss, reductions in motor skills and lower endurance," reports Phys.Org. From the report: In this new effort, the research team sought to learn more about the medical impact of a mammal consuming different sizes of microplastics. The experiments consisted of feeding test mice water with different sized bits of fluorescent plastic in it, from micro to nano. They then tracked the progress of the plastic bits to see where they wound up in the bodies of the mice. Knowing that the plastic would make its way from the digestive tract into the bloodstream, the researchers used two-photon microscopy to capture imagery of it inside blood vessels. Also, suspecting that the tiniest bits would make it into their brains, the team installed tiny windows in their skulls, allowing them to track the movement of the plastic in their brains. In studying the imagery they created, the researchers were able to watch as the plastics made their way around the mice's bodies, eventually reaching their brains. They also noted that the plastic bits tended to get backed up, like cars in a traffic jam at different points. In taking a closer look at some of the backups in the brain, the researchers found that the plastic bits had been captured by immune cells, which led to even more backups. The findings have been published in the journal Science Advances.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Bolstered by Silicon Valley investment, scientists are making such rapid progress that lab-grown human eggs and sperm could be a reality within a decade, a meeting of the Human Fertilization and Embryology Authority board heard last week (PDF). In-vitro gametes (IVGs), eggs or sperm that are created in the lab from genetically reprogrammed skin or stem cells, are viewed as the holy grail of fertility research. The technology promises to remove age barriers to conception and could pave the way for same-sex couples to have biological children together. It also poses unprecedented medical and ethical risks, which the HFEA now believes need to be considered in a proposed overhaul of fertility laws. Peter Thompson, chief executive of the HFEA, said: "In-vitro gametes have the potential to vastly increase the availability of human sperm and eggs for research and, if proved safe, effective, and publicly acceptable, to provide new fertility treatment options for men with low sperm counts and women with low ovarian reserve." The technology also heralds more radical possibilities including "solo parenting" and "multiplex parenting." Julia Chain, chair of HFEA, said: "It feels like we ought to have Steven Spielberg on this committee," in a brief moment of levity in the discussion of how technology should be regulated. Lab-grown eggs have already been used produce healthy babies in mice -- including ones with two biological fathers. The equivalent feat is yet to be achieved using human cells, but US startups such as Conception and Gameto claim to be closing in on this prize. The HFEA meeting noted that estimated timeframes ranged from two to three years -- deemed to be optimistic -- to a decade, with several clinicians at the meeting sharing the view that IVGs appeared destined to become "a routine part of clinical practice." The clinical use of IVGs would be prohibited under current law and there would be significant hurdles to proving that IVGs are safe, given that any unintended genetic changes to the cells would be passed down to all future generations. The technology also opens up myriad ethical issues. Thompson said: "Research on IVGs is progressing quickly but it is not yet clear when they might be a viable option in treatment. IVGs raise important questions and that is why the HFEA has recommended that they should be subject to statutory regulation in time, and that biologically dangerous use of IVGs in treatment should never be permitted." "This is the latest of a range of detailed recommendations on scientific developments that we are looking at to future-proof the HFE Act, but any decisions around UK modernizing fertility law are a matter for parliament."

Read more of this story at Slashdot.

sciencehabit shares a report from Science: Legend has it that if you walk along Old Light Road in Summerville, South Carolina, you might see an eerie glow hovering over an abandoned rail line in the nearby woods. Old-timers will tell you it's a spectral lantern held by the apparition of a woman searching for her decapitated husband's head. Susan Hough has proposed a scientific explanation that is far more plausible, however. A seismologist with the U.S. Geological Survey, she believes the so-called Summerville Light could represent a rare natural phenomenon: earthquake lights. Sparks from steel rail tracks could ignite radon or other gases released from the ground by seismic shaking, Hough explains in an interview with Science. In Summerville, I think it's the railroad tracks that matter. I've crawled around tracks during my fieldwork in South Carolina. Historically, when [rail companies] replaced tracks, they didn't always haul the old track away. So, you've got heaps of steel out there. Sparks might be part of the story. And maybe the railroads are important for another reason. They may naturally follow fault lines that have carved corridors through the landscape. The findings have been published in the journal Seismological Research Letters. Hough also cites a paper published by Japanese scientist Yuji Enomoto that connects earthquake lights to the release of gases like radon or methane.

Read more of this story at Slashdot.

Google has appealed a record $4.5 billion EU antitrust fine to the European Court of Justice, arguing that the European Commission's decision punished its innovation and imposed unfair penalties for agreements requiring pre-installation of its apps on Android devices. Reuters reports: Google's appeal to the Luxembourg-based Court of Justice of the European Union comes two years after a lower tribunal sided with the European Commission which said the company used its Android mobile operating system to quash rivals. The lower court trimmed the fine to 4.1 billion euros. "Google does not contest or shy away from its responsibility under the law, but the Commission also has a responsibility when it runs investigations, when it seeks to reshape markets and second-guess pro-competitive business models, and when it imposes multi-billion-euro fines," Google lawyer Alfonso Lamadrid told the court. "In this case, the Commission failed to discharge its burden and its responsibility and, relying on multiple errors of law, punished Google for its superior merits, attractiveness and innovation," he said. The final ruling is expected in the coming months and cannot be appealed.

Read more of this story at Slashdot.

During the first press briefing of Donald Trump's second administration, White House press secretary, Karoline Leavitt, said that the National Security Council was "looking into" the potential security implications of China's DeepSeek AI startup. Axios reports: DeepSeek's low-cost but highly advanced models have shaken the consensus that the U.S. had a strong lead in the AI race with China. Responding to a question from Axios' Mike Allen, Leavitt said President Trump saw this as a "wake-up call" for the U.S. AI industry, but remained confident "we'll restore American dominance." Leavitt said she had personally discussed the matter with the NSC earlier on Tuesday. In the combative tone that characterized much of her first briefing, Leavitt claimed the Biden administration "sat on its hands and allowed China to rapidly develop this AI program," while Trump had moved quickly to appoint an AI czar and loosen regulations on the AI industry. Leavitt also commented on the mysterious drones spotted flying around New Jersey at the end of last year, saying they were "authorized to be flown by the FAA."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Hill: Two federal employees are suing the Office of Personnel Management (OPM) to block the agency from creating a new email distribution system -- an action that comes as the information will reportedly be directed to a former staffer to Elon Musk now at the agency. The suit (PDF), launched by two anonymous federal employees, ties together two events that have alarmed members of the federal workforce and prompted privacy concerns. That includes an unusual email from OPM last Thursday reviewed by The Hill said the agency was testing "a new capability" to reach all federal employees -- a departure from staffers typically being contacted directly by their agency's human resources department. Also cited in the suit is an anonymous Reddit post Monday from someone purporting to be an OPM employee, saying a new server was installed at their office after a career employee refused to set up a direct line of communication to all federal employees. According to the post, instructions have been given to share responses to the email to OPM chief of staff Amanda Scales, a former employee at Musk's AI company. Federal agencies have separately been directed to send Scales a list of all employees still on their one-year probationary status, and therefore easier to remove from government. The suit says the actions violate the E-Government Act of 2002, which requires a Privacy Impact Assessment before pushing ahead with creation of databases that store personally identifiable information. Kel McClanahan, executive director of National Security Counselors, a non-profit law firm, noted that OPM has been hacked before and has a duty to protect employees' information. "Because they did that without any indications to the public of how this thing was being managed -- they can't do that for security reasons. They can't do that because they have not given anybody any reason to believe that this server is secure.that this server is storing this information in the proper format that would prevent it from being hacked," he said. McClanahan noted that the emails appear to be an effort to create a master list of federal government employees, as "System of Records Notices" are typically managed by each department. "I think part of the reason -- and this is just my own speculation -- that they're doing this is to try and create that database. And they're trying to sort of create it by smushing together all these other databases and telling everyone who receives the email to respond," he said.

Read more of this story at Slashdot.

During the first press briefing of Donald Trump's second administration, White House press secretary, Karoline Leavitt, said the mysterious drones spotted flying around New Jersey at the end of last year were "authorized to be flown by the FAA." "After research and study, the drones that were flying over New Jersey in large numbers were authorized to be flown by the FAA for research and various other reasons," she said, adding that "many of these drones were also hobbyists, recreational and private individuals that enjoy flying drones." Leavitt added: "In time, it got worse due to curiosity. This was not the enemy." The drone sightings prompted local and federal officials to urge Congress to pass drone-defense legislation. The FAA issued a monthslong ban on drone flights over a large swatch of New Jersey while authorities invested the sightings. The Biden administration insisted that the drones were "nothing nefarious" and that there was "no sense of danger."

Read more of this story at Slashdot.

The XB-1, a civilian supersonic jet developed by Boom Supersonic, successfully broke the sound barrier during a test flight over the Mojave Desert. It reached an altitude of 35,290 feet before accelerating to Mach 1.22, the company said in a press release. CBS News reports: It marks the first time an independently developed jet has broken the sound barrier, Boom Supersonic said, and the plane is the "first supersonic jet made in America." The sound barrier was broken for the first time in 1947, when Air Force pilot Capt. Chuck Yeager flew a rocket-propelled experimental aircraft across the Mojave Desert -- taking off from the Mojave Air and Space Port just as the XB-1 did. [...] The company will next focus its attention on Overture, a supersonic airliner that will ultimately "bring the benefits of supersonic flight to everyone," Boom Supersonic founder and CEO Blake Scholl said in a statement. The XB-1 jet will be the foundation for Overture, Boom Supersonic said, and many features present on the jet will also be incorporated into the supersonic airliner. The airliner will also use Boom Supersonic's bespoke propulsion system, Symphony, to run on "up to 100% sustainable aviation fuel." The company said the goal for the plane is for it to be able to carry between 64 and 80 passengers at Mach 1.7, or about 1,295 miles per hour. Existing subsonic airliners fly at between 550 and 600 miles per hour, according to charter company Bitlux. About 130 Overture planes have been pre-ordered, the company said. Airlines including American Airlines, United Airlines and Japan Airlines have placed pre-orders. The company finished building a "superfactory" in North Carolina in 2024, and will eventually produce 66 planes per year.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...] The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities. SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

Read more of this story at Slashdot.