News

Starting with Word for Windows version 2509, Microsoft is making cloud saving the default behavior. New documents will automatically save to OneDrive (or another cloud destination), with dated filenames, unless users manually revert to local saving in the settings. From the report: "Anything new you create will be saved automatically to OneDrive or your preferred cloud destination", writes Raul Munoz, product manager at Microsoft on the Office Shared Services and Experiences team. Munoz backs up the decision with half a dozen advantages for saving documents to the cloud. From never losing progress and access anywhere to easy collaboration and increased security and compliance. While cloud saving is without doubt beneficial in some cases, Munoz fails to address the elephant in the room. Some users may not want that their documents are stored in the cloud. There are good reasons for that, including privacy. Summed up: - If you do not mind that Word documents are stored in the cloud, you do not need to become active. - If you mind that Word documents are stored in the cloud by default, you need to modify the default setting.

Read more of this story at Slashdot.

Google has eliminated more than one-third of its managers overseeing small teams, an executive told employees last week, as the company continues its focus on efficiencies across the organization. From a report: "Right now, we have 35% fewer managers, with fewer direct reports" than at this time a year ago, said Brian Welle, vice president of people analytics and performance, according to audio of an all-hands meeting reviewed by CNBC. "So a lot of fast progress there." At the meeting, employees asked Welle and other executives about job security, "internal barriers" and Google's culture after several recent rounds of layoffs, buyouts and reorganizations. Welle said the idea is to reduce bureaucracy and run the company more efficiently. "When we look across our entire leadership population, that['s mangers, directors and VPs, we want them to be a smaller percentage of our overall workforce over time," he said.

Read more of this story at Slashdot.

After losing his job in 2024, Eric Thompson spearheaded a working group to push for federal legislation banning "ghost jobs" -- openings posted with no intent to hire. The proposed Truth in Job Advertising and Accountability Act would require transparency around job postings, set limits on how long ads can remain up, and fine companies that violate the rules. CNBC reports: "There's nothing illegal about posting a job, currently, and never filling it," says Thompson, a network engineering leader in Warrenton, Virginia. Not to mention, it's "really hard to prove, and so that's one of the reasons that legally, it's been kind of this gray area." As Thompson researched more into the phenomenon, he connected with former colleagues and professional connections across the country experiencing the same thing. Together, the eight of them decided to form the TJAAA working group to spearhead efforts for federal legislation to officially ban businesses from posting ghost jobs. In May, the group drafted its first proposal: The TJAAA aims to require that all public job listings include information such as: - The intended hire and start dates - Whether it's a new role or backfill - If it's being offered internally with preference to current employees - The number of times the position has been posted in the last two years, and other factors, according to the draft language. It also sets guidelines for how long a post is required to be up (no more than 90 calendar days) and how long the submission period can be (at least four calendar days) before applications can be reviewed. The proposed legislation applies to businesses with more than 50 employees, and violators can be fined a minimum of $2,500 for each infraction. The proposal provides a framework at the federal level, Thompson says, because state-level policies won't apply to employers who post listings across multiple states, or who use third-party platforms that operate beyond state borders.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Hill: Republicans on the House Oversight and Government Reform Committee opened a probe into alleged organized efforts to inject bias into Wikipedia entries and the organization's responses. Chair James Comer (R-Ky.) and Rep. Nancy Mace (R-S.C.), chair of the panel's subcommittee on cybersecurity, information technology, and government innovation, on Wednesday sent an information request on the matter to Maryana Iskander, chief executive officer of the Wikimedia Foundation, the nonprofit that hosts Wikipedia. The request, the lawmakers said in the letter (PDF), is part of an investigation into "foreign operations and individuals at academic institutions subsidized by U.S. taxpayer dollars to influence U.S. public opinion." The panel is seeking documents and communications about Wikipedia volunteer editors who violated the platform's policies, as well as the Wikimedia Foundation's efforts to "thwart intentional, organized efforts to inject bias into important and sensitive topics." "Multiple studies and reports have highlighted efforts to manipulate information on the Wikipedia platform for propaganda aimed at Western audiences," Comer and Mace wrote in the letter. They referenced a report from the Anti-Defamation League about anti-Israel bias on Wikipedia that detailed a coordinated campaign to manipulate content related to the Israel-Palestine conflict and similar issues, as well as an Atlantic Council report on pro-Russia actors using Wikipedia to push pro-Kremlin and anti-Ukrainian messaging, which can influence how artificial intelligence chatbots are trained. "[The Wikimedia] foundation, which hosts the Wikipedia platform, has acknowledged taking actions responding to misconduct by volunteer editors who effectively create Wikipedia's encyclopedic articles. The Committee recognizes that virtually all web-based information platforms must contend with bad actors and their efforts to manipulate. Our inquiry seeks information to help our examination of how Wikipedia responds to such threats and how frequently it creates accountability when intentional, egregious, or highly suspicious patterns of conduct on topics of sensitive public interest are brought to attention," Comer and Mace wrote. The lawmakers requested information about "the tools and methods Wikipedia utilizes to identify and stop malicious conduct online that injects bias and undermines neutral points of view on its platform," including documents and records about possible coordination of state actors in editing, the kind of accounts that have been subject to review, and and of the panel's analysis of data manipulation or bias. "We welcome the opportunity to respond to the Committee's questions and to discuss the importance of safeguarding the integrity of information on our platform," a Wikimedia Foundation spokesperson said.

Read more of this story at Slashdot.

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out. The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

Read more of this story at Slashdot.

Deforestation has killed more than half a million people in the tropics over the past two decades as a result of heat-related illness, a study has found. The Guardian: Land clearance is raising the temperature in the rainforests of the Amazon, Congo and south-east Asia because it reduces shade, diminishes rainfall and increases the risk of fire, the authors of the paper found. Deforestation is responsible for more than a third of the warming experienced by people living in the affected regions, which is on top of the effect of global climate disruption. About 345 million people across the tropics suffered from this localised, deforestation-caused warming between 2001 and 2020. For 2.6 million of them, the additional heating added 3C to their heat exposure. In many cases, this was deadly. The researchers estimated that warming due to deforestation accounted for 28,330 annual deaths over that 20-year period.

Read more of this story at Slashdot.

The FBI and other law enforcement and intelligence agencies around the world warned Wednesday that a Chinese-government hacking campaign that previously penetrated nine U.S. telecommunications companies has expanded into other industries and regions, striking at least 200 American organizations and 80 countries. From a report: The joint advisory was issued with the close allies in the Five Eyes English-language intelligence-sharing arrangement and also agencies from Finland, Netherlands, Poland and the Czech Republic, an unusually broad array meant to demonstrate global resolve against what intelligence officials said is a pernicious campaign that exceeds accepted norms for snooping. "The expectation of privacy here was violated, not just in the U.S., but globally," FBI Assistant Director Brett Leatherman, who heads the bureau's cyber division, told The Washington Post in an interview. Chinese hackers won deep access to major communication carriers in the U.S. and elsewhere, then extracted call records and some law enforcement directives, which allowed them to build out a map of who was calling whom and whom the U.S. suspected of spying, Leatherman said. Prominent politicians in both major U.S. parties were among the ultimate victims.

Read more of this story at Slashdot.

Phonemaker Nothing used professional stock photos to demonstrate its Phone 3's camera capabilities on retail demo units, according to The Verge. Five images the company presented as community-captured samples were licensed photographs from the Stills marketplace, taken with other cameras in 2023. The Verge verified EXIF data confirming one image predated the Phone 3's release. Co-founder Akis Evangelidis acknowledged the photos were placeholders intended for pre-production testing that weren't replaced before deployment to stores.

Read more of this story at Slashdot.

South Korea has passed a bill banning the use of mobile phones and smart devices during class hours in schools -- becoming the latest country to restrict phone use among children and teens. From a report: The law, which comes into effect from the next school year in March 2026, is the result of a bi-partisan effort to curb smartphone addiction, as more research points to its harmful effects. Lawmakers, parents and teachers argue that smartphone use is affecting students' academic performance and takes away time they could have spent studying.

Read more of this story at Slashdot.

Wikipedia's volunteer editors have rejected founder Jimmy Wales' proposal to use ChatGPT for article review guidance after the AI tool produced error-filled feedback when Wales tested it on a draft submission. The ChatGPT response misidentified Wikipedia policies, suggested citing non-existent sources and recommended using press releases despite explicit policy prohibitions. Editors argued automated systems producing incorrect advice would undermine Wikipedia's human-centered model. The conflict follows earlier tensions over the Wikimedia Foundation's AI experiments, including a paused AI summary feature and new policies targeting AI-generated content.

Read more of this story at Slashdot.

Michael Imfeld discovered an out-of-bounds read vulnerability in udisks2, a D-Bus service to access and manipulate storage devices, which may result in denial of service (daemon process crash), or in mapping an internal file descriptor from the daemon process onto a loop device, resulting in local privilege escalation.

https://security-tracker.debian.org/tracker/DSA-5989-1

Digital resurrections of deceased individuals are emerging as the next commercial frontier in AI, with the digital afterlife industry projected to reach $80 billion within a decade. Companies developing these AI avatars are exploring revenue models ranging from interstitial advertising during conversations to data collection about users' preferences. StoryFile CEO Alex Quinn confirmed his company is exploring methods to monetize interactions between users and deceased relatives' digital replicas, including probing for consumer information during conversations. The technology has already demonstrated persuasive capabilities in legal proceedings, where an AI recreation of road rage victim Chris Pelkey delivered testimony that contributed to a maximum sentence. Current implementations operate through subscription models, though no federal regulations govern commercial applications of posthumous AI representations despite state-level protections for deceased individuals' likeness rights.

Read more of this story at Slashdot.

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5988-1

Multiple security issues were discovered in Unbound, a validating, recursive, caching DNS resolver, which may result in denial of service or cache poisoning via the "rebirthday attack".

https://security-tracker.debian.org/tracker/DSA-5987-1

Nikita Skorovoda discovered that Node cipher-base, an abstract base class for crypto-streams, performed incomplete type checks.

https://security-tracker.debian.org/tracker/DSA-5986-1

Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

https://security-tracker.debian.org/tracker/DSA-5985-1

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5984-1

This update removes the usage of the C (Credential) flag for the binfmt_misc registration within the qemu-user package, as it allowed for privilege escalation when running a suid/sgid binary under qemu-user. This means suid/sgid foreign-architecture binaries are not running with elevated privileges under qemu-user anymore. If you relied on this behavior of qemu-user in the past (running suid/sgid foreign-arch binaries), this will require changes to your deployment.

In Bookworm the affected packages are qemu-user-static (and qemu-user-binfmt) instead of qemu-user.

Additionally, two security issues were fixed the in SR-IOV support of QEMU system emulation.

https://security-tracker.debian.org/tracker/DSA-5983-1

Two security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service.

https://security-tracker.debian.org/tracker/DSA-5982-1

A security issues was discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5981-1