News

Ars Technica's Dan Goodwin writes: Last Tuesday, loads of Linux usersâ"many running packages released as early as this year -- started reporting their devices were failing to boot. Instead, they received a cryptic error message that included the phrase: "Something has gone seriously wrong." The cause: an update Microsoft issued as part of its monthly patch release. It was intended to close a 2-year-old vulnerability in GRUB, an open source boot loader used to start up many Linux devices. The vulnerability, with a severity rating of 8.6 out of 10, made it possible for hackers to bypass secure boot, the industry standard for ensuring that devices running Windows or other operating systems don't load malicious firmware or software during the bootup process. CVE-2022-2601 was discovered in 2022, but for unclear reasons, Microsoft patched it only last Tuesday. [...] With Microsoft maintaining radio silence, those affected by the glitch have been forced to find their own remedies. One option is to access their EFI panel and turn off secure boot. Depending on the security needs of the user, that option may not be acceptable. A better short-term option is to delete the SBAT Microsoft pushed out last Tuesday. This means users will still receive some of the benefits of Secure Boot even if they remain vulnerable to attacks that exploit CVE-2022-2601. The steps for this remedy are outlined here (thanks to manutheeng for the reference).

Read more of this story at Slashdot.

Toyota confirmed a breach of its network after 240GB of data, including employee and customer information, was leaked on a hacking forum by a threat actor. The company has not provided details on how or when the breach occurred. BleepingComputer reports: ZeroSevenGroup (the threat actor who leaked the stolen data) says they breached a U.S. branch and were able to steal 240GB of files with information on Toyota employees and customers, as well as contracts and financial information. They also claim to have collected network infrastructure information, including credentials, using the open-source ADRecon tool that helps extract vast amounts of information from Active Directory environments. "We have hacked a branch in United States to one of the biggest automotive manufacturer in the world (TOYOTA). We are really glad to share the files with you here for free. The data size: 240 GB," the threat actor claims. "Contents: Everything like Contacts, Finance, Customers, Schemes, Employees, Photos, DBs, Network infrastructure, Emails, and a lot of perfect data. We also offer you AD-Recon for all the target network with passwords." While Toyota hasn't shared the date of the breach, BleepingComputer found that the files had been stolen or at least created on December 25, 2022. This date could indicate that the threat actor gained access to a backup server where the data was stored. "We are aware of the situation. The issue is limited in scope and is not a system wide issue," Toyota told BleepingComputer. The company added that it's "engaged with those who are impacted and will provide assistance if needed."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian, written by Julian Benson: It's been eight years since Civilization 6 -- the most recent in a very long-running strategy game series that sees you take a nation from the prehistoric settlement of their first town through centuries of development until they reach the space age. Since 2016 it has amassed an abundance of expansions, scenario packs, new nations, modes and systems for players to master -- but series producer Dennis Shirk at Firaxis Games feels that enough it enough. "It was getting too big for its britches," he says. "It was time to make something new." "It's tough to even get through the whole game," designer Ed Beach says, singling out the key problem that Firaxis aims to solve with the forthcoming Civilization 7. While the early turns of a campaign in Civilization 6 can be swift, when you're only deciding the actions for the population of a single town, "the number of systems, units, and entities you must manage explodes after a while," Beach says. From turn one to victory, a single campaign can take more than 20 hours, and if you start falling behind other nations, it can be tempting to restart long before you see the endgame. That's why Civilization 7's campaign has been split into three ages -- Antiquity, Exploration and Modern -- with each ending in a dramatic explosion of global crises. "Breaking the game into chapters lets people get through history in a more digestible fashion," Beach says. When you start a new campaign, you pick a leader and civilization to govern, and direct your people in establishing their first settlements and encounters with the other peoples populating a largely undeveloped land. You'll choose the technologies they research, the expansions they make to their cities, and whom they try to befriend or conquer. Every turn you complete or scientific, economic, cultural and military milestone you pass adds points to a meter running in the background. Once that meter hits 200, you and all the other surviving civilizations on the map will transition into the next age. When moving from Antiquity to Exploration and later Exploration to Modern, you select a new civilization to lead. You'll retain all the cities you controlled before but have access to different technologies and attributes. This may seem strange, but it's built to reflect history: think of London, which was once run by the Romans before being supplanted by the Anglo-Saxons. No empire lasts for ever, but they don't all collapse, either. Breaking Civilization 7 into chapters also gives campaigns a new rhythm. As you approach the end of an age, you'll begin to face global crises. In Antiquity, for instance, you can see a proliferation of independent powers similar to the tribes that tore down Rome. "We're not calling them barbarians any more," Beach says. "It's a more nuanced way to present them." These crises multiply and strengthen until you reach the next age. "It's like a sci-fi or fantasy series with a huge, crazy conclusion, and then the next book starts nice and calm," Beach says. "There's a point where getting to the next age is a relief." Here's a round-up of thoughts on Civilization 7 from some of the most respected gaming outlets and reviewers: Civilization VII hands-on: This strategy sequel rethinks the long game -- Ars Technica's Samuel Axon Civilization 7 pairs seismic changes with a lovably familiar formula -- Eurogamer's Chris Tapsell Civilization 7 hands-on: Huge changes are coming to the classic strategy series - PC Gamer's Tyler Wilde Civilization 7 lets you mix and match history -- and it's a blast - The Verge's Ash Parrish Civilization 7 Hands-On Preview: Creating Your Legacy - Game Rant's Joshua Duckworth Sid Meier's Civilization VII preview -- possibly the freshest sequel yet - GamesHub's Jam Walker How Civilization 7 Rethinks The Series' Structure - GameSpot's Steve Watts

Read more of this story at Slashdot.

U.S. District Judge Ada Brown in Dallas blocked the FTC's rule banning noncompete agreements, arguing the FTC lacks authority to implement such broad regulations and did not adequately justify the sweeping prohibition. Reuters reports: Brown had temporarily blocked the rule in July while she considered a bid by the U.S. Chamber of Commerce, the country's largest business lobby, and tax service firm Ryan to strike it down entirely. The rule was set to take effect Sept. 4. Brown in her ruling said that even if the FTC had the power to adopt the rule, the agency had not justified banning virtually all noncompete agreements. "The Commission's lack of evidence as to why they chose to impose such a sweeping prohibition ... instead of targeting specific, harmful non-competes, renders the Rule arbitrary and capricious," wrote Brown, an appointee of Republican former President Donald Trump. FTC spokesperson Victoria Graham said the agency was disappointed with the ruling and is "seriously considering a potential appeal." "Today's decision does not prevent the FTC from addressing noncompetes through case-by-base enforcement actions," Graham said in a statement. The Democratic-controlled FTC approved the ban on noncompete agreements in a 3-2 vote in May. The commission and supporters of the rule say the agreements are an unfair restraint on competition that violate U.S. antitrust law and suppress workers' wages and mobility.

Read more of this story at Slashdot.

OpenAI has announced a partnership with Conde Nest, allowing the company's AI products to display content from Vogue, The New Yorker, Conde Nast Traveler, GQ, Architectural Digest, Vanity Fair, Wired, Bon Appetit and other outlets. CNBC reports: "With the introduction of our SearchGPT prototype, we're testing new search features that make finding information and reliable content sources faster and more intuitive," OpenAI wrote in a blog post. "We're combining our conversational models with information from the web to give you fast and timely answers with clear and relevant sources." OpenAI added that the SearchGPT prototype offers direct links to news stories and that the company plans "to integrate the best of these features directly into ChatGPT in the future." It is the latest in a recent trend of some media outlets joining forces with AI startups such as OpenAI to enter into content deals.

Read more of this story at Slashdot.

A new TV series is capturing the dramatic saga of the The Pirate Bay, the notorious file-sharing website that openly challenged the entertainment industry in the early 2000s. A just-launched teaser is available on YouTube. TorrentFreak reports: A few years ago, news broke that The Pirate Bay story was being turned into a TV series. Written by Piotr Marciniak and directed by Jens Sjogren, who also made the "I am Zlatan" documentary, production was in the hands of B-Reel Films, working for the Swedish broadcaster SVT. American distribution company Dynamic Television scooped up worldwide rights. As far as we know, international deals have not yet been announced. The Swedish premiere on November 8 is coming closer, however, and a few days ago SVT released an official teaser. The founders of The Pirate Bay -- Anakata, Brokep and Tiamo -- are played by Arvid Swedrup, Simon Greger Carlsson and Willjam Lempling. The teaser doesn't give away much, but it's interesting that one of The Pirate Bay's infamous responses to legal threats features prominently. The teaser quotes from Anakata's response to a letter from DreamWorks, written twenty years ago. The movie company sent a DMCA takedown notice requesting the removal of a torrent for the film Shrek 2, but the reply was not what they had hoped for. "As you may or may not be aware, Sweden is not a state in the United States of America. Sweden is a country in northern Europe. Unless you figured it out by now, US law does not apply here," Anakata wrote. "It is the opinion of us and our lawyers that you are ........ morons, and that you should please go sodomize yourself with retractable batons." The response was public information and made it into the series. Whether there will be any new revelations has yet to be seen, however, as none of the site's founders were actively involved in production. Instead, the producers used interviews with other people involved, plus the vast amount of public information available on the Internet. That includes the infamous responses to legal threats. Time will tell how the producers and director have decided to tell this story. Production took place in Stockholm, Sweden, but also ventured to other countries, including Chile and Thailand, where Fredrik Neij was arrested and paraded in front of the press in 2014.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Andrew Cunningham: Back in 2013, Nvidia introduced a new technology called G-Sync to eliminate screen tearing and stuttering effects and reduce input lag when playing PC games. The company accomplished this by tying your display's refresh rate to the actual frame rate of the game you were playing, and similar variable refresh-rate (VRR) technology has become a mainstay even in budget monitors and TVs today. The issue for Nvidia is that G-Sync isn't what has been driving most of that adoption. G-Sync has always required extra dedicated hardware inside of displays, increasing the costs for both users and monitor manufacturers. The VRR technology in most low-end to mid-range screens these days is usually some version of the royalty-free AMD FreeSync or the similar VESA Adaptive-Sync standard, both of which provide G-Sync's most important features without requiring extra hardware. Nvidia more or less acknowledged that the free-to-use, cheap-to-implement VRR technologies had won in 2019 when it announced its "G-Sync Compatible" certification tier for FreeSync monitors. The list of G-Sync Compatible screens now vastly outnumbers the list of G-Sync and G-Sync Ultimate screens. Today, Nvidia is announcing a change that's meant to keep G-Sync alive as its own separate technology while eliminating the requirement for expensive additional hardware. Nvidia says it's partnering with chipmaker MediaTek to build G-Sync capabilities directly into scaler chips that MediaTek is creating for upcoming monitors. G-Sync modules ordinarily replace these scaler chips, but they're entirely separate boards with expensive FPGA chips and dedicated RAM. These new MediaTek scalers will support all the same features that current dedicated G-Sync modules do. Nvidia says that three G-Sync monitors with MediaTek scaler chips inside will launch "later this year": the Asus ROG Swift PG27AQNR, the Acer Predator XB273U F5, and the AOC AGON PRO AG276QSG2. These are all 27-inch 1440p displays with maximum refresh rates of 360 Hz.

Read more of this story at Slashdot.

TV manufacturers are shifting their focus from hardware sales to viewer data and advertising revenue. This trend is driven by declining profit margins on TV sets and the growing potential of smart TV operating systems to generate recurring income. Companies like LG, Samsung, and Roku are increasingly prioritizing ad sales and user tracking capabilities in their TVs, ArsTechnica reports. Automatic content recognition (ACR) technology, which analyzes viewing habits, is becoming a key feature for advertisers. TV makers are partnering with data firms to enhance targeting capabilities, with LG recently sharing data with Nielsen and Samsung updating its ACR tech to track streaming ad exposure. This shift raises concerns about privacy and user experience, as TVs become more commercialized and data-driven. Industry experts predict a rise in "shoppable ads" and increased integration between TV viewing and e-commerce platforms. The report adds: With TV sales declining and many shoppers prioritizing pricing, smart TV players will continue developing ads that are harder to avoid and better at targeting. Interestingly, Patrick Horner, practice leader of consumer electronics at analyst Omdia, told Ars that smart TV advertising revenue exceeding smart TV hardware revenue (as well as ad sale margins surpassing those of hardware) is a US-only trend, albeit one that shows no signs of abating. OLED has become a mainstay in the TV marketplace, and until the next big display technology becomes readily available, OEMs are scrambling to make money in a saturated TV market filled with budget options. Selling ads is an obvious way to bridge the gap between today and The Next Big Thing in TVs. Indeed, with companies like Samsung and LG making big deals with analytics firms and other brands building their businesses around ads, the industry's obsession with ads will only intensify. As we've seen before with TV commercials, which have gotten more frequent over time, once the ad genie is out of the bottle, it tends to grow, not go back inside. One side effect we're already seeing, Horner notes, is "a proliferation of more TV operating systems." While choice is often a good thing for consumers, it's important to consider if new options from companies like Amazon, Comcast, and TiVo actually do anything to notably improve the smart TV experience for owners. And OS operators' financial success is tied to the number of hours users spend viewing something on the OS. Roku's senior director of ad innovation, Peter Hamilton, told Digiday in May that his team works closely with Roku's consumer team, "whose goal is to drive total viewing hours." Many smart TV OS operators are therefore focused on making it easier for users to navigate content via AI.

Read more of this story at Slashdot.

Nothing, a British startup seeking to challenge Apple's smartphone dominance, is hauling its employees back to the office full-time in the quest for growth. From a report: In a lengthy email disparaging remote work, which had been a tenet of Nothing CEO Carl Pei's workplace policy since its creation four years ago, Pei explained why his 450 employees needed to come to the office five days a week. "Remote work is not compatible with a high ambition level plus high speed," Pei said in an email to staff, which he shared on LinkedIn. Pei gave three reasons for the strict return-to-office mandate. First, he said, the logistics of developing a smartphone, where design, engineering, and manufacturing departments collaborate, weren't conducive to remote working. He added that creativity and innovation worked better in person, allowing the company to do more with fewer resources. Third, Pei said Nothing's ambitions to scale to become a "generation-defining company" wouldn't be achievable with remote work. According to Pei's email, the new mandate will take effect in two months, and he intends to hold a town hall in London to answer employees' questions. In his email, the Nothing CEO also suggested that employees who could not commit to five days in the office look for other employment. "We know it's not the right type of setup for everybody, and that's okay. We should look for a mutual fit. You should find an environment where you thrive, and we need to find people who want to go the full mile with us in the decades ahead."

Read more of this story at Slashdot.

Atari has just announced a renewed version of its 7800 home console from 1986. Polygon: Dubbed the 7800 Plus, the new console will launch later this winter but is already available to pre-order from Atari for $129.99. The 7800 Plus is a scaled-down version of the original hardware equipped with an HDMI connection and has the ability to play first and third-party cartridges for the Atari 2600 and 7800. Additionally, you'll have the option to play your games in their original 4:3 aspect ration, or upscale them to widescreen format. While emulators and other options for playing retro Atari games exist, playing the games on their original hardware remains the definitive way to experience many of these classic titles. Along with its new console, Atari also announced a pair of new wireless controllers. The CX40 Plus wireless Joystick and CX78 Plus Wireless gamepad are loving recreations of the original hardware as they shipped with the Atari 2600 and 7800. Both of the new controllers are compatible with either the Atari 2600 Plus (released last year) or the new 7800 Plus consoles but can also be hooked up to your PC by using the included USB-C adapter -- they're even compatible with an original 2600 or 7800 if you have one lying around. Both peripherals are available from Atari now and cost $34.99.

Read more of this story at Slashdot.

North Korean hackers exploited a critical Windows vulnerability to deploy advanced malware, security researchers revealed. The zero-day flaw, patched by Microsoft last week, allowed attackers to gain system-level access and install a sophisticated rootkit called FudModule. Gen, the firm that discovered the attacks, identified the threat actors as Lazarus, a hacking group linked to North Korea. The exploit targeted individuals in cryptocurrency and aerospace industries, likely aiming to steal digital assets and infiltrate corporate networks. FudModule, first analyzed in 2022, stands out for its ability to operate deep within Windows, evading detection by security defenses. Earlier versions used vulnerable drivers for installation, while a newer variant exploited a bug in Windows' AppLocker service.

Read more of this story at Slashdot.

North America's eight primary data center markets added 515 megawatts (MW) of new supply in the first half of 2024 -- the equivalent of Silicon Valley's entire existing inventory -- according to a new report real-estate services firm CBRE. From a report: All of Silicon Valley has 459 MW of data center supply, while those main markets have a total of 5,689 MW. That's up 10% from a year ago and about double what it was five years ago. Data center space under construction is up nearly 70% from a year ago and is currently at a record high. But the vast majority of that is already leased, and vacancy rates have shrunk to a record low of 2.8%. In other words, developers are building an insane amount of data center capacity, but it's still not enough to meet the growing demands of cloud computing and artificial intelligence providers.

Read more of this story at Slashdot.

An anonymous reader shares a report: Disney has now agreed that a wrongful death lawsuit should be decided in court following backlash for initially arguing the case belonged in arbitration because the grieving widower had once signed up for a Disney Plus trial. "With such unique circumstances as the ones in this case, we believe this situation warrants a sensitive approach to expedite a resolution for the family who have experienced such a painful loss," chairman of Disney experiences Josh D'Amaro said in a statement to The Verge. "As such, we've decided to waive our right to arbitration and have the matter proceed in court." The lawsuit was filed in February by Jeffrey Piccolo, the husband of a 42-year-old woman who died last year due to an allergic reaction that occurred after eating at a restaurant in the Disney Springs shopping complex in Orlando. The case gained widespread media attention after Piccolo's legal team challenged Disney's motion to dismiss the case, arguing that a forced arbitration agreement Piccolo signed was effectively invisible.

Read more of this story at Slashdot.

Maria Branyas, who was the world's oldest person, has died peacefully in a Spanish nursing home at the age of 117. From a report: "Maria Branyas has left us. She has died as she wanted: in her sleep, peacefully and without pain," her official X account said, and a spokesperson at the nursing home confirmed the news without providing details. Branyas had suggested that her demise was imminent on Monday on X, saying: "I feel weak. The time is coming. Don't cry, I don't like tears... You know me, wherever I go, I will be happy." Her X account is handled by her daughter. She had turned 117 on March 4, according to Guinness World Records, and had become the oldest person in the world in January 2023. Born in San Francisco, California, in 1907, she moved with her Spanish family back to the northeastern region of Catalonia when she was seven. She spent the rest of her life there, living through the 1936-39 civil war and two pandemics a century apart - the 1918 Spanish flu pandemic and the 2020-2021 COVID-19 pandemic. In 1931, she married Catalan doctor Joan Moret, with whom she had three children. Her husband passed away in 1976 and she also outlived her son, August, who died in a tractor accident at the age of 86, Guinness World Records said on its website.

Read more of this story at Slashdot.

AI company Anthropic has been hit with a class-action lawsuit in California federal court by three authors who say it misused their books and hundreds of thousands of others to train its AI-powered chatbot Claude. From a report: The complaint, filed on Monday, by writers and journalists Andrea Bartz, Charles Graeber and Kirk Wallace Johnson, said that Anthropic used pirated versions of their works and others to teach Claude to respond to human prompts. The lawsuit joins several other high-stakes complaints filed by copyright holders including visual artists, news outlets and record labels over the material used by tech companies to train their generative artificial intelligence systems. Separate groups of authors have sued OpenAI and Meta over the companies' alleged misuse of their work to train the large-language models underlying their chatbots.

Read more of this story at Slashdot.

A new paper on the National Bureau of Economic Research: Using more than 4,900 assessments, we study changes in the characteristics and objectives of CEOs and top executives since 2001. The same four factors explain roughly half of the variation of assessed CEO characteristics in this larger sample of executive assessments as in Kaplan and Sorensen (2021). After the global financial crisis (GFC), the average interviewed CEO candidate has lower overall ability, is more execution oriented / less interpersonal, less charismatic and less creative/strategic than pre-GFC. Except for overall ability and execution oriented/interpersonal, these differences persist in hired CEOs. Interpersonal or "softer" skills do not increase over time, either for CEO candidates or hired CEOs. Pre- and post-GFC, we find a positive correlation between the ability of assessed CEOs and other C-level executives assessed at the same company, suggesting that higher-ability executives complement each other. Finally, we look at the relation between the objectives for which the CEOs are interviewed and CEO characteristics.

Read more of this story at Slashdot.

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files.

https://security-tracker.debian.org/tracker/DSA-5756-1

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files.

https://security-tracker.debian.org/tracker/DSA-5755-1

Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files.

https://security-tracker.debian.org/tracker/DSA-5754-1

An integer overflow was discovered in aom, the AV1 Video Codec Library, which could potentially result in the execution of arbitrary code if a malformed media file is processed.

https://security-tracker.debian.org/tracker/DSA-5753-1