Vista elenco

Ricevuto — 15 Giugno 2026 Sicurezza

Users Cry Foul After AMD Stripped Memory Crypto From Its Consumer CPUs

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 22:02
An anonymous reader quotes a report from Ars Technica: A decade ago, AMD added a protection to its high-end CPUs to protect them against cold boot attacks and other types of physical exploits that siphon sensitive data out of the connected memory chips. Short for Transparent Secure Memory Encryption, TSME encrypts the entire contents stored in memory, making the data useless to physical attackers. Over time, AMD added TSME to lower-end processors, including the consumer version of its Ryzen chips, a CPU that costs less than the Pro version. Over the years, users of these lower-end chips have gotten used to the added security. Recently and without warning or notice, this lower-end line of AMD chips suddenly dropped the protection, and did so in a way that was impossible to detect on Windows machines and required a fair amount of technical work when using Linux. AMD has yet to say why TSME worked on these CPUs, or even to confirm the change. AMD declined to answer questions sent by email other than to say TSME "is a security feature only applied to PRO CPUs as part of AMD PRO Technologies." The statement is the first known time the chipmaker has explicitly made this restriction public. [...] There's no indication that AMD ever advertised or marketed TSME as being available in consumer CPUs. AMD has long said that a related memory protection, Secure Memory Encryption (SME), is available only in the Pro and Epyc CPU tiers. SME is OS-managed. It uses a single key and allows the OS to selectively encrypt individual memory pages. TSME is firmware-managed. It encrypts all RAM with no OS involvement. When active, it provides protection against physical attacks, including cold boot exploits, DRAM interface snooping, and memory module removal. It activates silently when enabled in the BIOS, making it the more practically useful of the two protections. Ben Kilpatrick, a self-described "privacy-conscious Linux hobbyist," discovered that TSME had stopped working on his consumer Ryzen processor despite remaining enabled in the BIOS. He spent months investigating, persuaded MSI engineers to test multiple CPUs, motherboards, and firmware versions, and filed a public AMD bug report that traced the change to newer AGESA firmware apparently disabling TSME on consumer chips while retaining it on Pro and EPYC models. "AMD engineers' comments, such as those mentioned above, and the years of TSME working just fine in the lower-cost tier processors, have understandably conditioned Kilpatrick and other users to reasonably regard it as an expected part of the chip package," reports Ars Technica. "AMD quietly removing it and providing no acknowledgment or explanation strikes these users as something of a betrayal." Joe Fitzgerald, an expert in silicon-level security, said in an interview: "They could have not realized they did it leading to their cagey responses, or they could have done it intentionally and tried to get away with it, leading to the same cagey responses. But I really feel like an explanation should be in order, even if it was 'TSME was never supposed to be supported. We did ship some firmwares that erroneously enabled it, but you shouldn't use them since we can't guarantee it'll work properly.'"

Read more of this story at Slashdot.

Framacount : gestion multi-devises

✇Framasoft - Toute l'actualité
di: Coucoucemoi sur Framacolibri - Sujets récents
15 Giugno 2026 ore 21:44

Bonjour,

Dans un Framacount dont la devise principale est l’euro, je veux ajouter une dépense en CHF.

Je choisis donc cette devise dans la page de saisie, entre le « montant à convertir » et un taux personnalisé.

Le montant est correctement converti en euros.

Ensuite je choisis une répartition « inégalement - par montants ».

Puis je saisis les montants individuels dans la colonne CHF. Je m’attendrais à ce qu’ils soient convertis en euros dans la deuxième colonne, eh bien non elle reste vide. Et quand je clique sur « créer », il ne se passe rien.

Donc bug ou mauvaise manip de ma part ?

1 message - 1 participant(e)

Lire le sujet en entier

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

✇The Hacker News
di: Swati Khandelwal
15 Giugno 2026 ore 21:44
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims' own Google Workspace rules to copy any message

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

✇The Hacker News
di: Ravie Lakshmanan
15 Giugno 2026 ore 21:32
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi). According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes

Trump's 'Made In the USA' Phone Is Just a Reskinned HTC U24 Pro

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 21:00
Longtime Slashdot reader necro81 writes: The heavily promoted, $499 T1 "Trump Phone" was originally said to be "Made in the USA" and ship in September 2025. Later, that was downgraded to "Assembled in the USA." Given the Trump Organization's lack of engineering or supply chain expertise, many assumed the "T1" would just be a private-label phone made by someone else. After a number of delays, the first phones are finally shipping. iFixit has performed a teardown and concluded that the T1 is a just gold-painted 2024 HTC U24 Pro -- a device from a Taiwanese company, probably using mainland China design and supply chains. In collaboration with NBC News, the iFixit team examined both phones using CT scans, side-by-side teardowns, and even reassembled a working T1 using a U24 Pro main board. As for "assembled in the USA," that may be true, in the same sense that your phone's repairman can "assemble" a phone from a handful of subassemblies sourced from someone else. Or it may have been assembled in Guangdong, China like the other U24 Pros. iFixit sums it up: "What you have is not an 'American-Proud Design,' but a phone designed in China, made in China, with the vast majority of parts sourced from China. I'm failing to find any stirring of American pride within me. I've certainly felt it before, so I can confirm that it is absent at this time." Quinn Nelson of Snazzy Labs on YouTube also published a comprehensive video of his experience ordering, unboxing, and tearing down the phone. "From pre-order emails landing in Gmail spam thanks to botched DMARC records, to paying for the $47.45 Trump Mobile 47 Plan over the phone, the entire buying experience was a disaster worthy of its own review," writes Nelson.

Read more of this story at Slashdot.

HPE offers VMware refugees a year off the meter

✇The Register
15 Giugno 2026 ore 20:30
HPE is taking advantage of VMware's expensive licensing changes by offering customers free use of its own VM Essentials product for a year, plus a $1 license for its Zerto data protection product to help ease migrations. The jolly green giant announced the cheapies at the Partner Growth Summit staged alongside its HPE Discover event in Las Vegas, and framed them as a migration assistance program intended to arm channel partners who want to help customers reduce their financial risk when migrating virtualization platforms. "One of the big things we see is that as customers are going through this journey on transforming their operating model, you end up with double expenses and so we're really pleased to announce the program around Morpheus and platform migration," said EVP and CTO Fidelma Russo. "We are announcing that as a customer goes through this transformation with HPE Morpheus VM Essentials, you don't pay for the first year of licenses. You will get Zerto migration licenses during that period to help you move, and so what this does is it helps mitigate the double-bubble cost problem that customers see as they are looking to migrate from one platform to another." Neither Russo nor HPE mentioned VMware as part of their pitch for this migration assistance program, but it seems pretty clear where it is aimed. At its last Discover event in Barcelona, HPE talked about customers seeing license fees for virtualization skyrocketing and claimed that it was able to provide "a fully integrated enterprise-grade alternative" with Morpheus and OpsRamp management tools, plus Zerto disaster recovery software. A survey recently found that half of VMware users plan to reduce their use of the virtualization pioneer's products by 2028. Since being acquired by Broadcom, VMware license costs have increased by 800 to 1,500 percent for some customers. VMware also ended partner programs that many service providers relied on. HPE says it is introducing VM Essentials for Partner IT to help providers transition their virtualized business applications. This will see it provide VM Essentials software licenses free of charge for three years, with partners paying only support costs, to the 600 partners who gain Private Cloud with Virtualization competency by the end of the year. The company is also extending its channel-only model to cover HPE Private Cloud PC3000 (formerly HPE Private Cloud Business Edition), HPE SimpliVity PC1000, and HPE Zerto software from July 1. HPE said this follows the success of selling Morpheus VM Essentials through a channel-only route to market. Also at the Partner Growth Summit, the IT biz will disclose that it is unifying the HPE and Juniper Networks partner programs under its Partner Ready Vantage umbrella. The aim is to have a single, global program for partners to offer services across networking, cloud, and AI. This change will take effect from November 1, after which partners will operate under one program with a simplified structure, aligned incentives, and a consistent engagement model, while existing investments are protected, or so HPE claims. The company also says it will help cloud service providers build and operate differentiated private cloud services with CloudOps Software and the backing of HPE Partner Ready Vantage. "Partners want a simpler way to engage and a bigger opportunity to grow," said Simon Ewington, HPE's SVP for Worldwide Channel and Partner Ecosystem. ®

Britain Unveils Sweeping Ban On Social Media For Under-16s

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 20:00
Longtime Slashdot reader schwit1 shares a report from NBC News: British Prime Minister Keir Starmer has announced a sweeping ban on social media use for those under 16, joining other countries around the world seeking to protect children online. "It's a big step for our country," Starmer said in a recorded video message released Monday. "Social media is making our children unhappy and unsafe, and as a parent, as much as a Prime Minister, I just can't let that go on anymore," he added. The ban will include social platforms like Snapchat, TikTok, YouTube, Instagram, Facebook and X, while there is no intention for messaging services like WhatsApp and Signal to be included, the government said in a release. [...] Starmer's government called Monday's announcement a "landmark" move, saying the new measures would be brought to Parliament before Christmas, with protections expected to come into force next spring. Beyond the blanket social media ban, the restrictions will also include blocks on functions such as livestreaming and stranger communication with children for under-16s, it added. "It's not an easy thing to do. I'll be honest about that," Starmer said. "We haven't rushed into it. We've looked carefully at the evidence, and we'll have to adapt our approach as technology changes, learn from other countries which are taking similar steps." He went on to say that it will face resistance from some of the most powerful companies in the world. "But we will take them on, and we will win, because the need for action could not be any clearer."

Read more of this story at Slashdot.

Council of Europe hacked in ShinyHunters' PeopleSoft heist

✇The Register
15 Giugno 2026 ore 19:44
ShinyHunters claims to have breached the Council of Europe and stolen more than 297 GB of data after exploiting a zero-day flaw in Oracle PeopleSoft and abusing that hole to hack more than 100 organizations. According to a post on the extortion crew’s data-leak site, the 429,000 pilfered files contain HR and payroll records, payslips, purchase-order records, CVs, and employees’ salary, banking, tax, and medical records. A Council of Europe spokesperson told The Register that it is “currently investigating the matter and assessing the situation,” but declined to comment further. A spokesperson for the cybercrime group told us that the Council is yet another victim of the Oracle PeopleSoft heist. Oracle has yet to respond to The Register’s inquiries, and it's unclear if the vulnerability, tracked as CVE-2026-35273, has been patched. ShinyHunters previously told us that the gang exploited the CVE to compromise more than 100 organizations across 300 vulnerable instances, and that these victims included the University of Nottingham. Last week, the crims listed the UK uni on their leak site, then dumped data belonging to around 454,600 current and former students, including personal and academic records. Meanwhile, a Google threat report published late last week noted malicious activity, “consistent with the exploitation of CVE-2026-35273,” between May 27 and June 9, and said that its incident responders notified more than 100 global orgs “whose IP addresses correlated with potentially vulnerable endpoints." Most of these are US-based organizations, and 68 percent operated within the higher education sector. This latest heist follows another ShinyHunters intrusion targeting data belonging to university and K-12 students, teachers, and staff. In mid-May, ed-tech giant Instructure said it “reached an agreement” - this is corporate-speak for “paid the ransom demand” - with the data theft and extortion crew after ShinyHunters breached its Canvas digital learning platform and accessed data tied to 275 million students, teachers, and staff. In March, ShinyHunters claimed it stole data from K-12 software provider Infinite Campus as part of a broader wave of Salesforce-related intrusions. The ed tech company did not pay up, and the group subsequently published data they claim was stolen from Infinite Campus, including 137,000 individuals’ email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus, in its data breach notification, said that the leaked files largely consisted of “names and contact information for school staff" and that “the majority is directory information commonly found on school websites.” ®

Fox Is Buying Roku For $22 Billion

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 19:00
Fox is buying Roku for $22 billion, combining Fox's sports, news, entertainment, Tubi, and Fox One offerings with a streaming platform that reaches about 100 million people. The companies say the merger would create the "third-largest player in US television by share of viewing," while Fox insists Roku will remain open to competing apps after the deal closes. CNN reports: Fox has dabbled in streaming over the past few years -- finally launching its Fox One competitor last August -- but has lacked a serious streaming business with the ability to compete in a space dominated by YouTube, Netflix, Amazon, Disney+, HBO Max, Paramount+ and Peacock. With CNN parent company Warner Bros. Discovery receiving initial US regulatory approval to combine with Paramount, Fox's purchase of Roku became more urgent. [...] The deal is expected to close in the first half of 2027 with the companies forecasting $400 million in savings. "This is a defining moment for Fox, and a natural extension of the deliberate and focused strategy we have been executing for nearly a decade," said Fox CEO Lachlan Murdoch. "Today, we take the next step: bringing together the most valuable live content portfolio in video consumption with the preeminent streaming platform through which America watches it." Murdoch said Roku will continue to offer competing apps. "It's essential that Roku remain open and partner-friendly business. We don't see that changing at all."

Read more of this story at Slashdot.

Java's Project Valhalla finally lands a preview in JDK 28

✇The Register
15 Giugno 2026 ore 19:15
Oracle software engineer Lois Foltan has confirmed that Java Enhancement Proposal 401 for Value Classes and Objects – part of Project Valhalla – will be integrated into the OpenJDK mainline early next month, targeting JDK 28. Previews of JEP 401 have so far been available only in early-access builds. The current JDK (Java Development Kit) is 26, with JDK 27 expected in September and JDK 28 in March 2027. The next long-term support version is likely to be JDK 29 in September 2027. Foltan said it was an "extremely large change", such that other OpenJDK committers are asked to avoid large commits in order to help a successful integration. The pull request for the first preview of JEP 401 adds more than 197,000 lines of code in 1,816 changed files. Created in August 20222, JEP 401 tackle a longstanding Java limitation: aside from a small number of primitives including int, char, byte and double, all types in the language are reference types. The JEP introduces "value objects" – class instances that lack object identity and are distinguished solely by the values of their fields. A few examples illustrate the problem JEP 401 is trying to solve. Java's LocalDate class stores date values, but every instance gets its own unique reference, so even if two instances represent the same data, comparing them with ==returns false, as they're different objects in memory. LocalDate provides an "equals" method instead.. Another example, even more confusing example is Integer, which wraps an int to provide convenience methods like toString(). Internally, Integer caches instances for values below 128, so two Integer objects with the same small value can compare equal with == but for larger values, == always returns false even when the underlying values match. Due to this quirk, Java editors generally warn against using == with Integer, a pitfall JEP 401 describes as "unwanted complexity." JEP 401 will migrate some JDK classes such as Integer to value classes, and the number of migrated classes is likely to increase gradually. Developers will also be able to create their own value classes. One of the goals of JEP 401 is to give freedom to the JVM (Java virtual machine) to store value objects in ways that maximize performance. The memory footprint of reference types is greater than for reference types, and they must be dereferenced to obtain their values. Iterating over value types is more efficient. Project Valhalla has been so long in the making, thanks to the complexity of the changes, that some onlookers have joked about getting to Valhalla itself (a realm in the afterlife in Norse mythology) before the project is delivered. Oracle's Java Language Architect Brian Goetz said this is "just the first part of Valhalla" and even after the preview is delivered, "the 'but they'll never deliver it' crowd' will quickly switch gears into 'but they haven't delivered the most important part' soon enough.'" Goetz said "there are many things that force us to treat objects with reference semantics. JEP 401 knocks down the first level of these, by taking identity off the table, which exposes a lot of new optimizations, especially for smaller objects. But fully treating objects with value semantics requires giving up more: nullity and atomicity-safety-under-race (ASUR). Lots of languages have, or are working on, ways to get there, (such as C# structs.) "The main challenge is how to package it in the user model so that it doesn't fight with our own preconceived notions of object integrity and encapsulation; classes are, for better and worse, a very effective abstraction barrier." He said that Valhalla will introduce deliberate breaking changes to Java, such as that "code that synchronizes on Integer objects now fails with an exception." Goetz added JEP 401 will still likely be in preview in the next LTS release of the JDK. "Hoping for it to exit preview for 29 seems … optimistic. Vector API should be able to exit incubation when it rebases on the underlying VM primitives from Valhalla ... don’t hope for a shorter-than-usual preview window." ®

Feds snooze as US datacenter law set to lapse with no replacement in site

✇The Register
15 Giugno 2026 ore 18:47
US legislation covering federal datacenters is set to expire in September and it appears that the Trump administration is simply going to allow it to lapse without replacement. The Federal Data Center Enhancement Act (FDCEA) of 2023 covers certain standards that are to be adhered to for facilities that are wholly or partially owned, operated, or maintained by a federal agency. It includes requirements relating to availability and uptime of the facility; the use of sustainable energy sources; protection against power failure; protections against physical intrusion and natural disasters; plus IT security protections. We understand that the legislation will sunset on September 30, 2026, and according to Wired, neither the US Congress nor the Trump administration appears to be making any move to extend the act, or put alternate legislation in place. The danger is that if the FDCEA is not renewed or superseded by similar legislation, then federal agencies across the US may cease to follow the requirements and simply act as they see fit when procuring new datacenter infrastructure. We asked the White House and Congress for comment. According to implementation guidance issued by the Office of Management and Budget (OMB) under the previous administration, agency datacenters “must provide secure and highly available computing infrastructure to enable reliable access to Federal information and information systems.” It notes that the "needs of the federal government with respect to data access and data processing systems have evolved since 2014,” when the Federal Data Center Consolidation Initiative (FDCCI) was established, and hence the latter was not renewed but replaced by the FDCEA. The OMB states that effective operation of datacenters requires regular monitoring, and optimization of resources by operators, and directs agencies to incorporate automated tools into the management of all new facilities, including tools that monitor metrics such as electrical consumption. It also states that the “cost, scarcity, and environmental impact of energy and water consumption necessitates that agencies evaluate datacenters against resource consumption metrics and best practices when making their decisions” regarding new datacenter builds. Perhaps most importantly, it requires that federal facilities “must be able to meet the reliability and resiliency needs of their hosted information and information systems through implementation of the appropriate information security and physical security protections.” It is widely known that the Trump administration does not look kindly on regulations, especially those relating to environmental protection. Instead, policy has focused on fast-tracking the federal permitting process for datacenters, particularly those dedicated to training and developing AI models. A recent report from Politico stated that the Trump administration was not inclined to set nationwide environmental requirements or recommendations for the datacenter industry. Instead, Environmental Protection Agency (EPA) Administrator Lee Zeldin said that while there are technologies and practices that reduce air pollution and water usage, individual states and communities know what works best for them. At the same time, opposition to datacenter construction is growing across the US, precisely because of public fears over factors such as air pollution, water usage, and the prospect of spiking energy bills. A recent survey found more than 70 percent of respondents said that they would be against the construction of an AI datacenter in their neighborhood. ®

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

✇The Hacker News
di: Swati Khandelwal
15 Giugno 2026 ore 18:39
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that

The Y2K bug is back! Dutch dev digs up untimely flaw in old BSD build

✇The Register
15 Giugno 2026 ore 18:30
It’s been more than a quarter century since the Y2K bug threatened to disrupt the not-so-modern world, and while the patching efforts of global IT heroes prevented a millennial mess, the problem persists as a Dutch dev just found a new instance of the numeric nightmare. While working on an emulator for the venerable Programmed Data Processor (PDP) series of “minicomputer” systems manufactured between the 1950s and 1990s, Folkert van Heusden spotted an unpatched Y2K bug in the Network Time Protocol daemon in BSD 2.11. To be fair, it’s not like van Heusden stumbled onto a potentially devastating issue that’s simply waiting to cause chaos: Not only was the bug specific to the PDP-11/70, a system that entered service in 1975, but it also requires a Precision Standard Time, Inc.(PSTI) receiver manufactured by defunct hardware maker Traconex used to pick up time signals broadcast by short wave radio stations managed by the US National Institute of Standards and Technology. Even at that point, the bug won't instantly break network time, as a would-be attacker must take several steps to configure the ancient mahicnes in a way that causes the error. Van Heusden’s writeup explains how to trigger the flaw. “I'm writing a PDP emulator,” van Heusden told The Register in an email. “I'm also very much interested in time keeping on computers. That combined, I dove into the NTP-implementation on the PDP. When adding emulation for the PSTI-device, I suddenly noticed 19126 for the year.” Unsurprisingly, when the PSTI receiver actually produces the correct output, the system throws an error that the time offset between the PDP emulator and the emulated PSTI device is a bit “excessive.” Only by 17,000 years, give or take a couple centuries. Luckily, van Heusden has coded a fix that’ll bring the times back in sync, eliminating what may be one of the few remaining Y2K bugs still floating around in the wild - after all, when’s the last time you heard of a forgotten (or, in this case, overlooked due to technological obsolescence) Y2K bug being patched? If you want to tinker with a 50-year old emulated system running a 35-year old operating system, the good news is that the PDP and its 16-bit CPU ran at 5MHz and needed just 4 MB main memory - a spec that van Heusden’s PDP-11/70 emulator can easily run on modest hardware like a Raspberry Pi Pico, and it’s available on GitHub. Just be sure you patch that Y2K bug if you plan to tinker with time keeping. ® Correction: A previous version of this article referred to the developer as Danish rather than Dutch.

NASA management wants a word and won't say why

✇The Register
15 Giugno 2026 ore 18:15
We've all seen it: an unexpected management meeting that turns up in your calendar. It could mean HR wants a quiet and perhaps terminal word, or, in the case of NASA, something altogether different. During a chat with Space.com, NASA astronaut Bob Hines explained that the meeting was engineered to ensure all five Artemis III astronauts would be in the same room together and introduced face-to-face. The process space NASA uses to select astronauts has long been shrouded in mystery. The first American man in space, Alan Shepard, recalled in Light This Candle that his assignment to the Mercury 7 – the first batch of NASA astronauts – came from a caller who said, "We'd like you to join us. Are you still willing to volunteer?" Shepard later learned he would be the first American man in space during a meeting with fellow astronauts Gus Grissom and John Glenn, plus the Director of the Space Task Group, Bob Gilruth. Gilruth said, "Alan Shepard will make the first suborbital flight." Several factors went into that decision, including the seven Mercury astronauts rating their peers. In his memoir, Riding Rockets, Space Shuttle astronaut Mike Mullane recalled receiving a summons, along with four crewmates, to the office of then Director of Flight Operations, George Abbey. In that meeting, Abbey apparently asked: "We've been looking at the mission manifest, and think it's time to assign some more crews. I was wondering if you would be interested in STS-41D?" The whys and wherefores were unimportant. The astronauts were just delighted to get an assignment. These days, an unannounced management meeting with invitees a person might not normally see on a request is apparently how things are done. How those invitees are picked, however, remains a little opaque. With luck, NASA has sorted out the Outlook problem that bedeviled Artemis II, in which an astronaut plaintively told controllers, "I have two Outlooks, and neither one of those is working." Artemis III is, after all, set to be a very complicated mission, and, if all goes to plan, the crew will have fewer than 18 months to train. That is considerably less than the three years the Artemis II crew spent preparing for their mission to the Moon. The crew of four – three NASA astronauts and one European Space Agency astronaut (with Bob Hines as back-up) – will ideally rendezvous with two commercial spacecraft to check out docking operations and, in the case of Blue Origin, enter the vehicle. All this will take place in Low Earth Orbit as a precursor to the Artemis IV mission, which NASA expects will land humans on the Moon for the first time since the final Apollo mission in 1972. The meeting reportedly happened two weeks before the public announcement of the crew, and NASA's chief astronaut, Scott Tingle, told the group, "Look around. This is your Artemis 3 crew." Hines told Space.com, "That was a really, really cool way to find out." Certainly better than being presented with a pink slip by HR and a box to pack your possessions. ®

Google CEO Largely Avoids Discussing AI In Stanford Commencement Speech

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 18:00
BrianFagioli writes: Google CEO Sundar Pichai delivered Stanford University's 2026 commencement address, but despite leading one of the companies at the center of the AI boom, he spent very little time discussing artificial intelligence. Instead, the speech focused on optimism, working on hard things, and following your interests. The omission is notable given how many graduates are entering a job market being reshaped by AI. While Pichai briefly referenced a "rewiring of technology," he largely avoided discussing AI's impact on careers, automation, or the future of work. Was the Google CEO intentionally steering clear of a controversial topic, or was he simply trying to deliver a timeless commencement speech rather than a technology-focused one? Hyping AI during a commencement speech has been a surefire way to get boos -- unless you're Apple cofounder Steve Wozniak, who reminded college graduates that they already posses "AI" of their own: "actual intelligence." You can read Pichai's commencement speech here. "If you're not from here, California is advertised as being really lush and green. But when I looked out the window, it was more... brown," said Pichai during his speech. "I guess I said this out loud, I'm not sure why. My host, Mrs. Jane Earl, gently corrected me. 'We prefer to call it golden,' she said.And that's exactly what I mean by choosing optimism. It's about reframing for the positive: Where I saw brown, she saw golden. This slight change of perspective had a huge ripple effect on how I thought about the world around me."

Read more of this story at Slashdot.

Red Hat gives Ubuntu a bootc up the backside at Canonical shindig

✇The Register
15 Giugno 2026 ore 17:54
UBUNTU SUMMIT At a Canonical event, we didn't expect a presentation on using Red Hat's container management tools, but if this is something you might need, it does sound useful. At Ubuntu Summit 26.04, Red Hat Principal Software Engineer Joseph Marrero Corchado presented a talk called Bootc: Use your container knowledge and infrastructure to build and deploy your Ubuntu hosts. Although Ubuntu is very strong in the desktop Linux space, in large corporate server environments, Ubuntu is just another distro among many. This can be a good thing: it is just another Linux distro, and that means that it's perfectly possible to deploy and manage it using existing FOSS tooling. Marrero introduced himself by saying that he works at Red Hat, but personally runs Ubuntu – and has been doing so for long enough that he has some original media from Canonical's ShipIt program, which the company discontinued in 2011. While we were surpised to see a Red Hat engineer presenting a talk at the summit, it's not unprecedented. System76's Pop!_OS distro is based on Ubuntu, but it overlaps with other distros as well. It has its own desktop and eschews Snap for Flatpak – and yet, at the previous Summit, System76 boss Carl Richell presented a talk about it. The year before, the Academy Software Foundation's talk started by telling us that Rocky Linux strongly dominated the SFX industry. Our plan here isn't to recap the entire talk. It's up on YouTube now, and if this is the sort of thing that sounds interesting, it's probably a good use of 42 minutes of your time. bootc grows up We've mentioned the bootc toolchain a few times on The Register. Back in April 2024, we reported that Fedora 40's immutable editions were being rebuilt as bootable containers. Two years and four more Fedora releases later, the toolchain is getting more mature, as we covered in April with Fedora 44, and we linked to Quentin Joly's explainer, Bootc and OSTree: Modernizing Linux System Deployment, which is still one of the best we've read. Now bootc has graduated to the point of being a CNCF incubator project. The new project website has a slightly better explanation: Transactional, in-place operating system updates using OCI/Docker container images. The tools for creating and managing OCI containers are familiar to many sysadmins now, and the idea of bootc is to make it possible to manage complete OS images, either for VMs or for bare metal, using the same tooling. Marrero explained bootc by saying that it lets you perform OS installations and upgrades with OCI containers, which lets you define and ship your customized images of the Ubuntu OS as OCI container images. This allows transactional in-place updates, with rollback. This tech is already in real-world public-facing use: SteamOS uses bootc, and he pointed to the Bootcrew project, which maintains a growing collection of bootc images of different OSes, including Ubuntu, SteamOS, openSUSE, and Debian. What's special about these images is that each one is a container, but with a kernel. So this means that it can run on metal, but you can run (and test) it in continuous integration as well. Ubuntu on bootc is still Ubuntu; it's just a different way to deploy it. Doing it this way is an alternative to Canonical's own Ubuntu-image system, which uses standard Ubuntu and Canonical tools, the apt command, normal repositories, and so on. Instead, bootc uses container tools and container images, and a container registry in place of Ubuntu's apt repositories. Marrero has his own experimental Ubuntu-bootc image on GitHub, whose description says: An Ubuntu 26.04 LTS ("Resolute Raccoon") bootable container image with cloud-init and podman built-in, designed for use with bootc and bcvk. (For the record, bcvk is the bootc virtualization kit, which "helps launch ephemeral VMs from bootc containers, and also create disk images that can be imported into other virtualization frameworks.") The idea is that this lets you manage and deploy a server, cloud, or desktop OS, along with all its tools and all its applications, from a single central point that you control. This replaces a whole raft of configuration management tools, including local update management, and eliminates the need for tools such as "Puppet, Chef, or shell automation." The images are constructed using composefs – specifically, the Rust-based composefs-rs – which in turn builds on existing and established Linux tools such as overlayfs, the EROFS read-only filesystem, and fsverity for integrity-checking. He noted that some of Ubuntu's metadata initially stopped composefs from working, but he and the Bootcrew team found it and fixed it. He also offers an Ubuntu 26.04 LTS with bootc – Getting Started Guide, which "walks you through converting an Ubuntu 26.04 LTS VM into a bootc-managed system using composefs. By the end you will have an immutable, image-based Ubuntu system that can be updated atomically via container images." He also demonstrated the tech live on stage using a few demonstration images he'd built beforehand. First, he deployed an empty default Ubuntu installation, with no additional tools. Running it under QEMU took just a couple of seconds. Then, by adding another single-line container file layered on top, he added the tmux terminal multiplexer. He also used wget to demonstrate that no web server was running and the VM didn't respond to HTTP requests, then switched the existing VM to a different image with Apache and a demo page installed, which took only about a second to deploy, followed by a VM reboot. He also demonstrated that it really was Ubuntu, that snapd was present and working, and installed LXD to prove the point. The "bootable containers" toolchain has visibly matured since we first encountered it, and the demo was quite impressive. This vulture is very happy that he no longer has to run servers for a living, and is positively delighted that he has no use for any of these tools. Even so, it's impressive to see that without all that much work, Ubuntu can be slotted into a very different set of management tools and function quite happily. ®

Microsoft site throwing warnings after someone forgot to renew cert

✇The Register
15 Giugno 2026 ore 17:33
Microsoft appears to have dropped the ball with its certificate management after a domain used by sysadmins worldwide to test connectivity to Microsoft 365 started throwing untrusted connection warnings in browsers. The connectivity.office.com domain is used by IT pros to test their network's connectivity to Microsoft 365 and ensure their firewalls aren't blocking anything that could affect an organization's access to Microsoft servers. An SSL server report retrieved on Monday showed that the certificate expired on June 14 after last being renewed on December 16, 2025. At the time of writing, 35 hours have passed since the certificate expired, and Microsoft has still not renewed it, despite many in the IT community making their opinions on the matter known. Certificate renewals are often automated in this day and age, but in organizations still relying on manual processes, those responsible for renewals would almost certainly have received multiple alerts warning of the impending expiration. It suggests that something, or someone, involved in the certificate-renewal process at Microsoft has messed up. The Register contacted Redmond for a response. The company's publicists acknowledged the request for comment but did not return one in time for publication. The fallout could have been much worse. Browser warnings on a network diagnostic tool are irritating, but hardly catastrophic compared with the same thing happening to login.microsoft.com or another critical service. Teams users may remember the collaboration platform abruptly deciding to take Monday off in 2020, after an authentication certificate expired, for example. Whatever went wrong here, Microsoft will have to tighten its processes before shorter certificate lifespans arrive in the coming years. As of March 26, new SSL/TLS certs will have a maximum lifespan of 200 days. This is set to decrease to 100 days by March 15, 2027, and then to 47 days two years later. ®

Campagna di phishing a tema “SEND – Servizio Notifiche Digitali”

✇RSS Csirt Italia
15 Giugno 2026 ore 17:37
Questo CSIRT ha recentemente rilevato una campagna di phishing veicolata tramite SMS, finalizzata a indurre potenziali vittime ad avviare una procedura di verifica e, successivamente, un pagamento online. La campagna sfrutta impropriamente riferimenti grafici e testuali riconducibili a “SEND – Servizio Notifiche Digitali” e a pagoPA, con l’obiettivo di rendere la richiesta credibile e spingere l’utente a effettuare il pagamento di una falsa sanzione.

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

✇The Hacker News
di: Swati Khandelwal
15 Giugno 2026 ore 17:09
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were

Swiss Voters Reject Proposal To Cap Population At 10 Million

✇Slashdot
di: BeauHD
15 Giugno 2026 ore 17:00
An anonymous reader quotes a report from The Guardian: Voters in Switzerland have rejected an unprecedented far-right proposal to cap the country's population at 10 million in a divisive referendum dubbed "the Swiss Brexit." Some 54.79% of voters were against the proposal by the Swiss People's party (SVP) and 45.21% were in favor. Turnout was 58.86%. A different outcome would have obliged the Swiss government to limit the population, currently 9.1 million, to 10 million by 2050, enacting tough restrictions on family reunification, residency permits and asylum if the number had reached 9.5 million before that date. Under the proposals, if the threshold of 10 million people was exceeded before 2050, the Swiss government would have been obliged to withdraw from the country's free movement agreement with the EU -- ending its access to the bloc's single market. The SVP, which has the most seats in parliament, has for years fueled anti-immigrant sentiment, especially concerning workers from neighboring EU countries. The party had insisted that a so-called "sustainability initiative" was needed to address the increase in population, which it argued was putting pressure on Swiss infrastructure, housing, social programs, natural resources and way of life. "Voters were worried about negative consequences for Switzerland's relationship with the EU and for the labour market," said Urs Bieri, from the polling firm GFS Bern. "People are also worried about things like having enough care and health workers. Also, there's a feeling that in the current international environment it's not sensible for a small country to do this."

Read more of this story at Slashdot.

Europe's AI paralysis has a solution - and it starts with a semantic twin

✇The Register
15 Giugno 2026 ore 17:00
Most large European enterprises have no shortage of AI ambition, but they lack the data foundation to support it. Fragmented legacy systems, strict GDPR obligations, and anxiety about handing sensitive data to foreign cloud infrastructure have left many IT leaders running the same modernization projects on a loop, stuck in AI pilot purgatory before they reach production. Onix, a leading services-as-software data and AI specialist, thinks it has the answer. The outfit is rolling out Wingspan across the UK and Europe this summer, built around a proprietary technology it calls the Semantic Twin: a continuously updated intelligence layer that maps an organization's entire data landscape, system relationships, and business context, then uses that foundation to give AI agents the grounding they need to work. To find out what that means in practice, Onix's EMEA managing director, Vittorio Sanvito, answers IT and compliance leaders' most pressing questions. Q: With Google Cloud seeing significant, high-growth demand, why is now the critical moment for Onix to make this unified push across the continent? A: The European tech sector is at a pivotal moment. Market demand is undeniable: Google Cloud has a substantial backlog going into the coming year and continues to grow at pace, which reflects strong AI demand across every industry. Yet large enterprises in Europe are struggling to execute because they lack the proper data foundation, stuck in perpetual data modernization cycles that prevent them from scaling. We're at the major Google Cloud Summits across Europe this summer with a single message: you don't have to stay trapped in pilot purgatory. The Wingspan rollout across Europe and our expanded strategic collaboration with Google Cloud, which is expected to drive over $500 million in cloud consumption, together reflect the scale of what we're trying to do here. We want to make clear that Onix is the execution engine for enterprises that want to turn their AI ambitions into measurable impact. Q: When enterprise leaders speak about what keeps them up at night, data privacy and security are almost always at the top of the list. There are concerns that using advanced AI means sacrificing control over localized, sensitive data. How are Onix and Wingspan directly addressing this while keeping organizations compliant? A: It's a valid concern, and the exact reason we built a localized, customer-first approach into the core of Wingspan. European businesses shouldn't be forced to choose between maintaining their digital sovereignty and remaining economically competitive on a global scale. Wingspan is designed as what we call an Enterprise Intelligence Fabric. It activates data locally and securely, supports complex multi-country deployments, and complies with GDPR and regional data residency requirements by design rather than bolted on afterward. It operates across hybrid and multi-cloud environments without creating vendor lock-in. The Semantic Twin is central to all of this: because it maps your data landscape internally and continuously, you never push unverified or unstructured data outside your governance boundary to make AI work. Q: How does Semantic Twin technology work under the hood to alleviate fears about the AI "black-box"? A: A modern AI agent might be born today and put to work tomorrow, but it doesn't know how to execute tasks because it lacks instruction on standard operational steps. Traditional AI initiatives usually fail because they lack this deep business context. The Semantic Twin solves this by acting as a living intelligence layer that continuously maps an organization's entire data landscape, system relationships, and operational dependencies directly to KPI levels. By providing this connective tissue up front, the Semantic Twin grounds AI agents in real enterprise data with built-in guardrails, so they operate with 99.9 percent data validation accuracy. From a compliance perspective, this eliminates the AI black-box. The Semantic Twin enables full lineage tracking and governance-aware orchestration, so AI outcomes are grounded in corporate data, fully auditable, and explainable. This strict data grounding minimizes the hallucination risks that keep compliance teams awake at night. Q: That level of governance-aware orchestration is mission-critical for highly regulated and data-intensive industries like financial services, healthcare, and the public sector. But beyond compliance, what does the operational impact look like for a customer who's deployed this? A: Because the Semantic Twin provides the true enterprise context and meaning behind the data, our AI agents can move beyond simple, static automation and advance toward autonomous, high-accuracy decision-making. We're helping customers create a new AI operating model that will replace standard SDLC models. This translates to faster time-to-value. By combining agentic AI with this enterprise context, we help organizations orchestrate data modernization and AI operations within a single framework. This accelerates modernization by 3x, moves data into an "AI-ready" state in a matter of weeks rather than years, and delivers a 50 percent to 80 percent reduction in manual effort. Beyond the platform itself, we've also changed how we structure engagements. We're shifting away from traditional, bloated consulting models that rely on endless time-and-materials billing. About 75 percent of our engagements are now set up as outcome-based, with fixed-milestone projects. We guarantee exponential ROI by using AI-assisted delivery pods to execute these transformations rapidly. Q: What does success look like for Onix in Europe over the next 12 months? A: Success looks like the enterprises that came to us running consecutive AI pilots finally having something in production: governed, measurable, and connected to business outcomes rather than sitting in a sandbox. Europe has been cautious about AI for good reasons, and GDPR exists for good reasons. What we want to prove is that caution and ambition aren't mutually exclusive. The Semantic Twin is how we make that case technically; the rest is execution. Contributed by Onix.

Rilevata vulnerabilità in SimpleHelp

✇RSS Csirt Italia
15 Giugno 2026 ore 16:31
Identificata una nuova vulnerabilità con gravità “critica”, che interessa il software SimpleHelp, utilizzato per attività di supporto remoto e gestione sistemi. Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato di eludere i meccanismi di autenticazione sui sistemi interessati.

Salesforce reels in customer support AI specialist Fin for $3.6B

✇The Register
15 Giugno 2026 ore 16:30
Salesforce has agreed to buy AI customer support outfit Fin for $3.6 billion, bolstering its Agentforce business as software vendors race to convince customers that bots really can handle customer service. The CRM giant announced on Monday that it had signed a definitive agreement to acquire Fin, formerly known as Intercom, in a deal expected to close during the fourth quarter of Salesforce's fiscal 2027. Fin's flagship product is an AI customer service agent designed to handle support requests across platforms including live chat, email, WhatsApp, SMS, Slack, and phone. Fin says that the system is powered by its proprietary Apex model, built specifically for customer support workloads. "We're thrilled to welcome Fin to Salesforce as we enable every company to become an agentic enterprise," Salesforce CEO Marc Benioff said in a statement. "Fin brings proven agent technology, a deep commitment to customer success, and an incredible AI team that will complement Agentforce with powerful service agent capabilities." The acquisition adds both technology and customers. Salesforce said Fin serves more than 30,000 companies worldwide and cited examples of customers using its AI agents to resolve an average of 76 percent of support requests end-to-end without human intervention. Fin chief exec and co-founder Eoghan McCabe said joining Salesforce would allow the company to deploy its technology at a much larger scale than it could independently. The deal also strengthens Salesforce's Agentforce business, the company's flagship push into AI agents. Salesforce said Agentforce reached $1.2 billion in annual recurring revenue during the first quarter of fiscal 2027, up 205 percent year over year. It also arrives during a busy period for the company. Last week Salesforce confirmed another round of layoffs affecting teams including Agentforce, MuleSoft, and Marketing Cloud, while also pressing ahead with the acquisition of usage-based billing specialist m3ter and expanding its stock buyback program. Salesforce has spent the past two years positioning AI agents as the next major battleground for enterprise software vendors, alongside rivals including Microsoft, Oracle, and SAP. While much of that competition has focused on building increasingly-capable AI systems, the acquisition suggests Salesforce is also willing to write sizeable checks for companies that have already persuaded customers to put those systems into production. ®

PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data

✇The Register
15 Giugno 2026 ore 16:00
Chinese government spies remained hidden in the networks of multiple North American medical and military research organizations for more than a year, deploying custom malware and snooping through Gmail inboxes and stealing sensitive data. This PRC-nexus espionage crew, which Google tracks as UNC6508, used some particularly noteworthy search terms as they were scanning for data to steal. They included such esoteric topics as drone technology and a viral disease that spreads from mosquitoes to humans. “It’s one of the most interesting grocery shopping lists of things to collect that I’ve seen from a state-sponsored actor,” Luke McNamara, deputy chief analyst at Google Threat Intelligence Group, told The Register. “We have defense-related activity, which was a significant bulk of the different terms, or emails related to defense platform systems or companies,” McNamara said. “Some of those were looking for any emails that were coming in or going out that used @ and then a big defense name. Others were specific email addresses of individuals at more niche defense companies.” While most of the terms related to defense and technology, the intruders also searched for some medical research facilities – and the very specific pathogen, “Chikungunya,” a viral disease transmitted to humans from mosquitoes that was responsible for an outbreak in China's Guangdong province in July 2025. Google won’t say how many organizations were compromised in this campaign. A Monday report said the operation targeted several national, state, and private medical entities. “These organizations comprise world-renowned clinical providers, premier academic centers, North American military health institutions, professional advocacy groups, and health regulatory bodies,” according to the report. “Their research areas span a broad spectrum of modern medicine, from molecular discovery and clinical drug trials to state-level public health policy and military readiness.” McNamara told us that the tech company’s incident responders notified all the victims they identified, “and we suspect there's probably even more.” Incident responders first detected this campaign in early 2025, but told us it dates back to at least 2023. And all of these attacks began with the digital intruders somehow exploiting externally facing REDCap (Research Electronic Data Capture) servers. These servers are primarily used by universities, hospitals, and research institutions to build and manage online databases and surveys, and to store sensitive clinical research data. The earliest known intrusion happened in September 2023, when UNC6508 compromised a REDCap server belonging to a North American medical research institution. McNamara told us that all of the intrusions followed this same pattern. Seeing (Infinite)Red After three months, the snoops silently deployed custom malware named InfiniteRed to capture legitimate REDCap login credentials. The malware includes three modular components. The first allows it to maintain persistent remote access by injecting its code into new REDCap versions after intercepting the upgrade process. Then it injects a credential harvester into the authentication system file to compromise user accounts. Finally, it functions as a backdoor with custom hooks that executes on every REDCap page load. Google’s threat intelligence team identified “multiple” US and Canada-based organizations infected with InfiniteRed, and offered assistance with removing the malware. After remaining undetected for more than a year, UNC6508 used the stolen credentials to access admin accounts and the victims’ internal network. Finally, the attackers added sneaky domain content compliance rules for data theft. All 'Patroit' themed emails sent to BebitaBarefoot774 Content compliance rules are legitimate features in many cloud-based enterprise productivity suites - like Google Workspace - to exfiltrate specific email communications. Administrators can create these rules to manage messages that contain predefined sets of words or phrases, and these rules apply to all of the users in an organizational unit. UNC6508 created a compliance rule named "Patroit" (yes, they misspelled “Patriot”) to match keywords and email address patterns in sent or received emails. These messages were then silently BCC-forwarded to an attacker-controlled Gmail address, BebitaBarefoot774[@]gmail[.]com, delivering a steady stream of geo-strategic policy, military strategy, advanced technology, and medical research emails to the PRC-linked crew. The search terms also included professional email addresses and phone numbers for members of organizations in these spaces. GTIG disabled the Gmail account to prevent further data exfiltration. “One of the questions that we've had internally around this is: We're seeing this show up primarily at medical research institutions,” McNamara said. “Why are they searching for things like unmanned drones and unmanned vehicles? Why would you expect to find that there?” One theory, he said, is that this particular threat group was tasked with collecting data across different categories of national-security-related terms and information. “Maybe they were copy-and-pasting this across multiple victims, including ones outside of this medical research space?” Plus, some of the targeted institutions were likely working on research with a military or government agency connection. “So there was a potential that they could be in correspondence with someone where one of these terms showed up, and the actors were casting a very wide net,” McNamara said.®

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

✇The Hacker News
di: Ravie Lakshmanan
15 Giugno 2026 ore 15:49
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity

Joomla JCE: sfruttamento attivo in rete della CVE-2026-48907

✇RSS Csirt Italia
15 Giugno 2026 ore 15:32
Rilevato sfruttamento attivo in rete della CVE-2026-48907 – già sanata dal vendor – presente nel plugin Joomla Content Editor (JCE) estensione per il noto CMS Joomla! utilizzata per la gestione avanzata dei contenuti, Tale vulnerabilità, qualora sfruttata, potrebbe consentire ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi interessati.

Arch Linux locks down AUR signups amid wave of malicious commits

✇The Register
15 Giugno 2026 ore 15:30
A wave of malicious commits hit the Arch User Repository (AUR) over the weekend, prompting the team to disable new account registration on Monday morning while it cleans up the mess. The issue was first acknowledged on June 12, with a post stating: "We are currently experiencing a high volume of malicious package adoptions and updates in the Arch User Repository." The team warned that users might have issues opening new accounts, pushing package updates, and adopting or creating fresh packages. Around 400 user-submitted packages were believed compromised; that figure climbed past 1,500 over the weekend. On June 14, a more sophisticated wave of malicious packages was spotted. The Arch Linux team this morning disabled new account registration "while we are working on the cleanup." The core Arch distribution itself is unaffected. The AUR is a community-run package repo – if something isn't in the official repo, it's probably here, assuming nobody's poisoned it. The AUR is user-submitted and unsupported, so users are expected to inspect package build files themselves before installation. The malicious packages attempted to pull in hostile JavaScript dependencies, including npm packages identified in the campaign. Arch Linux is a fast, lightweight Linux distribution. It isn't for beginners – users need to pick their own display manager and desktop environment as well as their own applications. However, this makes it highly customizable. The project's website says: "Currently we have official packages optimized for the x86-64 architecture. We complement our official package sets with a community-operated package repository that grows in size and quality each and every day." Unless, of course, miscreants go wild with malicious commits, and the team has to wade in to deal with the problem. According to the AUR, there are just over 107,000 packages, with 5,586 updated and 273 packages added in the past seven days. This isn't Arch Linux's first brush with trouble. In 2025, the project was hit with a Distributed Denial of Service (DDoS) attack that disrupted its main web page, the AUR, and the project's forums. It also had to address compromised browser packages that reportedly contained a Remote Access Trojan. Both incidents highlight risks in the way the AUR is structured and maintained. It's an invaluable library of packages led by a community of smart Arch users, yet that open, community-driven model can be abused by attackers. New account creation remains disabled at the time of writing. The Arch team will no doubt be pondering how to avoid this situation in the future. ®

US clampdown on Anthropic models sends EU sovereignty surge into overdrive

✇The Register
15 Giugno 2026 ore 15:09
As Anthropic execs prepare to visit the White House after effectively being ordered to cease offering the company's Mythos 5 and Fable 5 models, the European Commission says the incident is another example of why the EU must achieve technological autonomy. Anthropic announced on Friday that the US government issued an export control directive that required the AI upstart to prevent any non-US citizens from accessing its cybersecurity models Mythos 5 and Fable 5. The order meant even some Anthropic staff could not use its models. And as there’s no way to tell if someone on the internet is a US citizen, the order effectively meant that the AI company had to stop making the models available to everyone to ensure compliance. Anthropic isn't sure why the White House issued the order. "Our understanding is that the government believes it has become aware of a method of bypassing, or 'jailbreaking,' Fable 5," the company said. "To date, the government has only given us verbal evidence of a potential narrow, non-universal jailbreak, which essentially consists of asking the model to read a specific codebase and fix any software flaws. "Our understanding is that one potential jailbreak was shared with the government." The Wall Street Journal reports that the directive was the result of conversations held between Amazon CEO Andy Jassy and US officials, including Treasury secretary Scott Bessent, and Jassy's report of a possible jailbreak. Anthropic executives are set to meet with US officials at the White House this week to gain a fuller understanding of the developments that informed the directive, according to Axios. Whatever the Trump administration's reason for the order, Mythos and Fable remain unavailable at the time of writing. A case study for sovereignty The incident has not gone unnoticed. Thomas Regnier, spokesperson for the European Commission, said the body is still examining the directive's implications for the EU amid concerns that the US can switch off access to technology that allied partners could soon come to rely on heavily. "The Commission has taken note of Anthropic's statement regarding the US export control directive on its most advanced models and is assessing its implications, including for users in the European Union," he said. "We are seeing a new generation of highly capable AI models reach the market. These models offer significant benefits, including for cyber-defence, but they also raise serious cybersecurity concerns that need to be addressed. "This is a shared challenge, not one confined to a single jurisdiction or company. We believe that contingency measures taken in this light should not be discriminatory against partners. "This development is a further illustration of why Europe needs to strengthen its technological sovereignty, and it underlines the relevance of the cybersecurity and AI legislation already in place at EU level, including the AI Act, the Cyber Resilience Act, and the NIS2 Directive – as tools to manage exactly this kind of risk on our own terms. "We are looking closely at the practical consequences of this for European users of these services." The comments come days after the EU launched its European Technological Sovereignty Package, a slew of measures aimed at sharply reducing its reliance on technology developed by the US and China. Cybersecurity-specific AI models such as Mythos 5, Fable 5, and OpenAI's GPT-5.5 are still very early in their development, and are not yet available to many organizations, let alone casual users. The cost of dependency stays invisible until it's too late The US directive to prevent foreign nationals from accessing Anthropic's models will nevertheless prompt concerns among global partners and organizations about how a foreign government can simply revoke access to technology on which they may become highly reliant in the future. For Aled Lloyd Owen, chief of staff at Responsible AI UK, the news of Anthropic restricting access to its models only strengthens the case for the EU's plans to loosen its ties to US tech. "This is another incident that just proves the rule and proves that [the EU] must move faster and deeper, and really establish that independence as soon as possible," he told The Register. As for alternatives, Mistral AI is one of the EU's flagship AI development projects. It is widely regarded as a fast, capable, open-source model, but one that lacks the performance of "frontier" models such as those made by Anthropic and OpenAI. Owen said there is a limit to how quickly the EU can achieve autonomy, but the latest Anthropic story is "quite helpful in a lot of ways." "It's saying: 'You can't, from a commercial point of view, trust these bodies,' so to some extent, are you willing to sacrifice performance, both perceived and real, for European homegrown models that are not quite there but are certainly driving in that direction, in order to have a more reliable sovereign service? "So, the ability to shift is both technological, in terms of building effective models and building effective infrastructure, but will also involve weaning European companies from the high-capability overseas models that they're already using." Kate Hanaghan, chief research officer at TechMarketView, said: "Last week, I was talking to a couple of European integrators about exactly this issue. One framed it as 'The cost of dependency stays invisible until it's too late.' "For UK enterprises, the risk is now very clear. Depending on a single US frontier provider leaves operations exposed if that access is withdrawn. And this weekend showed it can happen without warning. Ultimately, that leaves Europe to work out what it should, and realistically can, develop for itself." Voices in the UK echo those in the EU. Kanishka Narayan, minister for AI and online safety, posted on X: "The main lesson: as we debate the future of national security and technological sovereignty, access to AI capabilities is crucial." I care about sovereign AI because it now decides our security Separately, he said: "We treat every other threat to our sovereignty with deadly seriousness, but we haven't learned to treat this one in the same way." "I care about sovereign AI because it now decides our security… it will reshape our economy faster than anything else we've seen in our lifetimes," he added. The MP went on to say: "I'm not going to pretend there's a simple switch that we can pull. There isn't. Britain needs more AI capability. This is the central political question of our time, and our first duty is to see it clearly before someone else decides the answer for us." Policy on the run The order has also angered others, for different reasons. A group of 54 security and AI experts co-signed an open letter to the US government after the directive was issued, calling on the government to lift the restrictions. They also asked the government to commit to a more transparent approach to handling AI risk assessments in the future, saying that it should be a more democratic process. Not all the signatories believe the US should have regulatory control over AI models (Anthropic believes the US rightfully holds the authority to block releases), but they said that materially impactful decisions should be grounded in science and security teams should be given time to prepare. The letter pointed out that vulnerability researchers and red teams are already relying on these models every day, and decisions to revoke access to them should be made through a democratic process, and should restrict capabilities only to the minimal extent necessary. "As a result, this action has taken the best models away from defenders, created market uncertainty, and risked America's AI leadership without any real risk to justify it," the signatories wrote. Who's next? In its response to the White House order, Anthropic asserted the allegedly problematic features of Fable and Mythos are also present in other models, including GPT-5.5. Anthropic has stated from the launch of Fable 5 that it believes developing AI models with perfect jailbreak resistance "does not appear to be possible today," and that no one has developed a universal jailbreak for its models to the best of its knowledge. It has long advocated for and continues to stand by its defense-in-depth approach to managing risks. ®

Flatpak-NG sounds like bad news for systemd refuseniks

✇The Register
15 Giugno 2026 ore 14:15
Flatpak development has been very quiet for years. Discussions about a next-generation take are happening – and some of the signs are worrying if, like many FOSS folks, you are systemd-intolerant. In the course of researching our article on MX Linux 25.2, we came across an interesting Reddit discussion from last month, which in turn led us to a Flatpak development blog post from late last year. It looks like a team is collecting ideas for what is currently called "Flatpak-NG" – as in next generation. If this solidifies into code, this may form the basis of Flatpak version 2. The blog post isn't very informative, but the Reddit thread links to the video of a presentation from last month's Linux App Summit in Berlin, which spells things out more clearly. The Flatpak-NG idea involves handing off a lot of the isolation in Flatpak from the current bubblewrap layer to an as-yet-unwritten systemd component that the developers are currently calling systemd-appd. This would considerably simplify Flatpak, and enable it to do more isolation, including virtualizing the network stack – but at the price of making Flatpak 2 depend on systemd. A developer who was at the talk, Jorge Castro, later explained and confirmed this in a Fediverse thread. The teams behind other init systems could, of course, write their own replacement for the notional systemd-appd, but that would be a substantial amount of work. The tool that provides the new init-switching functionality in MX Linux 25.1 and 25.2, init-diversity, currently supports six other init systems besides systemd, and we've seen little sign of them cooperating to create an alternative to systemd that provides even a subset of its wider functionality. Flatpak is widely used and supported. Not all distros include it by default, but it's the only widely adopted alternative to Canonical's Snap packaging system. Snap is more versatile: it works fine with shell programs, and even the kernel can be packaged as a Snap, which is how Ubuntu Core handles it. Snap's implementation is much simpler and cleaner than Flatpak's, as is the distribution model – which, as we've reported before, is entirely open source. The only proprietary part is Canonical's Snap Store website. The trouble is, the louder advocates in the peanut gallery rarely even think about things like implementation details; they just get upset about more visible things that are easier to understand – such as who owns a website. There are other alternatives out there, such as AppImage, 0install, AppDir, and GNUstep's implementation of NeXT and Apple's .app format. We have compared these in detail before. Only two really have wide adoption, though. There's Snap, which Canonical claims has more users simply because Ubuntu has more users than all the other desktop distros put together, and there's Flatpak, which is used by every other distro with any kind of cross-distro package support. The snag is, if Flatpak 2 does arrive in a year or two, and requires systemd, then that could spell the end of Flatpak support on many systemd-free distros. That includes MX Linux, Alpine Linux, Devuan, Slackware, and many other smaller projects. For many of these, Flatpak is a lifeline: the only way to access much of the wider Linux app market. It's not so much that the Flatpak-NG team is the "A-Team," but the only team. In the original A-Team, Colonel John "Hannibal" Smith was wont to say "I love it when a plan comes together." We suspect a lot of people will not love it if this plan comes together. ®

Are Many College Students Losing the Ability to Read?

✇Slashdot
di: EditorDavid
15 Giugno 2026 ore 13:34
Futurism reports: in a new essay for The Chronicle Higher Education, university-level literature and writing instructor Tyler Jagt recalls how not a single one of his students could get through an assigned 20-page article, something that he had read "without complaint" as an undergraduate a decade ago. One student confessed that the reason they didn't finish was that they kept losing track of what the paper was about. And there's no doubt that they're not alone. Jagt cites the 2024 National Assessment of Educational Progress reading assessment results released last year. It showed that 12th grade reading scores were at the lowest level since the assessment began in 1992. Nearly a third of those 12th graders scored below the assessment's "basic" level in reading, meaning they likely "cannot draw general conclusions based on concepts presented explicitly in a text." Younger children aren't better off: a recent report from the Annie E. Casey Foundation found that 70 percent of fourth graders, or around two million kids, can't read at a proficient level. "What I am seeing in my classroom is no longer a hunch," Jagt writes. "There is a measurable, generational collapse in sustained reading and writing, and the academy is responding to it with improvisation and exhaustion rather than the structural overhaul it requires...." Jagt cites an MIT study that found users who used ChatGPT during cognitive tasks like writing essays showed lower brain activity in areas associated with creativity compared to students who only used a traditional Google Search or didn't lookup information at all. An astonishing 83 percent of the AI users couldn't quote a single line from the essays they had just written, and capstoning the alarm, the brain activity in the AI users didn't return to normal when they were later asked to write without AI... On our pernicious pocket devices, Jagt touted a 2017 study that found that simply having a smartphone physically nearby — even if it's face down or turned off — reduced available cognitive capacity and impaired cognitive functioning. "So when a student tells me they 'kept losing track' of a 20-page article, I have to acknowledge that they may be describing a measurable neurological condition," Jagt wrote. "The neural pathways that support sustained attention are built by use, and they atrophy without it. Your body is a use-it-or-lose-it system, and the brain is no exception." Sunday an "Ask Reddit" question went viral — drawing over 11,000 upvotes — for its question to any teachers reading Reddit. "Is the 'Gen Alpha can't read (write, or do math ext)' crisis real? If so how bad is it?" Some responses... "The run of the mill non-honors kids have gotten really bad," posted one high school teacher. "Very low tolerance for working hard, very short attention span, very short stamina for active listening... It's the group that is the most worrying because a decade ago, I'd estimate that maybe 10-20% of kids at a school are like this, and now it's probably 40-50% of each graduating class... Then there's of course the bottom 10-20% kids (excluding the special ed/severe/moderate learning disability kids). This is what the viral videos are about and it's not an exaggeration. They can't read, write, or do very basic math like multiplication or division as a 17 year old." "This is the first year the MAJORITY of my class cheated on their first essays...." posted one high school English teacher. "It was also the first year a kid yelled 'We don't care about your fucking books, Miss!' while I was in front of the class presenting books they might be interested in for their book reviews... Almost all of them cheated on the book review they had to write." Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.

UK AI hiring surges as firms seek people to babysit the bots

✇The Register
15 Giugno 2026 ore 13:30
Britain's AI jobs boom is creating a two-track labor market, according to PwC, which just so happens to make a healthy living helping companies navigate AI-driven transformation. The consulting giant's latest AI Jobs Barometer found hiring for AI specialists in the UK jumped 61 percent over the past year, rising from 112,000 roles in 2024 to 180,000 in 2025, even as overall job vacancies across the economy fell by 6.6 percent. That headline figure is the sort of thing consultancies put in press releases, but the more interesting bit comes later. PwC's analysis suggests employers aren't rushing to hire hordes of machine learning engineers and model builders. Instead, they're increasingly looking for people who can use AI inside existing professions and business functions. The firm found that so-called AI user roles grew by almost 66,000 positions during the year, while AI developer roles increased by just 2,600. After years of declaring that AI will revolutionize everything from accounting to sandwich-making, companies appear to have reached the awkward stage where somebody actually must make the technology useful. PwC argues the result is a "two-track" labor market. Jobs where AI helps skilled workers automate repetitive tasks and focus on higher-value work are growing faster than roles where the technology mainly makes tasks easier and lowers barriers to entry. According to the report, roles most enhanced by AI have grown by 39 percent since 2018, compared with 17 percent growth in jobs where AI is primarily simplifying work. The firm’s wage data tells a similar story. Jobs requiring AI skills now command an average wage premium of 34.2 percent, up from 11 percent a year ago. Consumer market companies are offering premiums as high as 64 percent, while government and public sector employers top out at 12 percent. That's certainly good news for workers with AI skills. It's also not the sort of conclusion likely to upset a firm that advises clients on AI strategy for a living. The findings land against a backdrop of growing anxiety about AI's impact on employment. Recent polling found one in five Britons believes AI-driven layoffs could eventually trigger civil unrest, while another survey found that office workers are already spending nearly six hours every week checking, correcting, or redoing work generated by AI tools. For all the excitement around AI, the hiring surge appears to be concentrated in a surprisingly old-fashioned category: people who know what they're doing. ®

The Onboarding Password Mistake That Creates Unnecessary Risk

✇The Hacker News
di: Unknown
15 Giugno 2026 ore 13:30
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these passwords don't always stay temporary. They may be sent over email or SMS, reused across accounts,

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

✇The Hacker News
di: Ravie Lakshmanan
15 Giugno 2026 ore 13:07
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The

UK Treasury hunts CTO on salary that may not compute for top tech talent

✇The Register
15 Giugno 2026 ore 12:45
His Majesty's Treasury (HMT) is looking for a new chief technology officer, offering an annual salary of up to £77,000 – less than some elite graduates might expect in their first job at a tech vendor. HMT promises "an exciting opportunity to influence decision making that affects the whole of the UK." The successful candidate also gets a generous civil service pension, with an employer contribution of nearly 30 percent. The salary range is from £69,820 to £77,000 for a role that can be based in London, Darlington (North East England), or Norwich (East Anglia). "HMT is a fast‑paced, policy‑driven organisation with a diverse user base of several thousand staff, including ministers, senior officials and analysts, all reliant on secure, resilient and responsive digital services," the job ad says. The role offers "a unique opportunity to work at the centre of government, operating at pace, influencing major decisions, and ensuring technology effectively supports ministers and the Treasury's critical role in stewarding the UK economy." These are the kinds of users less forgiving of tech problems, as they are responsible for controlling public spending, directing the UK's economic policy, and achieving sustainable economic growth at a time when the public expects both good services and low taxes. The incoming CTO will do all this with a "predominantly Microsoft‑based technology ecosystem, including Microsoft 365, Azure and associated security and endpoint tooling, delivered through a largely outsourced, multi‑tower operating model." Leading technical staff and dealing with multiple strategic suppliers, the lucky individual is expected to define technology strategy, standards, and architecture, all while giving taxpayers value for money. Weighty expectations also come with the people side of the job, since the CTO needs to be "a trusted technical adviser to enable informed decisions" both inside HMT and across other Whitehall departments. This being 2026, the job ad mentions AI as one of the technologies the role is expected to champion. What the ad does not mention is another looming headache: HMT must decide by December whether to move its finance and HR systems from Oracle Fusion to Workday, or stick with Oracle and diverge from the government's overarching £1.7 billion shared services strategy – which HMT signed off. No pressure, then. ®

Palantir's NHS data deal called in for a second opinion

✇The Register
15 Giugno 2026 ore 12:00
Experts have welcomed the UK government's decision to review its contract with Palantir to provide software central to tackling the elective care backlog. The US spy-tech biz has, for some, been a controversial presence at the heart of the National Health Service in England since it was awarded a contract for just £1 to help provide data tools during the pandemic. It later won £60 million in uncontested deals. After the pandemic, it won a £330 million award – with other companies as partners – to provide the Federated Data Platform (FDP) under a SaaS model for the former Conservative government. NHS England defended the decision to award the FDP contract to Palantir after a competitive tender, saying it would help provide increased productivity necessary to help the NHS recover from its mammoth post-pandemic elective care backlog. Since Labour took office, however, the Palantir deal has looked less comfortable. The company was founded with backing from CIA-linked venture capital firm In-Q-Tel and provides technology to ICE and other controversial US security agencies. Attention has begun to focus on a contractual break clause next February, with the UK government saying it is planning to review the contract. Lord Paul Drayson, a member of the House of Lords Science and Technology Committee, welcomed the decision to review the contract. Speaking at the Digital and AI Sovereignty event organized by open source advocates OpenUK last week, he claimed the decision to appoint Palantir to the NHS England deal did not meet the standards of clear rules and fair deals. "The issues relating to values really go to the heart of it. It's great there's being a review. The UK has the technology to do federated data platforms, and it's an example of the shift in the politics that's taking place," said Drayson, founder and former CEO of UK clinical AI and digital healthcare company Arcturis Data. Palantir said the results of its technology in the NHS were already evident as 110,078 additional patients have undergone procedures in hospital theatres since the FDP product was implemented. Nearly 7 percent more patients with referrals for suspected cancer were now receiving answers within 28 days compared to the 12 months before FDP, it said. However, experts at the OpenUK event expressed concern that the decision to give Palantir the FDP deal reflected poor decisions in shaping the UK tech market and poor stewardship of NHS data as a UK asset. Mike Bracken, partner at consultancy Public Digital and former Cabinet Office executive director for digital, said NHS England had a 15-year history of failing to set a standard health data taxonomy and classification in order to develop a thriving supply market. "That was the complete failure of NHSE," Bracken said. "We've heard talk about market shaping. Where we are now is a 15-year failure to shape a market around common standards and platforms. It really is not difficult. We're in a current position where the absence of doing that allows any single entity or company to own that taxonomy and that federated model that is not healthy for this country." "It is not actually about Palantir. If you look around our public sector, our officials believe in market orthodoxy, and our markets are little short of oligopolies and monopolies, and this is just another example. If we generally want market activity, competition, innovation, you have to create markets. You do not create markets by handing single control of federated platforms, in this case, to single companies, Palantir or otherwise." Secretary of State for Health and Social Care James Murray was asked about the FDP during a recent interview on BBC Radio 4's Today program. "The FDP is a single contract with Palantir, and it's being reviewed at the moment ahead of its breakpoint next year," he said. Speaking at the OpenUK meeting, Laura Gilbert, Senior Director for AI at the Tony Blair Institute and former director of data science in the Prime Minister's Office, said the FDP was exactly the use case that you don't outsource, and certainly not outside the country. The UK has the skills to build its own NHS data systems, which could lead to benefits for the wider tech and healthcare economy, she said. "Locking down to a single vendor is clearly risky when it is something so important. Once again you're in a place where you are not just giving the money away offshore but the benefit of the data – some going back to the patient, which is great – but we should be learning from that data and building a better health service, not allowing an offshore company to learn and build better products they can sell to somebody else." The Tony Blair Institute has received funding from Larry Ellison, co-founder of Oracle, which was part of one of the losing FDP bids. The next few months will be critical for Palantir's involvement in the NHS. With the writing on the wall for UK Prime Minister Sir Keir Starmer, frontrunner to replace him is Andy Burnham, currently the mayor of Manchester. The Greater Manchester Integrated Care Board has rejected the FDP, preferring to use the system it built on Microsoft Azure with technology from data pipeline vendor Matillion, analytics and data lake company Snowflake, data visualization firm Tableau, University of Manchester's eLab, and others. A report last year claimed it "exceeds anything the FDP currently offers." ®

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

✇The Hacker News
di: Swati Khandelwal
15 Giugno 2026 ore 11:59
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it

Britain plots digital bedtime after kicking under-16s off social media

✇The Register
15 Giugno 2026 ore 11:14
The UK government is preparing to kick under-16s off social media and clamp down on a range of online features aimed at children, declaring that Big Tech has had its chance to police itself and failed. Prime Minister Keir Starmer announced plans on Monday to ban under-16s from social media as part of a package that also includes new restrictions on livestreaming, stranger contact, disappearing messages, and AI companion chatbots. The legislation is expected to be introduced before Parliament's Christmas recess, with the new rules due to take effect in spring 2027. "Parents want to keep their kids safe and happy, but the online world has made that harder than ever," Starmer said. "I've heard firsthand from families crying out for change and we will do right by them." The prime minister reserved his sharpest criticism for the technology industry. "This is a line in the sand," he said. "Tech giants had their chance and failed, but we're stepping in to protect children, back parents, and set a new normal for future generations." The government is pitching the move as a direct response to parental concerns. According to its Growing Up in an Online World consultation, 91 percent of parents who responded supported a minimum age of 16 before social media platforms can offer services to children. More than four in five respondents said the risks of social media outweigh the benefits for children, while 88 percent said fewer children would be exposed to inappropriate or harmful content if age restrictions were introduced. Ministers also point to evidence that many parents are simply exhausted by the battle over screen time. Three-quarters of respondents said restrictions would lead to fewer arguments at home, while 77 percent said schools and teachers would find it easier to manage children's digital behavior. The government said it intends to follow Australia's model by targeting user-to-user platforms whose primary purpose is social interaction and user-generated content. That would include services such as Snapchat, TikTok, YouTube, Instagram, Facebook, and X. The social media ban is only part of the package. Ministers also want to restrict a range of features they say expose children to harm, including stranger contact, explicit image sharing, livestreaming, and AI companion chatbots. Those restrictions would remain in force by default for 16 and 17-year-olds as well to avoid what ministers describe as a "cliff edge" when children turn 16. Ministers are also examining further measures for under-18s, including overnight social media curfews and mandatory breaks in infinite scrolling, with additional details expected in July. The government said it will seek to avoid some of the problems encountered in Australia by requiring what it describes as "highly effective age assurance" measures. Whether those systems prove any better at telling teenagers from adults remains unclear: recent age-verification trials have already produced examples of youngsters reportedly bypassing checks using little more than a drawn-on mustache. Ofcom, which will be responsible for enforcing much of the regime, signaled support for the government's plans. "So far, Ofcom has driven some of the strongest changes of any online safety regulation in the world, from widespread age checks to grooming protections for children," a spokesperson said. "But the industry needs to go much further to make people safe. The government has entrusted us to build on this progress with new measures to protect children, and we're ready to work closely with them as the detailed regulations take shape." But not everyone is convinced the government has found the right answer. James Baker, Platform Power and Freedom of Expression Programme Manager at the Open Rights Group, warned that lawmakers risk repeating a familiar pattern. "Every failed attempt to make children safer online is followed by more surveillance and censorship," he said. "Children have rights too and these policies will harm their free expression and privacy rights, and push them into less regulated spaces. Meanwhile the business models driving harms are untouched." Others questioned whether the measures can realistically be enforced. Mark Jones, an online harms specialist and partner at law firm Payne Hicks Beach, noted that the consultation closed only weeks ago and warned that determined teenagers have a habit of finding ways around restrictions. "A social media ban only helps if it is genuinely enforceable," Jones said. "If large numbers of young people simply circumvent the restrictions, parents will just lose visibility into where their children are actually spending time online rather than reclaiming any control." The political case for the crackdown appears relatively straightforward, but the practical one is less so. The government now has to persuade social media companies to enforce the rules and teenagers not to find ways around them. ®

Why We Changed Our Code of Ethics to Address Prediction Markets

✇ProPublica
di: Diego Sorbara
15 Giugno 2026 ore 11:00
Blue gambling chips surround a red chip in the shape of a “no” symbol, with a slash through the center of the chip.
Illustration by Shoshana Gordon/ProPublica

What would you think of me, the ProPublica editor responsible for newsroom standards, if I placed a bet on the baseball game I’m currently listening to on the radio? Probably that I’m doing something plenty of others do, and that my wallet will be lighter in a few innings.

What would you think of me if I stood to make a tidy sum based on the outcome of a news event ProPublica has been covering? You’d probably think that’s downright shady, because isn’t the job of a journalist to report the news and not make money off it?

Lest you think I’m an ethically compromised editor, you can rest easy. According to a recent update to ProPublica’s code of ethics, “no employee should wager on the outcome of news events on the prediction markets — regardless of whether or not they are involved in coverage of said event.”

ProPublica has always prohibited employees from profiting off inside information, so you may wonder why we amended our code of ethics to specifically single out prediction markets. We have not encountered any instances of this happening on our staff, but it has become harder and harder to deny the influence and reach of prediction markets beyond sports. In fact, deals between prediction markets and news organizations abound, such as Kalshi with CNN, Fox News and The Associated Press, and Polymarket with Dow Jones

But there have also been worrying examples of these markets at play. Look to the case of a U.S. soldier involved in the ouster of Nicolás Maduro from power in Venezuela who was said to have made over $400,000 by betting on the mission. (He was charged with “unlawful use of confidential government information for personal gain, theft of nonpublic government information, commodities fraud, wire fraud, and making an unlawful monetary transaction,” according to the Department of Justice, and has pleaded not guilty.) Or to the political candidates who were accused of trying to make trades on their own races. (All three received fines from Kalshi ranging from about $540 to about $6,230 and were suspended from the platform for five years.) Or even to the journalist who detailed receiving threats from gamblers trying to get him to change his report on a missile impact in Israel. (He didn’t.)

At ProPublica, it felt imperative for us to establish professional boundaries in a world where a person can have a financial stake in almost anything. Our thinking was: If one of our employees has money riding on an outcome, can a reader be sure we’re covering a story without bias?

We take your trust seriously and know that it is something to be earned and maintained. We’ve always held ourselves to high standards. The code of ethics specifically exhorts our journalists to “avoid any actions that could make a reasonable reader doubt their ability to report fairly or with neutrality on the subjects of their coverage.” We know that even the appearance of us doing anything other than working in the public interest is troubling. 

When we began seeing instances of people making money off the outcome of news events, one of our concerns was that readers might assume journalists were doing the same. Even gambling on news events that ProPublica would most likely not cover, like next year’s presidential election in France, isn’t a good look for a journalist. If someone on our staff is doing that, a reader might wonder if they are betting on something closer to home or to their field of expertise.

However, we also wanted to take care to not close the door on activities that don’t pose such an existential reputational risk. A bunch of investigative journalists throwing a few dollars into an office sports pool will probably not have the public thinking we’re incapable of being fair — although some of our team allegiances might make readers think we’re gluttons for punishment. And putting a bit of money on a ballgame isn’t a huge cause for alarm. So we took care to say that “betting on sporting events (like the Super Bowl or the Kentucky Derby) and taking part in small-stakes, friendly contests (like office pools on the Oscars) are permissible when legal and when employees are not involved in coverage of those events.”

(And even though our code of ethics allows us to bet on sporting events in these cases, I don’t because I prefer to spend my money on cheap seats and stadium novelties.)

Other outlets are also tackling this issue. NPR recently issued guidance that says “editorial employees are not allowed to use prediction markets or similar sites to place bets on developments of news events, or anything else we might cover, or on things NPR controls,” including who will appear on upcoming Tiny Desk Concerts. And the New York Times’ standards editor said in a memo to staff that “betting on the outcome of news events on the prediction markets is a violation of our principles and ethical guidance and is not permitted.”

Beyond journalism, this has also gotten attention at the state and national levels. Places like Maryland and New York have put rules in place to prohibit state employees from using inside information to bet on prediction markets. And a number of lawmakers in the U.S. House of Representatives have called for banning members of the chamber and their staff from gambling on the platforms.

Our code of ethics isn’t immutable, and down the road we may revisit this topic and further bolster our guidelines. Or we may tackle something that isn’t even on our radar today. But we will always act with the reader in mind so you know you’re getting the truth from people who are accountable only to you. You can bet on it. Actually, maybe don’t do that.

The post Why We Changed Our Code of Ethics to Address Prediction Markets appeared first on ProPublica.

Munch Museum Windows display gives visitors something to scream about

✇The Register
15 Giugno 2026 ore 10:30
BORK!BORK!BORK! "The Scream" by Edvard Munch is an iconic painting, so it somewhat appropriate that a display in a museum dedicated to the artist shows an error likely to elicit the same response from many a Windows user: a Microsoft account recovery screen. Spotted by Paul, a Register reader at the Munch Museum in Oslo, the screen shows what appears to be Google Chrome attempting to display a page that requires a Microsoft account to access. For whatever reason – perhaps a password has been forgotten – an account recovery screen is visible rather than information more suited to the museum. It's enough to elicit a horrified shriek from a user seeking authenticated content. Not unlike the artist's work more than a century earlier. According to the museum, the motif is "a universal symbol of anxiety," not unlike the trepidation that accompanies modern authentication. The painting likely originated from an evening stroll Munch took, during which he had a strong reaction to a sunset. He attempted to come to terms with it in words and images, which is where the iconic "Scream" motif comes from. Munch produced several versions of the image, and the museum keeps three in rotation to minimize deterioration. One is always on display, while the others are kept in the dark. Despite its age, "The Scream" is as striking to modern audiences as it was in Munch's day. Perhaps more so, as humans deal with new technology and react to the latest news about the benefits and/or threats of AI, depending on whom you ask. In that sense, flashing up an account recovery prompt is perhaps the most appropriate modern interpretation of "The Scream." An expression of horror, anxiety, or despair is one that is all too easy to associate with a user struggling with authentication technology. Or, in the case of whoever is administering this display, whatever Microsoft service is lurking in the background and needs an account recovered. ®

Google found liable for bad AI Overview results. Let’s play Truth Or Consequences

✇The Register
15 Giugno 2026 ore 10:30
OPINION Tech companies hate liability, or at least the sort that makes them liable if something goes wrong. It doesn’t much matter if what they ship is buggy, shabby or simply blows chunks, it’s on you for using it. You fool. Corporates can get service level agreements to focus their suppliers’ minds, and life-critical applications such as health or transport wire in liability through regulation, but shlubs like us get nothing. This goes double for LLMs, which lie to our face all day every day and twice on Sundays. It’s on you to check. If you file a court brief with an hallucinated cite, or lose your production database to an insane agent, it’s on, yes, you. Again. Terms and conditions. If the AI companies were liable for the things they ship they know are faulty, the industry would look very different. Thus it is very interesting indeed that a Munich court has just found Google strictly liable for bad things that its own AI is doing — in this case, making false and potentially very damaging statements about a couple of publishers. The AI Overview linked the publishers to various scams, in prime position at the top of the search results. Normally, search results don’t make the search engine liable for what it digs up. These results weren’t dug up, they were made up. Normally, if a page returned by a search engine contains legally actionable material, you can go after the page's author. Here, there were no such pages. The author was Google’s own AI. No escaping it, the court decided, someone had to be liable and that someone was Google. The company argued in its defense that because everyone knew you can’t trust AI results, everyone knew to check what AI Overview told them. This worked as well as Alex Jones arguing that as he was a performance artist rather than a journalist, the massive damage caused by his Infowars platform wasn’t his responsibility. Don’t blame me Pompei, said Vesuvius, I was just putting on a fireworks show. No sale. Google, you are guilty. Stop doing it. This may seem on its face to be nothing new, not different in principle to a lawyer abusing AI and eating judge boot. The difference is that the lawyer can either stop abusing AI or stop using it altogether. Google can do neither. It has bet the shop on an AI it can’t control, one with a court-tested liability that can’t be fixed until hallucinations and false equivalencies are fixed. Businesses that use AI have indeed learned what Google said in court and have evolved their own processes to detoxify AI internally. It means using skilled humans to check and verify. It means that productivity benefits are as hard to find as Alex Jones’ donations to the Southern Poverty Law Center. As any sensible human knows, productivity isn’t the one metric to bind them all. Quality, value and integrity are part of the equation, and the skill is balancing the incalculable against the countable. Google can’t do that. It has mustered under the ‘AI All The Things’ banner, but unlike its fellow LLMinati, Google’s primary product is serving facts to billions of people. There can be no mitigating human filter, no legal prophylactic of ‘we made it up, but you know what we’re like’. Google multiplied is liability the day it made AI Overview not an option, but unavoidable and the first thing you see. It’s rolling out more and more layers of AI-mediated content in lieu of actual search results, despite nobody wanting that, under the corporate hallucination that lie ability trumps liability. Which has been true for most tech companies most of the time, but no longer. It’s improbable that Google can change course and do the obvious thing, incorporate an AI kill switch in its search product. It can no more compete on quality of results than a dodo can enter the All Mauritius Aviad Aerobatics championship. Which is a shame, because the first rats of legal liability have scuttled ashore. Expect this process to continue. Proponents of AGI are adept at minimizing the implicit — and in this court case, explicit — unreliability of LLMs as an unsolved problem. Humans are unreliable too, after all. We have evolved our own error detection and correction protocols, be they the scientific method or the police and legal systems in general, or internal reviews and test cycles in corporate. There is no way that AI’s insinuation into process can or should be exempt from these systems, at least while it mucks things up like a stoned teenager in a muscle car. The tech industry has avoided liability on the grounds of immaturity, that what it does is so wonderful that it shouldn’t be held back because of flaws that will take too long to fix. Immaturity only lasts so long, then you have to take the consequences not only of your actions, but of refusing to change your behavior. The Munich court has fired the warning shot of those consequences, and Google must search its soul and find the truth. If, that is, its AI will let it. ®

iOS 27 funzioni nascoste: 3 novità che Apple ha tenuto segrete

✇sicurezza.net
di: Loredana Volpato
15 Giugno 2026 ore 10:08
iOS 27

Le funzioni di iOS 27 nascoste che stanno emergendo promettono di rendere il tuo iPhone ancora più potente di quanto immagini. Il WWDC 2026 ci ha già svelato meraviglie, con l'intelligenza artificiale di Siri a rubare la scena. Eppure, sembra che Apple abbia tenuto in serbo alcune sorprese.

Dietro le quinte, l'azienda sta lavorando a delle chicche non mostrate sul palco. Non si tratta di piccole correzioni, ma di funzionalità capaci di cambiare l'uso quotidiano dei tuoi dispositivi. Sei pronto a scoprire cosa bolle in pentola a Cupertino? Vediamo insieme le tre novità più interessanti che potrebbero arrivare entro settembre.

Un quadrante esclusivo arriva per tutti su Apple Watch

Hai mai desiderato lo stile del quadrante Modular Ultra, ma non possiedi un Apple Watch Ultra? Buone notizie in arrivo. Apple sta per rendere disponibile una versione alleggerita di questo amatissimo quadrante per un pubblico più vasto. L’idea è semplice ma geniale.

Manterrà l'orologio di grandi dimensioni che lo rende così leggibile e iconico, eliminando però la seconda fila di complicazioni. Il risultato è un'interfaccia più pulita e snella, perfetta per chi è passato da un modello Ultra a un Series 10 e sente la mancanza di quel design. È una piccola attenzione che dimostra quanto Apple ascolti i feedback degli utenti.

Siri diventa più intelligente con le estensioni di terze parti

Questa è forse la novità più attesa. L'attuale integrazione di Siri con ChatGPT è stata solo un assaggio del futuro. Con iOS 27, Apple ha in programma di fare un passo da gigante, aprendo finalmente le porte ad altri chatbot come Gemini e Claude. La vera rivoluzione si chiama Extensions API.

Invece di stringere accordi commerciali con ogni singola azienda, Apple fornirà agli sviluppatori uno strumento per integrare i loro modelli di intelligenza artificiale direttamente in Siri. Questo significa un ecosistema più aperto e competitivo. Tuttavia, c'è un rovescio della medaglia: non essendo partnership dirette, le garanzie sulla privacy potrebbero essere diverse rispetto all'accordo iniziale con OpenAI.

Perché Apple non ne ha ancora parlato?

Ti starai chiedendo perché un annuncio così importante sia stato tenuto nascosto. Le ragioni potrebbero essere diverse e molto strategiche:

  • La questione legale in Europa: una maggiore apertura potrebbe complicare la battaglia di Apple contro il Digital Markets Act (DMA).
  • Mantenere i riflettori su Apple: presentare modelli esterni più potenti avrebbe potuto mettere in ombra i progressi dell'intelligenza artificiale di Apple.
  • Rapporti con i partner: si vocifera di possibili tensioni con OpenAI, che non avrebbe gradito essere "una delle tante" opzioni.
  • Semplicità per l'utente: troppe integrazioni fin da subito avrebbero potuto creare confusione.

La tua fotocamera, le tue regole: personalizzazione totale in arrivo

L'ultima delle funzioni nascoste di iOS 27 riguarda un'app che usiamo tutti i giorni: la Fotocamera. Immagina di poter spostare i controlli, come il flash o il timer, esattamente dove li vuoi tu. Non dovrai più cercare le impostazioni giuste nel momento sbagliato. iOS 27 dovrebbe introdurre una fotocamera completamente personalizzabile.

Potrai riorganizzare l'interfaccia per adattarla perfettamente al tuo stile di scatto, rendendo l'esperienza più rapida e intuitiva. Anche se questa novità non è apparsa nella prima beta per sviluppatori, l'attesa è altissima. Sarebbe un cambiamento che premierebbe sia i fotografi amatoriali che i professionisti.

Cosa dobbiamo aspettarci davvero?

In sintesi, iOS 27 si preannuncia un aggiornamento ancora più ricco di quanto visto al WWDC. Un quadrante più accessibile, un Siri finalmente aperto al mondo e una fotocamera su misura sono novità che potrebbero davvero migliorare la nostra esperienza quotidiana. Sebbene non ancora ufficiali, queste indiscrezioni provengono da fonti molto affidabili nel mondo Apple. Non ci resta che attendere il rilascio ufficiale a settembre. E tu, quale di queste funzioni attendi con più impazienza?

L'articolo iOS 27 funzioni nascoste: 3 novità che Apple ha tenuto segrete proviene da sicurezza.net.

Commentaires sur Quand est-ce qu’on interdit les lunettes connectées ? par Weg

✇Framasoft - Toute l'actualité
di: Weg sur Commentaires pour Framablog
15 Giugno 2026 ore 10:01

Comme souvent, la problématique n’est pas tant de créer de nouvelles loi que de faire appliquer [celles qui existent déjà](https://www.legifrance.gouv.fr/codes/section_lc/LEGITEXT000006070719/LEGISCTA000006149831/#LEGISCTA000006149831).

Filmer des personnes dans des lieux privés (cafés, restaurants, etc…) est totalement interdit sans leur consentement. Dans la rue ça peut être autorisé, du moment que ça ne cible pas quelqu’un en particulier et qu’il n’y a pas de diffusion. Or, vu que les données sont stockées sur les serveurs de méta, il y a bien diffusion a un tiers et il est donc illégal de filmer qui que ce soit avec ces lunettes.

C’est non seulement illégal pour le porteur des lunettes, mais aussi pour méta, puisque :

> Le fait de collecter des données à caractère personnel par un moyen frauduleux, déloyal ou illicite est puni de cinq ans d’emprisonnement et de 300 000 euros d’amende.

Je vous laisse lire les articles de loi en lien. Ils sont déjà plutôt bien pensés.

Le jour où Zuzuck risquera réellement les cinq ans de séchoirs prévus par la loi, ça le calmera un peu.

Le jour où les gens refuserons d’acheter ces trucs parce qu’ils auront peur de se prendre un PV à chaque fois qu’ils croisent un flic, ça calmera un peu les investisseurs qui mettent leur argent là-dedans

Ce n’est pas un problème de législation larguée face au progrès technologique. C’est un problème d’impunité de certaines personnes vis-à-vis de la loi.

Firefox su Linux: Vulkan rivoluziona i video con GPU NVIDIA

✇sicurezza.net
di: Loredana Volpato
15 Giugno 2026 ore 09:43
Firefox su Linux

La nuova sinergia tra Firefox, Vulkan e le GPU NVIDIA sta per rivoluzionare l'esperienza multimediale su Linux. Si tratta di un passo avanti tecnologico atteso da anni. Se utilizzi una scheda grafica NVIDIA sul sistema operativo del pinguino, questa è una notizia di fondamentale importanza. Mozilla sta infatti integrando il supporto a Vulkan Video, una tecnologia che promette di risolvere i problemi legati all'accelerazione hardware dei video.

In parole semplici, questo significa dire addio a configurazioni complesse. Si dà il benvenuto a una riproduzione video più fluida, efficiente e stabile. Sei pronto a scoprire come cambierà il tuo modo di guardare contenuti online?

Il vecchio problema: perché va-api non bastava?

Per capire l'importanza di questa novità, è necessario fare un passo indietro. Fino a oggi, Firefox si è affidato a un'interfaccia chiamata VA-API per la decodifica video hardware. Lo scopo è semplice: delegare il pesante lavoro di elaborazione dalla CPU alla GPU, liberando così risorse e riducendo i consumi energetici.

Questa soluzione ha sempre funzionato bene con le schede grafiche Intel e AMD. Il problema, però, ha sempre riguardato NVIDIA. L'azienda ha storicamente seguito un percorso tecnologico differente, basato su standard proprietari come NVDEC e NVENC. Di conseguenza, per far dialogare Firefox con una GPU NVIDIA su Linux, gli utenti erano costretti a usare "traduttori" software. Un esempio noto è il `nvidia-vaapi-driver`. Questa catena di passaggi aggiuntivi introduceva spesso instabilità, bug e una complessità non necessaria.

Cosa cambia con l'integrazione di vulkan video?

L'arrivo di Vulkan Video cambia completamente le carte in tavola. Questa tecnologia, sviluppata dal Khronos Group, è un'estensione delle API grafiche Vulkan, pensata appositamente per la codifica e decodifica video. Vediamo i vantaggi principali.

Un ponte diretto tra browser e gpu

Il beneficio più grande è l'adozione di uno standard unico e multipiattaforma. Invece di gestire interfacce diverse per ogni produttore, Firefox potrà comunicare direttamente con la GPU attraverso un unico linguaggio condiviso. Questo non significa che tecnologie hardware come NVDEC di NVIDIA verranno abbandonate. Al contrario, Vulkan Video crea un ponte software moderno e ottimizzato per accedervi, eliminando la necessità di strati di compatibilità esterni. Per gli sviluppatori, questo si traduce in un codice più pulito e facile da mantenere.

Prestazioni migliori e consumi ridotti

Per l'utente finale, i vantaggi sono ancora più concreti. La decodifica hardware diretta si traduce in:

  • Meno carico sulla CPU: la riproduzione di video in 4K, specialmente con codec pesanti come AV1, non metterà più in difficoltà il processore.
  • Maggiore efficienza energetica: un aspetto cruciale per i portatili, perché garantisce una maggiore autonomia della batteria.
  • Riproduzione più stabile: eliminando i passaggi intermedi, si riducono drasticamente le possibilità di errori o interruzioni.

In breve, potrai finalmente goderti i contenuti multimediali con la massima qualità possibile, senza compromessi.

Quando arriverà questa novità?

Il lavoro di integrazione è in fase avanzata, frutto della collaborazione tra ingegneri di Mozilla, Red Hat e della stessa NVIDIA. Salvo imprevisti, il supporto a Vulkan Video dovrebbe essere introdotto ufficialmente con il rilascio di Firefox 133, previsto entro la fine del 2024.

L'attesa è breve e testimonia l'impegno verso una soluzione solida e ben testata. È un segnale forte di come l'industria si stia muovendo verso standard aperti e condivisi, a tutto vantaggio dell'esperienza utente.

In conclusione: un futuro più fluido per linux

L'integrazione di Vulkan Video in Firefox rappresenta molto più di un semplice aggiornamento tecnico. È la chiusura di un cerchio per gli utenti Linux che, per anni, hanno cercato di ottenere un'esperienza multimediale impeccabile con il proprio hardware NVIDIA. Questa mossa non solo semplifica la vita agli utenti e agli sviluppatori, ma rafforza anche la posizione di Linux come sistema operativo maturo e performante per l'uso desktop quotidiano.

L'articolo Firefox su Linux: Vulkan rivoluziona i video con GPU NVIDIA proviene da sicurezza.net.

Chinese e-tailer claimed 14-inch box stretched the size of a 9-inch tablet

✇The Register
15 Giugno 2026 ore 09:30
WHO, ME? Welcome to another instalment of Who, Me? It’s The Reg’s reader-contributed column in which you admit to mistakes and reveal your escapes! This week, meet a reader we’ll Regomize as “Rohan” who told us that a few years back he worked on the IT side of a warehouse. “Management purchased software that required a large-screen tablet, but when they saw those cost over $1,000, they balked at the price,” Rohan writes. The tech team’s resident pimply-faced youth (PFY) was therefore given the job of finding a cheaper alternative. Rohan didn’t pay much attention because he was about to go on a holiday. While he was away, the PFY ordered a generic 14-inch Android for just $150. “It was ordered quicker than you can say ‘I’d advise against that’,” Rohan wrote. He returned from holiday and found a package on his desk, plus an email from the PFY expressing his pride in saving the company so much money. Rohan noticed the unmistakable livery of a Chinese e-tailer on the package, and after opening it found a nine-inch tablet inside. He therefore opened a dispute with the sellers, who asked to see a picture of the machine. “I duly sent one showing a tape measure rolled out to nine inches,” Rohan wrote. The vendor responded with an explanation of their proprietary tablet-sizing methodology, which Rohan applied. Using their method, the tablet was an eleven-incher, so Rohan revived the dispute. The vendor’s response was to send an image of the box the tablet came in, plus evidence that the box it arrived in had a 14-inch diagonal measurement. Rohan now escalated the matter to the e-tail platform, an act that saw the seller offer a partial refund. But the e-tail platform was having none of that and advised Rohan to return the undersized tablet – and promised a full refund including postage! The seller then responded with an offer of a partial refund if Rohan would just keep the tablet and drop the dispute. That deal meant Rohan’s company would end up owning a tablet it couldn’t use, for just $60. “The moral of the story is to school your PFYs on the folly of believing things that are too good to be true,” Rohan advised. Have you been too optimistic when shopping for work kit online? Don’t short-change your fellow readers, click here to send Who Me an email so we can share your story! ®

IT Workers Are Now Struggling to Find Work, as 'Picky' Companies Demand AI Skills

✇Slashdot
di: EditorDavid
15 Giugno 2026 ore 09:04
"Battered by years of mass layoffs, California tech workers were hoping the job market would rebound this year," reports the Los Angeles Times. "But things are getting worse." The class divide is widening in Silicon Valley as a tiny group of employees is landing unprecedented packages for AI skills, while many others struggle to find work. The have-nots are doing everything that used to guarantee great jobs — refreshing resumes, optimizing LinkedIn profiles and doing interviews — but companies are much more picky these days. The tech jobless are rethinking their lives. Some are taking pay cuts, others are leaving tech. Some are going back to study or launch startups. Some have retired.... Since 2022, more than 815,500 tech workers have been laid off, according to Layoffs.fyi, a website that tracks job cuts. The tsunami of pink slips surged in 2023, when companies that had gone on hiring sprees during the COVID-19 pandemic began to cut back. From January to April, U.S. tech employers announced 85,411 job cuts this year, up 33% from the same period last year, according to global outplacement and executive coaching firm Challenger, Gray & Christmas. The Public Policy Institute of California estimates that the number of information jobs — which includes jobs in hard-hit Hollywood as well as tech — tumbled 17% between the middle of 2022 and this February. The San Francisco Bay Area has been hardest hit, the institute said in a recent report, with the number of jobs declining by 0.4%, compared with 7.5% growth over a similar time span before COVID-19 slammed into the U.S. economy. Tech layoffs are also spilling over into other industries. Automaker General Motors laid off roughly 600 workers in its information technology department, and Walmart is reportedly laying off or relocating roughly 1,000 workers in its technology and products teams. Recruiters say companies have become much more selective, requiring AI skills, combining different positions and interviewing more people for each job. "You're seeing elongated hiring cycles," said Robert Lucido, senior director of strategic advisory at Magnit, a California company that helps tech giants and other businesses manage contractors, freelancers and other contingent workers. "There's more opportunity to fill the need that they truly want." Paul Flaharty, district president at staffing firm Robert Half in Los Angeles, said companies are laying off workers, but also creating new roles tied to AI initiatives. "For individuals that are displaced, it's really important that they find ways to upskill themselves so that they can make themselves as attractive as possible for these new jobs that are being created," he said. Kira Martins was already taking on more work in a small team at Snap — the parent company of disappearing messaging app Snapchat — when she was laid off in April. The company said the layoffs were to cut costs as it focuses on profitability, noting how employees are using AI to "reduce repetitive work, increase velocity, and better support our community, partners, and advertisers...." Martins, a 36-year-old Los Angeles resident, views AI as a tool and is optimistic about finding her next role. People still need to decide how to use AI and check the work it generates, she said. "In tech, you want to be a first adopter, because if you don't move quickly, it's very easy to become irrelevant," she said. "Everyone's kind of hopping on the AI train." A former Google worker (laid off more than a year ago) says he's still job hunting, according to the article, and "he's learned it's not enough to just apply in this competitive market. Workers really need to network and leverage their connections to get seen by hiring managers and stand out." But when 64-year-old product manager Bruce Bowers lost his job at Oracle — along with thousands of others — he just started his retirement early.

Read more of this story at Slashdot.

Quand est-ce qu’on interdit les lunettes connectées ?

✇Framasoft - Toute l'actualité
di: Gee sur Framablog
15 Giugno 2026 ore 08:45

Bon. On pensait être débarrassés de ces saletés suite au flop des Google Glass, mais visiblement, ça revient à la mode. Alors faisons le point…

Quand est-ce qu’on interdit les lunettes connectées ?

💡 Aujourd’hui, on s’attaque à un gros morceau : les lunettes connectées. Bon, le terme officiel, c’est « lunettes intelligentes », de l’anglais « smartglasses » calqué sur « smartphone »…

Gee dit : « Mais moi, j'en ai marre qu'on nous colle de “l'intelligence” à tout-va dans un monde numérique qui me semble de plus en plus stupide. Alors j'vais appeler ça des “lunettes connectées”. » On voit un homme avec des lunettes connectées. Une flèche indique « lunettes connectées », une autre « air con ».

⚠️ Il y a 15 ans déjà, en 2011, Google lance les hostilités avec les Google Glass.

Un type avec des lunettes dit : « Je peux filmer et enregistrer tout le monde d'un simple regard ! » La Geekette dit : « Mais c'est horrible ! » Le type répond : « Oui, mais c'est seulement 1500 $ et la batterie tient une heure en me cramant la tempe au passage ! Ceci est une révolution ! »

▶️ Lorsque Google met fin à l’expérimentation en 2015, après un nombre de ventes ridicule, on croit le projet enterré dans la décharge du numérique où viendront vite le rejoindre les NFT et le Métavers.

Mais c’est sans compter sur…

Facebook en 2021.

Zuckerberg dit : « On lance les Ray-Ban Meta ! De la surveillance généralisée, oui, mais avec la classe ! En partenariat avec Ray-Ban – bah oui – et EssilorLuxottica* ! » La Geekette, faussement enthousiaste : « Euuh… ouaaais… yoopy… »

La multinationale franco-italienne de la lunette. Ce qui nous permet de classer ce projet dans la catégorie « cacarico » : c’est caca, oui, mais c’est un peu français aussi !

💡 Au niveau technique, on reste sur du classique : caméras et microphones intégrés, connexion au téléphone par Bluetooth, et évidemment, stockage sur les serveurs de Facebook, dont on rappellera à toutes fins utiles qu’ils sont soumis aux lois étatsuniennes comme le Patriot Act.

Résumé du Patriot Act en termes juridiques simples. Cas 1 : vous êtes citoyen des États-Unis, on se torche avec votre vie privée. Cas 2 : vous n'êtes pas citoyen des États-Unis : pareil, mais on y va à deux mains.

Une question se pose donc assez rapidement :

Quand est-ce qu’on interdit ces merdes ?

Un politicien répond : « Mais non, les interdictions, c'est pour les pauvres qui font des rave parties ! Pour les multinationales, je propose plutôt des pactes de responsabilité et des incitations fiscales à n'être des pourritures que de manière plus occasionnelle. » Une flèche indique : résumé des politiques actuelles en termes juridiques simples.

⚠️ Il n’y a AUCUN univers où filer des lunettes connectées à tout le monde, ça se passe bien.

Un type filme avec un smartphone en disant : « Aaah, les smartphones… Avoir toujours une caméra dans la poche, quel plaisir pour filmer n'importe qui n'importe quand sans son consentement ! Dommage que ce soit si voyant. » Une femme passe en le remarquant : « Héé ! »

Même image, mais le type a des lunettes, les mains dans les poches. Il dit : « C'est mieux. » La femme passe sans s'en rendre compte.

⚠️ Là, si on commence à avoir des lunettes connectées un peu partout, on se lance sur un chemin dystopique à un niveau hallucinant.

(Surtout si, comme pour les fameuses enceintes connectées, les lunettes filment et enregistrent un peu quand Facebook le veut, sans qu’on ait des masses de contrôle sur les données et ce qui en est fait).

C’est la certitude, ou plutôt l’incertitude – ce qui est presque pire – d’être filmé, enregistré et analysé en permanence.

Un type en cravate regarde une foule avec plein de lunettes et pense : « Un panoptique généralisé et participatif… quel pied ! »

D’ailleurs, le public ne s’y trompe pas : dans une étude de la CNIL, on apprend que deux tiers des sondés trouvent que c’est un risque pour la vie privée.

Le smiley commente : « Moi j'pense que le dernier tiers avait pas compris la question. »

▶️ Pour les lunettes connectées comme pour l’IA générative, on aimerait voir les mêmes précautions que pour le clonage humain, rapidement interdit après la naissance de Dolly, la première brebis clonée en 1997.

1997. On voit la brebis taguée « Dolly », un homme réagit : « Quelle horreur ! Ça pose trop de problèmes éthiques, on va légiférer ! » 2022. Deux brebis taguées « ChatGPT qui pousse les gens au suicide », « Grok qui génère de la pédopornographie et des deep fakes », avec des lunettes connectées sur leurs visages. L'homme, extatique : « Quelle révolution ! Cramons nos dernières chances d'atténuer le dérèglement climatique pour encourager ça ! »

⚠️ Rappelons que le mantra de Facebook a longtemps été « move fast and break things », ce qui signifie donc « bouger vite et casser des trucs ». En général, quand quelqu’un annonce ses intentions aussi clairement, on ne lui déroule pas le tapis rouge.

Un loubard avec une barre-à-mine dit : « Bonjour, je viens tout péter. Votre vie privée, vos capacités cognitives, votre équilibre social et vos rythmes de vie. » En face, un politicien répond : « Euuh… » Le loubard dit : « Mais c'est pour le progrès technologique. » L'autre : « Ah ! Ça va alors. »

Ceci dit, ne soyons pas totalement négatifs, il reste un peu d’espoir, notamment du côté de l’Union européenne :

le Règlement sur l’intelligence artificielle, par exemple, enquiquine pas mal Meta et compagnie sur la question de l’exploitation des données des lunettes par IA.

Zuckerberg dit : « Rooh, du coup on n'a pas pu sortir la version avec écran intégré ! On n'aime pas l'innovation, chez ces arriérés d'européens ! » Gee précise : « Y'a aussi la présence de batteries amovibles et remplaçables sur les appareils technologiques que l'UE va bientôt commencer à imposer, et que les Ray-Ban Meta n'ont pas. » Zuckerberg : « Boarf, on va plancher sur une batterie amovible, si y'a que ça pour vous amadouer… »

💡 Ces rares freins sont un début, mais restent timides par rapport à l’ampleur du problème. Connaissant l’historique des GAFAM, est-ce que ce sera vraiment suffisant ?

Les GAFAM disent : « Contourner des législations… »  « … par des détails techniques ? » « Tout en payant des millions en lobbying intensif… » « … pour orienter les législations suivantes ? » « C'est vraiment pas notre genre ! »

⚠️ Ce serait donc pas mal de ne pas trainer pour légiférer sur les objets de surveillance généralisées que sont ces lunettes connectées : pour une fois, on pourrait avoir un cadre légal contraignant et protecteur (pour nous) en amont du bazar.

Le loubard arrive et dit : « Bonjour, je viens tout péter. Je… HÉÉÉÉ ! où est ma barre-à-mine ?! » Un type avec une casquette UE la tient derrière lui en disant : « Confisquée ! » Note : BD sous licence CC BY SA (grisebouille.net), dessinée le 8 juin 2026 par Gee.

Sources :

Crédit : Gee (Creative Commons By-Sa)

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

✇The Hacker News
di: Ravie Lakshmanan
15 Giugno 2026 ore 08:30
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs," Group-IB

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

✇The Hacker News
di: Ravie Lakshmanan
15 Giugno 2026 ore 08:17
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad

Khrys’presso du lundi 15 juin 2026

✇Framasoft - Toute l'actualité
di: Khrys sur Framablog
15 Giugno 2026 ore 07:42

Comme chaque lundi, un coup d’œil dans le rétroviseur pour découvrir les informations que vous avez peut-être ratées la semaine dernière.

Tous les liens listés ci-dessous sont a priori accessibles librement. Si ce n’est pas le cas, pensez à activer votre bloqueur de javascript favori ou à passer en “mode lecture” (Firefox) ;-)

Brave New World

RIP

Spécial IA

Spécial guerre(s) au Moyen-Orient

Spécial femmes dans le monde

Spécial France

Spécial femmes en France

Spécial médias et pouvoir

Spécial emmerdeurs irresponsables gérant comme des pieds (et à la néolibérale)

Spécial recul des droits et libertés, violences policières, montée de l’extrême-droite…

Spécial résistances

Spécial outils de résistance

Spécial MAGAM et cie

Les autres lectures de la semaine

Les BDs/graphiques/photos de la semaine

Les vidéos/podcasts de la semaine

Les trucs chouettes de la semaine

Retrouvez les revues de web précédentes dans la catégorie Libre Veille du Framablog.

Les articles, commentaires et autres images qui composent ces « Khrys’presso » n’engagent que moi (Khrys).

US-Iran Peace Agreement Prompts Stock Rally, Leaves Some Investors Skeptical and Questions on Speed of Resuming Oil Production

✇Slashdot
di: EditorDavid
15 Giugno 2026 ore 04:31
"Asian stocks rallied Monday while oil prices tumbled," reports CNBC, "after the U.S. and Iran agreed to a peace deal aimed at ending nearly four months of conflict..." The strongest reaction was seen in energy markets. U.S. crude oil futures for July delivery were down 4.77% to $80.83 per barrel by 8:27 p.m. ET. Brent futures, the international benchmark, for August delivery traded about 4% lower to $83.77 per barrel. Asian equities surged. South Korea's Kospi jumped 5.1%, Japan's Nikkei 225 climbed 3.6%, and the broader Topix advanced 2.6%... The U.S. dollar index weakened 0.32% to 99.483, while the yield on the benchmark 10-year Treasury note fell 5 basis points to 4.423%, suggesting that investors were dialing back inflation concerns on easing energy prices. "The most immediate implication is a repricing of the inflation risk premium that markets have been carrying since the Strait closed," said Billy Leung, investment strategist at Global X ETFs... Besides safe-haven Treasurys, gold also rose. "Gold is the interesting outlier here," Leung said. "In a clean risk-on trade, gold should be selling off as the geopolitical premium unwinds, but it is holding bid around $4,300, which tells you the market is not fully trusting the deal yet." Spot gold prices were up almost 2% at $4,302.19 per ounce. That skepticism reflects lingering uncertainty around the agreement, which remains unsigned and subject to implementation risks. [Josh Gilbert, lead Asia Pacific analyst at trading platform eToro] cautioned that "the deal isn't actually signed until June 19th, the details are still thin, and this conflict has shown more than once that headlines can turn on a dime." Analysts at Commonwealth Bank of Australia also stressed that the oil outlook hinges on how quickly shipping and production can normalize. Vivek Dhar, head of commodities and sustainability research at CBA, expects Brent to fall to around $80 a barrel by year-end, assuming the Strait remains open and exports recover. However, he warned that damage to refining infrastructure, the presence of sea mines and uncertainty over tanker traffic could slow the return to normal operations. Even so, he said markets are likely to take comfort from the prospect that oil flows need only recover to around 60%-70% of pre-war levels to restore expectations of a global supply surplus. For investors, the biggest implication will likely be what cheaper energy means for inflation and central banks. Lower oil prices ease pressure on households and businesses while reducing the risk of a broader inflation resurgence just as major central banks enter a busy week of policy meetings. UPDATE: "A US official is rejecting Iran's assertion that it will receive billions of dollars in frozen funds before a planned 60-day negotiating period begins following Friday's signing of an agreement," reports CNN: The pushback came after Iran's deputy foreign minister, Kazem Gharibabadi, said the next phase of talks would depend on Washington first fulfilling several obligations, including releasing Iranian funds frozen abroad. The differing accounts underscore a significant gap between how the United States and Iran are describing what must happen before the next round of negotiations can move forward.

Read more of this story at Slashdot.

Workers Spend As Much Time 'Botsitting' AI As Producing Useful Work, Survey Finds

✇Slashdot
di: EditorDavid
15 Giugno 2026 ore 03:19
"As the use of artificial intelligence spreads across companies worldwide, it is relieving workers of tedious old chores but creating new ones," reports the Los Angeles Times. "Most people don't realize the amount of time that they're spending working on the tools to get the time savings that they're professing," said Paul Leonardi, Duca Family professor of technology management at UC Santa Barbara." Leonardi is one of the co-authors of the new study published by the Work AI Institute, whose contributors include academics from Stanford University and UC Berkeley. The institute is sponsored by AI company Glean... The research surveyed 6,000 digital workers across the United States, the United Kingdom, and Australia between December and January. The report found that we are in a phase of significant personal productivity gains, but few companies are translating these gains into revenue and business growth. While 75% of individuals reported a boost in productivity, only 13% of the organizations say they have seen significant business gains as a result of AI adoption, the survey found... The reason the boost in productivity sometimes leads to waste, Leonardi said, is the time people spend correcting the bot's work and gathering the right files, documentation, and tacit knowledge required for it to produce high-quality output. "It's pretty striking the amount of time and effort people are spending," Leonardi said. Most employees now spend over six hours a week of their workday babysitting their work chatbots, the survey said. There is a "thick, mostly invisible layer of human labor holding the whole thing together," the report said. The survey found that for every hour a worker spends getting useful output from AI, they spend roughly another hour making it usable. Of the total time workers spend interacting with AI each week, 37% goes to botsitting, 36% to actually using the tool to produce work. Part of the reason so much time disappears into botsitting is how often the tools fall short: Workers report that more than a third of AI sessions fail outright, requiring a full restart or substantial rework. Paradoxically, as more workers hand over bigger parts of their jobs to AI, they are offloading personal judgment and responsibilities to the bots. The survey found 41% of workers say they sometimes deliver AI-generated work they couldn't explain if asked... "I think what's happening with a lot of these Gen AI tools right now is we're essentially expecting individual contributors to act as managers," Leonardi said. "They're just managing these AI tools, AI agents, and we're expecting that they'll be able to produce way more, but we're not taking into account all of the work that actually goes into managing." This problem isn't likely to go away.

Read more of this story at Slashdot.

Fire burns Google Cloud India’s network, which remains slow a week later

✇The Register
14 Giugno 2026 ore 23:36
Google Cloud customers with resources in India have had to deal with elevated latency for several days – and there’s no end in sight. Per a Google status page, on June 9th “A fire at a third-party data center facility required an emergency power shutdown of networking equipment, isolating a non-compute local Point of Presence (POP) in Delhi and reducing available network capacity in the metro area.” That shutdown caused “intermittent periods of elevated latency and possible packet loss” for network traffic headed to Google Cloud from Delhi, Chennai, Mumbai and surrounding areas. “Customers may experience slightly elevated latency and non-optimal network routing into Google Cloud until the affected facility is fully restored,” Google warned. Google has implemented “traffic mitigations” that it says have improved performance “for some Cloud customers,” and is trying to arrange extra peering capacity. That work is ongoing, with the ads-and-cloud giant promising it is “further augmenting our Delhi backbone capacity” and hopes to have better news on Monday. The web giant is also working to improve regional peering capacity in the city of Chennai, to assist large ISPs in India and hopes that work will be complete on Wednesday, June 17th. Japan’s space truck is back in business Japan’s Aerospace Exploration Agency (JAXA) last week successfully launched its H3 rocket, a welcome return to form after its previous two missions failed. This success will be doubly sweet for JAXA, because the H3 used for this mission employed a pair of outboard boosters – the first time the agency has used the launcher in this configuration. The rocket launched on June 12th and placed six satellites in orbit. South Korean tech exports boom, not just because of AI South Korea’s Ministry of Science and IT on Sunday announced exports of IT products reached $47.8 billion in May, a new record and a sum 128 percent higher than tech exports in May 2025. Semiconductor exports surged by 162.9 percent year over year, due to the AI boom. Mobile phone exports also grew by 15.9 percent, while a category the Ministry calls “computers and peripherals” saw 259.6 percent year-on-year growth. “Displays rebounded due to increased demand for OLEDs for new mobile phones and strong sales of new laptops,” the Ministry said. “Overall exports of mobile phones increased due to a rise in the average selling price of high-spec finished products and robust demand for high-value components such as camera modules.” South Korea imported over $15.7 billion worth of tech in the month, up 36 percent year-over-year, but still achieved a record trade surplus of over $32 billion. Zoho builds its own servers Indian SaaS giant Zoho has cooked up a custom server called “Nathu La” that it says will reduce the cost of operating its platform. “The design philosophy behind Nathu La is rooted in the Open Compute Project (OCP), emphasizing modularity, thermal efficiency, and ease of maintenance, and enabling Zoho's data centers to significantly reduce total cost of ownership and power consumption,” according to a company statement. The machines run Intel Xeon 6 processors and Chipzilla helped to design them, but Zoho says “all intellectual property [is] owned in India.” Zoho says the servers will also help to lower inferencing costs. The company didn’t say how it calculated its performance numbers. The Reg fancies Zoho has compared its own boxes to whatever machines it currently buys off the shelf, and believes that servers tuned to its own needs will deliver better performance. That’s a conclusion many hyperscalers reached years ago. NTT Data’s new boss Japanese tech giant NTT Data has a new president and CEO: Kazuhiko Nakayama scored the twin roles last week, capping a career with the company that started in 1989 and most recently saw him serve as chief financial officer. Previous CEO and president Yutaka Sasaki will become senior executive vice president. “Over the past three years I have had the honour of working closely with Mr Sasaki and the leadership team on a strategic course that has established NTT DATA among the top five IT services businesses globally,” Nakayama said, according to NTT Data’s announcement of its new leadership. “That experience has reinforced my conviction in the strength of our offering, the quality of our people and the size of the opportunity ahead. As I take on the responsibilities of CEO and lead the growth of the NTT DATA Group going forward, I feel a deep sense of dedication, possibility and excitement." ®

Microsoft Updates Six Windows Apps. 'Photos' Gets Watermarks for Copilot Images (Off by Default)

✇Slashdot
di: EditorDavid
15 Giugno 2026 ore 01:15
Microsoft dropped "massive" updates for six stock Windows apps, reports the "Microsoft enthusiast" site Neowin. Here's some of their more interesting highlights for Clock, Media Player, Calculator, Voice Recorder, Photos, and Paint: The Photos app (version 2026.11060.2004.0): AI watermarking — "AI-generated or edited images can now carry a visible Copilot watermark. You choose Never, Always, or Ask Every Time in Settings, with a confirmation when saving. The watermarking is off by default in settings." Calculator (version 11.2605.9.0): More accurate square-root results. "Fixed rare cases where a calculation that should equal zero (like sqrt(2.25) — 1.5) returned a tiny leftover value instead...." Reliable launch after upgrading. "Fixed an issue where upgrading from much older versions could leave outdated settings that stopped the app from opening..." The Clock app (version 11.2605.9.0): "Timers keep counting after they hit zero — When a timer runs out, it now keeps counting up (for example, -00:27:31) so you can see how far past the time you've gone..." "Correct sun and moon icons during midnight sun — Fixed an icon that wrongly showed a moon during all-day daylight in polar regions... " "No more double announcements — Screen readers no longer read the timer value twice." Media Player (version 11.2605.14.0). "Playlists need a name — You can no longer accidentally save a playlist with a blank name."

Read more of this story at Slashdot.

UK Scientists See Little Evidence for Claims Smartphones Are Rewiring Kids' Brains

✇Slashdot
di: EditorDavid
14 Giugno 2026 ore 23:35
UK's Members of Parliament (MP) were "looking for proof that smartphones and social media are rotting children's brains," writes The Register — but they got "a less satisfying answer from neuroscientists on Wednesday: nobody can really prove it." Appearing before the Science, Innovation and Technology Committee this week, three researchers spent much of the session explaining that concern and evidence are not quite the same thing. Asked what evidence exists on the impact of digital devices on infants and young children, Professor Denis Mareschal, director of the Centre for Brain and Cognitive Development at Birkbeck, replied: "There is very little, if any, causal research in the early years. Almost everything is correlational." MPs kept coming back to the question — and the experts kept coming back to the same answer. When questioned about social media's impact on adolescents, Professor Sarah-Jayne Blakemore of the University of Cambridge was equally cautious. "What evidence do we have of the impact of digital devices or social media on the adolescent brain?" she asked. "Almost nothing. There are a few small studies, but they haven't been replicated, and they're purely correlational...." MPs also wanted to know whether neuroscience could settle one of the liveliest arguments in the debate: how old a child should be before they're allowed onto social media. "What neuroscience can't do is pinpoint a precise age," Blakemore said. "The individual differences in brain development are vast...." If there was a takeaway from the hearing, it was that concern about digital childhood is running well ahead of the evidence needed to settle the argument.

Read more of this story at Slashdot.

❌