Hackers from the group UNC2891 attempted a high-tech bank heist by physically planting a 4G-enabled Raspberry Pi inside a bank's ATM network, using advanced malware hidden with a never-before-seen Linux bind mount technique to evade detection. "The trick allowed the malware to operate similarly to a rootkit, which uses advanced techniques to hide itself from the operating system it runs on," reports Ars Technica. Although the plot was uncovered before the hackers could hijack the ATM switching server, the tactic showcased a new level of sophistication in cyber-physical attacks on financial institutions. The security firm Group-IB, which detailed the attack in a report on Wednesday, didn't say where the compromised switching equipment was located or how attackers managed to plant the Raspberry Pi. Ars Technica reports: To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank's monitoring server as an intermediary. The monitoring server was chosen because it had access to almost every server within the data center. As Group-IB was initially investigating the bank's network, researchers noticed some unusual behaviors on the monitoring server, including an outbound beaconing signal every 10 minutes and repeated connection attempts to an unknown device. The researchers then used a forensic tool to analyze the communications. The tool identified the endpoints as a Raspberry Pi and the mail server but was unable to identify the process names responsible for the beaconing.

The researchers then captured the system memory as the beacons were sent. The review identified the process as lightdm, a process associated with an open source LightDM display manager. The process appeared to be legitimate, but the researchers found it suspicious because the LightDM binary was installed in an unusual location. After further investigation, the researchers discovered that the processes of the custom backdoor had been deliberately disguised in an attempt to throw researchers off the scent.

[Group-IB Senior Digital Forensics and Incident Response Specialist Nam Le Phuong] explained: "The backdoor process is deliberately obfuscated by the threat actor through the use of process masquerading. Specifically, the binary is named "lightdm", mimicking the legitimate LightDM display manager commonly found on Linux systems. To enhance the deception, the process is executed with command-line arguments resembling legitimate parameters -- for example, lightdm -- session child 11 19 -- in an effort to evade detection and mislead forensic analysts during post-compromise investigations. These backdoors were actively establishing connections to both the Raspberry Pi and the internal Mail Server."

[ Read more of this story ]( https://it.slashdot.org/story/25/07/31/2241259/in-search-of-riches-hackers-plant-4g-enabled-raspberry-pi-in-bank-network?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

fjo3 shares a report from the Associated Press: The Trump administration announced it is launching a new program that will allow Americans to share personal health data and medical records across health systems and apps run by private tech companies, promising that will make it easier to access health records and monitor wellness. More than 60 companies, including major tech companies like Google, Amazon and Apple as well as health care giants like UnitedHealth Group and CVS Health, have agreed to share patient data in the system. The initiative will focus on diabetes and weight management, conversational artificial intelligence that helps patients, and digital tools such as QR codes and apps that register patients for check-ins or track medications.

Officials at the Centers for Medicare and Medicaid Services, who will be in charge of maintaining the system, have said patients will need to opt in for the sharing of their medical records and data, which will be kept secure. Those officials said patients will benefit from a system that lets them quickly call up their own records without the hallmark difficulties, such as requiring the use of fax machines to share documents, that have prevented them from doing so in the past.

Popular weight loss and fitness subscription service Noom, which has signed onto the initiative, will be able to pull medical records after the system's expected launch early next year. That might include labs or medical tests that the app could use to develop an AI-driven analysis of what might help users lose weight, CEO Geoff Cook told The Associated Press. Apps and health systems will also have access to their competitors' information, too. Noom would be able to access a person's data from Apple Health, for example. "Right now you have a lot of siloed data," Cook said.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/31/2232230/trump-launching-a-new-private-health-tracking-system-with-big-techs-help?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The SEC has launched "Project Crypto" to overhaul outdated securities regulations for a blockchain-based future, aiming to support tokenized assets, crypto trading, and "super apps."

"To achieve President Trump's vision of making America the crypto capital of the world, the SEC must holistically consider the potential benefits and risks of moving our markets from an off-chain environment to an on-chain one," SEC chair Paul Atkins said at the "American Leadership in the Digital Finance Revolution" conference on Thursday. "I have directed the Commission staff to update antiquated agency rules and regulations to unleash the potential of on-chain software systems in our securities markets ... Federal securities laws have always assumed the involvement of intermediaries that require regulation, but this does not mean that we should interpose intermediaries for the sake of forcing intermediation where the markets can function without them." CNBC reports: Atkins, the SEC chair, highlighted "super apps" (such as one Coinbase introduced two weeks ago) as a priority of his chairmanship, noting the need to allow the apps to thrive with an "efficient licensing structure," rather than subject to multiple regulatory authorities.

So-called super apps like WeChat and Alipay -- which bundle several different services and functionalities into a single mobile app -- have long been viewed as the holy grail of financial technology by the industry. They're central to everyday life in China but haven't been successfully replicated in the West. Meta Platforms and X have made attempts to realize that vision, integrating payments, messaging and social content, among other functions.

Atkins also said the Trump administration will work to prevent "innovative" companies from being driven offshore by burdensome regulations, and said the SEC "will encourage our nation's builders rather than constrain them with red tape and one-size-fits-all rules."

[ Read more of this story ]( https://slashdot.org/story/25/07/31/2220225/sec-debuts-project-crypto-to-bring-us-financial-markets-on-chain?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from TorrentFreak: Efforts to introduce pirate site blocking to the United States continue with the introduction of the "Block BEARD" bill (PDF) in the Senate. The bipartisan proposal, backed by Senators Tillis, Coons, Blackburn, and Schiff, aims to create a new legal mechanism to combat foreign piracy websites. Block BEARD is similar to the previously introduced House bill "FADPA", but doesn't directly mention DNS resolvers. [...] The site-blocking proposal seeks to amend U.S. copyright law, enabling rightsholders to request federal courts to designate online locations as a "foreign digital piracy site". If that succeeds, courts can subsequently order U.S. service providers to block access to these sites.

Pirate site designation would be dependent on rightsholders showing that they are harmed by a site's activities, that reasonable efforts had been made to notify the site's operator, and that a reasonable investigation confirms the operator is not located within the United States. Additionally, rightsholders must show that the site is primarily designed for piracy, has limited commercial purpose, or is intentionally marketed by its operator to promote copyright-infringing activities. If the court classifies a website as a foreign pirate site, rightsholders can go back to court to request a blocking order. At this stage, the court will determine whether it is technically and practically feasible for ISPs to block the site, and consider any potential harm to the public interest. The granted orders would stay in place for a year with the option to extend if necessary. If blocked sites switch to new locations, the court can also amend blocking orders to include new IP addresses and domain names.

The Block BEARD bill broadly applies to service providers as defined in section 512(k)(1)(A) of the DMCA. This is a broad definition that applies to residential ISPs, but also to search engines, social media platforms, and DNS resolvers. Service providers with fewer than 50,000 subscribers are explicitly excluded, and the same applies to venues such as coffee shops, libraries, and universities that offer internet access to visitors. Unlike the FADPA bill introduced by Representative Lofgren earlier this year, the Senate bill does not specifically mention DNS resolvers. Block BEARD does not mention VPNs, but its broad definition of "service provider" could be interpreted to include them. The proposal states that providers have the option to contest their inclusion in a blocking order. Once an order is issued, they would have the freedom to choose their own blocking techniques. There are no transparency requirements mentioned in the bill, so if and how the public is informed is unclear.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/31/2059247/us-senators-introduce-new-pirate-site-blocking-bill-block-beard?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Brazil has launched a massive program to release millions of laboratory-bred mosquitoes engineered to carry Wolbachia bacteria, which prevents them from transmitting dengue virus. The initiative aims to protect 140 million Brazilians across 40 municipalities over the next decade.

The approach has already demonstrated significant results in Niteroi, where officials documented a roughly 90% drop in dengue cases when comparing the 10 years prior to the modified mosquitoes' introduction to the five years afterward. Nearly all mosquitoes in the city now carry the Wolbachia bacteria. Cases of chikungunya and Zika also fell by over 96% and 99% respectively.

The World Mosquito Program operates high-tech breeding facilities, including one in Rio de Janeiro that produces mosquitoes by the millions. A new factory in Curitiba will produce 5 billion mosquitoes in its first year. The Wolbachia bacteria, naturally present in roughly half of all insect species, creates conditions where dengue virus cannot replicate inside mosquitoes, effectively breaking the transmission cycle when these modified insects bite humans.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/31/2040215/brazil-deploys-millions-of-lab-bred-mosquitoes-to-combat-dengue-epidemic?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

CISA has publicly released Thorium, a powerful open-source platform developed with Sandia National Labs that automates malware and forensic analysis at massive scale. According to BleepingComputer, the platform can "schedule over 1,700 jobs per second and ingest over 10 million files per hour per permission group." From the report: Security teams can use Thorium for automating and speeding up various file analysis workflows, including but not limited to:
- Easily import and export tools to facilitate sharing across cyber defense teams,
- Integrate command-line tools as Docker images, including open-source, commercial, and custom software,
- Filter results using tags and full-text search,
- Control access to submissions, tools, and results with strict group-based permissions,
- Scale with Kubernetes and ScyllaDB to meet workload demands.

Defenders can find installation instructions and get their own copy of Thorium from CISA's official GitHub repository.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/31/2033245/cisa-open-sources-thorium-platform-for-malware-forensic-analysis?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Apple reported its strongest quarterly revenue growth since 2021, with iPhone sales jumping 13% and total revenue up 10%. CEO Tim Cook also announced increased AI investments and hinted at future acquisitions to accelerate Apple's AI roadmap. CNBC reports: "It was an exceptional quarter by any measure," Apple CEO Tim Cook told CNBC's Steve Kovach. Cook said that about 1% of the company's 10 percentage points of revenue growth could be attributed to customers buying more products to get ahead of potential tariffs. The company's most important business remains the iPhone, which saw 13% growth on an annual basis during the quarter to $44.58 billion in sales. Cook said that iPhone revenue was strong because the iPhone 16 is more popular compared to the iPhone 15 devices on sale last year at the same time. Cook said iPhone 16 sales were up "strong double digits" versus its predecessor. Cook specifically highlighted popularity among current iPhone users upgrading to a new one.

Apple's Mac business grew the fastest of any of Apple's units during the June quarter, growing nearly 15% to $8.05 billion in revenue. Apple released updated MacBook Air laptops, its best-selling Mac, just before the quarter started. The company's services business, which includes the company's warranties, content subscriptions, licensing deals with Google, and iCloud continued to grow to $27.42 billion in the period, a 13% increase. Cook highlighted growth in the company's iCloud subscriptions and said App Store revenue grew "double digits" during the quarter.

The two tougher spots in Apple's report were iPad sales and the company's other products division, which it sometimes calls its wearables. It consists of Apple Watch, AirPods, and other accessories. Revenue for iPad was down 8% to $6.58 billion, despite the company launching a low-cost iPad in March. Apple's wearables unit declined 8.64% to $7.4 billion during the quarter. Apple also saw success in China during the quarter, with sales rising 4% on an annual basis to $15.37 billion. Apple reports its sales from China, Hong Kong and Taiwan in the same unit. It's a reversal from the past two quarters, where Apple's China sales declined 2% in Apple's second fiscal quarter and 11% in the first quarter. Cook said a Chinese subsidy for some devices helped Apple in the region. "The subsidy does apply to some of our products, and it clearly helps," Cook said.

[ Read more of this story ]( https://apple.slashdot.org/story/25/07/31/2045234/apple-reports-biggest-revenue-growth-since-december-2021?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: E-commerce giants everywhere felt the sting Wednesday when President Donald Trump announced that the US will be "suspending duty-free de minimis treatment for low-value shipments" worth $800 or less from anywhere in the world. Americans will likely soon feel the crunch, with one recent study estimating that the cost of eliminating the trade loophole overall to US consumers could fall between $10.9 billion and $13 billion while "disproportionately" hurting "lower-income and minority consumers" who buy a higher percentage of cheap imports.

Price hikes will likely come this fall, as the trade loophole will be closed starting on August 29, with Amazon emerging as perhaps the biggest question mark for US consumers wondering how hard their wallets may be hit by the major trade policy change ahead of the holiday shopping season. In February, Trump temporarily ended the de minimis exemption for all imports from China, prompting China-based retailers Temu and Shein to raise their prices.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/31/2028246/trump-suspends-trade-loophole-for-cheap-online-retailers-globally?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Раскрыта информация о жертвах фишинга, о котором на днях предупреждали администраторы репозитория Python-пакетов PyPI (Python Package Index). В результате рассылки сообщений с уведомлением о необходимости подтвердить свой email, которые ссылались на поддельный сайт pypj.org (буква "j" вместо "i"), удалось захватить учётные записи 4 сопровождающих.

https://www.opennet.ru/opennews/art.shtml?num=63656

Компания Mozilla China объявила о сворачивании предоставляемых в Китае сервисов для пользователей Firefox. С 27 июля остановлена регистрация в китайских вариантах сервисов Firefox Accounts (accounts.firefox.com.cn) и Firefox Community, а также заблокирована возможность публикации сообщений и комментариев в форуме. С 29 сентября сайт firefox.com.cn, форум (mozilla.com.cn), домашняя страница (home.firefoxchina.cn), ресурсы для загрузки и обновления версии Firefox для Китая, а также сервисы для поддержания учётных записей и синхронизации настроек (Firefox Sync) прекратят работу.

https://www.opennet.ru/opennews/art.shtml?num=63652

Apple began selling iPad repair parts to the public in late May following new right-to-repair legislation, but independent repair professionals say the pricing makes most repairs economically unviable. A charge port for an iPad Pro 11 costs $250 from Apple compared to less than $20 for aftermarket parts, Brian Clark of iGuys Tech Shop told 404 Media.

An iPad A16 digitizer costs $200 from Apple versus $50 from third-party suppliers, while the entire iPad A16 retails for $349. The iPad Pro 13 screen assembly costs $749. Jonathan Strange of XiRepair analyzed the parts catalog and found more than one-third of components cost too much for repair shops to use profitably, 404 Media reported Thursday. Strange calculates repair viability by adding $85 labor costs and 10% profit margin to parts prices, then comparing the total to half the device's retail cost.

[ Read more of this story ]( https://apple.slashdot.org/story/25/07/31/193224/apple-is-selling-ipad-repair-parts-for-astronomical-prices?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google lost its appeal Thursday of a judge's order that will force the tech giant to open up its app store to competitors. The 9th Circuit Court of Appeals upheld a lower court ruling requiring Google Play to allow rival marketplaces and billing systems, ending a legal battle that began when Epic Games sued over anticompetitive practices.

A jury sided with Epic in December 2023, finding Google paid phone makers and app developers to use its store exclusively.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/31/1846249/google-loses-epic-games-appeal-must-open-app-store-to-rivals?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

The world's "oldest baby" has been born in the US from an embryo that was frozen in 1994, it has been reported. The Guardian: Thaddeus Daniel Pierce was born on 26 July in Ohio to Lindsey and Tim Pierce, using an "adopted" embryo from Linda Archerd, 62, from more than 30 years ago.

In the early 1990s, Archerd and her then husband decided to try in vitro fertilisation (IVF) after struggling to become pregnant. In 1994 four embryos resulted: one was transferred to Archerd and resulted in the birth of a daughter, who is now 30 and mother to a 10-year-old. The other embryos were cryopreserved and stored.

"We didn't go into it thinking we would break any records," Lindsey told the MIT Technology Review, which first reported the story. "We just wanted to have a baby."

[ Read more of this story ]( https://science.slashdot.org/story/25/07/31/1812236/worlds-oldest-baby-born-from-embryo-frozen-in-1994?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft has abandoned a decades-long tradition of calling out the names of its rivals in regulatory documents. From a report: When the 50-year-old technology company released its annual report Wednesday, the 101-page document contained zero references to longtime foes Apple and IBM.

Nor did it mention privately held challengers such as Anthropic or Databricks. Last year's Microsoft annual report officially designated over 25 companies as competitors. The names of Microsoft's enemies have appeared in its annual reports at least since 1994.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/31/1641202/microsoft-ends-tradition-of-naming-competitors-in-regulatory-filings?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft's internal pay guidelines show exactly how much the company will pay new engineering hires, according to documents obtained by Business Insider. The guidelines, updated in May, break down salary ranges, stock awards, and bonuses for every level from entry-level engineers to the company's most senior technical talent.

The documents come with an important caveat: recruiters can get approval to pay more when competing for exceptional candidates. At Microsoft's highest tier, Level 70 "distinguished engineers" can earn up to $408,000 in annual salary. But the real money comes from stock: these hires get up to $1.9 million in stock when they join, plus annual stock awards reaching $1.476 million.

The company uses different pay scales depending on location. Engineers in expensive markets like San Francisco get higher ranges than those at Microsoft's Redmond headquarters, where most hiring happens. For entry-level engineers at Level 57, Microsoft offers salaries between $83,000 and $108,000 in its main markets, with higher ranges of $95,800 to $124,600 in expensive areas like San Francisco. These new hires get modest stock awards of $5,000 to $13,000 and signing bonuses up to $9,000.

The company considers levels 57 through 59 as entry-level positions. The compensation jumps significantly as engineers advance. By Level 63, when engineers reach senior status, salaries range from $145,000 to $237,600 depending on location, with stock awards reaching $220,000.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/31/1652242/internal-microsoft-documents-detail-pay-scales?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Sony has filed a lawsuit in California court against Tencent, alleging the Chinese company's upcoming game Light of Motiram constitutes a "slavish clone" of Sony's Horizon series.

The complaint details extensive similarities between the games, from post-apocalyptic robot dinosaur settings to red-haired female protagonists. Tencent had approached Sony for licensing deals in 2024, which Sony rejected twice.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/31/1638229/sony-is-suing-tencent-over-shameless-horizon-knock-off-game?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Britain's Competition and Markets Authority concluded that Microsoft and Amazon hold "significant unilateral market power" in cloud services and recommended investigating both companies under new competition rules. The regulator said it had concerns about practices creating customer "lock-in" effects through egress fees and unfavorable licensing terms that trap businesses in difficult-to-exit contracts.

Microsoft and Amazon each control roughly 30-40% of the infrastructure-as-a-service market, while Google holds 5-10%. Microsoft disputed the findings, calling the cloud market "dynamic and competitive." Amazon said the probe recommendations were "unwarranted."

[ Read more of this story ]( https://news.slashdot.org/story/25/07/31/1553241/uk-competition-authority-rains-on-microsoft-and-amazon-cloud-parade?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Beijing has summoned Nvidia over alleged security issues with its chips, in a blow to the US company's push to revive sales in the country after Washington granted approval for the export of a made-for-China chip. From a report: China's cyber regulator on Thursday said it had held a meeting with Nvidia over what it called "serious security issues" with the company's artificial intelligence chips.

It said US AI experts had "revealed that Nvidia's computing chips have location tracking and can remotely shut down the technology." The Cyberspace Administration of China requested that Nvidia explain the security problems associated with the H20 chip, which was designed for the Chinese market to comply with US export restrictions, and submit documentation to support their case.

[ Read more of this story ]( https://slashdot.org/story/25/07/31/157224/china-claims-nvidia-built-backdoor-into-h20-chip-designed-for-chinese-market?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Microsoft has reached a $4 trillion market cap, becoming only the second company to achieve this milestone. Investors drove the stock up 4.62% following the company's fourth-quarter earnings report, which showed strong growth in cloud-computing services fueled by artificial intelligence demand. Microsoft's Azure cloud business generated $75 billion in annual revenue, representing a 34% increase from the previous fiscal year.

Nvidia became the first company to reach the $4 trillion market cap earlier this month.

[ Read more of this story ]( https://slashdot.org/story/25/07/31/1439206/microsoft-joins-4-trillion-club?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A Nature survey of more than 1,100 physicists reveals fundamental disagreements about quantum mechanics' relationship to reality, despite the theory's century-long track record as one of science's most successful frameworks. The survey, conducted to mark quantum mechanics' 100th anniversary, found 36% of researchers favor the Copenhagen interpretation while 17% prefer epistemic approaches that treat quantum states as information rather than physical reality.

Another 15% support the many-worlds interpretation. Researchers split evenly on whether a boundary exists between quantum and classical worlds -- 45% said yes, 45% said no. When asked about the wavefunction's nature, 47% called it a mathematical tool while 36% considered it a representation of physical reality. Only 24% of respondents expressed confidence their chosen interpretation was correct, with others viewing their preference as merely adequate or useful in certain circumstances.

The survey contacted over 15,000 researchers whose recent papers involved quantum mechanics, plus attendees of a centenary meeting on Heligoland island. Despite quantum mechanics enabling technologies from computer chips to medical imaging, physicists remain divided on the physical reality underlying the mathematics.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/31/146255/physicists-disagree-wildly-on-what-quantum-mechanics-says-about-reality?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Developers are growing increasingly frustrated with AI coding tools that produce deceptively flawed solutions, according to Stack Overflow's latest survey of over 49,000 programmers worldwide. The 2025 survey exposes a widening gap between AI adoption and satisfaction: while 84% of developers now use or plan to use AI tools, their trust has cratered.

Only 33% trust AI accuracy today, down from 43% last year. The core problem isn't broken code that developers can easily spot and discard. Instead, two-thirds report wrestling with AI solutions that appear correct but contain subtle errors requiring significant debugging time. Nearly half say fixing AI-generated code takes longer than expected, undermining the productivity gains these tools promise to deliver.

[ Read more of this story ]( https://developers.slashdot.org/story/25/07/31/1314207/stack-overflow-data-reveals-the-hidden-productivity-tax-of-almost-right-ai-code?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Reuters: Australia said on Wednesday it will add YouTube to sites covered by its world-first ban on social media for teenagers, reversing an earlier decision to exempt the Alphabet-owned video-sharing site and potentially setting up a legal challenge. The decision came after the internet regulator urged the government last month to overturn the YouTube carve-out, citing a survey that found 37% of minors reported harmful content on the site, the worst showing for a social media platform.

"I'm calling time on it," Prime Minister Anthony Albanese said in a statement highlighting that Australian children were being negatively affected by online platforms, and reminding social media of their social responsibility. "I want Australian parents to know that we have their backs." The decision broadens the ban set to take effect in December. YouTube says it is used by nearly three-quarters of Australians aged 13 to 15, and should not be classified as social media because its main activity is hosting videos. "Our position remains clear: YouTube is a video sharing platform with a library of free, high-quality content, increasingly viewed on TV screens. It's not social media," a YouTube spokesperson said by email.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/31/0037258/australia-widens-teen-social-media-ban-to-youtube-scraps-exemption?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

В инструментарии SUSE Manager, предназначенном для централизованного управления IT-инфраструктурой, в которой используются различные дистрибутивы Linux, выявлена уязвимость (CVE-2025-46811), позволяющая без аутентификации выполнять команды на любых системах, обслуживаемых через SUSE Manager. Команды выполняются с правами root, что позволяет получить полный контроль над всей инфраструктурой. Проблеме присвоен критический уровень опасности (9.3 из 10).

https://www.opennet.ru/opennews/art.shtml?num=63651

Компания Vivo, занимающая около 10% мирового рынка смартфонов (5 место среди производителей смартфонов), представила первый официальный открытый релиз ядра операционной системы BlueOS (Blue River OS). Операционная система BlueOS развивается с 2018 года и уже используется в умных часах серии Vivo Watch. Vivo также работает над применением BlueOS в умных очках, роботах, умных терминалах и потребительских AI-устройствах. Код ядра написан на языке Rust и открыт под лицензией Apache 2.0. На Rust также написаны системные фреймворки BlueOS.

https://www.opennet.ru/opennews/art.shtml?num=63649

sciencehabit shares a report from Science.org: Peacocks have a secret hidden in their brightly colored tail feathers: tiny reflective structures that can amplify light into a laser beam. After dyeing the feathers and energizing them with an external light source, researchers discovered they emitted narrow beams of yellow-green laser light. They say the study, published this month in Scientific Reports, offers the first example of a laser cavity in the animal kingdom. [...]

Scientists have long known that peacock feathers also exhibit "structural color" -- nature's pigment-free way to create dazzling hues. Ordered microstructures within the feathers reflect light at specific frequencies, leading to their vivid blues and greens and iridescence. But Florida Polytechnic University physicist Nathan Dawson and his colleagues wanted to go a step further and see whether those microstructures could also function as a laser cavity. After staining the feathers with a common dye and pumping them with soft pulses of light, they used laboratory instruments to detect beams of yellow-green laser light that were too faint to see with the naked eye. They emerged from the feathers' eyespots, at two distinct wavelengths. Surprisingly, differently colored parts of the eyespots emitted the same wavelengths of laser light, even though each region would presumably vary in its microstructure.

Just because peacock feathers emit laser light doesn't mean the birds are somehow using this emission. But there are still ramifications, Dawson says. He suggests that looking for laser light in biomaterials could help identify arrays of regular microstructures within them. In medicine, for example, certain foreign objects -- viruses with distinct geometric shapes, perhaps -- could be classified and identified based on their ability to be lasers, he says. The work also demonstrates how biological materials could one day yield lasers that could be put safely into the human body to emit light for biosensing, medical imaging, and therapeutics. "I always like to think that for many technological achievements that benefit humans," Dawson says, "some organism somewhere has already developed it through some evolutionary process."

[ Read more of this story ]( https://science.slashdot.org/story/25/07/31/0025256/peacock-feathers-can-be-lasers?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

TOP10 VISITORS:

[1] 45.135.180.x point=240 web=0 up=20.6MB (66%) <--- yesterlink (10/hr)
[2] PetalBot point=1 web=1016 up=6.0MB (19%) <--- PetalBot
[3] TikTok point=0 web=91 up=1.8MB (5%)
[4] 217.114.158.x point=24 web=0 up=0.9MB (2%) <--- fox (1/hr)
[5] Yandex point=3 web=66 up=0.4MB (1%) <--- Yandex
[6] Google point=0 web=53 up=0.4MB (1%)
[7] Facebook point=0 web=27 up=0.2MB (<1%)
[8] 47.82.11.x point=0 web=23 up=0.1MB (<1%)
[9] 157.254.164.x point=0 web=2 up=0.1MB (<1%)
[10] 5.196.223.x point=0 web=1 up=87KB

TOTAL TRAFFIC: 30MB

An anonymous reader quotes a report from Ars Technica: Google is fond of saying its mission is to "organize the world's information," but who gets to decide what information is worthy of organization? A San Francisco tech CEO has spent the past several years attempting to remove unflattering information about himself from Google's search index, and the nonprofit Freedom of the Press Foundation says he's still at it. Most recently, an unknown bad actor used a bug in one of Google's search tools to scrub the offending articles.

The saga began in 2023 when independent journalist Jack Poulson reported on Maury Blackman's 2021 domestic violence arrest. Blackman, who was then the CEO of surveillance tech firm Premise Data Corp., took offense at the publication of his legal issues. The case did not lead to charges after Blackman's 25-year-old girlfriend recanted her claims against the 53-year-old CEO, but Poulson reported on some troubling details of the public arrest report. Blackman has previously used tools like DMCA takedowns and lawsuits to stifle reporting on his indiscretion, but that campaign now appears to have co-opted part of Google's search apparatus. The Freedom of the Press Foundation (FPF) reported on Poulson's work and Blackman's attempts to combat it late last year. In June, Poulson contacted the Freedom of the Press Foundation to report that the article had mysteriously vanished from Google search results.

The foundation began an investigation immediately, which led them to a little-known Google search feature known as Refresh Outdated Content. Google created this tool for users to report links with content that is no longer accurate or that lead to error pages. When it works correctly, Refresh Outdated Content can help make Google's search results more useful. However, Freedom of the Press Foundation now says that a bug allowed an unknown bad actor to scrub mentions of Blackman's arrest from the Internet. Upon investigating, FPF found that its article on Blackman was completely absent from Google results, even through a search with the exact title. Poulson later realized that two of his own Substack articles were similarly affected. The Foundation was led to the Refresh Outdated Content tool upon checking its search console. The bug in the tool allowed malicious actors to de-index valid URLs from search results by altering the capitalization in the URL slug. Although URLs are typically case-sensitive, Google's tool treated them as case-insensitive. As a result, when someone submitted a slightly altered version of a working URL (for example, changing "anatomy" to "AnAtomy"), Google's crawler would see it as a broken link (404 error) and mistakenly remove the actual page from search results.

Ironically, Blackman is now CEO of the online reputation management firm The Transparency Company.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/2216225/google-tool-misused-to-scrub-tech-ceos-shady-past-from-search?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Voice actors and industry associations are sounding the alarm over the growing use of AI in dubbing, calling for increased regulations to protect quality, jobs and artists' back catalogues from being used to create future dubbed work. "We need legislation: Just as after the car, which replaced the horse-drawn carriage, we need a highway code," said Boris Rehlinger, a voice actor known as the French voice of Ben Affleck, Joaquin Phoenix, and Puss in Boots. "I feel threatened even though my voice hasn't been replaced by AI yet," he said. Reuters reports: In Germany, 12 well-known dubbing actors went viral on TikTok in March, garnering 8.7 million views, for their campaign saying "Let's protect artistic, not artificial, intelligence." A petition from the VDS voice actors' association calling on German and EU lawmakers to push AI companies to obtain explicit consent when training the technology on artists' voices and fairly compensate them, as well as transparently label AI-generated content, gained more than 75,500 signatures.

When intellectual property is no longer protected, no one will produce anything anymore "because they think 'tomorrow it will be stolen from me anyway'," said Cedric Cavatore, a VDS member who has dubbed films and video games including the PlayStation game "Final Fantasy VII Remake." VDS collaborates with United Voice Artists, a global network of over 20,000 voice actors advocating for ethical AI use and fair contracts. In the United States, Hollywood video game voice and motion capture actors this month signed a new contract with video game studios focused on AI that SAG-AFTRA said represented important progress on protections against the tech.

[ Read more of this story ]( https://slashdot.org/story/25/07/30/227205/voice-actors-push-back-as-ai-threatens-dubbing-industry?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google today announced AlphaEarth Foundations, a new AI model that processes terabytes of daily satellite data to track environmental changes across the planet. The system, part of Google's broader Earth AI initiative, uses machine learning to compress satellite imagery into color-coded maps showing material properties, vegetation types, groundwater sources, and human constructions down to 10-meter resolution.

The model uses a technique called "embeddings" that reduces storage requirements by 16 times compared to other AI tools Google tested, while delivering 23.9% higher accuracy than similar systems. AlphaEarth has already mapped complex Antarctic terrain and identified variations in Canadian agricultural land use invisible to direct observation.

The technology currently powers flood and wildfire alerts in Google Search and Maps. Research organizations including Brazil's MayBiomas and the Global Ecosystems Atlas are using the system to analyze rainforests, deserts, and wetlands. The model integrates with Google Earth Engine, providing agencies like NASA and the Forest Service access to over one trillion annual data points for environmental monitoring and mapping applications.

[ Read more of this story ]( https://news.slashdot.org/story/25/07/30/2032255/googles-alphaearth-ai-maps-any-10-meter-area-on-earth-using-satellite-data?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Elon Musk's Boring Company plans to build a 10-mile underground transportation loop in Nashville connecting the airport to downtown, with private funding and a projected launch as early as fall 2026. "If that happens, Nashville would become the second city where The Boring Company has opened such a system, with the first being Las Vegas," notes TechCrunch. "The company has spent the last few years in Sin City digging and opening tunnels around the Las Vegas Convention Center, and claims to have given 3 million rides in Teslas to date." From the report: The project will be privately funded by The Boring Company "and its private partners," according to the Governor's press release, though those partners are not named. The Boring Company and local officials will now begin a "public process to evaluate potential routes, engage community stakeholders, and finalize plans for the project's initial 10-mile phase." Construction won't begin until the project clears the approvals process. But the governor's office said the first segment of the loop could be operational as "early as fall of 2026."

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/2015220/boring-company-to-build-tesla-tunnels-under-nashville?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Brian Krebs writes via KrebsOnSecurity: Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites. The scam begins with deceptive ads posted on social media that claim the wagering sites are working in partnership with popular social media personalities, such as Mr. Beast, who recently launched a gaming business called Beast Games. The ads invariably state that by using a supplied "promo code," interested players can claim a $2,500 credit on the advertised gaming website.

The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action. At the scam website gamblerbeast[.]com, for example, visitors can pick from dozens of games like B-Ball Blitz, in which you play a basketball pro who is taking shots from the free throw line against a single opponent, and you bet on your ability to sink each shot. The financial part of this scam begins when users try to cash out any "winnings." At that point, the gaming site will reject the request and prompt the user to make a "verification deposit" of cryptocurrency -- typically around $100 -- before any money can be distributed. Those who deposit cryptocurrency funds are soon asked for additional payments. However, any "winnings" displayed by these gaming sites are a complete fantasy, and players who deposit cryptocurrency funds will never see that money again. Compounding the problem, victims likely will soon be peppered with come-ons from "recovery experts" who peddle dubious claims on social media networks about being able to retrieve funds lost to such scams. [...]

[T]hreat hunting platform Silent Push reveals at least 1,270 recently-registered and active domains whose names all invoke some type of gaming or wagering theme. Here is a list of all domains that Silent Push found were using the scambling network's chat API.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/205208/scammers-unleash-flood-of-slick-online-gaming-sites?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A software developer who built his own home server in response to Amazon's removal of Kindle book downloads now argues that self-hosting "is NOT the future we should be fighting for." Drew Lyton constructed a home server running open-source alternatives to Google Drive, Google Photos, Audible, Kindle, and Netflix after Amazon announced that "Kindle users would no longer be able to download and back up their book libraries to their computers."

The change prompted Amazon to update Kindle store language to say "users are purchasing licenses -- not books." Lyton's setup involved a Lenovo P520 with 128GB RAM, multiple hard drives, and Docker containers running applications like Immich for photo storage and Jellyfin for media streaming. The technical complexity required "138 words to describe but took me the better part of two weeks to actually do."

The implementation was successful but Lyton concluded that self-hosting "assumes isolated, independent systems are virtuous. But in reality, this simply makes them hugely inconvenient." He proposes "publicly funded, accessible, at cost cloud-services" as an alternative, suggesting libraries could provide "100GB of encrypted file storage, photo-sharing and document collaboration tools, and media streaming services -- all for free."

[ Read more of this story ]( https://hardware.slashdot.org/story/25/07/30/203220/the-future-is-not-self-hosted?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Variety: Edward Saatchi isn't totally sure people will flock to Showrunner, the new AI-generated TV show service his company is launching publicly this week. But he has a vote of confidence from Amazon, which has invested in Fable, Saatchi's San Francisco-based start-up. The amount of Amazon's funding in Fable isn't being disclosed. The money is going toward building out Showrunner, which Fable has hyped as the "Netflix of AI": a service that lets you type in a few words to create scenes -- or entire episodes -- of a TV show, either from scratch or based on an existing story-world someone else has created.

Fable is launching Showrunner to let users tinker with the animation-focused generative-AI system, following several months in a closed alpha test with 10,000 users. Initially, Showrunner will be free to use but eventually the company plans to charge creators $10-$20 per month for credits allowing them to create hundreds of TV scenes, Saatchi said. Viewing Showrunner-generated content will be free, and anyone can share the AI video on YouTube or other third-party platforms. [...] Fable's Showrunner public launch features two original "shows" -- story worlds with characters users can steer into various narrative arcs. The first is "Exit Valley," described as "a 'Family Guy'-style TV comedy set in 'Sim Francisco' satirizing the AI tech leaders Sam Altman, Elon Musk, et al." The other is "Everything Is Fine," in which a husband and wife, going to Ikea, have a huge fight -- whereupon they're transported to a world where they're separated and have to find each other. [...]

Showrunner is powered by Fable's proprietary AI model, SHOW-2. Last year, the company published a research paper on how it built the SHOW-1 model. As part of that, it released nine AI-generated episodes based on "South Park." The episodes, made without the permission of the "South Park" creators, received more than 80 million views. (Saatchi said he was in touch with the "South Park" team, who were reassured the IP wasn't being deployed commercially.) [...] Out of the gate, Showrunner is focused on animated content because it requires much less processing power than realistic-looking live-action video scenes. Saatchi said Fable wants to stay out of the "knife fight" among big AI companies like OpenAI, Google and Meta that are racing to create photorealistic content. "If you're competing with Google, are you going to win?" Saatchi said. "Our goal is to have the most creative models," he said.

[ Read more of this story ]( https://entertainment.slashdot.org/story/25/07/30/1949202/amazon-invests-in-netflix-of-ai-start-up-fable-which-lets-you-make-your-own-tv-shows?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Australia's first domestically built rocket to attempt orbital launch crashed just 14 seconds after liftoff, though the company still declared the mission a success for igniting all engines and leaving the launch pad. The Associated Press reports: The rocket Eris, launched by Gilmour Space Technologies, was the first Australian-designed and manufactured orbital launch vehicle to lift off from the country and was designed to carry small satellites to orbit. It launched Wednesday morning local time in a test flight from a spaceport near the small town of Bowen in the north of Queensland state. In videos published by Australian news outlets, the 23-meter (75-foot) rocket appeared to clear the launch tower and hovered in the air before falling out of sight. Plumes of smoke were seen rising above the site. No injuries were reported. The company hailed the launch as a success in a statement posted to Facebook. A spokesperson said all four hybrid-propelled engines ignited and the maiden flight included 23 seconds of engine burn time and 14 seconds of flight. "Of course I would have liked more flight time but happy with this," wrote CEO Adam Gilmour on LinkedIn. Gilmour said in February that it was "almost unheard of" for a private rocket company to successfully launch to orbit on its first attempt.

"This is an important first step towards the giant leap of a future commercial space industry right here in our region," added Mayor Ry Collins of the local Whitsunday Regional Council.

[ Read more of this story ]( https://slashdot.org/story/25/07/30/1936241/first-australian-made-rocket-crashes-after-14-seconds-of-flight?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Earlier this month, Hewlett-Packard Enterprise settled its antitrust case with the U.S. Justice Department, "paving the way for its acquisition of rival kit maker Juniper Networks" for $14 billion. According to Axios, the deal was heavily influenced by national security concerns and a desire to bolster American competition against China's Huawei. The outlet reports that the U.S. intelligence community "intervened to persuade the Justice Department that allowing the merger to proceed was essential to helping U.S. business compete with China's Huawei Technologies, among other national-security issues." From the report: "In light of significant national security concerns, a settlement ... serves the interests of the United States by strengthening domestic capabilities and is critical to countering Huawei and China." The official said blocking the deal would have "hindered American companies and empowered" Chinese competitors. A Justice Department spokesman added that DOJ "works very closely with our partners in the IC [intelligence community] and always considers their views when deciding how best to proceed with a case."

The merger was back in the news this week with reports that two senior enforcers in the DOJ's antitrust division were fired Monday amid infighting over the department's settlement greenlighting HPE's $14 billion acquisition of Juniper. Attorney General Pam Bondi had conversations with top intelligence officials that convinced her there was a strong national interest in not driving allies to Chinese technology, a senior administration official tells us.

[ Read more of this story ]( https://yro.slashdot.org/story/25/07/30/1926221/us-intelligence-intervened-with-doj-to-push-hpe-juniper-merger?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: In a rare move, Google has confirmed it will sign the European Union's AI Code of Practice, a framework it initially opposed for being too harsh. However, Google isn't totally on board with Europe's efforts to rein in the AI explosion. The company's head of global affairs, Kent Walker, noted that the code could stifle innovation if it's not applied carefully, and that's something Google hopes to prevent. While Google was initially opposed to the Code of Practice, Walker says the input it has provided to the European Commission has been well-received, and the result is a legal framework it believes can provide Europe with access to "secure, first-rate AI tools." The company claims that the expansion of such tools on the continent could boost the economy by 8 percent (about 1.8 trillion euros) annually by 2034.

These supposed economic gains are being dangled like bait to entice business interests in the EU to align with Google on the Code of Practice. While the company is signing the agreement, it appears interested in influencing the way it is implemented. Walker says Google remains concerned that tightening copyright guidelines and forced disclosure of possible trade secrets could slow innovation. Having a seat at the table could make it easier to bend the needle of regulation than if it followed some of its competitors in eschewing voluntary compliance. [...] The AI Code of Practice aims to provide AI firms with a bit more certainty in the face of a shifting landscape. It was developed with the input of more than 1,000 citizen groups, academics, and industry experts. The EU Commission says companies that adopt the voluntary code will enjoy a lower bureaucratic burden, easing compliance with the block's AI Act, which came into force last year.

Under the terms of the code, Google will have to publish summaries of its model training data and disclose additional model features to regulators. The code also includes guidance on how firms should manage safety and security in compliance with the AI Act. Likewise, it includes paths to align a company's model development with EU copyright law as it pertains to AI, a sore spot for Google and others. Companies like Meta that don't sign the code will not escape regulation. All AI companies operating in Europe will have to abide by the AI Act, which includes the most detailed regulatory framework for generative AI systems in the world. The law bans high-risk uses of AI like intentional deception or manipulation of users, social scoring systems, and real-time biometric scanning in public spaces. Companies that violate the rules in the AI Act could be hit with fines as high as 35 million euros ($40.1 million) or up to 7 percent of the offender's global revenue.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/1916258/google-confirms-it-will-sign-the-eu-ai-code-of-practice?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Smartphone maker Nothing's $799 Phone 3 has been "mired in controversy among the same customers who rallied behind the company's past products" since its July launch, Bloomberg reported on Wednesday. Tech enthusiasts have "lambasted the company for the phone's peculiar industrial design and what they perceive to be an unreasonable price."

The Android device lacks the most performant Qualcomm processor chip found in premium Android phones and the camera performance "falls short of other handsets in this price bracket," the publication wrote in a scathing review. The phone costs $200 more than its predecessor and matches pricing with Apple's iPhone 16, Samsung's Galaxy S25, and Google's Pixel 9.

Critics across Reddit and social media have attacked Nothing for removing the signature Glyph Lights from previous models. Comments on Nothing's YouTube channel have been "bruising," focusing on the phone's oddly positioned camera array. "At its current price, the handset is too expensive for what it offers," the review concludes.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/30/1935230/nothings-phone-3-is-stymied-by-contentious-design-and-price?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Администраторы репозитория Python-пакетов PyPI (Python Package Index).

https://www.opennet.ru/opennews/art.shtml?num=63647

В коллекцию портов OpenBSD добавлена классическая среда рабочего стола CDE (Common Desktop Environment), разработанная в начале девяностых годов прошлого века совместными усилиями компаний Sun Microsystems, HP, IBM, DEC, SCO, Fujitsu и Hitachi, и на протяжении многих лет поставляемая в качестве штатного графического окружения Solaris, HP-UX, IBM AIX, Digital UNIX и UnixWare. В 2012 году код CDE 2.1 был открыт консорциумом The Open Group под лицензией LGPL.

https://www.opennet.ru/opennews/art.shtml?num=63646

India launched the $1.5 billion NISAR radar imaging satellite on Wednesday from the Satish Dhawan Space Centre, marking the first joint mission between NASA and the Indian Space Research Organisation. The satellite uses dual radar frequencies -- NASA's L-band and ISRO's S-band -- to detect Earth surface changes as small as one centimeter from its 747-kilometer orbit.

NISAR will map the entire planet every 12 days using a 240-kilometer-wide radar swath, providing data for climate monitoring and disaster response that will be freely available to users worldwide.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/30/1839229/india-launches-nasa-isro-satellite-to-track-climate-threats-from-space?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Dropbox will shut down its password manager service by October 28, giving users until then to extract their data before permanent deletion. The discontinuation occurs in phases: Dropbox Passwords becomes view-only on August 28, the mobile app stops working September 11, and complete shutdown follows October 28. The company cited focusing on core product features as the reason for dropping the service, which launched in 2020 for paid users and expanded to all users in 2021.

[ Read more of this story ]( https://it.slashdot.org/story/25/07/30/1814253/dropbox-pulls-the-plug-on-password-manager?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google will soon cast an even wider net with its AI age estimation technology. From a report: After announcing plans to find and restrict underage users on YouTube, the company now says it will start detecting whether Google users based in the US are under 18.

Age estimation is rolling out over the next few weeks and will only impact a "small set" of users to start, though Google plans on expanding it more widely. The company says it will use the information a user has searched for or the types of YouTube videos they watch to determine their age. Google first announced this initiative in February. If Google believes that a user is under 18, it will apply the same restrictions it places on users who proactively identify as underage.

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/1731256/google-is-using-ai-age-checks-to-lock-down-user-accounts?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Journalist Jack Poulson accidentally discovered that Google had completely removed two of his articles from search results after someone exploited a vulnerability in the company's Refresh Outdated Content tool.

The security flaw allowed malicious actors to de-list specific web pages by submitting URLs with altered capitalization to Google's recrawling system. When Google attempted to index these modified URLs, the system received 404 errors and subsequently removed all variations of the page from search results, including the original legitimate articles.

The affected stories concerned tech CEO Delwin Maurice Blackman's 2021 arrest on felony domestic violence charges. In a statement to 404 Media, Google confirmed the vulnerability and said it had deployed a fix for the issue.

[ Read more of this story ]( https://search.slashdot.org/story/25/07/30/1631222/tech-ceos-negative-coverage-vanished-from-google-via-security-flaw?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

BrianFagioli writes: AI might be the future of software development, but a new report suggests we're not quite ready to take our hands off the wheel. Veracode has released its 2025 GenAI Code Security Report, and the findings are pretty alarming. Out of 80 carefully designed coding tasks completed by over 100 large language models, nearly 45 percent of the AI-generated code contained security flaws.

That's not a small number. These are not minor bugs, either. We're talking about real vulnerabilities, with many falling under the OWASP Top 10, which highlights the most dangerous issues in modern web applications. The report found that when AI was given the option to write secure or insecure code, it picked the wrong path nearly half the time.

[ Read more of this story ]( https://developers.slashdot.org/story/25/07/30/150216/ai-code-generators-are-writing-vulnerable-software-nearly-half-the-time-analysis-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

JPMorgan's proposed fees for customer data access would cost fintech startups between 60 and 100% of their annual revenue "just from one bank," according to a trade group representing the affected firms. Steve Boms, executive director of the Financial Data and Technology Association, said the charges would apply across all 30 companies in his group that received pricing notices from the nation's largest bank. The trade association, whose members include Plaid, Fiserv and Intuit, called JPMorgan's move a "pure and simple" attempt to kill competition that would "put third parties out of business altogether."

The fees could take effect in September, ending more than a decade of free data access that fintech companies have used to build their business models. JPMorgan can now charge for data access after the Trump administration changed Consumer Financial Protection Bureau rules that previously prohibited such fees. The Financial Technology Association has taken the dispute to federal courts seeking to restore the Biden-era protections, while crypto trade groups have written directly to President Trump warning the fees would hurt digital currency companies.

[ Read more of this story ]( https://slashdot.org/story/25/07/30/1456243/jpmorgan-spooks-fintechs-with-plans-to-charge-for-access-to-customer-data?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Manager engagement has plummeted to its lowest level since tracking began, with only 27% of managers globally reporting they feel involved and enthusiastic about their work, according to Gallup's annual State of the Global Workplace report. The 3-percentage-point decline from 2023 marks an unprecedented drop in manager satisfaction.

Overall employee engagement fell to 21% in 2024 from 23% the previous year, representing only the second decline in 15 years of data collection. The last drop occurred during 2020 COVID lockdowns. Female managers experienced the steepest decline at 7 percentage points, while younger managers fell 5 points. Managers now oversee nearly three times as many employees as in 2017, yet only 44% have received managerial training.

[ Read more of this story ]( https://slashdot.org/story/25/07/30/1440256/only-27-of-managers-worldwide-feel-engaged-at-work?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Mark Zuckerberg said Wednesday that Meta's AI systems have begun improving themselves over the past few months, calling the development "slow for now, but undeniable" and declaring that superintelligence is now within reach. The Meta CEO staked out the company's vision in a blog post for what he termed "personal superintelligence" -- AI that helps individuals achieve their goals rather than replacing human work entirely.

Zuckerberg drew a sharp line between Meta's approach and that of other companies in the field, arguing that competitors want superintelligence "directed centrally towards automating all valuable work, and then humanity will live on a dole of its output." Meta's version would give people their own superintelligent assistants that know them deeply and help them create, experience adventures, and become better friends.

Zuckerberg envisions smart glasses as the primary computing device, understanding context through what users see and hear throughout their day. The next few years represent a critical juncture, Zuckerberg wrote, calling the rest of this decade "the decisive period for determining the path this technology will take."

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/1359201/zuckerberg-says-metas-ai-systems-have-begun-improving-themselves-and-developing-superintelligence-is-now-in-sight?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from CNBC: Google executives are pushing employees to act with more urgency in their use of artificial intelligence as the company looks for ways to cut costs. That was the message at an all-hands meeting last week, featuring CEO Sundar Pichai and Brian Saluzzo, who runs the teams building the technical foundation for Google's flagship products. "Anytime you go through a period of extraordinary investment, you respond by adding a lot of headcount, right?" Pichai said, according to audio obtained by CNBC. "But in this AI moment, I think we have to accomplish more by taking advantage of this transition to drive higher productivity. [...] We are competing with other companies in the world," Pichai said at the meeting. "There will be companies which will become more efficient through this moment in terms of employee productivity, which is why I think it's important to focus on that." [...]

"We are going to be going through a period of much higher investment and I think we have to be frugal with our resources, and I would strive to be more productive and efficient as a company," Pichai said, adding that he's "very optimistic" about how Google is doing. At the meeting, Saluzzo highlighted a number of tools the company is building for software engineers, or SWEs, to help "everybody at Google be more AI-savvy." "We feel the urgency to really quickly and urgently get AI into more of the coding workflows to address top needs so you see a much more rapid increase in velocity," Saluzzo said. Saluzzo said Google has a portfolio of AI products available to employees "so folks can go faster." He mentioned an internal site called "AI Savvy Google" which has courses, toolkits and learning sessions, including some for individual product areas.

Google's engineering education team, which develops courses for internal and external use, partnered with DeepMind on a training called "Building with Gemini" that the company will start promoting soon, Saluzzo said. He also referenced a new internal AI coding tool called Cider that helps software engineers with various aspects of the development process. Since May, when the company first introduced Cider, 50% of users tap the service on a weekly basis, Saluzzo said. Regarding Google's internal AI tools, Saluzzo said that employees should "expect them to continuously get better" and that "they'll become a pretty integral part of most SWE work."

[ Read more of this story ]( https://tech.slashdot.org/story/25/07/30/0333248/google-execs-say-employees-have-to-be-more-ai-savvy?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Longtime Slashdot reader ndsurvivor shares a report from MIT: MIT physicists have performed an idealized version of one of the most famous experiments in quantum physics. Their findings demonstrate, with atomic-level precision, the dual yet evasive nature of light. They also happen to confirm that Albert Einstein was wrong about this particular quantum scenario. The experiment in question is the double-slit experiment, which was first performed in 1801 by the British scholar Thomas Young to show how light behaves as a wave. Today, with the formulation of quantum mechanics, the double-slit experiment is now known for its surprisingly simple demonstration of a head-scratching reality: that light exists as both a particle and a wave. Stranger still, this duality cannot be simultaneously observed. Seeing light in the form of particles instantly obscures its wave-like nature, and vice versa.

[...] Now, MIT physicists have performed the most "idealized" version of the double-slit experiment to date. Their version strips down the experiment to its quantum essentials. They used individual atoms as slits, and used weak beams of light so that each atom scattered at most one photon. By preparing the atoms in different quantum states, they were able to modify what information the atoms obtained about the path of the photons. The researchers thus confirmed the predictions of quantum theory: The more information was obtained about the path (i.e. the particle nature) of light, the lower the visibility of the interference pattern was. They demonstrated what Einstein got wrong. Whenever an atom is "rustled" by a passing photon, the wave interference is diminished. "Einstein and Bohr would have never thought that this is possible, to perform such an experiment with single atoms and single photons," says Wolfgang Ketterle, the John D. MacArthur Professor of Physics and leader of the MIT team. "What we have done is an idealized Gedanken experiment." Their results appear in the journal Physical Review Letters.

[ Read more of this story ]( https://science.slashdot.org/story/25/07/30/0322225/famous-double-slit-experiment-holds-up-when-stripped-to-its-quantum-essentials?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Promising Phase 3 trial results from Apnimed suggest a potential game-changing oral pill for sleep apnea could offer a simpler, more tolerable alternative for keeping airways open during sleep. The New York Times reports: For decades, the primary treatment for sleep apnea has been continuous positive airway pressure (or CPAP). Before bed, those with the condition put on a face mask that is connected to a CPAP machine, which keeps the airway open by forcing air into it. The machines are effective, but many find them so noisy, cumbersome or uncomfortable that they end up abandoning them. Now, a more appealing option may be on the way, according to a news release from Apnimed, a pharmaceutical company focused on treating sleep apnea. On Wednesday, the company announced a second round of positive Phase 3 clinical trial results for a first-of-its-kind oral pill that can be taken just before bedtime to help keep a person's airway open.

The full results have not yet been released, or published in a peer-reviewed journal. But the findings build on past, similarly positive conclusions from trials and studies. Sleep experts say that what they're seeing in reports so far makes them think the pill could be a game changer. Dr. Phyllis Zee, a sleep doctor and researcher at Northwestern Medicine who was not involved with the trial, said that if approved, the drug could transform the lives of many. That includes not only those who can't tolerate CPAP machines, but also those who can't -- or prefer not to -- use other interventions, such as other types of oral devices or weight loss medications. (Excess weight is a risk factor for sleep apnea.)

[ Read more of this story ]( https://science.slashdot.org/story/25/07/30/0314210/a-pill-for-sleep-apnea-could-be-on-the-horizon?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.