A comprehensive analysis in Science Advances reveals that humans have explored less than 0.001% of the deep seafloor -- an area equivalent to merely one-tenth the size of Belgium. Oceanographer Katherine Bell and colleagues at the Ocean Discovery League compiled data from approximately 44,000 deep-sea dives conducted between 1958 and 2024, finding that expeditions have concentrated overwhelmingly around waters near the United States, Japan, and New Zealand.

The study exposes significant gaps in ocean exploration, with vast regions -- particularly the Indian Ocean -- remaining virtually untouched by direct observation. Much of the existing dive data remains inaccessible to scientists, locked away by private companies.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/0833252/scientists-have-explored-just-0001-of-deep-ocean-floor-new-study-finds?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Software firm 37signals is completing its migration from AWS to on-premises infrastructure, expecting to save $1.3 million annually on storage costs alone. CTO David Heinemeier Hansson announced the company has begun migrating 18 petabytes of data from Amazon S3 to Pure Storage arrays costing $1.5 million upfront but only $200,000 yearly to operate.

AWS waived $250,000 in data egress fees for the transition, which will allow 37signals to completely delete its AWS account this summer. The company has already slashed $2 million in annual costs after replacing cloud compute with $700,000 worth of Dell servers in 2024. "Cloud can be a good choice in certain circumstances, but the industry pulled a fast one convincing everyone it's the only way," wrote Hansson, who began the repatriation effort in 2022 after discovering their annual AWS bill exceeded $3.2 million.

[ Read more of this story ]( https://it.slashdot.org/story/25/05/09/1618248/37signals-to-delete-aws-account-cutting-cloud-costs-by-millions?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

A U.S. senator introduced a bill on Friday that would direct the Commerce Department to require location verification mechanisms for export-controlled AI chips, in an effort to curb China's access to advanced semiconductor technology. From a report: Called the "Chip Security Act," the bill calls for AI chips under export regulations, and products containing those chips, to be fitted with location-tracking systems to help detect diversion, smuggling or other unauthorized use of the product.

"With these enhanced security measures, we can continue to expand access to U.S. technology without compromising our national security," Republican Senator Tom Cotton of Arkansas said. The bill also calls for companies exporting the AI chips to report to the Bureau of Industry and Security if their products have been diverted away from their intended location or subject to tampering attempts.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/1850212/us-senator-introduces-bill-calling-for-location-tracking-on-ai-chips-to-limit-china-access?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Wearable startup Whoop just announced its new Whoop 5.0 fitness tracker yesterday, but some existing users are already calling foul. From a report: Previously, Whoop said people who had been members for at least six months would get free upgrades to next-generation hardware. Now, the company says that members hoping to upgrade from a Whoop 4.0 to 5.0 will have to pay up.

Whoop is a bit different from other fitness trackers in that it runs entirely on a subscription membership model. Most wearable makers that have subscriptions will charge you for the hardware, and then customers have the option of subscribing to get extra data or features. A good example is the Oura Ring, where you buy the ring and then have the option of paying a monthly $6 subscription. Whoop, however, has until now said that you get the hardware for "free" while paying a heftier annual subscription. Previously, Whoop promised users that whenever new hardware was released, existing members would be able to upgrade free of charge so long as they'd been a member for at least six months.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/2026235/whoop-angers-users-over-reneged-free-upgrade-promises?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Just days after a radar and communications outage at Newark Liberty International Airport, the FAA confirmed a second incident on May 9 that disrupted radar and radio contact for 90 seconds due to a telecom failure at Philadelphia TRACON. "As of 12:30PM ET, FlightAware stats showed 292 total delays for flights into or out of Newark, which is also experiencing delays due to runway construction," reports The Verge. From the report: After the first outage on April 28th, an air traffic controller who had been on duty that day told CNN it "...was the most dangerous situation you could have." CNN reports that after a change made last July, the airport's radar and radio communication flows over a single data feed from a facility in New York, where controllers used to manage Newark's flights, to Philadelphia.

The FAA has announced a plan to replace the current copper connection with fiber, as well as adding "three new, high-bandwidth telecommunications connections between the New York-based STARS and the Philadelphia TRACON," and more air traffic controllers. Until those and other changes are made, the agency also said a new backup system is being deployed in Philadelphia, but it's unclear when that will be available.

NBC News reports the Friday outage affected a limited number of sectors, but it's another incident in the string of issues that have highlighted the problems with the airport's aging control system and lack of staffing. [...] A statement from the FAA said, "Frequent equipment and telecommunications outages can be stressful for controllers. Some controllers at the Philadelphia TRACON who work Newark arrivals and departures have taken time off to recover from the stress of multiple recent outages."

[ Read more of this story ]( https://tech.slashdot.org/story/25/05/09/2042235/newark-airport-radar-outage-strikes-again-delaying-more-flights?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

[ Read more of this story ]( https://yro.slashdot.org/story/25/05/09/2036224/florida-fails-to-pass-bill-requiring-encryption-backdoors-for-social-media-accounts?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Numerous coffee establishments across the US are actively restricting internet access and laptop use as they push back against remote workers monopolizing their spaces for hours.

New York's Devocion chain limits WiFi to two-hour windows on weekdays and eliminates it entirely on weekends, while Detroit's Alba coffee shop has operated without WiFi since its 2023 opening. Some venues have resorted to physically taping over electrical outlets.

DC-based cafe Elle initially launched without WiFi but reversed course after receiving negative Google reviews, implementing a compromise with access restricted to Monday-Thursday, 8am-3pm, with a 90-minute usage cap. The restrictions primarily aim to increase customer turnover, improve sales figures, and restore the community atmosphere that extended laptop sessions often diminish.

[ Read more of this story ]( https://slashdot.org/story/25/05/09/2040233/coffee-shops-ditch-wifi-and-laptops-to-limit-remote-work?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

According to The Information (paywalled), Meta is reportedly developing facial recognition capabilities for its Ray-Ban smart glasses -- technology it previously avoided due to privacy concerns. 404 Media's Joseph Cox writes: The move is an obvious about-face from Meta. It's also interesting to me because Meta's PR chewed my ass off when I dared to report in October that a pair of students took Meta's Ray-Ban glasses and combined them with off-the-shelf facial recognition technology. That tool, which the students called I-XRAY, captured a person's face, ran it through an easy to access facial recognition service called Pimeyes, then went a step further and pulled up information about the subject from across the web, including their home address and phone number.

When I contacted Meta for comment for that story, Dave Arnold, a spokesperson for the company, said in an email he had one question for me. "That Pimeyes facial recognition technology could be used with ANY camera, correct? In other words, this isn't something that only is possible because of Meta Ray-Bans? If so, I think that's an important point to note in the piece," he wrote. This is true. But entirely misses the point of why the students created the tool with Meta's Ray-Ban glasses. They said themselves in a demonstration video they identified dozens of people without their knowledge. You do that by wearing a pair of glasses that look like any other. Meta's Ray-Ban's do have a light that turns on when it's recording, but according to the new report, Meta is questioning whether new versions of its glasses need this.

[ Read more of this story ]( https://yro.slashdot.org/story/25/05/09/2048235/meta-to-add-facial-recognition-to-glasses-after-all?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: Schools across the US are warning parents about an Internet trend that has students purposefully trying to damage their school-issued Chromebooks so that they start smoking or catch fire. Various school districts, including some in Colorado, New Jersey, North Carolina, and Washington, have sent letters to parents warning about the trend that's largely taken off on TikTok. Per reports from school districts and videos that Ars Technica has reviewed online, the so-called Chromebook Challenge includes students sticking things into Chromebook ports to short-circuit the system. Students are using various easily accessible items to do this, including writing utensils, paper clips, gum wrappers, and pushpins.

The Chromebook challenge has caused chaos for US schools, leading to laptop fires that have forced school evacuations, early dismissals, and the summoning of first responders. Schools are also warning that damage to school property can result in disciplinary action and, in some states, legal action. In Plainville, Connecticut, a middle schooler allegedly "intentionally stuck scissors into a laptop, causing smoke to emit from it," Superintendent Brian Reas told local news station WFSB. The incident reportedly led to one student going to the hospital due to smoke inhalation and is suspected to be connected to the viral trend. "Although the investigation is ongoing, the student involved will be referred to juvenile court to face criminal charges," Reas said. TikTok recently banned the search term "Chromebook Challenge" and created a safety message that pops up when searching for the term. The social media company notes that the challenge is on other social media platforms, too.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/2059229/kids-are-short-circuiting-their-school-issued-chromebooks-for-tiktok-clout?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Mexico has filed a lawsuit against Google for changing the name of the Gulf of Mexico to "Gulf of America" for U.S. users on Google Maps, following a Republican-led House vote on Thursday to codify the name change. President Claudia Sheinbaum argues the U.S. only has authority to rename its portion of the continental shelf and warned of legal action unless Google reversed the change. The Guardian reports: "All we want is for the decree issued by the US government to be complied with," Sheinbaum said. "The US government only calls the portion of the US continental shelf the Gulf of America, not the entire gulf, because it wouldn't have the authority to name the entire gulf," she added. In response to Trump, Sheinbaum has cheekily suggested calling the United States "America Mexicana" -- Mexican America, pointing to a map dating back to before 1848, when one-third of her country was seized by the United States.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/2119217/mexico-sues-google-over-changing-gulf-of-mexicos-name-for-us-users?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Huawei has launched its first laptop running HarmonyOS instead of Windows, complete with AI features and support for over 2,000 mostly China-focused apps. The product is largely a result of U.S. sanctions that prevented U.S.-based companies like Google and Microsoft from doing business with Huawei, forcing the company to develop its own in-house solution. Liliputing reports: Early version of HarmonyOS were basically skinned version of Android, but over time Huawei has moved the two operating systems further apart and it now includes Huawei's own kernel, user interface, and other features. The version designed for laptops features a desktop-style operating system with a taskbar and dock on the bottom of the screen and support for multitasking by running multiple applications in movable, resizable windows.

Since this is 2025, of course Huawei's demos also heavily emphasize AI features: the company showed how Celia, its AI assistant, can summarize documents, help prepare presentation slides, and more. While the operating system won't support the millions of Windows applications that could run on older Huawei laptops, the company says that at launch it will support more than 2,000 applications including WPS Office (an alternative to Microsoft Office that's developed in China), and a range of Chinese social media applications.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/05/09/2125208/huawei-unveils-a-harmonyos-laptop-its-first-windows-free-computer?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Elizabeth Holmes has lost her bid to have the appeal of her 2022 fraud conviction reheard by the 9th Circuit Court of Appeals, leaving the U.S. Supreme Court as her final option. She and former Theranos executive Sunny Balwani remain liable for $452 million in restitution, while Holmes continues serving her 11-year sentence. CNBC reports: The 9th Circuit U.S. Court of Appeals denied Holmes' request for a rehearing before the original three-judge panel that upheld her conviction. At the same time, the court said no judge on the circuit court had asked for a vote on whether to have the full court rehear the appeal.

Holmes, 41, was sentenced in January 2023 to 11 years and 3 months in prison after being found guilty of four counts of wire fraud in January 2022. She was found guilty of deceiving investors about the capabilities of Theranos, the blood-testing company she founded in 2003. The company crumbled after a Wall Street Journal story outlined the firm's struggles and shut down in 2018.

[ Read more of this story ]( https://science.slashdot.org/story/25/05/09/2149209/court-unanimously-denies-theranos-founder-elizabeth-holmes-request-for-rehearing?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from Ars Technica: Using AI can be a double-edged sword, according to new research from Duke University. While generative AI tools may boost productivity for some, they might also secretly damage your professional reputation. On Thursday, the Proceedings of the National Academy of Sciences (PNAS) published a study showing that employees who use AI tools like ChatGPT, Claude, and Gemini at work face negative judgments about their competence and motivation from colleagues and managers. "Our findings reveal a dilemma for people considering adopting AI tools: Although AI can enhance productivity, its use carries social costs," write researchers Jessica A. Reif, Richard P. Larrick, and Jack B. Soll of Duke's Fuqua School of Business.

The Duke team conducted four experiments with over 4,400 participants to examine both anticipated and actual evaluations of AI tool users. Their findings, presented in a paper titled "Evidence of a social evaluation penalty for using AI," reveal a consistent pattern of bias against those who receive help from AI. What made this penalty particularly concerning for the researchers was its consistency across demographics. They found that the social stigma against AI use wasn't limited to specific groups. "Testing a broad range of stimuli enabled us to examine whether the target's age, gender, or occupation qualifies the effect of receiving help from Al on these evaluations," the authors wrote in the paper. "We found that none of these target demographic attributes influences the effect of receiving Al help on perceptions of laziness, diligence, competence, independence, or self-assuredness. This suggests that the social stigmatization of AI use is not limited to its use among particular demographic groups. The result appears to be a general one."

[ Read more of this story ]( https://slashdot.org/story/25/05/09/225245/ai-use-damages-professional-reputation-study-suggests?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Longtime Slashdot reader schwit1 shares a report from Earth.com: McDermitt Caldera in Oregon is attracting attention for what could be one of the largest lithium deposits ever identified in the United States. Many view it as a potential boost for domestic battery production, while local communities voice concern over the impact on wildlife and cultural sites. The excitement stems from estimates that value the deposit at about $1.5 trillion. Some geologists say these ancient volcanic sediments could contain between 20 and 40 million metric tons of lithium. The study is published in the journal Minerals.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/2210247/lithium-deposit-valued-at-15-trillion-discovered-in-oregon?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Нейт Грэм (Nate Graham), разработчик, занимающийся контролем качества в проекте KDE, опубликовал очередной отчёт о разработке KDE. Разработка ветки KDE Plasma 6.4, релиз которой намечен на 17 июня, переведена на стадию мягкой заморозки, при которой ограничен приём изменений с реализацией новых возможностей.

https://www.opennet.ru/opennews/art.shtml?num=63213

Организация GNOME Foundation, курирующая разработку среды рабочего стола GNOME, представила нового исполнительного директора. Исполнительный директор отвечает за управление и развитие GNOME Foundation как организацией, а также за взаимодействие с советом директоров, консультативным советом (Advisory Board) и членами организации. Новым руководителем утверждён Стивен Деобальд (Steven Deobald), являющийся пользователем GNOME c 2002 года и имеющий опыт развития бизнеса, организации совместной разработки и управления открытыми проектами, такими как XTDB и Endatabas. На посту руководителя Стивен намерен повысить прозрачность процессов, улучшить взаимодействие участников проекта и обеспечить финансовую устойчивость организации.

https://www.opennet.ru/opennews/art.shtml?num=63215

joshuark shares a report from Axios: Bill Gates, once the richest man in the world, vowed to give away "virtually all" of his wealth through the Gates Foundation over the next two decades. Then, the foundation will close its doors on Dec. 31, 2045. [...] Gates wrote in a Thursday Gates Notes essay that the original plan was to sunset the foundation several decades after he and his then-wife died. Now, Gates believes that a "shorter timeline" is feasible.

Gates pledged three "key aspirations" to guide the foundation's funding over the next two decades, which center on promoting child and maternal health and fighting infectious diseases and poverty. He emphasized that progress is not possible without government cooperation, as the U.S. and other nations slash their foreign aid budgets. "The reality is, we will not eradicate polio without funding from the United States," Gates wrote. It's unclear whether the world's richest countries will continue to stand up for its poorest people," Gates wrote. He added, "But the one thing we can guarantee is that, in all of our work, the Gates Foundation will support efforts to help people and countries pull themselves out of poverty."

[ Read more of this story ]( https://news.slashdot.org/story/25/05/09/2216249/bill-gates-plans-to-give-away-his-wealth-shutter-foundation-over-next-20-years?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:
- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550 - Linksys WRT320N, WRT310N, WRT610N - Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

[ Read more of this story ]( https://it.slashdot.org/story/25/05/09/2223226/police-dismantles-botnet-selling-hacked-routers-as-residential-proxies?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Google will pay $1.4 billion to the state of Texas, reports the Associated Press, "to settle claims the company collected users' data without permission, the state's attorney general announced Friday."

Attorney General Ken Paxton described the settlement as sending a message to tech companies that he will not allow them to make money off of "selling away our rights and freedoms."
"In Texas, Big Tech is not above the law." Paxton said in a statement. "For years, Google secretly tracked people's movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won...."

The state argued Google was "unlawfully tracking and collecting users' private data." Paxton claimed, for example, that Google collected millions of biometric identifiers, including voiceprints and records of face geometry, through such products and services as Google Photos and Google Assistant.

Google spokesperson José Castañeda said the agreement settles an array of "old claims," some of which relate to product policies the company has already changed. "We are pleased to put them behind us, and we will continue to build robust privacy controls into our services," he said in a statement. The company also clarified that the settlement does not require any new product changes.

Google's settlement with Texas "far surpasses any other state's claims for similar violations," according to a statement from their attorney general's office. "To date, no state has attained a settlement against Google for similar data-privacy violations greater than $93 million. Even a multistate coalition that included forty states secured just $391 million — almost a billion dollars less than Texas's recovery."
The statement calls the $1.375 billion settlement "a major win for Texans' privacy" that "tells companies that they will pay for abusing our trust."

[ Read more of this story ]( https://tech.slashdot.org/story/25/05/10/0430217/google-will-pay-14-billion-to-texas-to-settle-claims-it-collected-user-data-without-permission?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Adafruit's managing director Phillip Torrone is also long-time Slashdot reader ptorrone.

He stopped by Thursday to share what happened after a large portion of a recent import was subjected to a 125% +20% +25% import markup...

We're no stranger to tariff bills, although they have definitely ramped up over the last two months. However, this is our first "big bill"... Unlike other taxes like sales tax where we collect on behalf of the state and then submit it back at the end of the month — or income taxes, where we only pay if we are profitable — tariff taxes are paid before we sell any of the products. And they're due within a week of receipt, which has a big impact on cash flow.

In this particular case, we're buying from a vendor, not a factory, so we can't second-source the items. (And these particular products we couldn't manufacture ourselves even if we wanted to, since the vendor has well-deserved IP protections). And the products were booked & manufactured many months ago, before the tariffs were in place.

Since they are electronics products/components, there's a chance we may be able to request reclassification on some items to avoid the 125% "reciprocal" tariff, but there's no assurance that it will succeed, and even if it does, it is many, many months until we could see a refund.

We'll have to increase the prices on some of these products. But we're not sure if people will be willing to pay the higher cost, so we may well be "stuck" with unsellable inventory — that we have already paid a large fee on...

Their blog post even includes a photo of the DHL customs invoice with the five-digit duty fee...

Share your own stories and experiences in the comments. Any other Slashdot readers being affected by the new U.S. tariffs?

[ Read more of this story ]( https://yro.slashdot.org/story/25/05/10/0715216/high-tariffs-become-real-for-adafruit---with-their-first-36k-bill-just-for-import-duties?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shared this repost from the Washington Post:

It's becoming standard practice at a growing number of U.S. airports: When you reach the front of the security line, an agent asks you to step up to a machine that scans your face to check whether it matches the face on your identification card. Travelers have the right to opt out of the face scan and have the agent do a visual check instead — but many don't realize that's an option.

Sens. Jeff Merkley (D-Oregon) and John Neely Kennedy (R-Louisiana) think it should be the other way around. They plan to introduce a bipartisan bill that would make human ID checks the default, among other restrictions on how the Transportation Security Administration can use facial recognition technology. The Traveler Privacy Protection Act, shared with the Tech Brief on Wednesday ahead of its introduction, is a narrower version of a 2023 bill by the same name that would have banned the TSA's use of facial recognition altogether. This one would allow the agency to continue scanning travelers' faces, but only if they opt in, and would bar the technology's use for any purpose other than verifying people's identities. It would also require the agency to immediately delete the scans of general boarding passengers once the check is complete.
"Facial recognition is incredibly powerful, and it is being used as an instrument of oppression around the world to track dissidents whose opinion governments don't like," Merkley said in a phone interview Wednesday, citing China's use of the technology on the country's Uyghur minority. "It really creates a surveillance state," he went on. "That is a massive threat to freedom and privacy here in America, and I don't think we should trust any government with that power...."

[The TSA] began testing face scans as an option for people enrolled in "trusted traveler" programs, such as TSA PreCheck, in 2021. By 2022, the program quietly began rolling out to general boarding passengers. It is now active in at least 84 airports, according to the TSA's website, with plans to bring it to more than 400 airports in the coming years. The agency says the technology has proved more efficient and accurate than human identity checks. It assures the public that travelers' face scans are not stored or saved once a match has been made, except in limited tests to evaluate the technology's effectiveness.
The bill would also bar the TSA from providing worse treatment to passengers who refuse not to participate, according to FedScoop, and would also forbid the agency from using face-scanning technology to target people or conduct mass surveillance:

"Folks don't want a national surveillance state, but that's exactly what the TSA's unchecked expansion of facial recognition technology is leading us to," Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government's facial recognition program, said in a statement...

Earlier this year, the Department of Homeland Security inspector general initiated an audit of TSA's facial recognition program. Merkley had previously led a letter from a bipartisan group of senators calling for the watchdog to open an investigation into TSA's facial recognition plans, noting that the technology is not foolproof and effective alternatives were already in use.

[ Read more of this story ]( https://tech.slashdot.org/story/25/05/10/0547237/more-us-airports-are-scanning-faces-but-a-new-bill-could-limit-the-practice?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.

Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies:

The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?" Smith shrugged and shook his head. "Nothing special," he said. Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."

The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.

During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy."
"Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)

CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)

And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..."

CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

[ Read more of this story ]( https://it.slashdot.org/story/25/05/10/0656226/how-a-simple-question-tripped-up-a-north-korean-spy-interviewing-for-an-it-job?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Inspired by researchers who'd bribed people to use Microsoft's Bing for two weeks (and found some wanted to keep using it), a Washington Post tech columnist also tried it — and reported it "felt like quitting coffee."

"The first few days, I was jittery. I kept double searching on Google and DuckDuckGo, the non-Google web search engine I was using, to check if Google gave me better results. Sometimes it did. Mostly it didn't."

"More than two weeks into a test of whether I love Google search or if it's just a habit, I've stopped double checking. I don't have Google FOMO..."

I didn't do a fancy analysis into whether my search results were better with Google or DuckDuckGo, whose technology is partly powered by Bing. The researchers found our assessment of search quality is based on vibes. And the vibes with DuckDuckGo are perfectly fine. Many dozens of readers told me about their own satisfaction with non-Google searches...

For better or worse, DuckDuckGo is becoming a bit more Google-like. Like Google, it has ads that are sometimes misleading or irrelevant. DuckDuckGo and Bing also are mimicking Google's makeover from a place that mostly pointed you to the best links online to one that never wants you to leave Google... [DuckDuckGo] shows you answers to things like sports results and AI-assisted replies, though less often than Google does. (You can turn off AI "instant answers" in DuckDuckGo.) Answers at the top of search results pages can be handy — assuming they're not wrong or scams — but they have potential trade-offs. If you stop your search without clicking to read a website about sports news or gluten intolerance, those sites could die. And the web gets worse. DuckDuckGo says that people expect instant answers from search results, and it's trying to balance those demands with keeping the web healthy. Google says AI answers help people feel more satisfied with their search results and web surfing.

DuckDuckGo has one clear advantage over Google: It collects far less of your data. DuckDuckGo doesn't save what I search...
My biggest wariness from this search experiment is like the challenge of slowing climate change: Your choices matter, but maybe not that much. Our technology has been steered by a handful of giant technology companies, and it's difficult for individuals to alter that. The judge in the company's search monopoly case said Google broke the law by making it harder for you to use anything other than Google. Its search is so dominant that companies stopped trying hard to out-innovate and win you over. (AI could upend Google search. We'll see....) Despite those challenges, using Google a bit less and smaller alternatives more can make a difference. You don't have to 100 percent quit Google.

"Your experiment confirms what we've said all along," Google responded to the Washington Post. "It's easy to find and use the search engine of your choice."

Although the Post's reporter also adds that "I'm definitely not ditching other company internet services like Google Maps, Google Photos and Gmail." They write later that " You'll have to pry YouTube out of my cold, dead hands" and "When I moved years of emails from Gmail to Proton Mail, that switch didn't stick."

[ Read more of this story ]( https://tech.slashdot.org/story/25/05/10/0247242/i-broke-up-with-google-search-it-was-surprisingly-easy?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Though global sea levels "varied little" for the 2,000 years before the 20th century, CNN reports that sea levels then "started rising and have not stopped since — and the pace is accelerating."

And sea level rise "was unexpectedly high last year, according to a recent NASA analysis of satellite data."

More concerning, however, is the longer-term trend. The rate of annual sea level rise has more than doubled over the past 30 years, resulting in the global sea level increasing 4 inches since 1993. "It's like we're putting our foot on the gas pedal," said Benjamin Hamlington, a research scientist in the Sea Level and Ice Group at NASA's Jet Propulsion Laboratory. While other climate signals fluctuate, global sea level has a "persistent rise," he told CNN.

It spells trouble for the future. Scientists have a good idea how much average sea level will rise by 2050 — around 6 inches globally, and as much as 10 to 12 inches in the US. Past 2050, however, things get very fuzzy. "We have such a huge range of uncertainty," said Dirk Notz, head of sea ice at the University of Hamburg. "The numbers are just getting higher and higher and higher very quickly." The world could easily see an extra 3 feet of sea level rise by 2100, he told CNN; it could also take hundreds of years to reach that level. Scientists simply don't know enough yet to project what will happen.
What scientists are crystal clear about is the reason for the rise: human-caused global warming. Oceans absorb roughly 90% of the excess heat primarily produced by burning fossil fuels, and as water heats up it expands. Heat in the oceans and atmosphere is also driving melting of the Greenland and Antarctic ice sheets, which together hold enough fresh water to raise global sea levels by around 213 feet. Melting ice sheets have driven roughly two-thirds of longer-term sea level rise, although last year — the planet's hottest on record — the two factors flipped, making ocean warming the main driver. [SciTechDaily reports that between 2021 and 2023 the Antarctica ice sheet actually showed an overall increase in mass which exerted a negative contribution to sea level rise.]
It's likely that an increase of about 3 feet is already locked in, Notz said, because "we have pushed the system too hard." The big question is, how quickly will it happen? Ice sheets are the biggest uncertainty, as it's not clear how fast they'll react as the world heats up — whether they'll melt steadily or reach a tipping point and rapidly collapse... [I]t's still unclear how processes may unfold over the next decades and centuries. Antarctica is "the elephant in the room," he said. Alarming changes are unfolding on this vast icy continent, which holds enough water to raise levels by 190 feet.

Notz describes the ice sheet as an "awakening giant:" It takes a long time to wake up but once awake, "it's very, very difficult to put it back to sleep."

The article notes that U.S. coastlines "are tracking above global average and toward the upper end of climate model projections, NASA's Hamlington said." (The state of Louisiana has one of the highest rates of land loss in the world, with some places experiencing nearly 4x the global rate of relative sea level rise.) But it's not just a problem for America.

"Over the next three decades, islands such as Tuvalu, Kiribati and Fiji will experience at least 6 inches of sea level rise even if the world reduces planet-heating pollution, according to NASA....
"Entire villages in Fiji have been formally relocated," said Fijian activist George Nacewa, from climate group 350.org, "the incoming tides are flooding our roads and inundating our crops." However, if the pace accelerates rapidly, "it will be very, very difficult to adapt to, because things unfold too quickly," he said.

"Humans still have control over how fast sea level rises over the next decades and centuries by cutting emissions, Notz noted."

Thanks to long-time Slashdot reader RoccamOccam for sharing the news.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/10/0830239/sea-levels-rose-faster-than-expected-last-year-blame-global-warming---but-what-happens-next?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Chungin Lee used ChatGPT to help write the essay that got him into Columbia University — and then "proceeded to use generative artificial intelligence to cheat on nearly every assignment," reports New York magazine's blog Intelligencer:

As a computer-science major, he depended on AI for his introductory programming classes: "I'd just dump the prompt into ChatGPT and hand in whatever it spat out." By his rough math, AI wrote 80 percent of every essay he turned in. "At the end, I'd put on the finishing touches. I'd just insert 20 percent of my humanity, my voice, into it," Lee told me recently... When I asked him why he had gone through so much trouble to get to an Ivy League university only to off-load all of the learning to a robot, he said, "It's the best place to meet your co-founder and your wife."
He eventually did meet a co-founder, and after three unpopular apps they found success by creating the "ultimate cheat tool" for remote coding interviews, according to the article. "Lee posted a video of himself on YouTube using it to cheat his way through an internship interview with Amazon. (He actually got the internship, but turned it down.)" The article ends with Lee and his co-founder raising $5.3 million from investors for one more AI-powered app, and Lee says they'll target the standardized tests used for graduate school admissions, as well as "all campus assignments, quizzes, and tests. It will enable you to cheat on pretty much everything."

Somewhere along the way Columbia put him on disciplinary probation — not for cheating in coursework, but for creating the apps. But "Lee thought it absurd that Columbia, which had a partnership with ChatGPT's parent company, OpenAI, would punish him for innovating with AI." (OpenAI has even made ChatGPT Plus free to college students during finals week, the article points out, with OpenAI saying their goal is just teaching students how to use it responsibly.)

Although Columbia's policy on AI is similar to that of many other universities' — students are prohibited from using it unless their professor explicitly permits them to do so, either on a class-by-class or case-by-case basis — Lee said he doesn't know a single student at the school who isn't using AI to cheat. To be clear, Lee doesn't think this is a bad thing. "I think we are years — or months, probably — away from a world where nobody thinks using AI for homework is considered cheating," he said...
In January 2023, just two months after OpenAI launched ChatGPT, a survey of 1,000 college students found that nearly 90 percent of them had used the chatbot to help with homework assignments.

The article points out ChatGPT's monthly visits increased steadily over the last two years — until June, when students went on summer vacation.

"College is just how well I can use ChatGPT at this point," a student in Utah recently captioned a video of herself copy-and-pasting a chapter from her Genocide and Mass Atrocity textbook into ChatGPT.... It isn't as if cheating is new. But now, as one student put it, "the ceiling has been blown off." Who could resist a tool that makes every assignment easier with seemingly no consequences?

After using ChatGPT for their final semester of high school, one student says "My grades were amazing. It changed my life." So she continued used it in college, and "Rarely did she sit in class and not see other students' laptops open to ChatGPT."

One ethics professor even says "The students kind of recognize that the system is broken and that there's not really a point in doing this." (Yes, students are even using AI to cheat in ethics classes...)

It's not just the students: Multiple AI platforms now offer tools to leave AI-generated feedback on students' essays. Which raises the possibility that AIs are now evaluating AI-generated papers, reducing the entire academic exercise to a conversation between two robots — or maybe even just one.

[ Read more of this story ]( https://news.slashdot.org/story/25/05/10/2112201/is-everyone-using-ai-to-cheat-their-way-through-college?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Long-time Slashdot reader mbessey (a Mac/iOS developer) writes:

As we're coming up on the 50th anniversary of the first release of UCSD Pascal, I thought it would be interesting to poke around in it a bit, and work on some tools to bring this "portable operating system" back to life on modern hardware, in a modern language (Rust).

Wikipedia describes UCSD Pascal as "a version that ran on a custom operating system that could be ported to different platforms. A key platform was the Apple II, where it saw widespread use as Apple Pascal. This led to Pascal becoming the primary high-level language used for development in the Apple Lisa, and later, the Macintosh. Parts of the original Macintosh operating system were hand-translated into Motorola 68000 assembly language from the Pascal source code."

mbessey is chronicling their new project in a series of blog posts which begins here:

The p-System was not the first portable byte-code interpreter and compiler system — that idea goes very far back, at least to the origins of the Pascal language itself. But it was arguably one of the most-successful early versions of the idea and served as an inspiration for future portable software systems (including Java's bytecode, and Infocom's Z-machine).

And they've already gotten UCSD Pascal running in an emulator and built some tools (in Rust) to transfer files to disk images. Now they're working towards writing a p-machine emulator in Rust, which they can they port to "something other than the Mac. Ideally, something small â" like an Arduino or Raspberry Pi Pico."

[ Read more of this story ]( https://developers.slashdot.org/story/25/05/10/2148230/developer-tries-resurrecting-47-year-old-apple-pascal-and-its-p-system-in-rust?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Back in 2000, Slashdot founder CmdrTaco marked the 4th anniversary of Jennifer Ringley's pioneering "JenniCam" livestream (saying "It sure beats the Netscape FishCam. It's nuts how Jenni's little cam became such a fixture on The Internet...")

But a new article in the Washington Post remembers how "Once, Ringley looked directly into the camera and held a note in front of her eye. It read: 'I FEEL SO LONELY.'"
By 2003, Ringley had shut down the site and disappeared. She began declining interview requests, saying she was enjoying her privacy; her absence on social media continues to this day.
"But by then, the human zoo was everywhere," they write including "social media, where everyone could become a character in their own show." In 2007 Justin Kan launched Justin.TV, which eventually became Twitch, "a thrumming online city for anyone wanting to, as its slogan said, 'waste time watching other people waste time.'"

But the article also notes 2023 stats from the Bureau of Labor Statistics survey that found Americans"were spending far less time socializing than they had 20 years ago — especially 18-to-29-year-olds, who were spending two more hours a day alone." So how did this play out for the next generation of livestreaming influencers? Here's the origin story of "a lonely young woman in Texas" who's "streamed every second of her life for three years and counting."

One afternoon, her boyfriend told her to try Twitch, saying, as she recalled: "Your life sucks, you work at CVS, you have no friends. ... This could be helpful." In her first stream, on a Friday night, she played 3½ hours of "World of Warcraft" for her zero followers.

Eight years later...

Six hundred and forty-two people are watching when Emily tugs off her sleep mask to begin day No. 1,137 of broadcasting every hour of her life... On the live-streaming service Twitch, one of the world's most popular platforms, Emily is a legendary figure. For three years, she has ceaselessly broadcast her life — every birthday and holiday, every sickness and sleepless night, almost all of it alone. Her commitment has made her a model for success in the new internet economy, where authenticity and endurance are highly prized. It's also made her a good amount of money: $5.99 a month from thousands of subscribers each, plus donations and tips — minus Twitch's 30-to-40 percent cut.
But to get there, Emily, who agreed to be interviewed on the condition that her last name be withheld due to concerns of harassment, has devoted herself to a solitary life of almost constant stimulation. For three years, she has taken no sick days, gone on no vacations, declined every wedding invitation, had no sex. She has broadcast and self-narrated a thousand days of sleeping, driving and crying, lugging her camera backpack through the grocery store, talking through a screen to strangers she'll never meet. Her goal is to buy a house and get married by the age of 30, but she's 28 and says she's too busy to have a boyfriend. Her last date was seven years ago... But no one tells streamers when to record or when to stop. There are no labor codes, performance limits or regulations to keep the platforms from setting incentives impossibly high. Many streamers figure out the optimal strategy themselves: The more you share, the more successful you can be....

Though some Twitch stars are millionaires, most scramble to get by, buffeted by the vagaries of audience attention. Emily's paid-subscription count, which peaked last year at 22,000, has since slumped to around 6,000, dropping her base income to about $5,000 a month, according to estimates from the analytics firm Streams Charts... Sometimes Emily dreads waking up and clocking into the reality show that is her life. She knows staring at screens all night is unhealthy, and when she feels too depressed to stream, she'll stay in bed for hours while her viewers watch. But she worries that taking a break would be "career suicide," as she called it. Some viewers already complain that she showers too long, sleeps in too late, doesn't have enough fun...

She said she "used to show true sadness on stream" but doesn't anymore because it makes viewers uncomfortable. When she hits a breaking point now, she said, she closes herself in the bathroom.

[ Read more of this story ]( https://entertainment.slashdot.org/story/25/05/10/2334208/life-of-a-marathon-streamer-online-for-three-years-facing-isolation-and-burnout?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"The romantic partner of Theranos fraudster Elizabeth Holmes has launched a start-up that sounds eerily similar to the venture that landed his girlfriend behind bars," writes The Daily Beast.
He's incorporated "Haemanthus" in Delaware a year and a half ago (though the company operates out of his neighborhood in Austin), according to the New York Times. Haemanthus appears to have around 10 employees.

From The Daily Beast:
California hotel heir Billy Evans' new company is a blood-testing firm that markets itself as "the future of diagnostics," offering "a radically new approach to health testing," according to The New York Times. In other words, exactly what Theranos said it would do. Holmes is even advising the start-up from the Texas prison where she is serving out an 11-year prison sentence for fraud, sources told NPR... Evans has managed to raise nearly $20 million in funds from both friends and established investors in Austin and San Francisco, according to the investor materials.

The Times reports that Evan's company "plans to begin with testing pets for diseases before progressing to humans, according to two investors pitched on the company."

And TechCrunch reminds readers that Elizabeth Holmes said in a recent interview "that she remains 'completely committed to my dream of making affordable healthcare solutions available to everyone.'"

[ Read more of this story ]( https://science.slashdot.org/story/25/05/11/0147212/theranos-fraudsters-partner-launches-his-own-blood-testing-startup?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"The Overwatch 2 team at Blizzard has unionized," reports Kotaku:

That includes nearly 200 developers across disciplines ranging from art and testing to engineering and design. Basically anyone who doesn't have someone else reporting to them. It's the second wall-to-wall union at the storied game maker since the World of Warcraft team unionized last July... Like unions at Bethesda Game Studios and Raven Software, the Overwatch Gamemakers Guild now has to bargain for its first contract, a process that Microsoft has been accused of slow-walking as negotiations with other internal game unions drag on for years.
"The biggest issue was the layoffs at the beginning of 2024," Simon Hedrick, a test analyst at Blizzard, told Kotaku... "People were gone out of nowhere and there was nothing we could do about it," he said. "What I want to protect most here is the people...." Organizing Blizzard employees stress that improving their working conditions can also lead to better games, while the opposite — layoffs, forced resignations, and uncompetitive pay can make them worse....

"We're not just a number on an Excel sheet," [said UI artist Sadie Boyd]. "We want to make games but we can't do it without a sense of security." Unionizing doesn't make a studio immune to layoffs or being shuttered, but it's the first step toward making companies have a discussion about those things with employees rather than just shadow-dropping them in an email full of platitudes. Boyd sees the Overwatch union as a tool for negotiating a range of issues, like if and how generative AI is used at Blizzard, as well as a possible source of inspiration to teams at other studios.

"Our industry is at such a turning point," she said. "I really think with the announcement of our union on Overwatch...I know that will light some fires."

The article notes that other issues included work-from-home restrictions, pay disparities and changes to Blizzard's profit-sharing program, and wanting codified protections for things like crunch policies, time off, and layoff-related severance.

[ Read more of this story ]( https://games.slashdot.org/story/25/05/11/0328248/blizzards-overwatch-team-just-voted-to-unionize?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Спустя четыре года с момента прошлого обновления состоялся релиз.

https://www.opennet.ru/opennews/art.shtml?num=63217

"Login credentials belonging to an employee at both the Cybersecurity and Infrastructure Security Agency and the Department of Government Efficiency have appeared in multiple public leaks from info-stealer malware," reports Ars Technica, "a strong indication that devices belonging to him have been hacked in recent years."

As an employee of DOGE, [30-something Kyle] Schutt accessed FEMA's proprietary software for managing both disaster and non-disaster funding grants [to Dropsite News]. Under his role at CISA, he likely is privy to sensitive information regarding the security of civilian federal government networks and critical infrastructure throughout the U.S. According to journalist Micah Lee, user names and passwords for logging in to various accounts belonging to Schutt have been published at least four times since 2023 in logs from stealer malware... Besides pilfering login credentials, stealers can also log all keystrokes and capture or record screen output. The data is then sent to the attacker and, occasionally after that, can make its way into public credential dumps...

Lee went on to say that credentials belonging to a Gmail account known to belong to Schutt have appeared in 51 data breaches and five pastes tracked by breach notification service Have I Been Pwned. Among the breaches that supplied the credentials is one from 2013 that pilfered password data for 3 million Adobe account holders, one in a 2016 breach that stole credentials for 164 million LinkedIn users, a 2020 breach affecting 167 million users of Gravatar, and a breach last year of the conservative news site The Post Millennial.

The credentials may have been exposed when service providers were compromised, the article points out, but the "steady stream of published credentials" is "a clear indication that the credentials he has used over a decade or more have been publicly known at various points.

"And as Lee noted, the four dumps from stealer logs show that at least one of his devices was hacked at some point."

Thanks to Slashdot reader gkelley for sharing the news.

[ Read more of this story ]( https://yro.slashdot.org/story/25/05/11/0451222/cisadoge-software-engineers-login-credentials-appeared-in-multiple-leaks-from-info-stealing-malware-in-recent-years?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Некоммерческая организация OpenSearch Software Foundation, контролируемая Linux Foundation, опубликовала релиз проекта OpenSearch 3.0, развивающего форк платформы поиска, анализа и хранения данных Elasticsearch и web-интерфейса Kibana. В разработке форка принимают участие такие компании, как Amazon, SAP, Uber, Aryn, Atlassian, Canonical, DigitalOcean и NetAp. Код распространяется под лицензией Apache 2.0.

https://www.opennet.ru/opennews/art.shtml?num=63218

Slashdot reader BrianFagioli writes:

The new Nintendo Switch 2 is almost here. Next month, eager fans will finally be able to get their hands on the highly anticipated follow-up to the wildly popular hybrid console. But before you line up (or frantically refresh your browser for a preorder), you might want to read the fine print, because Nintendo might be able to kill your console.

Yes, really. That's not just speculation, folks. According to its newly updated user agreement, Nintendo has granted itself the right to make your Switch 2 "permanently unusable" if you break certain rules. Yes, the company might literally brick your device. Buried in the legalese is a clause that says if you try to bypass system protections, modify software, or mess with the console in a way that's not approved, Nintendo can take action. And that action could include completely disabling your system.

The exact wording makes it crystal clear: Nintendo may "render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part...." [T]o be fair, this is probably targeted at people who reverse engineer the system or install unauthorized software — think piracy, modding, cheating, and the like. But the broad and vague nature of the language leaves a lot of room for interpretation. Who decides what qualifies as "unauthorized use"? Nintendo does.

Nintendo's verbiage says users must agree "without limitation" not to...

Publish, copy, modify, reverse engineer, lease, rent, decompile, disassemble, distribute, offer for sale, or create derivative works
Obtain, install or use any unauthorized copies of Nintendo Account Services

Exploit the Nintendo Account Services in any manner other than to use them in accordance with the applicable documentation and intended use [unless "otherwise expressly permitted by applicable law."]
Bypass, modify, decrypt, defeat, tamper with, or otherwise circumvent any of the functions or protections... including through the use of any hardware or software that would cause the Nintendo Account Services to operate other than in accordance with its documentation and intended use
"...if you fail to comply with the foregoing restrictions Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part."

[ Read more of this story ]( https://games.slashdot.org/story/25/05/11/0351246/nintendo-can-render-your-switch-2-permanently-unusable-if-you-break-their-rules?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Exposure-management company Tenable recently discussed how the MCP tool-interfacing framework for AI can be "manipulated for good, such as logging tool usage and filtering unauthorized commands." (Although "Some of these techniques could be used to advance both positive and negative goals.")

Now an anonymous Slashdot reader writes: In a demonstration video put together by security researcher Seth Fogie, an AI client given a simple prompt to 'Scan and exploit' a web server leverages various connected tools via MCP (nmap, ffuf, nuclei, waybackurls, sqlmap, burp) to find and exploit discovered vulnerabilities without any additional user interaction

As Tenable illustrates in their MCP FAQ, "The emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns." With over 12,000 MCP servers and counting, what does this all lead to and when will AI be connected enough for a malicious prompt to cause serious impact?

[ Read more of this story ]( https://it.slashdot.org/story/25/05/11/0027236/can-an-mcp-powered-ai-client-automatically-hack-a-web-server?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Fast Company's "AI Decoded" newsletter makes the case that the first "killer app" for generative AI... is coding.

Tools like Cursor and Windsurf can now complete software projects with minimal input or oversight from human engineers... Naveen Rao, chief AI officer at Databricks, estimates that coding accounts for half of all large language model usage today. A 2024 GitHub survey found that over 97% of developers have used AI coding tools at work, with 30% to 40% of organizations actively encouraging their adoption.... Microsoft CEO Satya Nadella recently said AI now writes up to 30% of the company's code. Google CEO Sundar Pichai echoed that sentiment, noting more than 30% of new code at Google is AI-generated.

The soaring valuations of AI coding startups underscore the momentum. Anysphere's Cursor just raised $900 million at a $9 billion valuation — up from $2.5 billion earlier this year. Meanwhile, OpenAI acquired Windsurf (formerly Codeium) for $3 billion. And the tools are improving fast. OpenAI's chief product officer, Kevin Weil, explained in a recent interview that just five months ago, the company's best model ranked around one-millionth on a well-known benchmark for competitive coders — not great, but still in the top two or three percentile. Today, OpenAI's top model, o3, ranks as the 175th best competitive coder in the world on that same test. The rapid leap in performance suggests an AI coding assistant could soon claim the number-one spot. "Forever after that point computers will be better than humans at writing code," he said...

Google DeepMind research scientist Nikolay Savinov said in a recent interview that AI coding tools will soon support 10 million-token context windows — and eventually, 100 million. With that kind of memory, an AI tool could absorb vast amounts of human instruction and even analyze an entire company's existing codebase for guidance on how to build and optimize new systems. "I imagine that we will very soon get to superhuman coding AI systems that will be totally unrivaled, the new tool for every coder in the world," Savinov said.

[ Read more of this story ]( https://developers.slashdot.org/story/25/05/11/0623242/what-happens-if-ai-coding-keeps-improving?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver," reports The Hacker News:

Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint.

The vulnerability was first flagged by ReliaQuest late last month when it found the shortcoming being abused in real-world attacks by unknown threat actors to drop web shells and the Brute Ratel C4 post-exploitation framework. According to [SAP cybersecurity firm] Onapsis, hundreds of SAP systems globally have fallen victim to attacks spanning industries and geographies, including energy and utilities, manufacturing, media and entertainment, oil and gas, pharmaceuticals, retail, and government organizations. Onapsis said it observed reconnaissance activity that involved "testing with specific payloads against this vulnerability" against its honeypots as far back as January 20, 2025. Successful compromises in deploying web shells were observed between March 14 and March 31.
"In recent days, multiple threat actors are said to have jumped aboard the exploitation bandwagon to opportunistically target vulnerable systems to deploy web shells and even mine cryptocurrency..."

Thanks to Slashdot reader bleedingobvious for sharing the news.

[ Read more of this story ]( https://it.slashdot.org/story/25/05/11/0544252/chinese-hackers-exploit-sap-netweaver-rce-flaw?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

"When Rust developers think of us C++ folks, they picture a cursed bloodline," writes professional game developer Mamadou Babaei (also a *nix enthusiast who contributes to the FreeBSD Ports collection). "To them, every line of C++ we write is like playing Russian Roulette — except all six chambers are loaded with undefined behavior."
But you know what? We don't need a compiler nanny. No borrow checker. No lifetimes. No ownership models. No black magic. Not even Valgrind is required. Just raw pointers, raw determination, and a bit of questionable sanity.

He's created a video on "how to hunt down memory leaks like you were born with a pointer in one hand and a debugger in the other." (It involves using a memory leak tracker — specifically, Visual Studio's _CrtDumpMemoryLeaks, which according to its documentation "dumps all the memory blocks in the debug heap when a memory leak has occurred," identifying the offending lines and pointers.)

"If that sounds unreasonably dangerous — and incredibly fun... let's dive into the deep end of the heap."

"The method is so easy, it renders Rust's memory model (lifetimes, ownership) and the borrow checker useless!" writes Slashdot reader NuLL3rr0r. Does anybody agree with him? Share your own experiences and reactions in the comments.
And how do you feel about Rust's "borrow-checking compiler nanny"?

[ Read more of this story ]( https://developers.slashdot.org/story/25/05/11/1759213/who-needs-rusts-borrow-checking-compiler-nanny-c-devs-arent-helpless?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

OpenAI is currently in "a tough negotiation" with Microsoft, the Financial Times reports, citing "one person close to OpenAI."

On the road to building artificial general intelligence, OpenAI hopes to unlock new funding (and launch a future IPO), according to the article, which says both sides are at work "rewriting the terms of their multibillion-dollar partnership in a high-stakes negotiation...."

Microsoft, meanwhile, wants to protect its access to OpenAI's cutting-edge AI models...

[Microsoft] is a key holdout to the $260bn start-up's plans to undergo a corporate restructuring that moves the group further away from its roots as a non-profit with a mission to develop AI to "benefit humanity". A critical issue in the deliberations is how much equity in the restructured group Microsoft will receive in exchange for the more than $13bn it has invested in OpenAI to date.

According to multiple people with knowledge of the negotiations, the pair are also revising the terms of a wider contract, first drafted when Microsoft first invested $1bn into OpenAI in 2019. The contract currently runs to 2030 and covers what access Microsoft has to OpenAI's intellectual property such as models and products, as well as a revenue share from product sales. Three people with direct knowledge of the talks said Microsoft is offering to give up some of its equity stake in OpenAI's new for-profit business in exchange for accessing new technology developed beyond the 2030 cut off...

Industry insiders said a failure of OpenAI's new plan to make its business arm a public benefits corporation could prove a critical blow. That would hit OpenAI's ability to raise more cash, achieve a future float, and obtain the financial resources to take on Big Tech rivals such as Google. That has left OpenAI's future at the mercy of investors, such as Microsoft, who want to ensure they gain the benefit of its enormous growth, said Dorothy Lund, professor of law at Columbia Law School.
Lund says OpenAI's need for investors' money means they "need to keep them happy." But there also appears to be tension from how OpenAI competes with Microsoft (like targeting its potential enterprise customers with AI products). And the article notes that OpenAI also turned to Oracle (and SoftBank) for its massive AI infrastructure project Stargate. One senior Microsoft employee complained that OpenAI "says to Microsoft, 'give us money and compute and stay out of the way: be happy to be on the ride with us'. So naturally this leads to tensions. To be honest, that is a bad partner attitude, it shows arrogance."

The article's conclusion? Negotiating new deal is "critical to OpenAI's restructuring efforts and could dictate the future of a company..."

[ Read more of this story ]( https://slashdot.org/story/25/05/11/1854234/openai-enters-tough-negotiation-with-microsoft-hopes-to-raise-money-with-ipo?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Whoop fitness trackers had promised free upgrades to anyone who'd been a member for at least six months — and then reneged. "After customers began complaining, the company responded with a Reddit post, according to a report from TechCrunch:

Now, anyone with more than 12 months remaining on their subscription is eligible for a free upgrade to Whoop 5.0 (or a refund if they've already paid the fee). And customers with less than 12 months can extend their subscription to get the upgrade at no additional cost.
Whoop acknowledged that they'd previously said anyone who'd been a member for six months would receive a free upgrade. Friday they described that blog article as "incorrect". ("This was never our policy and should never have been posted... We removed that blog article... We're sorry for any confusion this may have caused.")
TechCrunch explains:
While the company said it's making these changes because it "heard your feedback," it also suggested that its apparent stinginess was tied to its transition from a [2021] model focused on monthly or six-month subscription plans to one where it only offers 12- and 24-month subscriptions...

There's been a mixed response to these changes on the Whoop subreddit, with one moderator describing it as a "win for the community." Other posters were more skeptical, with one writing, "You don't publish a policy by accident and keep it up for years. Removing it after backlash doesn't erase the fact [that] it is real."

Other changes announced by Whoop:

"If you purchased or renewed a WHOOP 4.0 membership in the last 30 days before May 8, your upgrade fee will be automatically waived at checkout..."
"If you've already upgraded to WHOOP 5.0 on Peak and paid a one-time upgrade fee despite having more than 12 months remaining, we'll refund that fee."
"Thank you for your feedback. We remain committed to delivering the best technology, experience, and value to our community."

[ Read more of this story ]( https://it.slashdot.org/story/25/05/11/1959255/whoop-promises-free-upgrades---but-some-users-will-have-to-pay-to-extend-their-subscriptions?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Состоялся релиз консольной программы для чтения новостных лент Newsraft 0.30, поддерживающей форматы RSS и Atom. Newsraft предназначен для получения контента из различных блогов и платформ, и его просмотра через единый интерфейс, построенный на базе библиотеки ncurses. Проект вдохновлён идеями программы Newsboat, однако является самостоятельной разработкой и представляется его легковесным аналогом.

https://www.opennet.ru/opennews/art.shtml?num=63219

18 years ago Slashdot covered the creation of Spaceport America.
Today Space.com hails it as "the first purpose-built commercial spaceport in the world." But engineer/executive director Scott McLaughlin has plans to grow even more.

Already home to an array of commercial space industry tenants, such as Virgin Galactic, SpinLaunch, Up Aerospace, and Prismatic, Spaceport America is a "rocket-friendly environment of 6,000 square miles of restricted airspace, low population density, a 12,000-foot by 200-foot runway, vertical launch complexes, and about 340 days of sunshine and low humidity," the organization boasts on its website...

Space.com: What changes do you see that make Spaceport America even more viable today?

McLaughlin: I think opening ourselves up to doing different kinds of work. We're more like a civilian test range now. We've got high-altitude UAVs [Unmanned Aerial Vehicles]. We're willing to do engine production. We believe we're about to sign a data center, one that's able to provide services to our customers who want low-latency, artificial intelligence, or high-powered computing. You'll be able to rent some virtual machines and do your own thing and have it be instantaneous at the spaceport. So I think being more broadminded about what we can do at the spaceport is helping generate customers and revenue...

Our goal is to see Virgin Galactic fly in a year or so, hopefully flying twice a week, and that will have a big impact on the spaceport... [W]e're trying to be open-minded as we're partnered with White Sands Missile Range to use that airspace. We're even looking at things like an electromagnetic pulse facility. It's a customer that I can't identify yet... We are working on a "reentry" license too. We recently discussed this with specialists and we think we have a site relatively close to the spaceport that's flat and free of mesquite bushes and such, so we can do capsule return and other types of return. And of course we have the runway. So I'd think we'd be the only spaceport that does vertical and horizontal launch and reentry....

We're never going to have the throughput that the Cape in Florida has. But we'll be a good alternative especially if you're going to do a small to medium-sized launch, and you need to do it quickly, and perhaps do it more securely than you would if you were to fly over water. That's why the Department of Defense is showing interest in the inland spaceport.

[ Read more of this story ]( https://science.slashdot.org/story/25/05/11/2040256/how-spaceport-america-will-grow?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Cybersecurity researchers have flagged three malicious npm packages that target the macOS version of AI-powered code-editing tool Cursor, reports The Hacker News:

"Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's main.js file, and disable auto-updates to maintain persistence," Socket researcher Kirill Boychenko said. All three packages continue to be available for download from the npm registry. "Aiide-cur" was first published on February 14, 2025...

In total, the three packages have been downloaded over 3,200 times to date.... The findings point to an emerging trend where threat actors are using rogue npm packages as a way to introduce malicious modifications to other legitimate libraries or software already installed on developer systems... "By operating inside a legitimate parent process — an IDE or shared library — the malicious logic inherits the application's trust, maintains persistence even after the offending package is removed, and automatically gains whatever privileges that software holds, from API tokens and signing keys to outbound network access," Socket told The Hacker News.
"This campaign highlights a growing supply chain threat, with threat actors increasingly using malicious patches to compromise trusted local software," Boychenko said.

The npm packages "restart the application so that the patched code takes effect," letting the threat actor "execute arbitrary code within the context of the platform."

[ Read more of this story ]( https://developers.slashdot.org/story/25/05/11/2222257/over-3200-cursor-users-infected-by-malicious-credential-stealing-npm-packages?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Fusion energy "took one step closer to reality," announced the University of Texas at Austin, as their researchers joined with a team from Los Alamos National Laboratory and Type One Energy Group and "solved a longstanding problem in the field" — how to contain high-energy particles inside fusion reactors.

When high-energy alpha particles leak from a reactor, that prevents the plasma from getting hot and dense enough to sustain the fusion reaction. To prevent them from leaking, engineers design elaborate magnetic confinement systems, but there are often holes in the magnetic field, and a tremendous amount of computational time is required to predict their locations and eliminate them. In their paper published in Physical Review Letters, the research team describes having discovered a shortcut that can help engineers design leak-proof magnetic confinement systems 10 times as fast as the gold standard method, without sacrificing accuracy... "What's most exciting is that we're solving something that's been an open problem for almost 70 years," said Josh Burby, assistant professor of physics at UT and first author of the paper. "It's a paradigm shift in how we design these reactors...."
This new method also can help with a similar but different problem in another popular magnetic fusion reactor design called a tokamak. In that design, there's a problem with runaway electrons — high-energy electrons that can punch a hole in the surrounding walls. This new method can help identify holes in the magnetic field where these electrons might leak.

[ Read more of this story ]( https://hardware.slashdot.org/story/25/05/11/239203/researchers-just-solved-a-big-70-year-old-problem-for-fusion-energy?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

An anonymous reader shared this report from the Verge:

This morning, while summarizing an Apple "product blitz" he expects for 2027, Bloomberg's Mark Gurman writes in his Power On newsletter that Apple is planning a "mostly glass, curved iPhone" with no display cutouts for that year, which happens to be the iPhone's 20th anniversary... [T]he closest hints are probably in Apple patents revealed over the years, like one from 2019 that describes a phone encased in glass that "forms a continuous loop" around the device.

Apart from a changing iPhone, Gurman describes what sounds like a big year for Apple. He reiterates past reports that the first foldable iPhone should be out by 2027, and that the company's first smart glasses competitor to Meta Ray-Bans will be along that year. So will those rumored camera-equipped AirPods and Apple Watches, he says. Gurman also suggests that Apple's home robot — a tabletop robot that features "an AI assistant with its own personality" — will come in 2027...

Finally, Gurman writes that by 2027 Apple could finally ship an LLM-powered Siri and may have created new chips for its server-side AI processing.

Earlier this week Bloomberg reported that Apple is also "actively looking at" revamping the Safari web browser on its devices "to focus on AI-powered search engines." (Apple's senior VP of services "noted that searches on Safari dipped for the first time last month, which he attributed to people using AI.")

[ Read more of this story ]( https://apple.slashdot.org/story/25/05/11/2355205/apples-iphone-plans-for-2027-foldable-or-glass-and-curved-plus-smart-glasses-tabletop-robot?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

It's been a mobile-only game for decades. Then a little more than a week ago Infinity Nikkireleased its 1.5 update (which introduced multiplayer and customization options) and launched the game on Steam.

But it "didn't go over as planned," writes the worker-owned gaming site Aftermath, citing some very negative reactions on Reddit. (Some players say that in response the game's publisher is now even censoring the word "boycott" on its official forums and community spaces...)

Infinity Nikki players were immediately incensed by a bevy of bugs and general game instability, and made even more angry by several baffling changes to both the story and its monetization structure... Players globally are vowing to stay off the game until Infold Games addresses their concerns, including at least one Infinity Nikki creator who is part of the game's partner program... [T]he Chinese Infinity Nikki community — as well as others — has been flooding Steam with negative reviews of the game... [T]he complaints are also impacting Infinity Nikki's review score on the Google Play Store... The company said it's working to fix the patch's performance issues, which have caused game-breaking bugs for some players....

[T]he Infinity Nikki team also gave players some free currency, but there's been problems there, too: Players say Infold had a bug in this distribution, which awarded players too much free currency. Instead of letting players keep that — it was Infold's mistake, after all — they deducted the currency, some of which players had already spent, putting them in the negative. But the community is looking for more from the studio; it wants an acknowledgement of the "dumpster fire" of a situation, as one Infinity Nikki player told Aftermath, but also wants some of the biggest problems reversed... Beyond the problematic monetization strategy, players Aftermath spoke with said they're also pissed off at a major change to the start of the game... Infold Games removed the game's original start with the update; the new intro drops players into Infinity Nikki with little context and a new, unexplained character who is supposed to be a guide as Nikki is dropped into intergalactic limbo.
While the spend-to-upgrade-your-character model has always been inherently predatory, as one player put it, the new update pushed the system "much too far for a lot of players," according to the article — "something made more egregious by the numerous bugs and strange gameplay changes." The article now describes some players as "upset that the trust they've given Infold Games thus far has been broken."

"Infold Games has not responded to a request for comment."

[ Read more of this story ]( https://games.slashdot.org/story/25/05/12/0042210/videogames-players-launch-boycott-over-bugs-story-changes-monetization?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликован релиз видеоредактора Shotcut 25.05, развиваемого автором проекта MLT и использующего данный фреймворк для редактирования видео. Поддержка форматов видео и звука реализована через FFmpeg. Возможно использование плагинов с реализацией видео и аудио эффектов, совместимых с Frei0r и LADSPA. Из особенностей Shotcut можно отметить возможность многотрекового редактирования с компоновкой видео из фрагментов в различных исходных форматах, без необходимости их предварительного импортирования или перекодирования. Имеются встроенные средства для создания скринкастов, обработки изображения с web-камеры и приёма потокового видео. Код написан на C++ с использованием фреймворка Qt и распространяется под лицензией GPLv3. Готовые сборки доступны для Linux (AppImage, flatpak и snap), macOS и Windows.

https://www.opennet.ru/opennews/art.shtml?num=63221

Проект Planka, предлагающий запускаемый на собственном оборудовании сервис канбан-доски для организации командной работы и отслеживания задач, перешёл на несвободную лицензию. Изначально проект использовал лицензию Expat/MIT, в 2023 году перешёл на лицензию AGPLv3, а теперь задействовал несвободную лицензию "Fair Use License", основанную на "Sustainable Use License". Смена лицензии произведена во втором кандидате в релизы Planka 2.0, таким образом ветка 2.0 будет проприетарной.

https://www.opennet.ru/opennews/art.shtml?num=63220

Основатель и главный разработчик проекта curl Дэниэл Стенберг (Daniel Stenberg)
обратил внимание на проблему массовой отправки сообщений об уязвимостях, созданных LLM через платформу [ HackerOne ]( https://www.hackerone.com/ ) .
Подобные сообщения перегружают разработчиков, так как для их проверки необходимо
время, которое несравнимо с тем временем, которое нужно для создания подобных отчётов при помощи LLM.

В качестве примера такого сообщения он опубликовал один из таких отчётов - [ #3125832 ]( https://hackerone.com/reports/3125832 ) .
Первоначальный патч в нём не подходит ни к одной версии утилиты, для которой он сделан.
На уточняющие вопросы от разработчиков его автор отвечал на не заданные вопросы (например, что такое циклическая зависимость),
приводил примеры несуществующих функций в утилите и
давал инструкции, как использовать git для применения патча.

В ответ на увеличение количества таких сообщений Дэниэл Стенберг предупредил,
что теперь авторам необходимо будет отвечать на вопрос «использовался ли AI при его создании»
и быть готовыми к дополнительным вопросам, чтобы доказать, что автор действительно проверил результат.
Так же любой автор, заподозренный в отправке сообщений, которые можно классифицировать как «AI slop»
(низкокачественный контент, сгенерированный LLM)
будет немедленно забанен.

Дэниэл Стенберг отмечает, что на данный момент у них нет ни одного примера полезного
сообщения об уязвимости, созданного при помощи AI.

Ранее Дэниэл Стенберг уже писал об этой проблеме в своём [ блоге ]( https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ ) .
Так же о похожей ситуации [ сообщал ]( https://sethmlarson.dev/slop-security-reports )
Сэт Ларсон (Seth Larson), разработчик из security team в Python Software Foundation.

https://www.linux.org.ru/news/security/17963898

Business Insider tells the story in three bullet points:
- Big Tech companies depend on content made by others to train their AI models.
- Some of those creators say using their work to train AI is copyright infringement.
- The U.S. Copyright Office just published a report that indicates it may agree.

The office released on Friday its latest in a series of reports exploring copyright laws and artificial intelligence. The report addresses whether the copyrighted content AI companies use to train their AI models qualifies under the fair use doctrine. AI companies are probably not going to like what they read...

AI execs argue they haven't violated copyright laws because the training falls under fair use. According to the U.S. Copyright Office's new report, however, it's not that simple. "Although it is not possible to prejudge the result in any particular case, precedent supports the following general observations," the office said. "Various uses of copyrighted works in AI training are likely to be transformative. The extent to which they are fair, however, will depend on what works were used, from what source, for what purpose, and with what controls on the outputs — all of which can affect the market."

The office made a distinction between AI models for research and commercial AI models. "When a model is deployed for purposes such as analysis or research — the types of uses that are critical to international competitiveness — the outputs are unlikely to substitute for expressive works used in training," the office said. "But making commercial use of vast troves of copyrighted works to produce expressive content that competes with them in existing markets, especially where this is accomplished through illegal access, goes beyond established fair use boundaries."

The report says outputs "substantially similar to copyrighted works in the dataset" are less likely to be considered transformative than when the purpose "is to deploy it for research, or in a closed system that constrains it to a non-substitutive task."

"A day after the office released the report, President Donald Trump fired its director, Shira Perlmutter, a spokesperson told Business Insider."

[ Read more of this story ]( https://yro.slashdot.org/story/25/05/12/0425233/us-copyright-office-to-ai-companies-fair-use-isnt-commercial-use-of-vast-troves-of-copyrighted-works?utm_source=atom1.0moreanon&utm_medium=feed ) at Slashdot.

Опубликован выпуск проекта Dropbear 2025.88, развивающего сервер и клиент SSH, получивший распространение в беспроводных маршрутизаторах и компактных дистрибутивах, подобных OpenWrt. В новой версии устранена уязвимость (CVE-2025-47203) в реализации SSH-клиента (программа dbclient), позволяющая выполнить shell-команды при обработке специально оформленного имени хоста. Уязвимость вызвана отсутсвием экранирования спецсимволов в имени хоста и использованием командного интерпретатора при запуске команд в режиме multihop (несколько хостов, разделённых запятой). Уязвимость представляет опасность для систем, запускающих dbclient с непроверенным именем хоста.

https://www.opennet.ru/opennews/art.shtml?num=63223