Slashdot.org

Bruce66423 shares a report from the BBC: A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing an unauthorised act which risked damaging national security. Arshad, from Rochdale in Greater Manchester, is said to have transferred sensitive data from a secure computer to his phone, which he had taken into a top secret area of GCHQ on 24 August 2022. [...] The court heard that Arshad took his work mobile into a top secret GCHQ area and connected it to work station. He then transferred sensitive data from a secure, top secret computer to the phone before taking it home, it was claimed. Arshad then transferred the data from the phone to a hard drive connected to his personal home computer. "Seriously? What on earth was the UK's equivalent of the NSA doing allowing its hardware to carry out such a transfer?" questions Bruce66423.

Read more of this story at Slashdot.

Taiwanese authorities have accused 11 Chinese companies, including SMIC, of secretly setting up disguised entities in Taiwan to illegally recruit tech talent from firms like Intel and Microsoft. The Register reports: One of those companies is apparently called Yunhe Zhiwang (Shanghai) Technology Co., Ltd and develops high-end network chips. The Bureau claims its chips are used in China's "Data East, Compute West" strategy that, as we reported when it was announced in 2022, calls for five million racks full of kit to be moved from China's big cities in the east to new datacenters located near renewable energy sources in country's west. Datacenters in China's east will be used for latency-sensitive applications, while heavy lifting takes place in the west. Staff from Intel and Microsoft were apparently lured to work for Yunhe Zhiwang, which disguised its true ownership by working through a Singaporean company. The Investigation Bureau also alleged that China's largest chipmaker, Semiconductor Manufacturing International Corporation (SMIC), used a Samoan company to establish a presence in Taiwan and then hired local talent. That's a concerning scenario as SMIC is on the USA's "entity list" of organizations felt to represent a national security risk. The US gets tetchy when its friends and allies work with companies on the entity list. A third Chinese entity, Shenzhen Tongrui Microelectronics Technology, disguised itself so well Taiwan's Ministry of Industry and Information Technology lauded it as an important innovator and growth company. As a result of the Bureau's work, prosecutors' offices in seven Taiwanese cities are now looking into 11 Chinese companies thought to have hidden their ties to Beijing.

Read more of this story at Slashdot.

OpenAI plans to release a new open-weight language model -- its first since GPT-2 -- in the coming months and is seeking community feedback to shape its development. "That's according to a feedback form the company published on its website Monday," reports TechCrunch. "The form, which OpenAI is inviting 'developers, researchers, and [members of] the broader community' to fill out, includes questions like 'What would you like to see in an open-weight model from OpenAI?' and 'What open models have you used in the past?'" From the report: "We're excited to collaborate with developers, researchers, and the broader community to gather inputs and make this model as useful as possible," OpenAI wrote on its website. "If you're interested in joining a feedback session with the OpenAI team, please let us know [in the form] below." OpenAI plans to host developer events to gather feedback and, in the future, demo prototypes of the model. The first will take place in San Francisco within a few weeks, followed by sessions in Europe and Asia-Pacific regions. OpenAI is facing increasing pressure from rivals such as Chinese AI lab DeepSeek, which have adopted an "open" approach to launching models. In contrast to OpenAI's strategy, these "open" competitors make their models available to the AI community for experimentation and, in some cases, commercialization.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Google has agreed to pay $100 million in cash to settle a long-running lawsuit claiming it overcharged advertisers by failing to provide promised discounts and charged for clicks on ads outside the geographic areas the advertisers targeted. A preliminary settlement of the 14-year-old class action, which began in March 2011, was filed late Thursday in the San Jose, California, federal court, and requires a judge's approval. Advertisers who participated in Google's AdWords program, now known as Google Ads, accused the search engine operator of breaching its contract by manipulating its Smart Pricing formula to artificially reduce discounts. The advertisers also said Google, a unit of Mountain View, California-based Alphabet, misled them by failing to limit ad distribution to locations they designated, violating California's unfair competition law. Thursday's settlement covers advertisers who used AdWords between January 1, 2004, and December 13, 2012. Google denied wrongdoing in agreeing to settle. "This case was about ad product features we changed over a decade ago and we're pleased it's resolved," spokesman Jose Castaneda said in an emailed statement. Lawyers for the plaintiffs may seek fees of up to 33% of the settlement fund, plus $4.2 million for expenses. According to court papers, the case took a long time as the parties produced extensive evidence, including more than 910,000 pages of documents and multiple terabytes of click data from Google, and participated in six mediation sessions before four different mediators.

Read more of this story at Slashdot.

The Chrome extension Honey has lost over 4 million users after a viral video exposed it for hijacking affiliate codes and misleading users about finding the best coupon deals. 9to5Google reports: As we reported in early January, Honey had lost around 3 million users immediately after the video went viral, but ended up gaining back around 1 million later on. Now, as of March 2025, Honey is down to 16 million users on Chrome, down from its peak of 20 million. This drop comes after new Chrome policy has taken effect which prevents Honey, and extensions like it, from practices including taking over affiliate codes without disclosure or without benefit to the extension's users. Honey has since updated its extension listing with disclosure, and we found that the behavior shown in the December video no longer occurs.

Read more of this story at Slashdot.

OpenAI is having another viral moment after releasing Images for ChatGPT last week, with millions of people creating Studio Ghibli-inspired AI art. In a post on X today, CEO Sam Altman said the company has "added one million users in the last hour" alone. A few days prior he begged users to stop generating images because he said "our GPUs are melting."

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: The creator of an open source genetic database is shutting it down and deleting all of its data because he has come to believe that its existence is dangerous with "a rise in far-right and other authoritarian governments" in the United States and elsewhere. "The largest use case for DTC genetic data was not biomedical research or research in big pharma," Bastian Greshake Tzovaras, the founder of OpenSNP, wrote in a blog post. "Instead, the transformative impact of the data came to fruition among law enforcement agencies, who have put the genealogical properties of genetic data to use." OpenSNP has collected roughly 7,500 genomes over the last 14 years, primarily by allowing people to voluntarily submit their own genetic information they have downloaded from 23andMe. With the bankruptcy of 23andMe, increased interest in genetic data by law enforcement, and the return of Donald Trump and rise of authoritarian governments worldwide, Greshake Tzovaras told 404 Media he no longer believes it is ethical to run the database. "I've been thinking about it since 23andMe was on the verge of bankruptcy and been really considering it since the U.S. election. It definitely is really bad over there [in the United States]," Greshake Tzovaras told 404 Media. "I am quite relieved to have made the decision and come to a conclusion. It's been weighing on my mind for a long time." Greshake Tzovaras said that he is proud of the OpenSNP project, but that, in a world where scientific data is being censored and deleted and where the Trump administration has focused on criminalizing immigrants and trans people, he now believes that the most responsible thing to do is to delete the data and shut down the project. "Most people in OpenSNP may not be at particular risk right now, but there are people from vulnerable populations in here as well," Greshake Tzovaras said. "Thinking about gender representation, minorities, sexual orientation -- 23andMe has been working on the whole 'gay gene' thing, it's conceivable that this would at some point in the future become an issue." "Across the globe there is a rise in far-right and other authoritarian governments. While they are cracking down on free and open societies, they are also dedicated to replacing scientific thought and reasoning with pseudoscience across disciplines," Greshake Tzovaras wrote. "The risk/benefit calculus of providing free & open access to individual genetic data in 2025 is very different compared to 14 years ago. And so, sunsetting openSNP -- along with deleting the data stored within it -- feels like it is the most responsible act of stewardship for these data today." "The interesting thing to me is there are data preservation efforts in the U.S. because the government is deleting scientific data that they don't like. This is approaching that same problem from a different direction," he added. "We need to protect the people in this database. I am supportive of preserving scientific data and knowledge, but the data comes second -- the people come first. We prefer deleting the data."

Read more of this story at Slashdot.

An anonymous reader shares a report: The post-Covid rebound of live events is all the more evidence that movie theaters are never coming back, Netflix co-CEO Ted Sarandos told Semafor in an interview at the Paley Center for Media Friday. "Nearly every live thing has come back screaming," Sarandos said. "Broadway's breaking records right now, sporting events, concerts, all those things that we couldn't do during COVID are all back and bigger than ever. The theatrical box office is down 40 to 50% from pre-COVID, and this year is down 8% already, so the trend is not reversing. You've gotta look at that and say, 'What is the consumer trying to tell you?'"

Read more of this story at Slashdot.

Micron will raise prices for DRAM and NAND flash memory chips through 2026 as AI and data center demand strains supply chains, the U.S. chipmaker confirmed Monday. The move follows a market rebound from previous oversupply, with memory prices steadily climbing as producers cut output while AI and high-performance computing workloads grow. Rivals Samsung Electronics and SK Hynix are expected to implement similar increases. Micron cited "un-forecasted demand across various business segments" in communications to channel partners. The price hikes will impact sectors ranging from consumer electronics to enterprise data centers.

Read more of this story at Slashdot.

An anonymous reader shares a report: Microsoft has closed its IoT & AI Insider Lab in Shanghai's Zhangjiang hi-tech zone, marking the latest sign of the US tech giant's retreat from China amid rising geopolitical tensions. The Shanghai lab, meant to help with domestic development of the Internet of Things (IoT) and artificial intelligence (AI) technologies, closed earlier this year, according to people who work in the Zhangjiang AI Island area. Opened in May 2019, Microsoft's IoT & AI Insider Lab was touted as a flagship collaboration between the global tech giant and Zhangjiang, the innovation hub of Shanghai's Pudong district, where numerous domestic and international semiconductor and AI companies have set up shop. The lab covered roughly 2,800 square meters (30,000 square feet).

Read more of this story at Slashdot.

Learning to code has become sort of become pointless as AI increasingly dominates programming tasks, said Replit founder and chief executive Amjad Masad. "I no longer think you should learn to code," Masad wrote on X. The statement comes as major tech executives report significant AI inroads into software development. Google CEO Sundar Pichai recently revealed that 25% of new code at the tech giant is AI-generated, though still reviewed by engineers. Furthermore, Anthropic CEO Dario Amodei predicted AI could generate up to 90% of all code within six months. Masad called this shift a "bittersweet realization" after spending years popularizing coding through open-source work, Codecademy, and Replit -- a platform that now uses AI to help users build apps and websites. Instead of syntax-focused programming skills, Masad recommends learning "how to think, how to break down problems... how to communicate clearly, with humans and with machines."

Read more of this story at Slashdot.

Two scientific journals that experimented with paying peer reviewers found the practice sped up the review process without compromising quality, according to findings published this month. Critical Care Medicine offered $250 to half of 715 invited reviewers, with 53% accepting compared to 48% of unpaid reviewers. Paid reviews were completed one day faster on average. In a more dramatic result, Biology Open saw reviews completed in 4.6 business days when paying reviewers $284 per review, versus 38 days for unpaid reviews. "For the editors it has been extremely helpful because, prior to this, in some areas it was very difficult to secure reviewers," said Alejandra Clark, managing editor of Biology Open.

Read more of this story at Slashdot.

France's competition authority has fined Apple 150 million euros ($162 million) for abusing its market dominance through its App Tracking Transparency system, ruling the privacy initiative unfairly disadvantages app developers. The watchdog determined that requiring third-party developers to use two pop-ups for tracking permissions while Apple's own apps need just one tap creates an "excessively complex" process that particularly harms smaller publishers lacking sufficient proprietary data for alternative targeting. The authority acknowledged the system's privacy benefits, but concluded the framework is "neither necessary nor proportionate" with data protection goals. The regulator is not requiring Apple to modify the system, only imposing the fine for past practices. Apple must display a summary of the decision on its website for seven days.

Read more of this story at Slashdot.

Microsoft has announced that it's overhauling its Blue Screen of Death error message in Windows 11. From a report: The new design drops the traditional blue color, frowning face, and QR code in favor of a simplified screen that looks a lot more like the black screen you see when Windows is performing an update. It's not immediately clear if this new BSOD will remain as a black screen once Microsoft ships the final version of this update. "We're previewing a new, more streamlined UI for unexpected restarts which better aligns with Windows 11 design principles and supports our goal of getting users back into productivity as fast as possible," explains Microsoft in a blog post about the change. "We've simplified your experience while preserving the technical information on the screen."

Read more of this story at Slashdot.

An anonymous reader shares a report: A prominent computer scientist who has spent 20 years publishing academic papers on cryptography, privacy, and cybersecurity has gone incommunicado, had his professor profile, email account, and phone number removed by his employer, Indiana University, and had his homes raided by the FBI. No one knows why. Xiaofeng Wang has a long list of prestigious titles. He was the associate dean for research at Indiana University's Luddy School of Informatics, Computing and Engineering, a fellow at the Institute of Electrical and Electronics Engineers and the American Association for the Advancement of Science, and a tenured professor at Indiana University at Bloomington. According to his employer, he has served as principal investigator on research projects totaling nearly $23 million over his 21 years there. He has also co-authored scores of academic papers on a diverse range of research fields, including cryptography, systems security, and data privacy, including the protection of human genomic data.

Read more of this story at Slashdot.

California has 11.3% of America's population — but bought 30% of America's new zero-emission vehicles. That's according to figures from the California Air Resources Board, which also reports 1 in 4 Californians have chosen a zero-emission car over a gas-powered one... for the last two years in a row. But what about chargers? It turns out that California now has 48% more public and "shared" private EV chargers than the number of gasoline nozzles. (California has 178,000 public and "shared" private EV chargers, versus about 120,000 gas nozzles.) And beyond that public network, there's more than 700,000 Level 2 chargers installed in single-family California homes, according to the California Energy Commission. Of the 178,000 public/"shared" private chargers, "Over 162,000 are Level 2 chargers," according to an announcement from the governor's office, while nearly 17,000 are fast chargers. (A chart shows a 41% jump in 2024 — though the EV news site Electrek notes that of the 73,537 chargers added in 2024, nearly 38,000 are newly installed, while the other 35,554 were already plugged in before 2024 but just recently identified.) California approved a $1.4 billion investment plan in December to expand zero-emission transportation infrastructure. The plan funds projects like the Fast Charge California Project, which has earmarked $55 million of funding to install DC fast chargers at businesses and publicly accessible locations.

Read more of this story at Slashdot.

The Certification Authority/Browser Forum "is a cross-industry group that works together to develop minimum requirements for TLS certificates," writes Google's Security blog. And earlier this month two proposals from Google's forward-looking roadmap "became required practices in the CA/Browser Forum Baseline Requirements," improving the security and agility of TLS connections... Multi-Perspective Issuance Corroboration Before issuing a certificate to a website, a Certification Authority (CA) must verify the requestor legitimately controls the domain whose name will be represented in the certificate. This process is referred to as "domain control validation" and there are several well-defined methods that can be used. For example, a CA can specify a random value to be placed on a website, and then perform a check to verify the value's presence has been published by the certificate requestor. Despite the existing domain control validation requirements defined by the CA/Browser Forum, peer-reviewed research authored by the Center for Information Technology Policy of Princeton University and others highlighted the risk of Border Gateway Protocol (BGP) attacks and prefix-hijacking resulting in fraudulently issued certificates. This risk was not merely theoretical, as it was demonstrated that attackers successfully exploited this vulnerability on numerous occasions, with just one of these attacks resulting in approximately $2 million dollars of direct losses. The Chrome Root Program led a work team of ecosystem participants, which culminated in a CA/Browser Forum Ballot to require adoption of MPIC via Ballot SC-067. The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on MPIC as part of their certificate issuance process. Some of these CAs are relying on the Open MPIC Project to ensure their implementations are robust and consistent with ecosystem expectations... Linting Linting refers to the automated process of analyzing X.509 certificates to detect and prevent errors, inconsistencies, and non-compliance with requirements and industry standards. Linting ensures certificates are well-formatted and include the necessary data for their intended use, such as website authentication. Linting can expose the use of weak or obsolete cryptographic algorithms and other known insecure practices, improving overall security... The ballot received unanimous support from organizations who participated in voting. Beginning March 15, 2025, CAs issuing publicly-trusted certificates must now rely on linting as part of their certificate issuance process. Linting also improves interoperability, according to the blog post, and helps reduce the risk of non-compliance with standards that can result in certificates being "mis-issued". And coming up, weak domain control validation methods (currently permitted by the CA/Browser Forum TLS Baseline Requirements) will be prohibited beginning July 15, 2025. "Looking forward, we're excited to explore a reimagined Web PKI and Chrome Root Program with even stronger security assurances for the web as we navigate the transition to post-quantum cryptography."

Read more of this story at Slashdot.

"The big set of open-source graphics driver updates for Linux 6.15 have been merged," writes Phoronix, "but Linux creator Linus Torvalds isn't particularly happy with the pull request." The new "hdrtest" code is for the Intel Xe kernel driver and is around trying to help ensure the Direct Rendering Manager header files are self-contained and pass kernel-doc tests — basic maintenance checks on the included DRM header files to ensure they are all in good shape. But Torvalds accused the code of not only slowing down the full-kernel builds, but also leaving behind "random" files for dependencies "that then make the source tree nasty," reports Tom's Hardware: While Torvalds was disturbed by the code that was impacting the latest Linux kernel, beginning his post with a "Grr," he remained precise in his objections to it. "I did the pull, resolved the (trivial) conflicts, but I notice that this ended up containing the disgusting 'hdrtest' crap that (a) slows down the build because it's done for a regular allmodconfig build rather than be some simple thing that you guys can run as needed (b) also leaves random 'hdrtest' turds around in the include directories," he wrote. Torvalds went on to state that he had previously complained about this issue, and inquired why the hdr testing is being done as a regular part of the build. Moreover, he highlighted that the resulting 'turds' were breaking filename completion. Torvalds underlined this point — and his disgust — by stating, "this thing needs to *die*." In a shot of advice to fellow Linux developers, Torvalds said, "If you want to do that hdrtest thing, do it as part of your *own* checks. Don't make everybody else see that disgusting thing...." He then noted that he had decided to mark hdrtest as broken for now, to prevent its inclusion in regular builds. As of Saturday, all of the DRM-Next code had made it into Linux 6.15 Git, notes Phoronix. "But Linus Torvalds is expecting all this 'hdrtest' mess to be cleaned up."

Read more of this story at Slashdot.

"Microsoft built things. It broke things." That's how the Seattle Times kicks off a series of articles celebrating Microsoft's 50th anniversary — adding that Microsoft also gave some people "a lucrative retirement early in their lives, and their own stories to tell." What did they remember from Microsoft's earliest days? Scott Oki joined Microsoft as employee no. 121. The company was small; Gates was hands-on, and hard to please. "One of his favorite phrases was 'that's the stupidest thing I've ever heard,'" Oki says. "He didn't use that on me, so I feel pretty good about that." Another, kinder phrase that pops to Oki's mind when discussing the international division he founded at Microsoft is "bringing home the bacon." An obsession with rapid revenue growth permeated Microsoft in those early days. Oki was about three weeks into the job as marketing manager when he presented a global expansion plan to Gates. "Had I done business internationally before? No," Oki said. "Do I speak a language other than English? No." But Gates gave Oki a $1 million budget to found the international division and sell Microsoft products overseas. He established subsidiaries in the most important markets at the time: Japan, United Kingdom, Germany and France. And, because he had a few bucks left over, Australia. "Of the initial subsidiaries we started, every single one of them was profitable in its first year," he says... Oki left Microsoft on March 1, 1992, 10 years to the day after he was hired. Other memories shared by early Microsoft employees: One recent graudate remembered her parents in Spokane saying "I think that's Mary and Bill Gates' son's company. If that kid is anything like those two, that is going to be a great company,'" She got her first job at Microsoft in 1992 — and 33 years later, she's a senior director at Microsoft Philanthropies. The Times also interviewed one of Microsoft's first lawyers, who remembers that "The day the U.S. government sued Microsoft ... that was a tough day for me. It kind of turned my world upside down for about the next eight years." Microsoft senior VP Brad Chase remembers negotiating with the Rolling Stones for the rights to their song "Start Me Up" for the Windows 95 ad campaign. ("Chase is quick to dispel any rumor that Mick Jagger called up Bill Gates and got $12 million. But he won't say how much the company paid.") But Chase does tell the Times that Bill Gates "used to say all of the time, 'We're going to bet the company on Windows.' That was a huge bet because Windows, frankly, was a lousy product in its early days."

Read more of this story at Slashdot.

What happens when you ask Copilot to "write a program that can be run on an iPhone 16 to select 15 random photos from the phone, tint them to random colors, and display the photos on the phone"? That's what TouchDevelop did for the long-discontinued Windows Phone in a 2013 Microsoft Research 'SmartSynth' natural language code generation demo. ("Write scripts by tapping on the screen.") Long-time Slashdot reader theodp reports on what happens when, 14 years later, you pose the same question to Copilot: "You'll get lots of code and caveats from Copilot, but nothing that you can execute as is. (Compare that to the functioning 10 lines of code TouchDevelop program). It's a good reminder that just because GenAI can generate code, it doesn't necessarily mean it will generate the least amount of code, the most understandable or appropriate code for the requestor, or code that runs unchanged and produces the desired results. theodp also reminds us that TouchDevelop "was (like BASIC) abandoned by Microsoft..." Interestingly, a Microsoft Research video from CS Education Week 2011 shows enthusiastic Washington high school students participating in an hour-long TouchDevelop coding lesson and demonstrating the apps they created that tapped into music, photos, the Internet, and yes, even their phone's functionality. This shows how lacking iPhone and Android still are today as far as easy programmability-for-the-masses goes. (When asked, Copilot replied that Apple's Shortcuts app wasn't up to the task).

Read more of this story at Slashdot.