Feed aggregator

An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order -- disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive applied to all civilian federal agencies, but given the product's customer base, its impact was more widely felt. The software, which is made by Ivanti Inc., was something of an industry standard across government and much of the corporate world. Clients included the US Air Force, Army, Navy and other parts of the Defense Department, the Department of State, the Federal Aviation Administration, the Federal Reserve, the National Aeronautics and Space Administration, thousands of companies and more than 2,000 banks including Wells Fargo & Co. and Deutsche Bank AG, according to federal procurement records, internal documents, interviews and the accounts of former Ivanti employees who requested anonymity because they were not authorized to disclose customer information. Soon after sending out their order, which instructed agencies to install an Ivanti-issued fix, staffers at the Cybersecurity and Infrastructure Security Agency discovered that the threat was also inside their own house. Two sensitive CISA databases -- one containing information about personnel at chemical facilities, another assessing the vulnerabilities of critical infrastructure operators -- had been compromised via the agency's own Connect Secure software. CISA had followed all its own guidance. Ivanti's fix had failed. This was a breaking point for some American national security officials, who had long expressed concerns about Connect Secure VPNs. CISA subsequently published a letter with the Federal Bureau of Investigation and the national cybersecurity agencies of the UK, Canada, Australia and New Zealand warning customers of the "significant risk" associated with continuing to use the software. According to Laura Galante, then the top cyber official in the Office of the Director of National Intelligence, the government came to a simple conclusion about the technology. "You should not be using it," she said. "There really is no other way to put it." That attack, along with several others that successfully targeted the Ivanti software, illustrate how private equity's push into the cybersecurity market ended up compromising the quality and safety of some critical VPN products, Bloomberg has found. Last year, Bloomberg reported that Citrix Systems Inc., another top VPN maker, experienced several major hacks after its private equity owners, Elliott Investment Management and Vista Equity Partners, cut most of the company's 70-member product security team following their acquisition of the company in 2022. Some government officials and private-sector executives are now reconsidering their approach to evaluating cybersecurity software. In addition to excising private equity-owned VPNs from their networks, some factor private equity ownership into their risk assessments of key technologies.

Read more of this story at Slashdot.

Blender 5.1 Beta Enables Hardware Ray-Tracing by Default for AMD GPUs  9to5Linux

It's now easier to install MGSHDFix for Metal Gear games on Linux / Steam Deck  GamingOnLinux

Ubuntu 26.04 Begins Its Feature Freeze  Phoronix

USB Driver For Google Tensor SoCs, UCSI Thunderbolt Alt Mode In Linux 7.0  Phoronix

New York Governor Kathy Hochul has dropped a proposal that would have allowed limited commercial robotaxi deployments outside New York City, citing a lack of support among state legislators. "The move is a blow to Waymo and other robotaxi companies who saw New York, and especially New York City, as a potential goldmine," reports The Verge. From the report: The plan, which was introduced by Hochul as part of the state's budget proposal last month, would have allowed limited robotaxi deployment in cities other than the Big Apple -- while leaving whether New York City would get autonomous vehicles up to the mayor and the City Council. But now that plan is DOA, as support in the legislature never materialized. "Based on conversations with stakeholders, including in the legislature, it was clear that the support was not there to advance this proposal," Sean Butler, a Hochul spokesperson, said in a statement. "While we are disappointed by the Governor's decision, we're committed to bringing our service to New York and will work with the State Legislature to advance this issue," Waymo spokesperson Ethan Teicher said in a statement. "The path forward requires a collaborative approach that prioritizes transparency and public safety."

Read more of this story at Slashdot.

NASA has officially classified Boeing Starliner's 2024 crewed flight as a "Type A" mishap, acknowledging serious technical failures and leadership shortcomings that nearly left astronauts unable to safely return. Administrator Jared Isaacman released (PDF) a 311-page internal report citing flawed decision-making and cultural issues, with the next Starliner flight now planned as uncrewed pending major fixes. Ars Technica reports: As part of the announcement, NASA Administrator Jared Isaacman sent an agency-wide letter that recognized the shortcomings of both Starliner's developer, Boeing, as well as the space agency itself. Starliner flew under the auspices of NASA's Commercial Crew Program, in which the agency procures astronaut transportation services to the International Space Station. "We are taking ownership of our shortcomings," Isaacman said. "Starliner has design and engineering deficiencies that must be corrected, but the most troubling failure revealed by this investigation is not hardware," Isaacman wrote in his letter to the NASA workforce. "It is decision-making and leadership that, if left unchecked, could create a culture incompatible with human spaceflight." Isaacman said there would be "leadership accountability" as a result of the decisions surrounding the Starliner program, but did not say which actions would be taken.

Read more of this story at Slashdot.

MediaTek MT7902 wireless chipset finally gets a Linux driver  CNX Software

MediaTek MT7902 wireless chipset finally gets a Linux driver  CNX Software

An anonymous reader quotes a report from Scientific American: Why does "bouba" sound round and "kiki" sound spiky? This intuition that ties certain sounds to shapes is oddly reliable all over the world, and for at least a century, scientists have considered it a clue to the origin of language, theorizing that maybe our ancestors built their first words upon these instinctive associations between sound and meaning. But now a new study adds an unexpected twist: baby chickens make these same sound-shape connections, suggesting that the link to human language may not be so unique. The results, published today in Science, challenge a long-standing theory about the so-called bouba-kiki effect: that it might explain how humans first tethered meaning to sound to create language. Perhaps, the thinking goes, people just naturally agree on certain associations between shapes and sounds because of some innate feature of our brain or our world. But if the barnyard hen also agrees with such associations, you might wonder if we've been pecking at the wrong linguistic seed. Maria Loconsole, a comparative psychologist at the University of Padua in Italy, and her colleagues decided to investigate the bouba-kiki effect in baby chicks because the birds could be tested almost immediately after hatching, before their brain would be influenced by exposure to the world. The researchers placed chicks in front of two panels: one featured a flowerlike shape with gently rounded curves; the other had a spiky blotch reminiscent of a cartoon explosion. They then played recordings of humans saying either "bouba" or "kiki" and observed the birds' behavior. When the chicks heard "bouba," 80 percent of them approached the round shape first and spent an average of more than three minutes exploring it compared with an average of just under one minute spent exploring the spiky shape. The exploration preferences were flipped when the chicks heard "kiki." Because the tests took place within the chicks' carefully supervised first hours of life outside their eggshell, this association between particular sounds and shapes couldn't have been learned from experience. Instead it may be evidence of an innate perceptual bias that goes back way farther in our evolutionary history than previously believed. "We parted with birds on the evolutionary line 300 million years ago," says Aleksandra Cwiek, a linguist at Nicolaus Copernicus University in Toru, Poland, who was not involved in the study. "It's just mind-blowing."

Read more of this story at Slashdot.

Experts Reveal Best Linux Server Distros For Home Labs  findarticles.com

Experts Reveal Best Linux Server Distros For Home Labs  findarticles.com

Experts Reveal Best Linux Server Distros For Home Labs  findarticles.com

The U.S. State Department is reportedly developing a site called freedom.gov that would let users in Europe and elsewhere access content restricted under local laws, "including alleged hate speech and terrorist propaganda," reports Reuters. Washington views the move as a way to counter censorship. Reuters reports: One source said officials had discussed including a virtual private network function to make a user's traffic appear to originate in the U.S. and added that user activity on the site will not be tracked. Headed by Undersecretary for Public Diplomacy Sarah Rogers, the project was expected to be unveiled at last week's Munich Security Conference but was delayed, the sources said. Reuters could not determine why the launch did not happen, but some State Department officials, including lawyers, have raised concerns about the plan, two of the sources said, without detailing the concerns. The project could further strain ties between the Trump administration and traditional U.S. allies in Europe, already heightened by disputes over trade, Russia's war in Ukraine and President Donald Trump's push to assert control over Greenland. The portal could also put Washington in the unfamiliar position of appearing to encourage citizens to flout local laws.

Read more of this story at Slashdot.

I found the best Linux server distros for your home lab  ZDNET

California's recently-proposed AB-2047 would require 3D printers sold in the state to be DOJ-approved models equipped with "firearm blocking technology," banning non-certified machines after 2029 and criminalizing efforts to bypass the software. Adafruit notes that unlike similar legislation proposed in Washington State and New York, California's version "adds a certification bureaucracy on top: state-approved algorithms, state-approved software control processes, state-approved printer models, quarterly list updates, and civil penalties up to $25,000 per violation." From the report: Assembly Member Bauer-Kahan introduced AB-2047, the "California Firearm Printing Prevention Act," on February 17th. The bill would ban the sale or transfer of any 3D printer in California unless it appears on a state-maintained roster of approved makes and models... certified by the Department of Justice as equipped with "firearm blocking technology." Manufacturers would need to submit attestations for every make and model. The DOJ would publish a list. If your printer isn't on the list by March 1, 2029, it can't be sold. In addition, knowingly disabling or circumventing the blocking software is a misdemeanor. [...] As Michael Weinberg wrote after the New York and Washington proposals dropped⦠accurately identifying gun parts from geometry alone is incredibly hard, desktop printers lack the processing power to run this kind of analysis, and the open-source firmware that runs most machines makes any blocking requirement trivially easy to bypass. The Firearms Policy Coalition flagged AB-2047 on X, and the reactions tell you everything. Jon Lareau called it "stupidity on steroids," pointing out that a simple spring-shaped part has no way of revealing its intended use. The Foundry put it plainly: "Regulating general-purpose machines is another. AB-2047 would require 3D printers to run state-approved surveillance software and criminalize modifying your own hardware."

Read more of this story at Slashdot.

Gentoo Charts a New Path: Moving Away from GitHub Toward Codeberg  Linux Journal

Google has introduced Gemini 3.1 Pro, a reasoning-focused upgrade aimed at more complex problem-solving. 9to5Google reports: This .1 increment is a first for Google, with the past two generations seeing .5 as the mid-year model update. (2.5 Pro was first announced in March and saw further updates in May for I/O.) Google says Gemini 3.1 Pro "represents a step forward in core reasoning." The "upgraded core intelligence" that debuted last week with Gemini 3 Deep Think is now available in Gemini 3.1 Pro for more users. This model achieves an ARC-AGI-2 score of 77.1%, or "more than double the reasoning performance of 3 Pro." This "advanced reasoning" translates to practical applications like when "you're looking for a clear, visual explanation of a complex topic, a way to synthesize data into a single view, or bringing a creative project to life." 3.1 Pro is designed for tasks where a simple answer isn't enough, taking advanced reasoning and making it useful for your hardest challenges.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: Last month, Jason Grad issued a late-night warning to the 20 employees at his tech startup. "You've likely seen Clawdbot trending on X/LinkedIn. While cool, it is currently unvetted and high-risk for our environment," he wrote in a Slack message with a red siren emoji. "Please keep Clawdbot off all company hardware and away from work-linked accounts." Grad isn't the only tech executive who has raised concerns to staff about the experimental agentic AI tool, which was briefly known as MoltBot and is now named OpenClaw. A Meta executive says he recently told his team to keep OpenClaw off their regular work laptops or risk losing their jobs. The executive told reporters he believes the software is unpredictable and could lead to a privacy breach if used in otherwise secure environments. He spoke on the condition of anonymity to speak frankly. [...] Some cybersecurity professionals have publicly urged companies to take measures to strictly control how their workforces use OpenClaw. And the recent bans show how companies are moving quickly to ensure security is prioritized ahead of their desire to experiment with emerging AI technologies. "Our policy is, 'mitigate first, investigate second' when we come across anything that could be harmful to our company, users, or clients," says Grad, who is cofounder and CEO of Massive, which provides Internet proxy tools to millions of users and businesses. His warning to staff went out on January 26, before any of his employees had installed OpenClaw, he says. At another tech company, Valere, which works on software for organizations including Johns Hopkins University, an employee posted about OpenClaw on January 29 on an internal Slack channel for sharing new tech to potentially try out. The company's president quickly responded that use of OpenClaw was strictly banned, Valere CEO Guy Pistone tells WIRED. "If it got access to one of our developer's machines, it could get access to our cloud services and our clients' sensitive information, including credit card information and GitHub codebases," Pistone says. "It's pretty good at cleaning up some of its actions, which also scares me." A week later, Pistone did allow Valere's research team to run OpenClaw on an employee's old computer. The goal was to identify flaws in the software and potential fixes to make it more secure. The research team later advised limiting who can give orders to OpenClaw and exposing it to the Internet only with a password in place for its control panel to prevent unwanted access. In a report shared with WIRED, the Valere researchers added that users have to "accept that the bot can be tricked." For instance, if OpenClaw is set up to summarize a user's email, a hacker could send a malicious email to the person instructing the AI to share copies of files on the person's computer. But Pistone is confident that safeguards can be put in place to make OpenClaw more secure. He has given a team at Valere 60 days to investigate. "If we don't think we can do it in a reasonable time, we'll forgo it," he says. "Whoever figures out how to make it secure for businesses is definitely going to have a winner."

Read more of this story at Slashdot.

Minecraft: Java Edition is switching its rendering backend from OpenGL to Vulkan as part of the upcoming Vibrant Visuals update, aiming for both better performance and modern graphics features across platforms like Linux and macOS (via translation layers). GamingOnLinux reports: For modders, they're suggesting they start making preparations to move away from OpenGL: "Switching from OpenGL to Vulkan will have an impact on the mods that currently use OpenGL for rendering, and we anticipate that updating from OpenGL to Vulkan will take modders more effort than the updates you undertake for each of our releases. To start with, we recommend our modding community look at moving away from OpenGL usage. We encourage authors to try to reuse as much of the internal rendering APIs as possible, to make this transition as easy as possible. If that is not sufficient for your needs, then come and talk to us!" It does mean that players on really old devices that don't support Vulkan will be left out, but Vulkan has been supported going back to some pretty old GPUs. You've got time though, as they'll be rolling out Vulkan alongside OpenGL in snapshots (development releases) "sometime over the summer." You'll be able to toggle between them during the testing period until Mojang believe it's ready. OpenGL will be entirely removed eventually once they're happy with performance and stability.

Read more of this story at Slashdot.