RSS 생중계

Security updates have been issued by Debian (gnutls28, openssh, and pam-pkcs11), Mageia (microcode and python-cryptography), Oracle (nodejs:18, nodejs:20, and rsync), Red Hat (gcc, nodejs:20, and nodejs:22), SUSE (emacs, kernel, openvswitch, and ucode-intel), and Ubuntu (Docker).

India's Tata Consultancy Services allegedly manipulated U.S. visa programs by falsifying management credentials for foreign workers, according to lawsuits and federal data obtained by Bloomberg News. TCS, India's largest IT services firm, received upwards of 6,500 L-1A visas for managers from October 2019 through September 2023, more than the next seven largest recipients combined. In contrast, TCS categorized fewer than 600 of its 31,000 U.S.-based employees as executives and managers in a 2022 federal report. Former TCS manager Anil Kini alleged in a lawsuit that in January 2017, a senior manager ordered him to alter organizational charts to hide discrepancies for employees without management responsibilities. The Equal Employment Opportunity Commission found "credible documentary evidence" that TCS "frequently falsifies documents in support of L-1 visa applications," according to a 2019 letter. L-1A visas for managers, unlike H-1B visas, have no pay requirements or caps. TCS has denied wrongdoing, saying it "strongly refutes these inaccurate allegations by certain ex-employees, which have previously been dismissed by multiple courts."

Read more of this story at Slashdot.

PAjamian writes: Two years ago Red Hat announced an end to its public source code availability. This caused a great deal of outcry from the Enterprise Linux community at large. Since then many have waited for a statement from the Free Software Foundation concerning their stance on the matter. Now, nearly two years later the FSF has finally responded to questions regarding their stance on the issue with the following statement: Generally, we don't agree with what Red Hat is doing. Whether it constitutes a violation of the GPL would require legal analysis and the FSF does not give legal advice. However, as the stewards of the GNU GPL we can speak how it is intended to be applied and Red Hat's approach is certainly contrary to the spirit of the GPL. This is unfortunate, because we would expect such flagship organizations to drive the movement forward. When asked if the FSF would be willing to intervene on behalf of the community they had this to say:As of today, we are not aware of any issue with Red Hat's new policy that we could pursue on legal grounds. However, if you do find a violation, please follow these instructions and send a report to license-violation@gnu.org. Following is the full text of my original email to them and their response: Subject: Statement about recent changes in source code distribution for Red Hat Enterprise LinuxDate: 2023-07-16 00:39:51 > Hi,>> I'm a user of Red Hat Enterprise Linux, Rocky Linux and other Linux> distributions in the RHEL ecosystem. I am also involved in the EL> (Enterprise Linux) community which is being affected by the statements> and changes in policy made by Red Hat at> https://www.redhat.com/en/blog/furthering-evolution-centos-stream and> https://www.redhat.com/en/blog/red-hats-commitment-open-source-> response-gitcentosorg-changes> (note there are many many more links and posts about this issue which> I> believe you are likely already aware of). While a few of these> questions are answered more directly by the license FAQ some of them> are> not and there are a not insignificant number of people who would very> much appreciate a public statement from the FSF that answers these> questions directly.>> Can you please comment or release a statement about the Free Software> Foundation's position on this issue? Specifically:> Thank you for writing in with your questions. My apologies for the delay, but we are a small team with limited resources and can be challenging keeping up with all the emails we receive. Generally, we don't agree with what Red Hat is doing. Whether it constitutes a violation of the GPL would require legal analysis and the FSF does not give legal advice. However, as the stewards of the GNU GPL we can speak how it is intended to be applied and Red Hat's approach is certainly contrary to the spirit of the GPL. This is unfortunate, because we would expect such flagship organizations to drive the movement forward. > Is Red Hat's removal of sources from git.centos.org a violation of the> GPL and various other Free Software licenses for the various programs> distributed under RHEL?>> Is Red Hat's distribution of source RPMs to their customers under> their> subscriber agreement sufficient to satisfy the above mentioned> licenses?>> Is it a violation if Red Hat terminates a subscription early because> their customer exercised their rights under the GPL and other Free> Software licenses to redistribute the RHEL sources or create> derivative> works from them?>> Is it a violation if Red Hat refuses to renew a subscription that has> expired because a customer exercised their rights to redistribute or> create derivative works?>> A number of the programs distributed with RHEL are copyrighted by the> FSF, some examples being bash, emacs, GNU core utilities, gcc, gnupg> and> glibc. Given that the FSF has standing to act in this matter would> the> FSF be willing to intervene on behalf of the community in order to get> Red Hat to correct any of the above issues?> As of today, we are not aware of any issue with Red Hat's new policy that we could pursue on legal grounds. However, if you do find a violation, please [follow these instructions][0] and send a report to <license-violation@gnu.org>. [0]: https://www.gnu.org/licenses/gpl-violation.html If you are interested in something more specific on this, the Software Freedom Conservancy [published an article about the RHEL][1] situation and hosted a [panel at their conference in 2023][2]. These cover the situation fairly thoroughly. [1]: https://sfconservancy.org/blog/2023/jun/23/rhel-gpl-analysis/[2]: https://sfconservancy.org/blog/2023/jul/19/rhel-panel-fossy-2023/

Read more of this story at Slashdot.

Former PlayStation executive Shuhei Yoshida has attributed the current wave of video game industry layoffs and slowdown to companies overextending during the COVID-19 pandemic. "I think it's an overreaction to the COVID situation. Companies invested too much, including ourselves. Then we had to face reality and make adjustments," Yoshida told VentureBeat in an interview. Yoshida, who left Sony in January after 31 years at PlayStation, suggested the industry's growth would have been more stable without the pandemic-driven surge. "If you take out the COVID years you'd have smoother growth over the years," he said. Yoshida's comments come amid widespread job cuts across the gaming sector, including at Sony, Microsoft, Epic Games, and other major publishers following a post-pandemic decline in gaming engagement.

Read more of this story at Slashdot.

xAI has launched Grok 3, the latest iteration of its large language model, alongside new capabilities for its iOS and web applications. The model has been trained on approximately 200,000 GPUs in a Memphis data center, representing what CEO Elon Musk claims is a tenfold increase in computing power compared to its predecessor. The new release introduces two specialized variants: Grok 3 Reasoning and Grok 3 mini Reasoning, designed to methodically analyze problems similar to OpenAI's o3-mini and DeepSeek's R1 models. According to xAI's benchmarks, Grok 3 outperforms GPT-4o on several technical evaluations, including AIME for mathematical reasoning and GPQA for PhD-level science problems. A notable addition is the DeepSearch feature, which combs through web content and X posts to generate research summaries. The platform will be available through X's Premium+ subscription and a new SuperGrok tier ($30/month or $300/year), with the latter offering enhanced reasoning capabilities and unlimited image generation. To prevent knowledge extraction through model distillation -- a technique recently attributed to DeepSeek's alleged copying of OpenAI's models -- xAI has implemented measures to obscure the reasoning models' thought processes in the Grok app. The company plans to release the Grok 2 model as open source once Grok 3 achieves stability.

Read more of this story at Slashdot.

SanDisk aims to produce petabyte-scale SSDs through its new UltraQLC platform, though the company has not specified a release timeline. The technology, it said, combines SanDisk's BICS 8 QLC 3D NAND with a proprietary 64-channel controller featuring hardware accelerators that offload storage functions from firmware to reduce latency and improve reliability. The initial UltraQLC drives will use 2Tb NAND chips to reach 128TB capacities, with future iterations targeting 256TB, 512TB, and eventually 1PB as higher-density NAND becomes available. The controller dynamically adjusts power based on workload and employs an advanced bus multiplexer to handle increased data loads from high-density QLC stacks, the company said.

Read more of this story at Slashdot.

NAND flash prices are expected to slide due to oversupply, forcing memory chipmakers to cut production to match lower-than-expected orders from PC and smartphone manufacturers. From a report: The superabundance of stock is putting a financial strain on suppliers of NAND flash, according to TrendForce, which says growth rate forecasts are being revised down from 30 percent to 10-15 percent for 2025. "NAND flash manufacturers have adopted more decisive production cuts, scaling back full-year output to curb bit supply growth. These measures are designed to swiftly alleviate market imbalances and lay the groundwork for a price recovery," TrendForce stated. Shrish Pant, Gartner director analyst and technology product leader, expects NAND flash pricing to remain weak for the first half of 2025, though he projects higher bit shipments for SSDs in the second half due to continuing AI server demand. "Vendors are currently working tirelessly to discipline supply, which will lead to prices recovering in the second half of 2025. Long term, AI demand will continue to drive the demand for higher-capacity/better-performance SSDs," Pant said. Commenting on the seasonal nature of the memory market, Pant told The Register: "Buying patterns will mean that NAND flash prices will remain cyclical depending on hyperscalers' buying behavior."

Read more of this story at Slashdot.

Mexico has threatened legal action against Google after the tech company refused to fully restore the name Gulf of Mexico on its mapping service, escalating a dispute sparked by U.S. President Donald Trump's move to rename the body of water. Google Maps currently displays the water body as Gulf of America within U.S. territory, Gulf of Mexico within Mexican borders, and Gulf of Mexico (Gulf of America) elsewhere, according to a letter from Google vice president Cris Turner to Mexican President Claudia Sheinbaum. Mexico argues the policy violates its sovereignty since the U.S. controls only 46% of the gulf, while Mexico and Cuba control 49% and 5% respectively. The historic name Gulf of Mexico, dating to 1607, is recognized by the United Nations. The dispute has strained U.S.-Mexico relations, with the White House barring Associated Press reporters from events over the news agency's naming policy.

Read more of this story at Slashdot.

Apps offering lifetime subscriptions may pose risks despite potential cost savings, according to cybersecurity experts and analysts. While some lifetime plans can pay off quickly - like dating app Bumble's $300 premium subscription that breaks even in five months - others require years of use to justify hefty upfront costs. Meditation app Waking Up charges $1,500 for lifetime access, requiring over 11 years of use to recoup the investment. Security researchers warn against lifetime subscriptions for services with high recurring costs like VPNs and cloud storage. Such providers may compromise user privacy or cut corners on infrastructure to offset losses, said Trevor Hilligoss, senior vice president at cybercrime research group SpyCloud Labs.

Read more of this story at Slashdot.

An anonymous reader shares a report: JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilizing the service for fraud. Zelle is a highly popular digital payments network that allows users to transfer money quickly and securely between bank accounts. It is also integrated into the mobile apps of many banks in the United States, allowing for almost instant transfers without requiring cash or checks but lacking one crucial feature: purchase protection.

Read more of this story at Slashdot.

White-collar workers are facing their deepest hiring slump in a decade, with one in four U.S. job losses last year hitting professional workers, according to S&P Global. A 2024 Vanguard report shows hiring for employees earning over $96,000 has fallen to its lowest level since 2014. The downturn has been particularly severe for job seekers â" 40% of applicants failed to secure even a single interview in 2024, according to a survey of 2,000 respondents by the American Staffing Association and The Harris Poll. Technology and high interest rates appear to be driving the decline, with companies reassessing their workforce needs amid AI adoption and economic pressures. While hiring remains steady for those earning under $55,000 annually, the market continues to be especially challenging for mid-career professionals and higher earners.

Read more of this story at Slashdot.

Reddit moderators are struggling to police AI-generated content on the platform, according to ArsTechnica, with many expecting the challenge to intensify as the technology becomes more sophisticated. Several popular Reddit communities have implemented outright bans on AI-generated posts, citing concerns over content quality and authenticity. The moderators of r/AskHistorians, a forum known for expert historical discussion, said that AI content "wastes our time" and could compromise the subreddit's reputation for accurate information. Moderators are currently using third-party AI detection tools, which they describe as unreliable. Many are calling on Reddit to develop its own detection system, the report said.

Read more of this story at Slashdot.

A tech enthusiast has successfully transplanted the internal components of an iPhone SE 3 into the body of a Nokia Lumia 1020 Windows Phone, according to a post on Reddit's r/hackintosh forum. The modification preserves all key functions of the iPhone SE 3, including its 12-megapixel camera, 5G capabilities, and Touch ID sensor, which has been relocated to the back of the device. The project retains the Lumia 1020's distinctive design while upgrading its outdated microUSB port to Apple's Lightning connector. The creator adapted the Lumia's original camera shutter button to work as a secondary volume control that can trigger photos in the iPhone's camera app. The only significant feature lost in the conversion was the headphone jack.

Read more of this story at Slashdot.

Ten years after publishing his influential book on data privacy, security expert Bruce Schneier warns that surveillance has only intensified, with both government agencies and corporations collecting more personal information than ever before. "Nothing has changed since 2015," Schneier told The Register in an interview. "The NSA and their counterparts around the world are still engaging in bulk surveillance to the extent of their abilities." The widespread adoption of cloud services, Internet-of-Things devices, and smartphones has made it nearly impossible for individuals to protect their privacy, said Schneier. Even Apple, which markets itself as privacy-focused, faces limitations when its Chinese business interests are at stake. While some regulation has emerged, including Europe's General Data Protection Regulation and various U.S. state laws, Schneier argues these measures fail to address the core issue of surveillance capitalism's entrenchment as a business model. The rise of AI poses new challenges, potentially undermining recent privacy gains like end-to-end encryption. As AI assistants require cloud computing power to process personal data, users may have to surrender more information to tech companies. Despite the grim short-term outlook, Schneier remains cautiously optimistic about privacy's long-term future, predicting that current surveillance practices will eventually be viewed as unethical as sweatshops are today. However, he acknowledges this transformation could take 50 years or more.

Read more of this story at Slashdot.

It is a standard practice to use milestones to reflect on the achievements of a project, such as the anniversary of its first release or first commit. Usually, these are observed at five and ten‑year increments; the tenth anniversary of the 1.0 release, or 25 years since from the first public announcement, etc. Lennart Poettering, however, took a different approach at FOSDEM 2025 with a keynote commemorating 14 years of systemd, and a brief look ahead at his goals and systemd's challenges for the future.

Apple is exploring ways to monetize its Maps app by introducing paid business listings and prioritized search results, Bloomberg News reports, citing an internal company meeting with the Maps team. The initiative would allow businesses to pay for higher placement in search results and more prominent display on maps, similar to Google Maps' advertising model. While no timeline has been set and no active development is underway, the move would mark Apple's first attempt to generate direct revenue from its mapping service. The potential Maps monetization comes as Apple expands its advertising business across other services. The company has previously increased its focus on search ads in the App Store and recently added advertising to its News and Stocks apps, as well as its sports content.

Read more of this story at Slashdot.

Greg Kroah-Hartman has released three more stable kernels: 6.13.3, 6.12.14, and 6.6.78. There was a bit of confusion that resulted in the patch for CVE 2025-21687 getting applied twice — but that doesn't result in any problems for users of the kernel, just a bit of extra noise in the CVE database, so Kroah-Hartman has decided to leave the releases as-is instead of rushing another point release.

Junior software developers' overreliance on AI coding assistants is creating knowledge gaps in fundamental programming concepts, developer Namanyay Goel argued in a post. While tools like GitHub Copilot and Claude enable faster code shipping, developers struggle to explain their code's underlying logic or handle edge cases, Goel wrote. Goel cites the decline of Stack Overflow, a technical forum where programmers historically found detailed explanations from experienced developers, as particularly concerning.

Read more of this story at Slashdot.

Security updates have been issued by AlmaLinux (container-tools:rhel8, gcc, libxml2, nodejs:18, and nodejs:20), Debian (freerdp2, golang-glog, trafficserver, and tryton-client), Fedora (chromium, krb5, libheif, microcode_ctl, nginx, nginx-mod-fancyindex, nginx-mod-modsecurity, nginx-mod-naxsi, nginx-mod-vts, and webkitgtk), Mageia (ffmpeg, golang, postgresql13 and postgresql15, and python-zipp), Oracle (container-tools:ol8, gcc, gcc-toolset-13-gcc, gcc-toolset-14-gcc, kernel, libxml2, and nodejs:20), Red Hat (gcc, idm:DL1, and ipa), SUSE (buildah, chromium, glibc, kernel, kernel-firmware-all-20250206, libecpg6, postgresql15, python, python3, python311, and ruby3.4-rubygem-rack), and Ubuntu (intel-microcode).

"Amazon required employees to work from the office five days a week starting January 2nd," writes the Seattle Times, "a change from the company's three-day in-office mandate that had been in effect since May 2023." And as Seattle's largest employer (with 50,000 Seattle-based workers), this had an impact, according to data the Times cites from the nonprofit Downtown Seattle Association: In January, downtown Seattle recorded the second-highest daily average for weekday worker foot traffic since March 2020. It also saw 2 million unique visitors on its sidewalks last month. That represents 94% of the visitors downtown Seattle saw in January 2019, the Downtown Seattle Association found... In a statement Friday, Amazon said "we're excited by the innovation, collaboration and connection we've seen already with our teams working in person together...." Jon Scholes [the president of the Downtown Seattle Association] said Amazon's return has been a boon for downtown Seattle. As the city's largest employer, its mandate instantly brought more people to shop and dine around South Lake Union, the Denny Triangle and surrounding neighborhoods... "I think we're seeing people get reacquainted with the reasons they liked working downtown prepandemic," Scholes said. He expects to continue seeing an uptick in foot traffic over the course of the year as more companies follow Amazon's lead and the weather warms up. But Seattle magazine says the statistics show foot traffic in neighborhoods where Amazon's offices are located (South Lake Union and Denny Regrade) "at 74% of that of January 2019. Overall, downtown-area foot traffic was 9% higher than it was a year ago, though only 57% of the pre-pandemic average."

Read more of this story at Slashdot.