Feed aggregator

Today, we’re announcing Google’s first offshore wind power purchase agreement (PPA) in Taiwan — which represents our first in Asia Pacific.Google will purchase renewable…

Researchers have uncovered a new supply chain attack called Slopsquatting, where threat actors exploit hallucinated, non-existent package names generated by AI coding tools like GPT-4 and CodeLlama. These believable yet fake packages, representing almost 20% of the samples tested, can be registered by attackers to distribute malicious code. CSO Online reports: Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user's mistake, as in typosquats, threat actors rely on an AI model's mistake. A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes. Open-source models -- like DeepSeek and WizardCoder -- hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4. Researchers found CodeLlama ( hallucinating over a third of the outputs) to be the worst offender, and GPT-4 Turbo ( just 3.59% hallucinations) to be the best performer. These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable. When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run. The study concluded that this persistence indicates "that the majority of hallucinations are not just random noise, but repeatable artifacts of how the models respond to certain prompts." This increases their value to attackers, it added. Additionally, these hallucinated package names were observed to be "semantically convincing." Thirty-eight percent of them had moderate string similarity to real packages, suggesting a similar naming structure. "Only 13% of hallucinations were simple off-by-one typos," Socket added. The research can found be in a paper on arXiv.org (PDF).

Read more of this story at Slashdot.

Airbnb is rolling out a global update that displays the total cost of a stay upfront in search results. The only fee that won't be included are taxes. The Verge reports: The company first started showing the full price of its listings in some locations in 2019 after facing scrutiny from the European Union over how it displays its fees. It later launched a toggle in the US and hundreds of other countries that shows the total cost of a stay across Airbnb's search results, individual listings pages, and other areas of the platform. Airbnb says nearly 17 million people have used the toggle since its launch in 2022, and now, you won't have to worry about turning the option on when making a search. Instead, you'll now see a banner at the very top of your search results that says, "Prices include all fees."

Read more of this story at Slashdot.

Microsoft is intensifying performance scrutiny through new policies that target underperforming employees, according to an internal email from Chief People Officer Amy Coleman. The company has introduced a formalized Performance Improvement Plan (PIP) system that gives struggling employees two options: accept improvement targets or exit the company with a Global Voluntary Separation Agreement. The policy establishes a two-year rehire blackout period for employees who leave with low performance ratings (zero to 60% in Microsoft's 0-200 scale) or during a PIP process. These employees are also barred from internal transfers while still at the company. Coming months after Microsoft terminated 2,000 underperformers without severance, the company is also developing AI-supported tools to help managers "prepare for constructive or challenging conversations" through interactive practice environments. "Our focus remains on enabling high performance to achieve our priorities spanning security, quality, and leading AI," Coleman wrote, emphasizing that these changes aim to create "a globally consistent and transparent experience" while fostering "accountability and growth."

Read more of this story at Slashdot.

CATL has unveiled a second-generation Shenxing battery capable of delivering a 520km range in just five minutes of charging, surpassing BYD's recent breakthrough and positioning both Chinese firms ahead of Western rivals in EV battery tech. The battery manufacturer also introduced a sodium-ion battery called Naxtra, offering up to 500km range for EVs and potential to diversify global energy resources. The Financial Times reports: The claims by the Chinese battery groups would put them ahead of major western rivals. At present, Tesla vehicles can be charged up to 200 miles (321km) in added range in 15 minutes, while Germany's Mercedes-Benz recently launched its all-electric CLA compact sedan, which can be charged for up to 325km within 10 minutes using a fast-charging station. [...] The second generation of the Shenxing battery, which boasts a range of 800km on one charge, can achieve a peak charging speed of 2.5km per second, the company said at a media event ahead of this week's Shanghai auto show. "We look forward to collaborating with more industry leaders to push the limits of supercharging through true innovation," said CATL's chief technology officer Gao Huan, adding that he wanted the new batteries to become "the standard for electric vehicles." Analysts at Bernstein said the latest progress meant that charging speeds had more than doubled in the past year and "increased tenfold over the past 3-4 years." Huan said the new Shenxing battery would be installed in more than 67 EV models this year. He later told reporters that energy density would not be sacrificed as a trade-off for fast charging. During its tech day, CATL also unveiled its new sodium-ion battery, which it said would go into mass production in December. The battery brand called Naxtra is able to give a range of about 200km for a hybrid vehicle and 500km for an electric vehicle, according to Huan. [...] At the event, Huan claimed the new sodium-ion battery would enable the industry's shift from "single resource dependence" to "energy freedom" and reshape the global energy landscape. He added that he was in discussions with several companies about using sodium-ion batteries in their vehicles.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Tom's Hardware: While most people enjoy PCs that are powered by SSDs, mechanical hard drives are still king in the datacenter. When these drives reach the end of their useful lives, they are usually shredded, and the key materials they're made of -- including several rare earth elements (REE) -- end up as e-waste. At the same time, countries are mining these same materials and emitting a lot of greenhouse gases in the process. And China, a major source of REE, recently announced export restrictions on seven of them, potentially limiting the U.S. tech industry's access to materials such as dysprosium, which is necessary for magnetic storage, motors, and generators. [On Thursday], Western Digital announced that it has created a large-scale hard disk drive recycling program in concert with Microsoft and recycling-industry partners CMR (Critical Materials Recycling) and PedalPoint Recycling. The new process reclaims Rare Earth Oxides (REO) containing dysprosium, neodymium, and praseodymium from hard drives, along with aluminum, steel, gold, palladium, and copper. The REO reclamation takes place completely within the U.S. and those materials go back into the U.S. market. Dubbed the Advanced Recycling and Rare Earth Material Capture Program, WD's initiative has already saved 47,000 pounds worth of hard drives, SSDs, and caddies from landfills or less-effective recycling programs. WD was able to achieve a more than 90% reclaim rate for REE and an 80% rate for all of the shredded material. The drives came from Microsoft's U.S. data centers where they were first shredded and then sent to PedalPoint for sorting and processing. Magnets and steel were then sent to CMR, which uses its acid-free dissolution recycling (ADR) technology to extract the rare earth elements.

Read more of this story at Slashdot.

Amazon has delayed some commitments around new data center leases, Wells Fargo analysts said Monday, the latest sign that economic concerns may be affecting tech companies' spending plans. From a report: A week ago, a Microsoft executive said the software company was slowing down or temporarily holding off on advancing early build-outs. Amazon Web Services and Microsoft are the leading providers of cloud infrastructure, and both have ramped up their capital expenditures in recent quarters to meet the demands of the generative artificial intelligence boom. "Over the weekend, we heard from several industry sources that AWS has paused a portion of its leasing discussions on the colocation side (particularly international ones)," Wells Fargo analysts wrote in a note. They added that "the positioning is similar to what we've heard recently from MSFT," in that both companies are reeling in some new projects but not canceling signed deals.

Read more of this story at Slashdot.

Cursor AI users recently encountered an ironic AI failure when the platform's support bot falsely claimed a non-existent login restriction policy. Co-founder Michael Truell apologized for the issue, clarified that no such policy exists, and attributed the mishap to AI hallucination and a session management bug. The Register reports: Users of the Cursor editor, designed to generate and fix source code in response to user prompts, have sometimes been booted from the software when trying to use the app in multiple sessions on different machines. Some folks who inquired about the inability to maintain multiple logins for the subscription service across different machines received a reply from the company's support email indicating this was expected behavior. But the person on the other end of that email wasn't a person at all, but an AI support bot. And it evidently made that policy up. In an effort to placate annoyed users this week, Michael Truell co-founder of Cursor creator Anysphere, published a note to Reddit to apologize for the snafu. "Hey! We have no such policy," he wrote. "You're of course free to use Cursor on multiple machines. Unfortunately, this is an incorrect response from a front-line AI support bot. We did roll out a change to improve the security of sessions, and we're investigating to see if it caused any problems with session invalidation." Truell added that Cursor provides an interface for viewing active sessions in its settings and apologized for the confusion. In a post to the Hacker News discussion of the SNAFU, Truell again apologized and acknowledged that something had gone wrong. "We've already begun investigating, and some very early results: Any AI responses used for email support are now clearly labeled as such. We use AI-assisted responses as the first filter for email support." He said the developer who raised this issue had been refunded. The session logout issue, now fixed, appears to have been the result of a race condition that arises on slow connections and spawns unwanted sessions.

Read more of this story at Slashdot.

Wine 10.6 has been released, featuring a new lexer within its Command Processor (CMD), support for the PBKDF2 algorithm to its Bcrypt implementation, and improved metadata handling in WindowsCodecs. According to Phoronix, the update also includes 27 known bug fixes that address issues with Unity games, Alan Wake, GDI+, and various other games and applications. You can see all the changes and download the relesae via WineHQ.org GitLab.

Read more of this story at Slashdot.

Wine 10.6 has been released, featuring a new lexer within its Command Processor (CMD), support for the PBKDF2 algorithm to its Bcrypt implementation, and improved metadata handling in WindowsCodecs. According to Phoronix, the update also includes 27 known bug fixes that address issues with Unity games, Alan Wake, GDI+, and various other games and applications. You can see all the changes and download the relesae via WineHQ.org GitLab.

Read more of this story at Slashdot.

Linux Patch Queued To Report Outdated Intel CPU Microcode As A Vulnerability  Phoronix

Open source AI is the new Linux, only faster  TechSpot

An anonymous reader quotes a report from Ars Technica: Whisky, a gaming-focused front-end for Wine's Windows compatibility tools on macOS, is no longer receiving updates. As one of the most useful and well-regarded tools in a Mac gamer's toolkit, it could be seen as a great loss, but its developer hopes you'll move on with what he considers a better option: supporting CodeWeavers' CrossOver product. Also, Whisky's creator is an 18-year-old college student, and he could use a break. "I am 18, yes, and attending Northeastern University, so it's always a balancing act between my school work and dev work," Isaac Marovitz wrote to Ars. The Whisky project has "been more or less in this state for a few months, I posted the notice mostly to clarify and formally announce it," Marovitz said, having received "a lot of questions" about the project status. [...] "Whisky, in my opinion, has not been a positive on the Wine community as a whole," Marovitz wrote on the Whisky site. He advised that Whisky users buy a CrossOver license, and noted that while CodeWeavers and Valve's work on Proton have had a big impact on the Wine project, "the amount that Whisky as a whole contributes to Wine is practically zero." Fixes for Wine running Mac games "have to come from people who are not only incredibly knowledgeable on C, Wine, Windows, but also macOS," Marovitz wrote, and "the pool of developers with those skills is very limited." While Marovitz told Ars that he's had "some contact with CodeWeavers" in making Whisky, "they were always curious and never told me what I should or should not do." It became clear to him, though, "from what [CodeWeavers] could tell me as well as observing the attitude of the wider community that Whisky could seriously threaten CrossOver's viability." "Whisky may have been a CrossOver competitor, but that's not how we feel today," wrote CodeWeavers CEO James B. Ramey in a statement. "Our response is simply one of empathy, understanding, and acknowledgement for Isaac's situation."

Read more of this story at Slashdot.

These 7 WSL programs changed how I use Windows  XDA

The European Union is determined to enforce its full digital rule book no matter who is in charge of companies such as X, Meta, Apple and Tiktok or where they are based, Commission President Ursula von der Leyen told Politico. From a report: "That's why we've opened cases against TikTok, X, Apple, Meta just to name a few. We apply the rules fairly, proportionally, and without bias. We don't care where a company's from and who's running it. We care about protecting people," Politico quoted von der Leyen as saying on Sunday. The EU's Digital Markets Act has been strongly criticised by the administration of U.S. President Donald Trump.

Read more of this story at Slashdot.

The 5 Linux AppImages I depend on daily - and how to add them to your desktop menu  ZDNET

The Federal Trade Commission filed suit against Uber on Monday, alleging the transportation giant violated federal consumer protection laws through deceptive billing and cancellation practices for its Uber One subscription service. According to the complaint, Uber violated both the FTC Act and the Restore Online Shoppers' Confidence Act by misleading consumers about subscription terms, charging users without consent, and implementing deliberately complicated cancellation processes. "Americans are tired of getting signed up for unwanted subscriptions that seem impossible to cancel," FTC Chair Andrew Ferguson said in announcing the action. The $9.99 monthly service, launched in 2021, offers benefits including fee-free delivery and discounted rides.

Read more of this story at Slashdot.

Google is confronting an existential threat as the U.S. government tries to break up the company as punishment for turning its revolutionary search engine into an illegal monopoly. From a report: The drama began to unfold Monday in a Washington courtroom as three weeks of hearings kicked off to determine how the company should be penalized for operating a monopoly in search. In its opening arguments, federal antitrust enforcers also urged the court to impose forward-looking remedies to prevent Google from using artificial intelligence to further its dominance. "This is a moment in time, we're at an inflection point, will we abandon the search market and surrender them to control of the monopolists or will we let competition prevail and give choice to future generations," said Justice Department attorney David Dahlquist. The proceedings, known in legal parlance as a "remedy hearing," are set to feature a parade of witnesses that includes Google CEO Sundar Pichai. The U.S. Department of Justice is asking a federal judge to order a radical shake-up that would ban Google from striking the multibillion dollar deals with Apple and other tech companies that shield its search engine from competition, share its repository of valuable user data with rivals and force a sale of its popular Chrome browser. Google's attorney, John Schmidtlein, said in his opening statement that the court should take a much lighter touch. He said the government's heavy-handed proposed remedies wouldn't boost competition but instead unfairly reward lesser rivals with inferior technology. "Google won its place in the market fair and square," Schmidtlein said.

Read more of this story at Slashdot.

These 6 lightweight Linux apps let older PCs run blazing fast  ZDNET

5 amazing Linux distros that are better than Windows, but you should avoid as a beginner  XDA