You are here

Agreguesi i feed

Why Your Wi-Fi Router Doubles As an Apple AirTag

Slashdot - Enj, 23/05/2024 - 2:10pd
An anonymous reader quotes a report from Krebs On Security: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally -- including non-Apple devices like Starlink systems -- and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates. Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID. Periodically, Apple and Google mobile devices will forward their locations -- by querying GPS and/or by using cellular towers as landmarks -- along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it's what allows your mobile phone to continue displaying your planned route even when the device can't get a fix on GPS. With Google's WPS, a wireless device submits a list of nearby Wi-Fi access point BSSIDs and their signal strengths -- via an application programming interface (API) request to Google -- whose WPS responds with the device's computed position. Google's WPS requires at least two BSSIDs to calculate a device's approximate position. Apple's WPS also accepts a list of nearby BSSIDs, but instead of computing the device's location based off the set of observed access points and their received signal strengths and then reporting that result to the user, Apple's API will return the geolocations of up to 400 hundred more BSSIDs that are nearby the one requested. It then uses approximately eight of those BSSIDs to work out the user's location based on known landmarks. In essence, Google's WPS computes the user's location and shares it with the device. Apple's WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own. That's according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple's API to map the movement of individual devices into and out of virtually any defined area of the world. The UMD pair said they spent a month early in their research continuously querying the API, asking it for the location of more than a billion BSSIDs generated at random. They learned that while only about three million of those randomly generated BSSIDs were known to Apple's Wi-Fi geolocation API, Apple also returned an additional 488 million BSSID locations already stored in its WPS from other lookups. "Plotting the locations returned by Apple's WPS between November 2022 and November 2023, Levin and Rye saw they had a near global view of the locations tied to more than two billion Wi-Fi access points," the report adds. "The map showed geolocated access points in nearly every corner of the globe, apart from almost the entirety of China, vast stretches of desert wilderness in central Australia and Africa, and deep in the rainforests of South America." The researchers wrote: "We observe routers move between cities and countries, potentially representing their owner's relocation or a business transaction between an old and new owner. While there is not necessarily a 1-to-1 relationship between Wi-Fi routers and users, home routers typically only have several. If these users are vulnerable populations, such as those fleeing intimate partner violence or a stalker, their router simply being online can disclose their new location." A copy of the UMD research is available here (PDF).

Read more of this story at Slashdot.

Microsoft Edge Will Begin Blocking Screenshots On the Job

Slashdot - Enj, 23/05/2024 - 1:20pd
Microsoft is adding screenshot prevention controls in Edge to block you from taking screenshots at work. "It's all designed to prevent you from sharing screenshots with competitors, relatives, and journalists using Microsoft Edge for Business," reports PCWorld. From the report: Specifically, IT managers at corporations will be able to tag web pages as protected, as defined in various Microsoft policy engines in Microsoft 365, Microsoft Defender for Cloud Apps, Microsoft Intune Mobile Application Management and Microsoft Purview, Microsoft said. The screenshot prevention feature will be available to customers in the "coming months," Microsoft said. It's also unclear whether third-party tools will be somehow blocked from taking screenshots or recording video, too. Microsoft will also roll out a way to force Edge for Business users to automatically update their browsers. The feature will enter a preview phase over the next few weeks, Microsoft said. "The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk," Microsoft said. "It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections."

Read more of this story at Slashdot.

The First Crew Launch of Boeing's Starliner Capsule Is On Hold Indefinitely

Slashdot - Enj, 23/05/2024 - 12:40pd
Longtime Slashdot reader schwit1 shares a report from Ars Technica: The first crewed test flight of Boeing's long-delayed Starliner spacecraft won't take off as planned Saturday and could face a longer postponement as engineers evaluate a stubborn leak of helium from the capsule's propulsion system. NASA announced the latest delay of the Starliner test flight late Tuesday. Officials will take more time to consider their options for how to proceed with the mission after discovering the small helium leak on the spacecraft's service module. The space agency did not describe what options are on the table, but sources said they range from flying the spacecraft "as is" with a thorough understanding of the leak and confidence it won't become more significant in flight, to removing the capsule from its Atlas V rocket and taking it back to a hangar for repairs. Theoretically, the former option could permit a launch attempt as soon as next week. The latter alternative could delay the launch until at least late summer. "The team has been in meetings for two consecutive days, assessing flight rationale, system performance, and redundancy," NASA said in a statement Tuesday night. "There is still forward work in these areas, and the next possible launch opportunity is still being discussed. NASA will share more details once we have a clearer path forward."

Read more of this story at Slashdot.

People With Commonly Autocorrected Names Call For Tech Firms To Fix Problem

Slashdot - Enj, 23/05/2024 - 12:02pd
An anonymous reader quotes a report from The Guardian: People whose names get mangled by autocorrect have urged technology companies to fix the problem faster, with one person whose name gets switched to "Satan" saying: "I am tired of it." People with Irish, Indian and Welsh names are among those calling for improvements to the systems that operate on phones and computers as part of the "I am not a typo" campaign. "It is important that technology becomes more inclusive," said Savan-Chandni Gandecha, 34, a British Indian content creator whose name, which means monsoon moonlight, has been autocorrected to Satan. "My name has also been corrected to Savant," he said. "It is sometimes corrected to Savan, or the hyphen is not accepted by online forms and that irks me," he said. "Even in India my name gets corrected to "Sawan", and it's not just an English issue. It's a multi-language thing." The campaign has estimated that four out of 10 names of babies born in England and Wales in 2021 were deemed "wrong" or "not accepted" when tested on Microsoft's English dictionary. Dhruti Shah, a journalist, has backed the campaign after seeing her name autocorrected to "Dirty" and "Dorito". She said: "My first name isn't even that long -- only six characters -- but yet when it comes up as an error or it's mangled and considered an unknown entity, it's like saying that it's not just your name that's wrong, but you are." The campaign group -- established by a group of people working in the creative industries in London -- wrote an open letter to technology companies, which pointed out that between 2017 and 2021, 2,328 people named Esmae were born, compared with 36 Nigels. Esmae gets autocorrected to Admar, while Nigel is unchanged. "There are so many diverse names in the global majority but autocorrect is western- and white-focused," said Gandecha. Rashmi Dyal-Chand, a professor at Northeastern University in the US whose name is sometimes corrected to Sashimi, is supporting the latest campaign and said: "For people with names like mine, autocorrect is not convenient and helpful. It is unhelpful. And yes -- it is harmful." "We all increasingly rely on smartphones, tablets, word processors, and apps that use autocorrect. Yet autocorrect incorporates a set of defaults -- including dictionaries -- that help some of its users to communicate seamlessly at the expense of others who cannot." Karen Fox, whose children are called Eoin and Niamh, said of autocorrect: "The red line bothers me -- I didn't choose the 'wrong' name for my child. Tech companies update dictionaries with slang all the time and I think it should be an easy thing to do and definitely a priority."

Read more of this story at Slashdot.

Google Brings Back Group Speaker Controls After Sonos Lawsuit Win

Slashdot - Mër, 22/05/2024 - 12:00md
Android Authority's Mishaal Rahman reports that the group speaker volume controls feature is back in Android 15 Beta 2. "Google intentionally disabled this functionality on Pixel phones back in late 2021 due to a legal dispute with Sonos," reports Rahman. "In late 2023, Google announced it would bring back several features they had to remove, following a judge's overturning of a jury verdict that was in favor of Sonos." From the report: When you create a speaker group consisting of one or more Assistant-enabled devices in the Google Home app, you're able to cast audio to that group from your phone using a Cast-enabled app. For example, let's say I make a speaker group named "Nest Hubs" that consists of my bedroom Nest Hub and my living room Nest Hub. If I open the YouTube Music app, start playing a song, and then tap the cast icon, I can select "Nest Hubs" to start playback on both my Nest Hubs simultaneously. If I keep the YouTube Music app open, I can control the volume of my speaker group by pressing the volume keys on my phone. This functionality is available no matter what device I use. However, if I open another app while YouTube Music is casting, whether I'm able to still control the volume of my speaker group using my phone's volume keys depends on what phone I'm using and what software version it's running. If I'm using a Pixel phone that's running a software version before Android 15 Beta 2, then I'm unable to control the volume of my speaker group unless I re-open the YouTube Music app. If I'm using a phone from any other manufacturer, then I won't have any issues controlling the volume of my speaker group. The reason for this weird discrepancy is that Google intentionally blocked Pixel devices from being able to control the volume of Google Home speaker groups while casting. Google did this out of an abundance of caution while they were fighting a legal dispute. [...] With the release of last week's Android 15 Beta 2, we can confirm that Google finally restored this functionality.

Read more of this story at Slashdot.

EVs More Likely To Hit Pedestrians Than Petrol Vehicles, Study Finds

Slashdot - Mër, 22/05/2024 - 9:00pd
Hybrid and electric cars are more likely to hit pedestrians than petrol or diesel vehicles, due to their quieter engines that make them harder for pedestrians to hear. Other contributing factors include the tendency for drivers of electric cars to be younger and less experienced, and the vehicles' heavier weight and swift acceleration, increasing stopping distances. The Guardian reports: Data from 32 billion miles of battery-powered car travel and 3 trillion miles of petrol and diesel car trips showed that mile-for-mile electric and hybrid cars were twice as likely to hit pedestrians than fossil fuel-powered cars, and three times more likely to do so in urban areas. "Electric cars are a hazard to pedestrians because they are less likely to be heard than petrol or diesel cars," said Phil Edwards, first author on the study and professor of epidemiology and statistics at the London School of Hygiene & Tropical Medicine. "The government needs to mitigate these risks if they are going to phase out the sale of petrol and diesel cars." "If you're moving to an electric car, remember it's a new kind of vehicle," Edwards added. "They are much quieter than the old-fashioned cars, and pedestrians have learned to navigate roads by listening for traffic. Drivers of these vehicles need to be extra cautious." Most vehicles on the road are petrol or diesel and these were involved in three-quarters of pedestrian collisions. But for the same distance travelled, battery-powered cars were more dangerous. The average annual pedestrian casualty rate per 100m miles travelled was 5.16 for electric and hybrid cars compared with 2.4 for petrol and diesel cars, according to the study in the Journal of Epidemiology and Community Health. In rural settings, battery-powered cars were no more dangerous than petrol or diesel, but in towns and cities they were three times more likely to collide with pedestrians, the researchers found. Since July 2019, all new hybrid and electric vehicles sold in Europe have been required to have an acoustic vehicle alerting system that emits sound when the car is travelling slowly, but there are hundreds of thousands of electric cars on the road without the devices. "If government made sure these systems were installed in all electric vehicles and retrofitted them to older electric cars, that would be a good start," Edwards said, adding that the Green Cross Code also "probably needs updating."

Read more of this story at Slashdot.

California Exceeds 100% of Energy Demand With Renewables Over a Record 45 Days

Slashdot - Mër, 22/05/2024 - 5:30pd
An anonymous reader quotes a report from Electrek: In a major clean energy benchmark, wind, solar, and hydro exceeded 100% of demand on California's main grid for 69 of the past 75 days. Stanford University professor of civil and environmental engineering Mark Z. Jacobson continues to track California's renewables performance – and it's still exciting. In an update today on Twitter (X), Jacobson reports that California has now exceeded 100% of energy demand with renewables over a record 45 days straight, and 69 out of 75. [...] Jacobson predicted on April 4 that California will entirely be on renewables and battery storage 24/7 by 2035. California passed a law that commits to achieving 100% net zero electricity by 2045. Will it beat that goal by a decade? We hope so. It's going to be exciting to watch. Further reading: California Exceeds 100% of Energy Demand With Renewables Over a Record 30 Days

Read more of this story at Slashdot.

next-20240522: linux-next

Kernel Linux - Mër, 22/05/2024 - 5:17pd
Version:next-20240522 (linux-next) Released:2024-05-22

DOJ Makes Its First Known Arrest For AI-Generated CSAM

Slashdot - Mër, 22/05/2024 - 4:02pd
In what's believed to be the first case of its kind, the U.S. Department of Justice arrested a Wisconsin man last week for generating and distributing AI-generated child sexual abuse material (CSAM). Even if no children were used to create the material, the DOJ "looks to establish a judicial precedent that exploitative materials are still illegal," reports Engadget. From the report: The DOJ says 42-year-old software engineer Steven Anderegg of Holmen, WI, used a fork of the open-source AI image generator Stable Diffusion to make the images, which he then used to try to lure an underage boy into sexual situations. The latter will likely play a central role in the eventual trial for the four counts of "producing, distributing, and possessing obscene visual depictions of minors engaged in sexually explicit conduct and transferring obscene material to a minor under the age of 16." The government says Anderegg's images showed "nude or partially clothed minors lasciviously displaying or touching their genitals or engaging in sexual intercourse with men." The DOJ claims he used specific prompts, including negative prompts (extra guidance for the AI model, telling it what not to produce) to spur the generator into making the CSAM. Cloud-based image generators like Midjourney and DALL-E 3 have safeguards against this type of activity, but Ars Technica reports that Anderegg allegedly used Stable Diffusion 1.5, a variant with fewer boundaries. Stability AI told the publication that fork was produced by Runway ML. According to the DOJ, Anderegg communicated online with the 15-year-old boy, describing how he used the AI model to create the images. The agency says the accused sent the teen direct messages on Instagram, including several AI images of "minors lasciviously displaying their genitals." To its credit, Instagram reported the images to the National Center for Missing and Exploited Children (NCMEC), which alerted law enforcement. Anderegg could face five to 70 years in prison if convicted on all four counts. He's currently in federal custody before a hearing scheduled for May 22.

Read more of this story at Slashdot.

Fedora 40: kernel 2024-92664ae6fe Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 3:28pd
The 6.8.10 stable kernel update contains a number of important fixes across the tree

EU Sets Benchmark For Rest of the World With Landmark AI Laws

Slashdot - Mër, 22/05/2024 - 3:25pd
An anonymous reader quotes a report from Reuters: Europe's landmark rules on artificial intelligence will enter into force next month after EU countries endorsed on Tuesday a political deal reached in December, setting a potential global benchmark for a technology used in business and everyday life. The European Union's AI Act is more comprehensive than the United States' light-touch voluntary compliance approach while China's approach aims to maintain social stability and state control. The vote by EU countries came two months after EU lawmakers backed the AI legislation drafted by the European Commission in 2021 after making a number of key changes. [...] The AI Act imposes strict transparency obligations on high-risk AI systems while such requirements for general-purpose AI models will be lighter. It restricts governments' use of real-time biometric surveillance in public spaces to cases of certain crimes, prevention of terrorist attacks and searches for people suspected of the most serious crimes. The new legislation will have an impact beyond the 27-country bloc, said Patrick van Eecke at law firm Cooley. "The Act will have global reach. Companies outside the EU who use EU customer data in their AI platforms will need to comply. Other countries and regions are likely to use the AI Act as a blueprint, just as they did with the GDPR," he said, referring to EU privacy rules. While the new legislation will apply in 2026, bans on the use of artificial intelligence in social scoring, predictive policing and untargeted scraping of facial images from the internet or CCTV footage will kick in in six months once the new regulation enters into force. Obligations for general purpose AI models will apply after 12 months and rules for AI systems embedded into regulated products in 36 months. Fines for violations range from $8.2 million or 1.5% of turnover to 35 million euros or 7% of global turnover depending on the type of violations.

Read more of this story at Slashdot.

Fedora 39: kernel 2024-49fcf86f58 Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 3:22pd
The 6.8.10 stable kernel update contains a number of important fixes across the tree

Windows Now Has AI-Powered Copy and Paste

Slashdot - Mër, 22/05/2024 - 2:45pd
Umar Shakir reports via The Verge: Microsoft is adding a new Advanced Paste feature to PowerToys for Windows 11 that can convert your clipboard content on the fly with the power of AI. The new feature can help people speed up their workflows by doing things like copying code in one language and pasting it in another, although its best tricks require OpenAI API credits. Advanced Paste is included in PowerToys version 0.81 and, once enabled, can be activated with a special key command: Windows Key + Shift + V. That opens an Advanced Paste text window that offers paste conversion options including plaintext, markdown, and JSON. If you enable Paste with AI in the Advanced Paste settings, you'll also see an OpenAI prompt where you can enter the conversion you want -- summarized text, translations, generated code, a rewrite from casual to professional style, Yoda syntax, or whatever you can think to ask for.

Read more of this story at Slashdot.

'Pay Researchers To Spot Errors in Published Papers'

Slashdot - Mër, 22/05/2024 - 2:02pd
Borrowing the idea of "bug bounties" from the technology industry could provide a systematic way to detect and correct the errors that litter the scientific literature. Malte Elson, writing at Nature: Just as many industries devote hefty funding to incentivizing people to find and report bugs and glitches, so the science community should reward the detection and correction of errors in the scientific literature. In our industry, too, the costs of undetected errors are staggering. That's why I have joined with meta-scientist Ian Hussey at the University of Bern and psychologist Ruben Arslan at Leipzig University in Germany to pilot a bug-bounty programme for science, funded by the University of Bern. Our project, Estimating the Reliability and Robustness of Research (ERROR), pays specialists to check highly cited published papers, starting with the social and behavioural sciences (see go.nature.com/4bmlvkj). Our reviewers are paid a base rate of up to 1,000 Swiss francs (around US$1,100) for each paper they check, and a bonus for any errors they find. The bigger the error, the greater the reward -- up to a maximum of 2,500 francs. Authors who let us scrutinize their papers are compensated, too: 250 francs to cover the work needed to prepare files or answer reviewer queries, and a bonus 250 francs if no errors (or only minor ones) are found in their work. ERROR launched in February and will run for at least four years. So far, we have sent out almost 60 invitations, and 13 sets of authors have agreed to have their papers assessed. One review has been completed, revealing minor errors. I hope that the project will demonstrate the value of systematic processes to detect errors in published research. I am convinced that such systems are needed, because current checks are insufficient. Unpaid peer reviewers are overburdened, and have little incentive to painstakingly examine survey responses, comb through lists of DNA sequences or cell lines, or go through computer code line by line. Mistakes frequently slip through. And researchers have little to gain personally from sifting through published papers looking for errors. There is no financial compensation for highlighting errors, and doing so can see people marked out as troublemakers.

Read more of this story at Slashdot.

Mageia 2024-0191: thunderbird Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 1:38pd
Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769)

Linux 6.10 Honors One Last Request By Hans Reiser

Slashdot - Mër, 22/05/2024 - 1:20pd
Longtime Slashdot reader DVega shares a report from Phoronix: ReiserFS lead developer and convicted murderer Hans Reiser a few months back wrote letters to be made public apologizing for his social mistakes and other commentary. In his written communications he also made a last request for ReiserFS in the Linux kernel: "Assuming that the decision is to remove [ReiserFS] V3 from the kernel, I have just one request: that for one last release the README be edited to add Mikhail Gilula, Konstantin Shvachko, and Anatoly Pinchuk to the credits, and to delete anything in there I might have said about why they were not credited. It is time to let go." Hans credits his improved social and communication skills learned in prison among other details shared in the public letters. Per the indirect request by Hans Reiser, SUSE's Jan Kara has now altered the ReiserFS README file with the changes going in today to the Linux 6.10 kernel. The negative language was removed and instead acknowledging their contributions.

Read more of this story at Slashdot.

Mageia 2024-0190: chromium-browser-stable Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 1:18pd
The chromium-browser-stable package has been updated to the 125.0.6422.60 release. It includes 9 security fixes. Please, do note, only x86_64 is supported from now on. i586 support for linux was stopped some years ago and the community is not able to provide patches anymore for the latest Chromium code.

Mageia 2024-0189: nss & firefox Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 1:18pd
Arbitrary JavaScript execution in PDF.js. (CVE-2024-4367) IndexedDB files retained in private browsing mode. (CVE-2024-4767) Potential permissions request bypass via clickjacking. (CVE-2024-4768) Cross-origin responses could be distinguished between script and non-script content-types. (CVE-2024-4769)

Mageia 2024-0186: stb Security Advisory Updates

LinuxSecurity.com - Mër, 22/05/2024 - 1:17pd
stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is

Microsoft Is Making File Explorer More Powerful With Version Control and 7z Compression

Slashdot - Mër, 22/05/2024 - 1:00pd
Sean Hollister reports via The Verge: At Build, Microsoft now says it's adding native version control to File Explorer by integrating systems like Git, letting you see new changes and comments directly from the app. Here's a cropped and zoomed version of the provided screenshot so you can get a better look. [...] Microsoft says it's also letting File Explorer natively compress files to 7-zip and TAR; currently, the right-click context menu has a "Compress to ZIP file" option, but ZIP is thought to be a bit antiquated in terms of how much compression you get.

Read more of this story at Slashdot.

Faqet

Subscribe to AlbLinux agreguesi