Technology

The Register's Thomas Claburn reports: Google's overhaul of Chrome's extension architecture continues to pose problems for developers of ad blockers, content filters, and privacy tools. [...] While Google's desire to improve the security, privacy, and performance of the Chrome extension platform is reasonable, its approach -- which focuses on code and permissions more than human oversight -- remains a work-in-progress that has left extension developers frustrated. Alexei Miagkov, senior staff technology at the Electronic Frontier Foundation, who oversees the organization's Privacy Badger extension, told The Register, "Making extensions under MV3 is much harder than making extensions under MV2. That's just a fact. They made things harder to build and more confusing." Miagkov said with Privacy Badger the problem has been the slowness with which Google addresses gaps in the MV3 platform. "It feels like MV3 is here and the web extensions team at Google is in no rush to fix the frayed ends, to fix what's missing or what's broken still." According to Google's documentation, "There are currently no open issues considered a critical platform gap," and various issues have been addressed through the addition of new API capabilities. Miagkov described an unresolved problem that means Privacy Badger is unable to strip Google tracking redirects on Google sites. "We can't do it the correct way because when Google engineers design the [chrome.declarativeNetRequest API], they fail to think of this scenario," he said. "We can do a redirect to get rid of the tracking, but it ends up being a broken redirect for a lot of URLs. Basically, if the URL has any kind of query string parameters -- the question mark and anything beyond that -- we will break the link." Miagkov said a Chrome developer relations engineer had helped identify a workaround, but it's not great. Miagkov thinks these problems are of Google's own making -- the company changed the rules and has been slow to write the new ones. "It was completely predictable because they moved the ability to fix things from extensions to themselves," he said. "And now they need to fix things and they're not doing it."

Read more of this story at Slashdot.

OpenAI says it's investigating after a hacker claimed to have stolen login credentials for 20 million OpenAI accounts and advertised the data for sale on a dark web forum. Though security researchers doubt on the legitimacy of the breach, the AI company stated that it takes the claims seriously, advising users to enable two-factor authentication and stay vigilant against phishing attempts. Decrypt reports: Daily Dot reporter Mikael Thalan wrote on X that he found invalid email addresses in the supposed sample data: "No evidence (suggests) this alleged OpenAI breach is legitimate. At least two addresses were invalid. The user's only other post on the forum is for a stealer log. Thread has since been deleted as well." "We take these claims seriously," the spokesperson said, adding: "We have not seen any evidence that this is connected to a compromise of OpenAI systems to date."

Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. Established in 1875, HSHS works with over 2,200 physicians and has around 12,000 employees. It also operates a network of physician practices and 15 local hospitals across Illinois and Wisconsin, including two children's hospitals. The non-profit healthcare system said in data breach notifications sent to those impacted that the incident was discovered on August 27, 2023, after detecting that the attacker had gained access to HSHS' network. After the security breach, its systems were also impacted by a widespread outage that took down "virtually all operating systems" and phone systems across Illinois and Wisconsin hospitals. HSHS also hired external security experts to investigate the attack, assess its impact, and help its IT team restore affected systems. [...] While the incident and the resulting outage have all the signs of a ransomware attack, no ransomware operation has claimed the breach. Following the forensic investigation, HSHS found that the attackers had accessed files on compromised systems between August 16 and August 27, 2023. The information accessed by the threat actors while inside HSHS' systems varies for each impacted individual, and it includes a combination of name, address, date of birth, medical record number, limited treatment information, health insurance information, Social Security number, and/or driver's license number. While HSHS added that there is no evidence that the victims' information has been used in fraud or identity theft attempts, it warned affected individuals to monitor their account statements and credit reports for suspicious activity. The health system also offers those affected by the breach one year of free Equifax credit monitoring.

Read more of this story at Slashdot.

The Register highlights concerns raised at a recent UK parliamentary committee regarding AI companies' exploitation of copyrighted content without permission or payment. From the report: The Culture, Media and Sport Committee and Science, Innovation and Technology Committee asked composer Max Richter how he would know if "bad-faith actors" were using his material to train AI models. "There's really nothing I can do," he told MPs. "There are a couple of music AI models, and it's perfectly easy to make them generate a piece of music that sounds uncannily like me. That wouldn't be possible unless it had hoovered up my stuff without asking me and without paying for it. That's happening on a huge scale. It's obviously happened to basically every artist whose work is on the internet." Richter, whose work has been used in a number of major film and television scores, said the consequences for creative musicians and composers would be dire. "You're going to get a vanilla-ization of music culture as automated material starts to edge out human creators, and you're also going to get an impoverishing of human creators," he said. "It's worth remembering that the music business in the UK is a real success story. It's 7.6 billion-pound income last year, with over 200,000 people employed. That is a big impact. If we allow the erosion of copyright, which is really how value is created in the music sector, then we're going to be in a position where there won't be artists in the future." Speaking earlier, former Google staffer James Smith said much of the damage from text and data mining had likely already been done. "The original sin, if you like, has happened," said Smith, co-founder and chief executive of Human Native AI. "The question is, how do we move forward? I would like to see the government put more effort into supporting licensing as a viable alternative monetization model for the internet in the age of these new AI agents." Matt Rogerson, director of global public policy and platform strategy at the Financial Times, said: "We can only deal with what we see in front of us and [that is] people taking our content, using it for the training, using it in substitutional ways. So from our perspective, we'll prosecute the same argument in every country where we operate, where we see our content being stolen." The risk, if the situation continued, was a hollowing out of creative and information industries, he said. [...] "The problem is we can't see who's stolen our content. We're just at this stage where these very large companies, which usually make margins of 90 percent, might have to take some smaller margin, and that's clearly going to be upsetting for their investors. But that doesn't mean they shouldn't. It's just a question of right and wrong and where we pitch this debate. Unfortunately, the government has pitched it in thinking that you can't reduce the margin of these big tech companies; otherwise, they won't build a datacenter."

Read more of this story at Slashdot.

A German court has ruled that Amazon's Prime Video service violates a Nokia-owned patent, ordering Amazon to stop streaming in its current form or face fines of 250,000 euros per violation. However, Amazon assured customers in a statement on Friday that there is no risk of losing access to Prime Video because the decision affects only a limited functionality related to casting videos between devices. "Prime Video will comply with this local judgement and is currently considering next steps. However, there is absolutely no risk at all for customers losing access to Prime Video," Amazon's Prime Video spokesperson told Reuters. Meanwhile, Nokia's chief licensing officer, Arvin Patel, said: "...the innovation ecosystem breaks down if patent holders are not fairly compensated for the use of their technologies, as it becomes much harder for innovators to fund the development of next generation technologies."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica written by Kevin Purdy: There are only two licensed professional sports games included in Wikipedia's "List of video games notable for negative reception." Do not be fooled, however: WWE 2K20 and eFootball 2022 are just the outliers, arriving so poorly crafted as to cause notable outcry and an actual change to development plans. Most licensed professional sports games come out yearly, whether fully baked, notably improved, or not, and fans who have few other options to play with their favorite intellectual property learn to make do with them. Not so with fans of Football Manager, a series that can be traced back in some form to 1992 that has released a game almost every year, minus one ownership shift in the early 2000s. Sports Interactive, the company behind the franchise, released a statement on Thursday (in British time) that says that "following extensive internal discussions and careful consideration," Football Manager 25 is canceled. The game was "too far away from the standards you deserve," so they are focusing on the 2026 version. [...] The developer's statement notes that preorder customers are getting refunds. Answering a question that has always been obvious to fans but never publishers, the company notes that, no, Football Manager 2024 will not get an update with the new season's players and data. The company says it is looking to extend the 2024 version's presence on subscription platforms, like Xbox's Game Pass, and will "provide an update on this in due course." Fans eager to build out their dynasty team and end up with Bukayo Saka may be disappointed to miss out this year. But a developer with big ambitions to meaningfully improve and rethink a long-running franchise deserves some consideration amid the consternation.

Read more of this story at Slashdot.

Software companies are under pressure to invest in new AI capabilities without denting profits. One increasingly popular strategy to keep costs low is to shift hiring outside the US. From a report:Â Salesforce and Workday are simultaneously cutting jobs and highlighting the cost savings from adding workers internationally. "Do we need to hire everybody in San Francisco?" Salesforce Chief Operating Officer Brian Millham said at an event hosted by Barclays in December. "Or can we think about other locations that are cheaper where we can get really incredible labor like India and Mexico City." US-based employees at Salesforce dropped to 51% from 58% in the four years ending in January 2024. In early 2023, it announced a reduction of roughly 8,000 jobs. Earlier this week, Bloomberg reported that the San Francisco-based software company would cut more than 1,000 positions in large part to make room for new AI-focused hiring. [...] Human resources software maker Workday, based in Pleasanton, California, announced Wednesday that it would eliminate about 1,750 jobs. Last year, Chief Executive Officer Carl Eschenbach emphasized a new focus on expanding margins, saying hiring more in countries like Costa Rica would help in this effort.Â

Read more of this story at Slashdot.

An anonymous reader shares a report: Users are now receiving notifications regarding their Microsoft 365 subscriptions and must take action if they wish to avoid Copilot and its extra charges. The email from Microsoft warns that the cost of a 365 Personal Subscription will jump, however, there is no need to worry -- Microsoft knows what's best and will increase your payment in return for all those AI-powered Copilot services it knows you want. We noted the upcoming increases last month and how users could turn off the generative AI assistant. At the time, Microsoft said users would be able to switch to plans without Copilot. However, unless a user takes action, the price they pay for their "Current Subscription" will increase, and AI-powered delights will be added to their plan.

Read more of this story at Slashdot.

Most Britons support strict controls on AI systems that could surpass human capabilities, according to a YouGov poll, highlighting a growing divide between public opinion and government policy. The survey of 2,344 adults found 87% back laws requiring AI developers to prove their systems are safe before release, while 60% favor banning the development of "smarter-than-human" AI models. Only 9% trust tech CEOs to act in the public interest on AI regulation.

Read more of this story at Slashdot.

An anonymous reader shares a report: India's central bank is introducing an exclusive ".bank.in" domain for banks from April 2025 as part of efforts to combat rising digital payment frauds and bolster trust in online banking services. [...] The central bank plans to roll out a separate 'fin.in' domain for non-bank financial institutions. "Increased instances of fraud in digital payments are a significant concern," said RBI Governor Sanjay Malhotra, adding that the new domain system aims to reduce cyber security threats and malicious activities like phishing.

Read more of this story at Slashdot.

U.S. employers are deploying increasingly aggressive phishing tests to combat cyber threats, sparking backlash from workers who say the simulated scams create unnecessary panic and distrust in the workplace. At the University of California, Santa Cruz, a test email about a fake Ebola outbreak sent staff scrambling before learning it was a security drill. At Lehigh Valley Health Network, employees who fall for phishing tests lose external email access, with termination possible after three failures. Despite widespread use, recent studies question these tests' effectiveness. Research from ETH Zurich found that phishing tests combined with voluntary training actually made employees more vulnerable, while a University of California, San Diego study showed only a 2% reduction [PDF] in phishing success rates. "These are just an ineffective and inefficient way to educate users," said Grant Ho, who co-authored the UCSD study.

Read more of this story at Slashdot.

An anonymous reader shares a report: Google has edited Gemini's AI response in a Super Bowl commercial to remove an incorrect statistic about cheese. The ad, which shows a small business owner using Gemini to write a website description about Gouda, no longer says the variety makes up "50 to 60 percent of the world's cheese consumption." In the edited YouTube video, Gemini's response now skips over the specifics and says Gouda is "one of the most popular cheeses in the world." Google Cloud apps president Jerry Dischler initially defended the response, saying on X it's "grounded in the Web" and "not a hallucination."

Read more of this story at Slashdot.

A survey of 2,130 Americans has revealed widespread vulnerability to cyber attacks through unsupported smart devices, with 43% unaware their devices might lose software support. The security threat was underscored in December 2023 when U.S. authorities disrupted a Chinese state-sponsored botnet targeting home routers and cameras that had stopped receiving security updates. Cloudflare separately reported a record-breaking DDoS attack in late 2023, primarily originating from compromised smart TVs and set-top boxes. The survey, conduced by Consumer Reports, found that only 39% of consumers learned about lost software support from manufacturers, with most discovering issues when devices stopped working (40%) or through media reports (15%). Most consumers expect their smart devices to retain functionality after losing software support, particularly for large appliances (70%). However, Consumer Reports' research found only 14% of 21 smart appliance brands specify support timeframes, while an FTC study of 184 devices showed just 11% disclose support duration.

Read more of this story at Slashdot.

A passenger on the French rail network SNCF has revealed that he received a $155 fine for using his phone on loud speaker within a train station. From a report: The passenger, named only as David, told French TV channel BFM that he was on the phone to his sister while waiting at Nantes station when the SNCF staff member told him to switch his phone's loud speaker off, or risk being fined. When he argued, he was served with the $155 fine, which has been increased to $207 because he did not pay it immediately. Further reading: Flying Was Already the Worst. Then America Stopped Using Headphones.

Read more of this story at Slashdot.

A British manufacturer of hydrogen fuel cell components for London's double-decker bus fleet has collapsed into administration, jeopardizing a $15.8 million government-backed project to cut transport emissions. Aeristech Limited, which was developing high-powered compressors for hydrogen fuel cells, was working on Project HEIDI to retrofit London buses with hydrogen technology. The project received $7.84 million in government funding last year, with additional investment from project partners including University of Bath and Equipmake.

Read more of this story at Slashdot.

An anonymous reader shares a report: Newly unsealed emails allegedly provide the "most damning evidence" yet against Meta in a copyright case raised by book authors alleging that Meta illegally trained its AI models on pirated books. Last month, Meta admitted to torrenting a controversial large dataset known as LibGen, which includes tens of millions of pirated books. But details around the torrenting were murky until yesterday, when Meta's unredacted emails were made public for the first time. The new evidence showed that Meta torrented "at least 81.7 terabytes of data across multiple shadow libraries through the site Anna's Archive, including at least 35.7 terabytes of data from Z-Library and LibGen," the authors' court filing said. And "Meta also previously torrented 80.6 terabytes of data from LibGen." "The magnitude of Meta's unlawful torrenting scheme is astonishing," the authors' filing alleged, insisting that "vastly smaller acts of data piracy -- just .008 percent of the amount of copyrighted works Meta pirated -- have resulted in Judges referring the conduct to the US Attorneys' office for criminal investigation."

Read more of this story at Slashdot.

Asahi lead developer Hector Martin, writing in an email: I no longer have any faith left in the kernel development process or community management approach. Apple/ARM platform development will continue downstream. If I feel like sending some patches upstream in the future myself for whatever subtree I may, or I may not. Anyone who feels like fighting the upstreaming fight themselves is welcome to do so.

Read more of this story at Slashdot.

The UK government has ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, Washington Post reported Friday, citing multiple sources familiar with the matter. The unprecedented demand, issued last month through a technical capability notice under the UK Investigatory Powers Act, requires Apple to provide blanket access to fully encrypted material rather than assistance with specific accounts. Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally, the report said. The company would still face pressure to provide backdoor access for users in other countries, including the United States. The order was issued under Britain's 2016 Investigatory Powers Act, which makes it illegal to disclose such government demands, according to the report. While Apple can appeal to a secret technical panel and judge, the law requires compliance during any appeal process. The company told Parliament in March that the UK government should not have authority to decide whether global users can access end-to-end encryption.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: In the most comprehensive study of its kind, scientists have found that generally, the world feels brighter when you wake up. People start the day in the best frame of mind in the morning, but end in the worst, at about midnight, the findings suggest, with the day of the week and the season also playing a part. Mental health also tends to be more varied at weekends but steadier during the week, according to the study led by University College London. "Generally, things do seem better in the morning," the researchers concluded. Their findings were published in the journal BMJ Mental Health. [...] The results showed that happiness, life satisfaction, and worthwhile ratings were all higher on Mondays and Fridays than on Sundays, while happiness was also higher on Tuesdays. There was no evidence that loneliness differed across days of the week. There was clear evidence of a seasonal influence on mood. Compared with winter, people tended to have lower levels of depressive and anxiety symptoms and loneliness, and higher levels of happiness, life satisfaction and feeling that life was worthwhile in the three other seasons. Mental health was best in the summer across all outcomes. But the season didn't affect the associations observed across the day, however. Scientists suggest that the findings may be due to physiological changes linked to the body's circadian rhythm. Cortisol, a hormone that influences mood and motivation, peaks after waking and declines by bedtime, which may contribute to better mental health earlier in the day. Factors like sleep cycles, weather, and when participants chose to respond to the survey could have influenced the findings. There's also the differences between weekdays and weekends, which have their own variations in daily routines.

Read more of this story at Slashdot.

After a $523 million charge on its CST-100 Starliner program in 2024, Boeing's total losses on the commercial crew vehicle now exceed $2 billion -- and there's still no clear timeline for its next flight. SpaceNews reports: In the company's 10-K annual filing with the U.S. Securities and Exchange Commission Feb. 3, Boeing said it took $523 million in charges on Starliner in 2024. The company blamed the losses on "schedule delays and higher testing and certification costs as well as higher costs for post certification missions." The company had reported a $125 million charge in the second quarter and a $250 million charge in the third quarter. The company warned Jan. 23 it would take an additional loss in the fourth quarter but did not disclose a figure when it released its financial results five days later. The annual loss implies a $148 million loss in the fourth quarter. The $523 million in charges is the most Boeing has recorded in a single year on Starliner, exceeding $489 million it reported in 2019. The company's cumulative charges on Starliner are now just over $2 billion. "Risk remains that we may record additional losses in future periods," the company stated in the 10-K filing.

Read more of this story at Slashdot.