Feed aggregator

An anonymous reader quotes a report from TechCrunch: A U.S. online gift card store has secured an online storage server that was publicly exposing hundreds of thousands of customer government-issued identity documents to the internet. A security researcher, who goes by the online handle JayeLTee, found the publicly exposed storage server late last year containing driving licenses, passports, and other identity documents belonging to MyGiftCardSupply, a company that sells digital gift cards for customers to redeem at popular brands and online services. MyGiftCardSupply's website says it requires customers to upload a copy of their identity documents as part of its compliance efforts with U.S. anti-money laundering rules, often known as "know your customer" checks, or KYC. But the storage server containing the files had no password, allowing anyone on the internet to access the data stored inside. JayeLTee alerted TechCrunch to the exposure last week after MyGiftCardSupply did not respond to the researcher's email about the exposed data. [...] According to JayeLTee, the exposed data -- hosted on Microsoft's Azure cloud -- contained over 600,000 front and back images of identity documents and selfie photos of around 200,000 customers. It's not uncommon for companies subject to KYC checks to ask their customers to take a selfie while holding a copy of their identity documents to verify that the customer is who they say they are, and to weed out forgeries. MyGiftCardSupply founder Sam Gastro told TechCrunch: "The files are now secure, and we are doing a full audit of the KYC verification procedure. Going forward, we are going to delete the files promptly after doing the identity verification." It's not known how long the data was exposed or if the company would commit to notifying affected individuals.

Read more of this story at Slashdot.

Microsoft plans to spend $80 billion in fiscal 2025 on the construction of data centers that can handle AI workloads, the company said in a Friday blog post. From a report: Over half of the expected AI infrastructure spending will take place in the U.S., Microsoft Vice Chair and President Brad Smith wrote. Microsoft's 2025 fiscal year ends in June.

Read more of this story at Slashdot.

Linux filesystems: Ext4, Btrfs, XFS, ZFS and more  Network World

NetEase has reversed 100-year bans imposed on "Marvel Rivals" players using Linux and Mac compatibility tools in December 2024, following intervention from CodeWeavers' CEO and player complaints. The game's anti-cheat system had banned players until 2124 for using Proton and CrossOver software on Steam Deck and Apple devices. The company stated on Discord it "will not ban players who are playing fairly and without cheating" but has made no broader commitments regarding compatibility tools.

Read more of this story at Slashdot.

Box office returns have started to stabilize. But nine of the top 10 box office hits this year were sequels [non-paywalled link]. And the 10th was "Wicked." From a report: A year ago, Hollywood's creative community was celebrating the apparent decline of corporate, paint-by-numbers sequels and remakes. Blockbuster ticket sales for movies like "Oppenheimer," "Sound of Freedom" and "Barbie" had shown -- or so it seemed -- that audiences were finally hungry for fresh stories. You could almost hear the relief emanating from franchise-fatigued writers, directors and producers. "Everything Everywhere All at Once," the wildly inventive Oscar-winning art film that broke out in cinemas in 2022, had not been a fluke! Alas. Mass moviegoing swung squarely back to the predictable this past year, with sequels filling nine of the top 10 slots at the North American box office. The ennead consisted of "Inside Out 2," "Despicable Me 4," "Deadpool & Wolverine," "Moana 2," "Dune: Part Two," "Beetlejuice Beetlejuice," "Kung Fu Panda 4," "Twisters" and the 38th Godzilla movie, "Godzilla x Kong: The New Empire." "Wicked," a song-by-song adaptation of the first half of the long-running Broadway musical, was the only top-10 outlier, counting as original, if only by a witchy whisker. (In the alternative reality of Hollywood, a movie can be "original" even if it is derivative of something else. What matters is whether the source material has previously been used for a stand-alone theatrical movie.)

Read more of this story at Slashdot.

New Linux Patches Enhance AMD Radeon Video Encode/Decode For Older GPUs  Phoronix

Meta's AI-generated social media profiles, which sparked controversy this week following comments by executive Connor Hayes about plans to expand AI characters across Facebook and Instagram, have largely failed to gain user engagement since their 2023 launch, 404 Media reported Friday. The profiles, introduced at Meta's Connect event in September 2023, stopped posting content in April 2024 after widespread user disinterest, with 15 of the original 28 accounts already deleted, Meta spokesperson Liz Sweeney told 404 Media. The AI characters, including personas like "Liv," a Black queer mother, and "Grandpa Brian," a retired businessman, generated minimal engagement and were criticized for posting stereotypical content. Washington Post columnist Karen Attiah reported that one AI profile admitted its purpose was "data collection and ad targeting." Meta is now removing these accounts after identifying a bug preventing users from blocking them, Sweeney said, adding that Hayes' recent Financial Times interview discussed future AI character plans rather than announcing new features.

Read more of this story at Slashdot.

These Enhancements Make Flutter Beast At Making Apps For Windows macOS , and Linux.  Medium

A federal judge in Connecticut refused to dismiss a long-running lawsuit accusing the former Nestle Waters North America of defrauding consumers by labeling its Poland Spring bottled water as "spring water." From a report: While rejecting some claims in the proposed class action, U.S. District Judge Jeffrey Alker Meyer in New Haven called it an open question whether Poland Spring qualified as spring water under the laws of Connecticut, Maine, Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania and Rhode Island. Poland Spring is now owned by Tampa, Florida-based Primo Brands, following multiple corporate transactions. Consumers sued Nestle Waters, then owned by Nestle, in 2017, saying it deceived them into overpaying for Poland Spring with labels declaring it to be "Natural Spring Water" or "100% Natural Spring Water." The plaintiffs said "not one drop" of the 1 billion gallons sold annually in the United States came from a natural spring, and that the actual Poland Spring in Maine "ran dry" two decades before Nestle bought the brand in 1992. In seeking a dismissal, Nestle Waters said geologists and officials in the eight states agreed that Poland Spring complied with a U.S. Food and Drug Administration rule defining spring water, and each state authorized its sale as "spring water."

Read more of this story at Slashdot.

The U.S. surgeon general has issued an advisory calling for a warning about the risk of cancer to be included on alcoholic beverages. From a report: "Given the conclusive evidence on the cancer risk from alcohol consumption and the Office of the Surgeon General's responsibility to inform the American public of the best available scientific evidence, the Surgeon General recommends an update to the Surgeon General's warning label for alcohol-containing beverages to include a cancer risk warning," Dr. Vivek Murthy said in the advisory Friday. The advisory notes that alcohol is the third leading preventable cause of cancer in the country, after tobacco and obesity. "Alcohol is a well-established, preventable cause of cancer responsible for about 100,000 cases of cancer and 20,000 cancer deaths annually in the United States -- greater than the 13,500 alcohol-associated traffic crash fatalities per year in the U.S. -- yet the majority of Americans are unaware of this risk," Murthy said in a news release. The advisory also says more than 740,000 cancer cases globally could be attributed to alcohol use in 2020.

Read more of this story at Slashdot.

Boeing is conducting more surprise inspections at its factories as part of a broader plan to prevent manufacturing snafus like the one that led to a jet-panel blowout on an Alaska Air flight a year ago. From a report: The jet maker outlined on Friday more than a dozen steps it has taken in recent months to tackle a manufacturing quality crisis that has forced Boeing to slow production and has put it under the microscope of federal regulators. Some of the steps have been previously reported. Boeing restarted production at its 737 factory in December after a machinists strike stopped work for several months. The company is still producing far fewer 737 MAXs per month than it was in the months before the Alaska Airlines accident. Among the new procedures are another layer of random quality checks where plane parts are commonly removed and then put back. In the case of the MAX involved in last January's incident, workers failed to replace bolts needed to hold a door-plug in place. The plug had been opened to repair faulty rivets.

Read more of this story at Slashdot.

Cloudflare Talks Up Multi-Path TCP But Dings Linux's Less Than Ideal Support  Phoronix

Researchers from Inria and Microsoft have developed a system to automatically convert specific types of C programming code into memory-safe Rust code, addressing growing cybersecurity concerns about memory vulnerabilities in software systems. The technique, detailed in a new paper, requires programmers to use a restricted version of C called "Mini-C" that excludes features like pointer arithmetic. The researchers successfully tested their conversion system on two major code libraries, including the 80,000-line HACL* cryptographic library. Parts of the converted code have already been integrated into Mozilla's NSS and OpenSSH security systems, according to the researchers. Memory safety errors account for 76% of Android vulnerabilities in 2019.

Read more of this story at Slashdot.

China will expand consumption subsidies to cover smartphones and other electronics, in a step to promote domestic spending as external headwinds pick up. From a report: A national trade-in program that currently applies to home appliances and cars will broaden this year to include personal devices like phones, tablets and smartwatches, officials from the nation's top economic planning agency said in a briefing Friday. Chinese consumers in the post-Covid era have begun holding onto their smartphones longer, given a lack of exciting new features and general belt-tightening. As with cars and washing machines, investors hope incentives will revive the world's largest smartphone market and drive sales for not just brands such as Huawei and Xiaomi, but also galvanize business on platforms popular with device fans like Alibaba Group and JD.com.

Read more of this story at Slashdot.

Linux, Microsoft, Google Responsible for 62% of 2024 Vulnerabilities  Entrepreneur

3 reasons Linux is the best alternative to Windows for gamers  XDA Developers

Prime Gaming January 3rd 2025 edition round-up for Steam Deck / Linux  GamingOnLinux

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Stefan Zipproth has announced the availability of a development snapshot of Ditana GNU/Linux, an Arch-based Linux distribution with a flexible system installer and a customised Xfce desktop, designed primarily for more advanced users. "We are excited to announce the release of Ditana GNU/Linux 0.9 beta, a distribution aimed....

The DistroWatch news feed is brought to you by TUXEDO COMPUTERS. Nobara Project is a modified version of Fedora Linux with user-friendly fixes added to it. The project's latest version is based on Fedora 41 and ships with an updated system installer, new accessibility options, and updated video drivers. "Calamares installer rebased on top of KaOS Linux fork for....

by Suparna Ganguly

This article explains all that you need to know about KernelCare. But before studying about KernelCare, let’s do a quick recap of the Linux kernel. It’ll help you understand KernelCare better. The Linux kernel is the core part of Linux OS. It resides in memory and prompts the CPU what to do.

Now let’s begin with today’s topic which is KernelCare. And if you’re a system administrator this article is going to present valuable information for you.

What is KernelCare?

So, what’s KernelCare? KernelCare is a patching service that offers live security updates for Linux kernels, shared libraries, and embedded devices. It patches security vulnerabilities inside the Linux kernel without creating service interruptions or any downtime. Once you install KernelCare on the server, security updates automatically get applied every 4 hours on your server. It dismisses the need for rebooting your server after making updates.

It is a commercial product and is licensed under GNU GPL version 2. Cloud Linux, Inc developed this product. The first beta version of KernelCare was released in March 2014 and its commercial launch was in May 2014. Since then they have added various useful integrations for automation tools, vulnerability scanners, and others. 

Operating systems supported by KernelCare include CentOS/RHEL 5, 6, 7; Cloud Linux 5, 6; OpenVZ, PCS, Virtuozzo, Debian 6, 7; and Ubuntu 14.04.

Is KernelCare Important?

Are you wondering if KernelCare is important for you or not? Find out here. By installing the latest kernel security patches, you are able to minimize potential risks. When you try to update the Linux kernel manually, it may take hours. Apart from the server downtime, it can be a stressful job for the system admins and also for the clients.

Once the kernel updates are applied, the server needs a reboot. This is usually done during off-peak work hours. And this causes some additional stress. However, ignoring server reboots can cause a whole lot of security issues. It’s seen that, even after rebooting, the server experiences issues and doesn’t easily come back up. Fixing such issues is a trouble for the system admins. Often the system admin needs to roll back all the applied updates to get the server up quickly.

With KernelCare, you can avoid such issues.

How Does KernelCare Work?

KernelCare eliminates non-compliance and service interruptions caused by system reboots. KernelCare agent resides on your server. It periodically checks for new updates. In case it finds any, the agent downloads those and applies them to the running kernel. A KernelCare patch can be defined as a piece of code that’s used to substitute buggy code in the kernel. 

Go to Full Article