News

With Windows 10's end-of-life update coming next October, it appears that users are finally making the jump to its successor. As spotted by Neowin, Windows 11 crossed the 30% market share mark for the first time since its release. From the report: According to Statcounter's latest findings, last month, Windows 11 reached a new all-time high of 30.83%, gaining 1.08 points in just one month or 7.17 points year-over-year (it was at 23.66% in July 2023). Just as Windows 11 climbs, Windows 10 loses its market share. It is now below 65%, or 64.99%, to be precise, or -1.06 points in one month. Year-over-year change is 11.15 points (it was at 71.14% in July 2023). [...] Other Windows versions, which are now long unsupported, still have a fair share of customers who refuse to jump-ship. Windows 7, for one, is the third most popular Windows with a 3.04% market share (+0.08 points). Windows 8.1 is fourth with 0.42% (+0.02 points), and Windows XP is fifth with 0.38% (-0.01 points).

Read more of this story at Slashdot.

Silicon Valley's fascination with AI has led to parents enrolling children as young as five in AI-focused summer camps. "It's common for kids on summer break to attend space, science or soccer camp, or even go to coding school," writes Priya Anand via the San Francisco Standard. "But the growing effort to teach kindergarteners who can barely spell their names lessons in 'Advanced AI Robot Design & AR Coding' shows how far the frenzy has extended." From the report: Parents who previously would opt for coding camps are increasingly interested in AI-specific programming, according to Eliza Du, CEO of Integem, which makes holographic augmented reality technology in addition to managing dozens of tech-focused kids camps across the country. "The tech industry understands the value of AI," she said. "Every year it's increasing." Some Bay Area parents are so eager to get their kids in on AI's ground floor that they try to sneak toddlers into advanced courses. "Sometimes they'll bring a 4-year-old, and I'm like, you're not supposed to be here," Du said. Du said Integem studied Common Core education standards to ensure its programming was suitable for those as young as 5. She tries to make sure parents understand there's only so much kids can learn across a week or two of camp. "Either they set expectations too high or too low," Du said of the parents. As an example, she recounted a confounding comment in a feedback survey from the parent of a 5-year-old. "After one week, the parent said, "My child did not learn much. My cousin is a Google engineer, and he said he's not ready to be an intern at Google yet.' What do I say to that review?" Du said, bemused. "That expectation is not realistic." Even less tech-savvy parents are getting in on the hype. Du tells of a mom who called the company to get her 12-year-old enrolled in "AL" summer camp. "She misread it," Du said, explaining that the parent had confused the "I" in AI with a lowercase "L."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: On July 19, Yelp informed select indie developers that they would have to switch to paid accounts, due to high API usage. Developers were given four days to make the change, in a move that echoes recent communication bungles by Reddit and Twitter. When the developers replied to the July 19 email, Yelp sent a deck of pricing tiers with base pricing starting from $229 per month for a limit of 1,000 API calls per day. Developers were concerned that other, more affordable options weren't mentioned in the deck. Yelp said the pricing is equivalent and simply presented in different ways. The method of communication and lack of transparency has angered developers, some of whom shuttered their services, even after Yelp gave them a 90-day leeway and apologized. While the company has issued an apology email to developers and extended their free usage by 90 days, it may not be enough to keep these frustrated developers from moving to new platforms. "We apologize for last week's abbreviated transition that impacted a small percentage of developers and have extended access to these users," a company spokesperson told TechCrunch. "Yelp sunsetted free, commercial, unlimited use of the Yelp Fusion API in 2019 and has been in the process of migrating developers to a paid program over the last several years. The developer community is important to Yelp, and we've heard their feedback about the transition period from the free Yelp Fusion API to our paid program."

Read more of this story at Slashdot.

Members of the Screen Actors Guild (SAG-AFTRA) are striking against the video game industry due to failed negotiations over AI-related worker protections. "The guild began striking on Friday, July 26th, preventing over 160,000 SAG-AFTRA members from taking new video game projects and impeding games already in development from the biggest publishers to the smallest indie studios," notes The Verge. From the report: Negotiations broke down due to disagreements over worker protections around AI. The actors union, SAG-AFTRA, negotiates the terms of the interactive media agreement, or IMA, with a bargaining committee of video game publishers, including Activision, Take-Two, Insomniac Games, WB Games, and others that represent a total of 30 signatory companies. Though SAG-AFTRA and the video game bargaining group were able to agree on a number of proposals, AI remained the final stumbling block resulting in the strike. SAG-AFTRA's provisions on AI govern both voice and movement performers with respect to digital replicas -- or using an existing performance as the foundation to create new ones without the original performer -- and the use of generative AI to create performances without any initial input. However, according to SAG-AFTRA, the bargaining companies disagreed about which type of performer should be eligible for AI protections. SAG-AFTRA chief contracts officer Ray Rodriguez said that the bargaining companies initially wanted to offer protections to voice, not motion performers. "So anybody doing a stunt or creature performance, all those folks would have been left unprotected under the employers' offer," Rodriguez said in an interview with Aftermath. Rodriguez said that the companies later extended protections to motion performers, but only if "the performer is identifiable in the output of the AI digital replica." SAG-AFTRA rejected this proposal as it would potentially exclude a majority of movement performances. "Their proposal would carve out anything that doesn't look and sound identical to me," said Andi Norris, a member of SAG-AFTRA's IMA negotiating committee, during a press conference. "[The proposal] would leave movement specialists, including stunts, entirely out in the cold, to be replaced ... by soulless synthetic performers trained on our actual performances." The bargaining game companies argued that the terms went far enough and would require actors' approval. "Our offer is directly responsive to SAG-AFTRA's concerns and extends meaningful AI protections that include requiring consent and fair compensation to all performers working under the IMA. These terms are among the strongest in the entertainment industry," wrote Audrey Cooling, a representative working on behalf of the video game companies on the bargaining committee in a statement to The Verge.

Read more of this story at Slashdot.

Apple has introduced a new feature for Safari that allows users to block distracting elements on web pages, such as sign-in popups, some autoplay videos and even ads (temporarily). The feature is called "Distraction Control" and is rolling out today in iOS 18 beta 5. 9to5Mac reports: Distraction Control is accessible via the same Page Menu interface in Safari as Reader and Viewer. Here, users will find a new "Hide Distracting Items" option to enable Distraction Control. Users will then be prompted to select different elements on a webpage that they feel are distracting. Users will have to manually choose each item on a webpage that they wish to hide. Distraction Control will persist through page refreshes and reloads, assuming that the hidden item does not change. Apple says that nothing is proactively hidden with this feature; only items that a user manually selects are hidden. Apple also emphasizes that this feature is not meant to serve as an ad blocker. While a user can technically use Distraction Control to hide an ad on a website temporarily, that ad will re-appear when the page is refreshed or otherwise reloaded. In fact, the first time a user activates Distraction Control, Safari will display a pop-up that emphasizes the feature will not permanently remove ads or other areas of a website that frequently change. If a user chooses to hide something like a GDPR banner or a cookies request pop-up, Distraction Control behaves in the same way as if the user manually clicked to dismiss that pop-up. This means Distraction Control will serve as neither an "Accept" nor "Decline" for that cookies request. Finally, if a user wishes to unhide an item, they can click back into the Page Menu interface in Safari and choose "Show Hidden Items."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Indonesia said it has banned the privacy-oriented search engine DuckDuckGo, citing concerns that it could be used to access pornography and online gambling websites which are illegal in the country, the communications ministry said on Friday. Indonesia, with the world's biggest Muslim population, has strict rules that ban the sharing online of content deemed obscene. Social media platform Reddit and video-hosting platform Vimeo are blocked. Usman Kansong, a communications ministry official, told Reuters that DuckDuckGo had been blocked "because of the many complaints made to us about the rampant online gambling and pornography content in its search results." The ministry did not say how DuckDuckGo differs from other search engines such as Alphabet's Google but on its website, DuckDuckGo said it offered several products intended to "help people protect their online privacy" including the search engine, which it said has been praised by privacy advocates.

Read more of this story at Slashdot.

Google's payments to make its search engine the default on smartphone web browsers violates US antitrust law, a federal judge ruled Monday, handing a key victory to the Justice Department. From a report: Judge Amit Mehta in Washington said that the Alphabet unit's $26 billion in payments effectively blocked any other competitor from succeeding in the market. Antitrust enforcers alleged that Google has illegally maintained a monopoly over online search and related advertising. The government said that Google has paid Apple, Samsung and others billions over decades for prime placement on smartphones and web browsers. This default position has allowed Google to build up the most-used search engine in the world, and fueled more than $300 billion in annual revenue largely generated by search ads.

Read more of this story at Slashdot.

snydeq writes: CSO Online's Evan Schuman reports on a design flaw in Microsoft Authenticator that causes it to often overwrite authentication accounts when a user adds a new one via QR scan. "But because of the way the resulting lockout happens, the user is not likely to realize the issue resides with Microsoft Authenticator. Instead, the company issuing the authentication is considered the culprit, resulting in wasted corporate helpdesk hours trying to fix an issue not of that company's making." Schuman writes: "The core of the problem? Microsoft Authenticator will overwrite an account with the same username. Given the prominent use of email addresses for usernames, most users' apps share the same username. Google Authenticator and just about every other authenticator app add the name of the issuer -- such as a bank or a car company -- to avoid this issue. Microsoft only uses the username." The flaw appears to have been in place since Authenticator was released in 2016. Users have complained about this issue in the past to no avail. In its two correspondences with Schuman, Microsoft first laid blame on users, then on issuers. Several IT experts confirmed the flaw, with one saying, "It's possible that this problem occurs more often than anyone realizes because [users] don't realize what the cause is. If you haven't picked an authentication app, why would you pick Microsoft?"

Read more of this story at Slashdot.

Illinois Governor J.B. Pritzker has signed a bill into law that will significantly curb the penalties companies could face for improperly collecting and using fingerprints and other biometric data from workers and consumers. From a report: The bill passed by the legislature in May and signed by Pritzker, a Democrat, on Friday amends the state's Biometric Information Privacy Act (BIPA) so that companies can be held liable only for a single violation per person, rather than for each time biometric data is allegedly misused. The amendments will dramatically limit companies' exposure in BIPA cases and could discourage plaintiffs' lawyers from filing many lawsuits in the first place, management-side lawyers said. "By limiting statutory damages to a single recovery per individual ... companies in most instances will no longer face the prospect of potentially annihilative damages awards that greatly outpace any privacy harms," David Oberly, of counsel at Baker Donelson in Washington, D.C., said before the bill was signed. BIPA, a 2008 law, requires companies to obtain permission before collecting fingerprints, retinal scans and other biometric information from workers and consumers. The law imposes penalties of $1,000 per violation and $5,000 for reckless or intentional violations.

Read more of this story at Slashdot.

Reeling from security and optics issues, Microsoft appears to be trying to correct its story. An anonymous reader shares a report: Microsoft made it clear earlier this year that it was planning to make security its top priority, following years of security issues and mounting criticisms. Starting today, the software giant is now tying its security efforts to employee performance reviews. Kathleen Hogan, Microsoft's chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. "Everyone at Microsoft will have security as a Core Priority," says Hogan. "When faced with a tradeoff, the answer is clear and simple: security above all else." A lack of security focus for Microsoft employees could impact promotions, merit-based salary increases, and bonuses. "Delivering impact for the Security Core Priority will be a key input for managers in determining impact and recommending rewards," Microsoft is telling employees in an internal Microsoft FAQ on its new policy. Microsoft has now placed security as one of its key priorities alongside diversity and inclusion. Both are now required to be part of performance conversations -- internally called a "Connect" -- for every employee, alongside priorities that are agreed upon between employees and their managers.

Read more of this story at Slashdot.

Nvidia scraped videos from YouTube, Netflix and other online platforms to compile training data for its AI products, 404 Media reported Monday, citing internal documents. The tech giant used this content to develop various AI projects, including its Omniverse 3D world generator and self-driving car systems, the report said. Some employees expressed concerns about potential legal issues surrounding the use of such content, the report said, adding that the management assured them of executive-level approval. Nvidia defended its actions, asserting they were "in full compliance with the letter and the spirit of copyright law" and emphasizing that copyright protects specific expressions rather than facts or ideas.

Read more of this story at Slashdot.

Elon Musk has reignited his legal battle against OpenAI, the creators of ChatGPT, by filing a new lawsuit in a California federal court. The suit, which revives a six-year-old dispute, accuses OpenAI founders Sam Altman and Greg Brockman of breaching the company's founding principles by prioritizing commercial interests over public benefit. Musk's complaint alleges that OpenAI's multibillion-dollar partnership with Microsoft contradicts the original mission to develop AI responsibly for humanity's benefit. The lawsuit describes the alleged betrayal in dramatic terms, claiming "perfidy and deceit... of Shakespearean proportions." OpenAI has not yet commented on the new filing. In response to Musk's previous lawsuit, which was withdrawn seven weeks ago, the company stated its commitment to building safe artificial general intelligence for the benefit of humanity.

Read more of this story at Slashdot.

CrowdStrike says that it isn't to blame for Delta Air Lines' dayslong meltdown following the tech outage caused by the cybersecurity company, and that it isn't responsible for all of the money that the carrier says it lost. From a report: In a letter responding to the airline's recent public comments and hiring of a prominent lawyer, CrowdStrike said Delta's threats of a lawsuit have contributed to a "misleading narrative" that the cybersecurity company was responsible for the airline's tech decisions and response to the outage. "Should Delta pursue this path, Delta will have to explain to the public, its shareholders, and ultimately a jury why CrowdStrike took responsibility for its actions -- swiftly, transparently, and constructively -- while Delta did not," wrote Michael Carlinsky, an attorney at law firm Quinn Emanuel Urquhart & Sullivan. The letter to Delta's legal team Sunday evening is the latest move in a growing conflict between the cybersecurity firm and the airline, which was thrown into several days of disarray following the outage. Delta Chief Executive Ed Bastian said in an interview on CNBC last week that the outage cost the airline about $500 million, including lost revenue and compensation costs. The airline has alerted CrowdStrike and Microsoft that it is planning to pursue legal claims to recover its losses, and has hired litigation firm Boies Schiller Flexner to assist, according to a memo Bastian sent to Delta employees last week. CrowdStrike said Sunday that its liability is contractually capped at an amount in the "single-digit millions."

Read more of this story at Slashdot.

Charles Schwab and other retail brokerage users reported outages as a global stocks selloff surged when trading in the US market opened on Monday. From a report: More than 14,000 users reported an outage at Schwab at 9:50 a.m. in New York, according to the website Downdetector. The outage comes at a time when global financial markets are experiencing a significant downturn as a widespread sell-off intensified following Friday's disappointing US employment data, which heightened concerns about a potential recession in the world's largest economy. The turbulence was particularly pronounced in Asian markets, with Japanese stocks leading the decline, while cryptocurrencies, oil prices, and European equities also suffered losses. The volatility spread to the US, where stocks plummeted at the opening bell, and the yield curve briefly inverted as investors increased their bets on imminent Federal Reserve interest rate cuts.

Read more of this story at Slashdot.

OpenAI has developed a sophisticated anticheating tool for detecting AI-generated content, particularly essays and research papers, but has refrained from releasing it due to internal debates and ethical considerations, according to WSJ. This tool, which has been ready for deployment for approximately a year, utilizes a watermarking technique that subtly alters token selection in ChatGPT's output, creating an imperceptible pattern detectable only by OpenAI's technology. While boasting a 99.9% effectiveness rate for substantial AI-generated text, concerns persist regarding potential workarounds and the challenge of determining appropriate access to the detection tool, as well as its potential impact on non-native English speakers and the broader AI ecosystem.

Read more of this story at Slashdot.

Rory McNamara reported a local privilege escalation in wpasupplicant: A user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.

https://security-tracker.debian.org/tracker/DSA-5739-1

Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.

https://security-tracker.debian.org/tracker/DSA-5738-1

A CNN reporter spent more than two hours waiting for EV chargers — thanks to "ill-mannered charger hogs who don't respect EV etiquette." [T]o protect batteries from damage, charging speeds slow way down once batteries get beyond 80% full. In fact, it can take as long, or even longer, to go from 80% charged to completely full than to reach 80%. Meanwhile, lines of electric vehicles wait behind almost-full cars. I was waiting behind people with batteries that were 92%, 94% and even 97% full, as I could see on the charger screens. Still, they stayed there. I made my own situation worse by giving up on one location and going to another with more chargers, but there were even more EVs waiting there. Given that a lack of public charging is turning many consumers off to EVs, according to multiple surveys, this is a major issue. Both Electrify America and EVgo said they are rapidly expanding their networks to, as EVgo's Rafalson put it, "skate ahead of the puck," trying to make sure there are enough chargers to meet future demand... "I think what you're seeing is demand for public fast charging is really skyrocketing," said Sara Rafalson, executive vice president for policy at EV charging company EVgo, "and I would say we've been really at an inflection point in the last year, year and a half, with demand...." Electrify America, one of America's biggest charging companies, is experimenting with a solution to the problem of charger hogs who can make it slow and unpleasant to travel in an EV. At 10 of the busiest EV fast charging stations in California, Electrify America has enacted a strict limit. Once a car's batteries are 85% charged, charging will automatically stop and the driver will be told to unplug and leave or face additional 40-cent-per-minute "idle time" fees for taking the space. It's similar to something Tesla vehicles do automatically. When a Tesla car, truck or SUV plugs into a particularly heavily-used Supercharger station, the vehicle itself may automatically limit charging to just 80% "to reduce congestion," according to Tesla's on-line Supercharger Support web page. In that case, though, the user can still override the limit using the vehicle's touchscreen. There will be no getting around Electrify America's limit. Electrify America's president points out an EV driver could need a full charge (if they're travelling somewhere with fewer charges) — or if they're driving an EV with a relatively short range. So the article notse that some EV charging companies "have experimented with plans that charge different amounts of money at different times to give drivers incentives to fill their batteries at less busy hours... "For the time being, let's just hope that EV drivers who don't really need to fill all the way up will learn to be more considerate."

Read more of this story at Slashdot.

This week America's Securities and Exchange Commission filed fraud charges against the former CEO of the startup social media site "IRL" The BBC reports: IRL — which was once considered a potential rival to Facebook — took its name from its intention to get its online users to meet up in real life. However, the initial optimism evaporated after it emerged most of IRL's users were bots, with the platform shutting in 2023... The SEC says it believes [CEO Abraham] Shafi raised about $170m by portraying IRL as the new success story in the social media world. It alleges he told investors that IRL had attracted the vast majority its supposed 12 million users through organic growth. In reality, it argues, IRL was spending millions of dollars on advertisements which offered incentives to prospective users to download the IRL app. That expenditure, it is alleged, was subsequently hidden in the company's books. IRL received multiple rounds of venture capital financing, eventually reaching "unicorn status" with a $1.17 billion valuation, according to TechCrunch. But it shut down in 2023 "after an internal investigation by the company's board found that 95% of the app's users were 'automated or from bots'." TechCrunch notes it's the second time in the same week — and at least the fourth time in the past several months — that the SEC has charged a venture-backed founder on allegations of fraud... Earlier this week, the SEC charged BitClout founder Nader Al-Naji with fraud and unregistered offering of securities, claiming he used his pseudonymous online identity "DiamondHands" to avoid regulatory scrutiny while he raised over $257 million in cryptocurrency. BitClout, a buzzy crypto startup, was backed by high-profile VCs such as a16z, Sequoia, Chamath Palihapitiya's Social Capital, Coinbase Ventures and Winklevoss Capital. In June, the SEC charged Ilit Raz, CEO and founder of the now-shuttered AI recruitment startup Joonko, with defrauding investors of at least $21 million. The agency alleged Raz made false and misleading statements about the quantity and quality of Joonko's customers, the number of candidates on its platform and the startup's revenue. The agency has also gone after venture firms in recent months. In May, the SEC charged Robert Scott Murray and his firm Trillium Capital LLC with a fraudulent scheme to manipulate the stock price of Getty Images Holdings Inc. by announcing a phony offer by Trillium to purchase Getty Images.

Read more of this story at Slashdot.

America's Defense Department has launched a project "that aims to develop machine-learning tools that can automate the conversion of legacy C code into Rust," reports the Register — with an online event already scheduled later this month for those planning to submit proposals: The reason to do so is memory safety. Memory safety bugs, such buffer overflows, account for the majority of major vulnerabilities in large codebases. And DARPA's hope [that's the Defense Department's R&D agency] is that AI models can help with the programming language translation, in order to make software more secure. "You can go to any of the LLM websites, start chatting with one of the AI chatbots, and all you need to say is 'here's some C code, please translate it to safe idiomatic Rust code,' cut, paste, and something comes out, and it's often very good, but not always," said Dan Wallach, DARPA program manager for TRACTOR, in a statement. "The research challenge is to dramatically improve the automated translation from C to Rust, particularly for program constructs with the most relevance...." DARPA's characterization of the situation suggests the verdict on C and C++ has already been rendered. "After more than two decades of grappling with memory safety issues in C and C++, the software engineering community has reached a consensus," the research agency said, pointing to the Office of the National Cyber Director's call to do more to make software more secure. "Relying on bug-finding tools is not enough...." Peter Morales, CEO of Code Metal, a company that just raised $16.5 million to focus on transpiling code for edge hardware, told The Register the DARPA project is promising and well-timed. "I think [TRACTOR] is very sound in terms of the viability of getting there and I think it will have a pretty big impact in the cybersecurity space where memory safety is already a pretty big conversation," he said. DARPA's statement had an ambitious headline: "Eliminating Memory Safety Vulnerabilities Once and For All." "Rust forces the programmer to get things right," said DARPA project manager Wallach. "It can feel constraining to deal with all the rules it forces, but when you acclimate to them, the rules give you freedom. They're like guardrails; once you realize they're there to protect you, you'll become free to focus on more important things." Code Metal's Morales called the project "a DARPA-hard problem," noting the daunting number of edge cases that might come up. And even DARPA's program manager conceded to the Register that "some things like the Linux kernel are explicitly out of scope, because they've got technical issues where Rust wouldn't fit." Thanks to long-time Slashdot reader RoccamOccam for sharing the news.

Read more of this story at Slashdot.