News

Employee engagement in the U.S. fell to its lowest level in a decade in 2024, Gallup reported Tuesday, with only 31% of employees engaged. This matches the figure last seen in 2014. The percentage of actively disengaged employees, at 17%, also reflects 2014 levels. Gallup: The percentage of engaged employees has declined by two percentage points since 2023, highlighting a growing trend of employee detachment from organizations, particularly among workers younger than 35. These are among the findings of Gallup's most recent annual update of U.S. employee engagement. Though engagement increased slightly midyear, it declined through the rest of 2024, finishing the year at its decade low. In Gallup's trend dating back to 2000, employee engagement peaked in 2020, at 36%, following a decade of steady growth, but it has generally trended downward since then. Each point change in engagement represents approximately 1.6 million full- or part-time employees in the U.S. The declines since 2020 equate to about 8 million fewer engaged employees, including 3.2 million fewer compared to 2023. Among the 12 engagement elements that Gallup measures, those that saw the most significant declines in 2024 (by three points or more in "strongly agree" ratings) include: Clarity of expectations. Just 46% of employees clearly know what is expected of them at work, down 10 points from a high of 56% in March 2020. Feeling someone at work cares about them as a person. Currently, 39% of employees feel strongly that someone cares about them, a drop from 47% in March 2020. Someone encouraging their development. Only 30% strongly agree that someone at work encourages their development, down from 36% in March 2020. People of all ages come to work seeking role clarity, strong relationships and opportunities for development, but managers, combined, are progressively failing to meet these basic needs. However, managers themselves are faring no better than those they manage, with only 31% engaged.

Read more of this story at Slashdot.

By 2060, around one million Americans may develop dementia annually, with the lifetime risk after age 55 estimated at 42% and rising sharply with age. The findings have been published in the journal Nature Medicine. Scientific American reports: The latest forecast suggests a massive and harrowing increase from annual cases predicted for 2020, in which approximately 514,000 adults in the U.S. were estimated to be diagnosed with dementia -- an umbrella term that describes several neurological conditions that affect memory and cognition. The new study also showed the lifetime risk of dementia increased progressively with older age. They estimated that after age 55, the lifetime risk of dementia is 42 percent, and continues to rise sharply to 56 percent after age 85. Groups that showed greater lifetime risks (between 44 and 59 percent after age 55) were Black adults, women and people who carried the allele APOE e4: this variation of the gene APOE, which codes for the protein apolipoprotein E, increases the risk of developing Alzheimer's disease. Alzheimer's is the most common cause of dementia, but the study focused on all forms.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CBS News: The Supreme Court on Monday said it will not consider whether to quash lawsuits brought by Honolulu seeking billions of dollars from oil and gas companies for the damage caused by the effects of climate change, clearing the way for the cases to move forward. The legal battle pursued in Hawaii state court is similar to others filed against the nation's largest energy companies by state and local governments in their courts. The suits claim that the oil and gas industry engaged in a deceptive campaign and misled the public about the dangers of their fossil fuel products and the environmental impacts. A group of 15 energy companies asked the Supreme Court to review a decision from the Hawaii Supreme Court that allowed a lawsuit brought by the city and county of Honolulu, as well as its Board of Water Supply, to proceed. The suit was brought in Hawaii state court in March 2020, and Honolulu raised (PDF) several claims under state law, including creating a public nuisance and failure to warn the public of the risks posed by their fossil fuel products. The city accused the oil and gas industry of contributing to global climate change, leading to flooding, erosion and more frequent and intense extreme weather events. These changes, they said, have led to property damage and a drop in tax revenue as a result of less tourism. The energy companies unsuccessfully sought to have the case moved to federal court, arguing that the claims raised by Honolulu under state law were overridden by federal law and the Clean Air Act. A state trial court denied their efforts to dismiss the case. The oil and gas industry has argued that greenhouse-gas emissions "flow from billions of daily choices, over more than a century, by governments, companies and individuals about what types of fuels to use, and how to use them." Honolulu, the companies said, was seeking damages for the "cumulative effect of worldwide emissions leading to global climate change." The Hawaii Supreme Court ultimately allowed (PDF) the lawsuit to proceed. The state's highest court determined that the Clean Air Act displaced federal common law governing suits seeking damages for interstate pollution. It also rejected the oil companies' argument that Honolulu was seeking to regulate emissions through its lawsuit, finding that the city instead wanted to challenge the promotion and sale of fossil fuel products "without warning and abetted by a sophisticated disinformation campaign." "Plaintiffs' state tort law claims do not seek to regulate emissions, and there is thus no 'actual conflict' between Hawaii tort law and the [Clean Air Act]," the Hawaii Supreme Court ruled. "These claims potentially regulate marketing conduct while the CAA regulates pollution." The oil companies asked the U.S. Supreme Court to review the ruling from the Hawaii high court and urged it to stop Honolulu's lawsuit from going forward. Regulation of interstate pollution is a federal area governed by federal law, lawyers for the energy industry argued. [...] The Supreme Court in June asked the Biden administration to weigh in on the cases and whether it should step into the dispute. In a filing submitted to the Supreme Court before the transfer of presidential power, the Biden administration urged the justices to turn away the appeals, in part because it said it is too soon for them to intervene.

Read more of this story at Slashdot.

UK ministers are considering allowing private companies to profit from anonymized NHS data as part of a push to leverage AI for medical advancements, despite concerns over privacy and ethical risks. The Guardian reports: Keir Starmer on Monday announced a push to open up the government to AI innovation, including allowing companies to use anonymized patient data to develop new treatments, drugs and diagnostic tools. With the prime minister and the chancellor, Rachel Reeves, under pressure over Britain's economic outlook, Starmer said AI could bolster the country's anaemic growth, as he put concerns over privacy, disinformation and discrimination to one side. "We are in a unique position in this country, because we've got the National Health Service, and the use of that data has already driven forward advances in medicine, and will continue to do so," he told an audience in east London. "We have to see this as a huge opportunity that will impact on the lives of millions of people really profoundly." Starmer added: "It is important that we keep control of that data. I completely accept that challenge, and we will also do so, but I don't think that we should have a defensive stance here that will inhibit the sort of breakthroughs that we need." The move to embrace the potential of AI rather than its risks comes at a difficult moment for the prime minister, with financial markets having driven UK borrowing costs to a 30-year high and the pound hitting new lows against the dollar. Starmer said on Monday that AI could help give the UK the economic boost it needed, adding that the technology had the potential "to increase productivity hugely, to do things differently, to provide a better economy that works in a different way in the future." Part of that, as detailed in a report by the technology investor Matt Clifford, will be to create new datasets for startups and researchers to train their AI models. Data from various sources will be included, such as content from the National Archives and the BBC, as well as anonymized NHS records. Officials are working out the details on how those records will be shared, but said on Monday that they would take into account national security and ethical concerns. Starmer's aides say the public sector will keep "control" of the data, but added that could still allow it to be used for commercial purposes.

Read more of this story at Slashdot.

Meta is deleting links to Pixelfed, a decentralized, open-source Instagram competitor, labeling them as "spam" on Facebook and removing them immediately. 404 Media reports: Pixelfed is an open-source, community funded and decentralized image sharing platform that runs on Activity Pub, which is the same technology that supports Mastodon and other federated services. Pixelfed.social is the largest Pixelfed server, which was launched in 2018 but has gained renewed attention over the last week. Bluesky user AJ Sadauskas originally posted that links to Pixelfed were being deleted by Meta; 404 Media then also tried to post a link to Pixelfed on Facebook. It was immediately deleted. Pixelfed has seen a surge in user signups in recent days, after Meta announced it is ending fact-checking and removing restrictions on speech across its platforms. Daniel Supernault, the creator of Pixelfed, published a "declaration of fundamental rights and principles for ethical digital platforms, ensuring privacy, dignity, and fairness in online spaces." The open source charter contains sections titled "right to privacy," "freedom from surveillance," "safeguards against hate speech," "strong protections for vulnerable communities," and "data portability and user agency." "Pixelfed is a lot of things, but one thing it is not, is an opportunity for VC or others to ruin the vibe. I've turned down VC funding and will not inject advertising of any form into the project," Supernault wrote on Mastodon. "Pixelfed is for the people, period."

Read more of this story at Slashdot.

Linux creator Linus Torvalds announced a playful giveaway for kernel contributors: he'll hand-build a guitar effects pedal for one lucky developer selected at random, using his holiday hobby skills with pedal kits. To qualify, developers must have a 2024 commit in Torvalds' kernel git tree and email him with the subject "I WANT A GUITAR PEDAL". He'll pick a winner at random, use his own money to buy a pedal kit from a company called Aion FX, and then 'build it with my own shaky little fingers, and send it to the victim by US postal services.'" The Register reports: The odd offer appeared in his weekly state-of-the-kernel post, which on Sunday US time informed the Linux world that release candidate (rc) seven for version 6.13 of the Linux kernel "is slightly bigger than normal, but considering the timing, it's pretty much where I would have expected, and nothing really stands out." Torvalds therefore expects version 6.13 to debut next week, meaning it will arrive after his preferred seven release candidates and without delays caused by the usual holiday-period slowdown. Torvalds then added a postscript in which he revealed that he often uses the holiday season to build LEGO, which he frequently receives for Christmas and his late December birthday. He kept up that tradition last year, but "also ended up doing a number of guitar pedal kit builds" which he described as "LEGO for grown-ups with a soldering iron." [...] Torvalds doesn't play guitar, but did the builds "because I enjoy the tinkering, and the guitar pedals actually do something and are the right kind of "not very complex, but not some 5-minute 555 LED blinking thing.'" He enjoyed the experience and wants to build more pedals, so has decided to give one away to a random kernel developer -- both as an act of generosity and to "check to see if anybody actually ever reads these weekly rc announcements of mine." Torvalds rated his past pedal-building efforts a "good success so far" but warned entrants "I'm a software person with a soldering iron." "I will test the result to the best of my abilities, and the end result may actually work ... but you should set your expectations along the lines of "quality kit built by a SW person who doesn't know one end of a guitar from the other.'"

Read more of this story at Slashdot.

An anonymous reader quotes a report from 404 Media: Mikey Shulman, the CEO and founder of the AI music generator company Suno AI, thinks people don't enjoy making music. "We didn't just want to build a company that makes the current crop of creators 10 percent faster or makes it 10 percent easier to make music. If you want to impact the way a billion people experience music you have to build something for a billion people," Shulman said on the 20VC podcast. "And so that is first and foremost giving everybody the joys of creating music and this is a huge departure from how it is now. It's not really enjoyable to make music now [...] It takes a lot of time, it takes a lot of practice, you need to get really good at an instrument or really good at a piece of production software. I think the majority of people don't enjoy the majority of the time they spend making music." Suno AI works like other popular generative AI tools, allowing users to generate music by writing text prompts describing the kind of music they want to hear. Also like many other generative AI tools, Suno was trained on heaps of copyrighted music it fed into its training dataset without consent, a practice Suno is currently being sued for by the recording industry. In the interview, Shulman says he's disappointed that the recording industry is suing his company because he believes Suno and other similar AI music generators will ultimately allow more people to make and enjoy music, which will only grow the audience and industry, benefiting everyone. That may end up being true, and could be compared to the history of electronic music, digital production tools, or any other technology that allowed more people to make more music.

Read more of this story at Slashdot.

Ars Technica's Jon Brodkin reports: The New York law requiring Internet providers to offer cheap plans to people with low incomes will take effect on Wednesday this week following a multi-year court battle in which the state defeated broadband industry lobby groups. A US appeals court upheld the law in April 2024, reversing the ruling of a district judge who blocked it in 2021. The Supreme Court last month decided not to hear the broadband industry's challenge, leaving the appeals court ruling in place. The state law requires Internet providers to offer $15- or $20-per-month service to people with low incomes. As we've written, the battle between New York and ISPs was an important test case for how states can regulate broadband providers when the Federal Communications Commission isn't doing so. The Biden-era FCC's attempt to reinstate net neutrality rules and regulate broadband providers as common carriers was blocked in court, but ISPs lost the fight against the New York affordability law and an earlier fight against California's net neutrality law. New York-based ISPs can comply by offering $15 broadband plans with download speeds of at least 25Mbps, or $20-per-month service with 200Mbps speeds. The price must include "any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees." Price increases are to be capped at 2 percent per year, and state officials will periodically review whether minimum required speeds should be raised. New York Public Service Commission Chair Rory Christian last week issued an order stating that the law will take effect on January 15. "On December 16, 2024, the United States Supreme Court denied the Plaintiff's request for further review," the order said. "As part of the litigation, the [New York attorney general] agreed not to enforce the ABA [Affordable Broadband Act] until 30 days after the date when the US Supreme Court decided the writ of Certiorari. Thus, the ABA will once again take effect and may be enforced in New York on January 15, 2025." The order said it plans to implement the law quickly because of "developments at the federal level impacting the affordability of broadband service." ISPs can receive one-month exemptions by filing paperwork by Wednesday confirming they meet the subscriber threshold, notes Ars. To secure longer-term exemptions, ISPs must submit detailed financial information by February 15.

Read more of this story at Slashdot.

The Register's Simon Sharwood reports: Broadcom has lost another sizable customer for its VMware platform: Austrian cloud provider Anexia has moved 12,000 VMs, some of them rented by major European businesses, to an open-source system based on the KVM hypervisor. Anexia was founded in 2006, is based in Austria, and provides cloud services from over 100 locations around the world by placing equipment in third party datacenters. Clients include remote access and control vendor TeamViewer, and airline Lufthansa -- plus plenty more outfits that need reliable hosting and service to match. CEO Alexander Windbichler told The Register that after Broadcom acquired VMware, increased licensing costs, and made big changes to its partner program, Anexia remained eligible to operate a VMware-powered cloud. But Windbichler felt he couldn't afford to continue, because Broadcom offered new terms that saw the cost of VMware licenses rise sharply. The CEO preferred not to enumerate the increase precisely however The Register understands it exceeded 500 percent. Whatever the actual figure, Windbichler said the cost increase "Would have been existential for us." "We used to pay for VMware software one month in arrears," he said. "With Broadcom we had to pay a year in advance with a two-year contract." That arrangement, the CEO said, would have created extreme stress on company cashflow. "We would not be able to compete with the market," he said. "We had customers on contracts, and they would not pay for a price increase." Windbichler considered legal action, but felt the fight would have been slow and expensive. Anexia therefore resolved to migrate, a choice made easier by its ownership of another hosting business called Netcup that ran on a KVM-based platform.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch, written by Ivan Mehta: Decentralized social network organization Mastodon said Monday that it is planning to create a new nonprofit organization in Europe and hand over ownership of entities responsible for key Mastodon ecosystem and platform components. This means one person won't have control over the entire project. The organization is trying to differentiate itself from social networks controlled by CEOs like Elon Musk and Mark Zuckerberg. While exact details are yet to be finalized, this means that Mastodon's current CEO and creator, Eugen Rochko, will hand over management bits of the organization to the new entity and focus on the product strategy. The organization said that it will continue to host the mastodon.social and mastodon.online servers, which users can sign up for and join the ActivityPub-based network. Mastodon currently has 835,000 monthly active users spread across thousands of servers. [...] Last year, the company formed a U.S.-based nonprofit to get more funds and grants with Twitter co-founder Biz Stone on the board. At the same time, the organization lost its nonprofit status in Germany. [...] The blog post noted that the new Europe-based nonprofit entity will wholly own the Mastodon GmbH for-profit entity. The organization is in the process of finalizing the place where the new entity will be set up. "We are taking the time to select the appropriate jurisdiction and structure in Europe. Then we will determine which other (subsidiary) legal structures are needed to support operations and sustainability,â Mastodon said in a blog post. "Throughout, we will focus on establishing the appropriate governance and leadership frameworks that reflect the nature and purpose of Mastodon as a whole, and responsibly serve the community."

Read more of this story at Slashdot.

European Union regulators are investigating Apple's revised app store fees amid concerns they may increase costs for developers, according to Bloomberg News. The European Commission sent questionnaires to developers in December focusing on Apple's new "core technology fee" of $0.51 per app installation, part of its compliance with EU's Digital Markets Act. Under Apple's revised structure, developers can maintain existing terms with commissions up to 30% on app sales, or choose a new model with lower commission rates but additional charges.

Read more of this story at Slashdot.

The USB Implementers Forum has simplified its labeling system for USB docking stations and cables, dropping technical terms like "USB4v2" in favor of straightforward speed ratings such as "USB 80Gbps" or "USB 40Gbps." The move follows criticism of previous complex naming conventions like "USB 3.2 Gen 2." The new logos will also display power transmission capabilities for cables, addressing consumer confusion over USB standards.

Read more of this story at Slashdot.

Microsoft is raising Microsoft 365 subscription prices by up to 46% across six Asian markets to fund AI features. In Australia, annual Microsoft 365 Family subscriptions will increase to AU$179 ($110) from AU$139, while Personal subscriptions will jump to AU$159 ($98) from AU$109. The price hikes also affect New Zealand, Malaysia, Singapore, Taiwan and Thailand customers.

Read more of this story at Slashdot.

U.S. companies are increasingly using AI to curb hiring plans, citing "cost avoidance" as a key metric to justify AI investments amid pressure to show returns. At software firm TS Imagine, AI-powered email sorting saves 4,000 work hours annually at 3% of employee costs, while Palantir reported AI reduced future headcount needs by 10-15%, according to company executives. The trend is most pronounced in software development and customer service sectors, where companies are deferring or scaling back hiring plans, said Gartner analyst Arun Chandrasekaran. This shift comes as long-term unemployment in the U.S. has risen more than 50% since late 2022, though tech sector unemployment dropped to 2% in December.

Read more of this story at Slashdot.

One in five online job postings may be "ghost jobs" that companies never intend to fill, according to new data from hiring platform Greenhouse examining its clients' recruitment patterns in 2024. The analysis found that 18-22% of advertised positions across technology, finance, and healthcare sectors went unfilled, while nearly 70% of companies posted at least one ghost job in the second quarter of 2024. Construction, arts, food and beverage, and legal industries showed the highest rates of ghost listings. In response, Greenhouse and LinkedIn have introduced verification systems for job postings. LinkedIn reports more than half its listings are now tagged as "verified," indicating confirmed open positions. Companies maintain ghost listings for various reasons, including projecting growth, keeping options open for exceptional candidates, or meeting federal posting requirements, said Jon Stross, Greenhouse's president and co-founder.

Read more of this story at Slashdot.

Nvidia has hit back at the outgoing Biden administration's AI chip tech export restrictions designed to tighten America's stranglehold on supply chains and maintain market dominance. From a report: The White House today unveiled what it calls the Final Rule on Artificial Intelligence Diffusion from the Biden-Harris government, placing limits on the number of AI-focused chips that can be exported to most countries, but allowing exemptions for key allies and partners. The intent is to work with AI companies and foreign governments to initiate critical security and trust standards as they build out their AI infrastructure, but the regulation also makes it clear that the focus of this policy is "to enhance US national security and economic strength," and "it is essential that ... the world's AI runs on American rails." Measures are intended to restrict the transfer to non-trusted countries of the weights for advanced "closed-weight" AI models, and set out security standards to protect the weights of such models. However GPU supremo Nvidia claims the proposed rules are so harmful that it has published a document strongly criticizing the decision.

Read more of this story at Slashdot.

FBI Director Christopher Wray, in his final interview before stepping down, warned that China poses the greatest long-term threat to U.S. national security, calling it "the defining threat of our generation." China's cyber program has stolen more American personal and corporate data than all other nations combined, Wray told CBS News. He said Chinese government hackers have infiltrated U.S. civilian infrastructure, including water treatment facilities, transportation systems and telecommunications networks, positioning themselves to potentially cause widespread disruption. "To lie in wait on those networks to be in a position to wreak havoc and can inflict real-world harm at a time and place of their choosing," Wray said. The FBI director, who is leaving his post nearly three years early after President-elect Donald Trump indicated he would make leadership changes, said China has likely accessed communications of some U.S. government personnel. He added that Beijing's pre-positioning on American civilian critical infrastructure has not received sufficient attention.

Read more of this story at Slashdot.

Sonos Chief Executive Patrick Spence stepped down on Monday, following a tumultuous period marked by a botched app rollout that angered customers and hurt sales of its new headphones. Board member Tom Conrad, a former Pandora chief technology officer, will serve as interim CEO while the audio equipment maker searches for a permanent replacement, the company said. Spence's departure comes eight months after Sonos released a revamped app that launched with missing features and technical problems, leading to widespread customer complaints and necessitating an extensive fix-it effort. The company will pay Spence, who joined Sonos in 2012 as chief commercial officer, a $1.875 million severance package. He will remain as a strategic advisor until June 30, earning $7,500 monthly, according to a regulatory filing.

Read more of this story at Slashdot.

Several vulnerabilities were discovered in rsync, a fast, versatile, remote (and local) file-copying tool.

CVE-2024-12084

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a heap-based buffer overflow vulnerability due to improper handling of attacker-controlled checksum lengths. A remote attacker can take advantage of this flaw for code execution.

CVE-2024-12085

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a flaw in the way rsync compares file checksums, allowing a remote attacker to trigger an information leak.

CVE-2024-12086

Simon Scannell, Pedro Gallegos and Jasiel Spelman discovered a flaw which would result in a server leaking contents of an arbitrary file from the client's machine.

CVE-2024-12087

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported a path traversal vulnerability in the rsync daemon affecting the --inc-recursive option, which could allow a server to write files outside of the client's intended destination directory.

CVE-2024-12088

Simon Scannell, Pedro Gallegos and Jasiel Spelman reported that when using the --safe-links option, rsync fails to properly verify if a symbolic link destination contains another symbolic link with it, resulting in path traversal and arbitrary file write outside of the desired directory.

CVE-2024-12747

Aleksei Gorban "loqpa" discovered a race condition when handling symbolic links resulting in an information leak which may enable escalation of privileges.

https://security-tracker.debian.org/tracker/DSA-5843-1

"Neuralink Corp.'s brain-computer device has been implanted in a third patient," reports Bloomberg, "and the company has plans for about 20 to 30 more implants in 2025, founder Elon Musk said." In an interview streamed on X.com, Musk says "We've got now three humans with Neuralinks implanted and they're all working well," according to The Times of India: "We upgraded the devices, they'll have more electrodes, basically higher bandwidth, longer battery life and everything. So, expect 20 or 30 patients this year with the upgraded Neuralink devices...." "[O]ur next part will be Blindsight devices where even if somebody has lost both eyes or has lost the optic nerve, we can interface directly with the visual cortex in the brain and enable them to see. We already have that working in monkeys," Musk added.

Read more of this story at Slashdot.