Agreguesi i feed

Sometimes, software updates are just about bug fixes and fine-tuning performance. This one? It's not the kind you can afford to brush off as "I'll get to it next week." Apache HTTP Server 2.4.64 is here, and it's carrying quite a load of security fixes that Linux admins absolutely need to pay attention to. Whether your Apache deployment is running simple HTTP workloads or juggling SSL/TLS-heavy configurations, let's be clear''if you're on anything between 2.4.0 and 2.4.63, your system just got a target painted on it.

Version:next-20250711 (linux-next) Released:2025-07-11

European Union officials unveiled new AI regulations on Thursday that require makers of the most powerful AI systems to improve transparency, limit copyright violations and protect public safety. The rules apply to companies like OpenAI, Microsoft and Google that develop general-purpose AI systems underpinning services like ChatGPT, which can analyze enormous amounts of data and perform human tasks. The code of practice provides concrete details about enforcing the AI Act passed last year, with rules taking effect August 2. EU regulators cannot impose penalties for noncompliance until August 2026. Companies must provide detailed breakdowns of content used for training algorithms and conduct risk assessments to prevent misuse for creating biological weapons. CCIA Europe, representing Amazon, Google and Meta, told New York Times the code imposes a disproportionate burden on AI providers.

Read more of this story at Slashdot.

Intel CEO Lip-Bu Tan told employees this week that the company has fallen out of the "top 10 semiconductor companies" and that it's "too late" to catch up with Nvidia in AI training technology. The remarks came as Intel began laying off thousands of workers globally, including 529 in Oregon and several hundred others in California, Arizona and Israel. "Twenty, 30 years ago, we are really the leader," Tan said during a conversation broadcast to Intel employees worldwide. "Now I think the world has changed. We are not in the top 10 semiconductor companies." Tan said Nvidia's position in AI training is "too strong" and that customers are giving Intel failing grades. Intel's market value has dropped to around $100 billion, roughly half its value from 18 months ago, while Nvidia briefly hit $4 trillion on Wednesday. Tan said Intel will instead focus on "edge" AI that operates directly on devices rather than centralized computers.

Read more of this story at Slashdot.

Version:6.15.6 (stable) Released:2025-07-10 Source:linux-6.15.6.tar.xz PGP Signature:linux-6.15.6.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.15.6

Version:6.12.37 (longterm) Released:2025-07-10 Source:linux-6.12.37.tar.xz PGP Signature:linux-6.12.37.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.37

Version:6.6.97 (longterm) Released:2025-07-10 Source:linux-6.6.97.tar.xz PGP Signature:linux-6.6.97.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.6.97

Researchers have discovered 27 million tonnes of nanoplastics distributed across just the top layer of the temperate to subtropical North Atlantic Ocean, according to a study published in Nature. The team sampled water at three depths across 12 locations during a November 2020 research cruise, finding average concentrations of 18 milligrams per cubic meter of three plastic types: polyethylene terephthalate, polystyrene and polyvinylchloride. These particles, smaller than one micrometer in diameter, behave differently from larger microplastics by remaining suspended throughout the water column rather than settling to the ocean floor. The nanoplastics can pass through cell walls and enter the marine food web through phytoplankton, said Tony Walker, an environmental scientist at Dalhousie University. The world's oceans contain an estimated 3 million tonnes of floating plastic pollution when excluding nanoplastics.

Read more of this story at Slashdot.

Version:6.1.144 (longterm) Released:2025-07-10 Source:linux-6.1.144.tar.xz PGP Signature:linux-6.1.144.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.1.144

Version:5.15.187 (longterm) Released:2025-07-10 Source:linux-5.15.187.tar.xz PGP Signature:linux-5.15.187.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-5.15.187

An anonymous reader quotes a report from TechCrunch: On Sunday, Block CEO and Twitter co-founder Jack Dorsey launched an open source chat app called Bitchat, promising to deliver "secure" and "private" messaging without a centralized infrastructure. The app relies on Bluetooth and end-to-end encryption, unlike traditional messaging apps that rely on the internet. By being decentralized, Bitchat has potential for being a secure app in high-risk environments where the internet is monitored or inaccessible. According to Dorsey's white paper detailing the app's protocols and privacy mechanisms, Bitchat's system design "prioritizes" security. But the claims that the app is secure, however, are already facing scrutiny by security researchers, given that the app and its code have not been reviewed or tested for security issues at all -- by Dorsey's own admission. Since launching, Dorsey has added a warning to Bitchat's GitHub page: "This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed." This warning now also appears on Bitchat's main GitHub project page but was not there at the time the app debuted. As of Wednesday, Dorsey added: "Work in progress," next to the warning on GitHub. This latest disclaimer came after security researcher Alex Radocea found that it's possible to impersonate someone else and trick a person's contacts into thinking they are talking to the legitimate contact, as the researcher explained in a blog post. Radocea wrote that Bitchat has a "broken identity authentication/verification" system that allows an attacker to intercept someone's "identity key" and "peer id pair" -- essentially a digital handshake that is supposed to establish a trusted connection between two people using the app. Bitchat calls these "Favorite" contacts and marks them with a star icon. The goal of this feature is to allow two Bitchat users to interact, knowing that they are talking to the same person they talked to before.

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: Red Hat has introduced a new option that gives developers a fast lane to enterprise-grade Linux without needing to go through IT. The new release, called Red Hat Enterprise Linux for Business Developers, is now available for free. It offers direct, self-serve access to the same operating system used in production environments, specifically for business-focused development and testing. The offering is part of the Red Hat Developer Program and is designed to reduce friction between development and operations teams. Developers can now build and test applications on the same platform that powers critical systems across physical servers, virtual machines, cloud deployments, and edge devices. [...] Each registered user can deploy up to 25 instances, whether virtual, physical, or cloud-based. The program includes signed and curated developer content such as programming languages, open source tools, and databases. Red Hat also includes Podman Desktop, its go-to container development tool, allowing users to work with containers that can closely match production environments. While access is free, developers can choose to purchase support plans that tap into Red Hat's Linux expertise. This could appeal to developers working in business units or teams that want to build quickly without waiting on formal IT approval. This new option complements Red Hat's existing free Developer Subscription for Individuals and the Enterprise Developer Subscription for Teams, which is available through Red Hat reps or partners.

Read more of this story at Slashdot.

Version:next-20250710 (linux-next) Released:2025-07-10

Amazon's Prime Day sales plunged 41% on the first day compared to last year's kickoff, with experts attributing the drop to shoppers delaying purchases in anticipation of better deals during the extended four-day event. From a report: Momentum Commerce reported that figure for Tuesday (July 8), with Momentum's Founder and CEO John Shea saying that the sales numbers for this year's longer event could still surpass those of last year's shorter one, Bloomberg reported Wednesday (July 9). Shea attributed the drop in first-day sales to consumers putting items in their shopping carts but holding off on completing the purchase in case better deals come along, according to the report. Last year's shorter event encouraged shoppers to head to checkout to ensure they wouldn't miss out on the discounts, Shea said, per the report. Amazon Prime Vice President Jamil Ghani remains optimistic, telling Bloomberg Television the company was "pleased by the engagement" with shoppers during the event and that it is "very early." He said the company extended the duration of Prime Day because shoppers wanted more time to discover the deals. According to numbers provided by Adobe, Prime Day's kickoff surpassed Thanksgiving 2024's $6.1 billion in eCommerce spend. The software company also found that 50.2% of sales came through a mobile device and that buy now, pay later orders for Amazon's Prime Day were up 13.6% year over year.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: America's largest power grid is under strain as data centers and AI chatbots consume power faster than new plants can be built. Electricity bills are projected to surge by more than 20% this summer in some parts of PJM Interconnection's territory, which covers 13 states -- from Illinois to Tennessee, Virginia to New Jersey -- serving 67 million customers in a region with the most data centers in the world. The governor of Pennsylvania is threatening to abandon the grid, the CEO has announced his departure and the chair of PJM's board of managers and another board member were voted out. The upheaval at PJM started a year ago with a more than 800% jump in prices at its annual capacity auction. Rising prices out of the auction trickle down to everyday people's power bills. Now PJM is barreling towards its next capacity auction on Wednesday, when prices may rise even further. The auction aims to avoid blackouts by establishing a rate at which generators agree to pump out electricity during the most extreme periods of stress on the grid, usually the hottest and coldest days of the year. High prices out of the auction should spur new power plant construction, but that hasn't happened quickly enough in PJM's region as aging power plants continue to retire and data center demand explodes. PJM has made the situation worse by delaying auctions and pausing the application process for new plants, according to more than a dozen power developers, regulators, energy attorneys and other experts interviewed by Reuters. PJM says the supply and demand crunch has been caused largely by factors outside of its control, including state energy policies that closed fossil-fuel fired power plants prematurely and data center growth in "Data Center Alley" in Northern Virginia and other burgeoning hubs in the Mid-Atlantic. "Prices will remain high as long as demand growth is outstripping supply -- this is a basic economic policy," said PJM spokesman Jeffrey Shields. "Right now, we need every megawatt we can get." New projects totaling about 46 gigawatts -- enough capacity to power 40 million homes -- have been cleared in recent years, "but are not getting built because of local opposition, supply chain backups or financing issues that have nothing to do with PJM," Shields said. PJM has lost more than 5.6 net gigawatts in the last decade as power plants shut faster than new ones enter service, according to a PJM presentation filed with regulators this year. PJM added about 5 gigawatts of power-generating capacity in 2024, fewer than smaller grids in California and Texas. Meanwhile, data center demand is surging. By 2030, PJM expects 32 gigawatts of increased demand on its system, with all but two of those gigawatts coming from data centers.

Read more of this story at Slashdot.

"Max" has officially reverted back to "HBO Max," two years after Warner Bros. Discovery dropped the HBO branding. Variety reports: The switch had been anticipated to take place sometime this summer, but Warner Bros. Discovery hadn't revealed an exact day for the reversal until now. The timing is key: Execs wanted to restore the "HBO Max" name prior to next week's Emmy nominations announcement on July 15. The decision to turn "Max" back into "HBO Max" was first announced in May, timed to Warner Bros. Discovery's upfronts presentation. At the time, WBD said in a press release that "returning the HBO brand into HBO Max will further drive the service forward and amplify the uniqueness that subscribers can expect from the offering. It is also a testament to WBD's willingness to keep boldly iterating its strategy and approach -- leaning heavily on consumer data and insights -- to best position itself for success." The streamer launched as HBO Max in 2020, but then WBD opted to excise HBO from the streamer's name in 2023, changing it to just "Max." (HBO and Max continued to compete under one "HBO/Max" label for industry awards; for next week's Emmy noms, they can once again just be called "HBO Max.") The streaming giant put out a marketing spot announcing that the change was done.

Read more of this story at Slashdot.

Over 240 browser extensions with nearly a million total installs have been covertly turning users' browsers into web-scraping bots. "The extensions serve a wide range of purposes, including managing bookmarks and clipboards, boosting speaker volumes, and generating random numbers," reports Ars Technica. "The common thread among all of them: They incorporate MellowTel-js, an open source JavaScript library that allows developers to monetize their extensions." Ars Technica reports: Some of the data swept up in the collection free-for-all included surveillance videos hosted on Nest, tax returns, billing invoices, business documents, and presentation slides posted to, or hosted on, Microsoft OneDrive and Intuit.com, vehicle identification numbers of recently bought automobiles along with the names and addresses of the buyers, patient names and the doctors they saw, travel itineraries hosted on Priceline, Booking.com, and airline websites, Facebook Messenger attachments and Facebook photos, even when the photos were set to be private. The dragnet also collected proprietary information belonging to Tesla, Blue Origin, Amgen, Merck, Pfizer, Roche, and dozens of other companies. Tuckner said in an email Wednesday that the most recent status of the affected extensions is: - Of 45 known Chrome extensions, 12 are now inactive. Some of the extensions were removed for malware explicitly. Others have removed the library. - Of 129 Edge extensions incorporating the library, eight are now inactive. - Of 71 affected Firefox extensions, two are now inactive. Some of the inactive extensions were removed for malware explicitly. Others have removed the library in more recent updates. A complete list of extensions found by Tuckner is here.

Read more of this story at Slashdot.

After discovering that ChatGPT was falsely telling users that Soundslice could convert ASCII tablature into playable music, founder Adrian Holovaty decided to actually build the feature -- even though the app was never designed to support that format. TechCrunch reports: Soundslice is an app for teaching music, used by students and teachers. It's known for its video player synchronized to the music notations that guide users on how the notes should be played. It also offers a feature called "sheet music scanner" that allows users to upload an image of paper sheet music and, using AI, will automatically turn that into an interactive sheet, complete with notations. [Adrian Holovaty, founder of music-teaching platform Soundslice] carefully watches this feature's error logs to see what problems occur, where to add improvements, he said. That's where he started seeing the uploaded ChatGPT sessions. They were creating a bunch of error logs. Instead of images of sheet music, these were images of words and a box of symbols known as ASCII tablature. That's a basic text-based system used for guitar notations that uses a regular keyboard. (There's no treble key, for instance, on your standard QWERTY keyboard.) The volume of these ChatGPT session images was not so onerous that it was costing his company money to store them and crushing his app's bandwidth, Holovaty said. He was baffled, he wrote in a blog post about the situation. "Our scanning system wasn't intended to support this style of notation. Why, then, were we being bombarded with so many ASCII tab ChatGPT screenshots? I was mystified for weeks -- until I messed around with ChatGPT myself." That's how he saw ChatGPT telling people they could hear this music by opening a Soundslice account and uploading the image of the chat session. Only, they couldn't. Uploading those images wouldn't translate the ASCII tab into audio notes. He was struck with a new problem. "The main cost was reputational: New Soundslice users were going in with a false expectation. They'd been confidently told we would do something that we don't actually do," he described to TechCrunch. He and his team discussed their options: Slap disclaimers all over the site about it -- "No, we can't turn a ChatGPT session into hearable music" -- or build that feature into the scanner, even though he had never before considered supporting that offbeat musical notation system. He opted to build the feature. "My feelings on this are conflicted. I'm happy to add a tool that helps people. But I feel like our hand was forced in a weird way. Should we really be developing features in response to misinformation?" he wrote.

Read more of this story at Slashdot.

An anonymous reader quotes a report from VentureBeat: Hugging Face, the $4.5 billion artificial intelligence platform that has become the GitHub of machine learning, announced Tuesday the launch of Reachy Mini, a $299 desktop robot designed to bring AI-powered robotics to millions of developers worldwide. The 11-inch humanoid companion represents the company's boldest move yet to democratize robotics development and challenge the industry's traditional closed-source, high-cost model. The announcement comes as Hugging Face crosses a significant milestone of 10 million AI builders using its platform, with CEO Clement Delangue revealing in an exclusive interview that "more and more of them are building in relation to robotics." The compact robot, which can sit on any desk next to a laptop, addresses what Delangue calls a fundamental barrier in robotics development: accessibility. "One of the challenges with robotics is that you know you can't just build on your laptop. You need to have some sort of robotics partner to help in your building, and most people won't be able to buy $70,000 robots," Delangue explained, referring to traditional industrial robotics systems and even newer humanoid robots like Tesla's Optimus, which is expected to cost $20,000-$30,000. Reachy Mini emerges from Hugging Face's April acquisition of French robotics startup Pollen Robotics, marking the company's most significant hardware expansion since its founding. The robot represents the first consumer product to integrate natively with the Hugging Face Hub, allowing developers to access thousands of pre-built AI models and share robotics applications through the platform's "Spaces" feature. [...] Reachy Mini packs sophisticated capabilities into its compact form factor. The robot features six degrees of freedom in its moving head, full body rotation, animated antennas, a wide-angle camera, multiple microphones, and a 5-watt speaker. The wireless version includes a Raspberry Pi 5 computer and battery, making it fully autonomous. The robot ships as a DIY kit and can be programmed in Python, with JavaScript and Scratch support planned. Pre-installed demonstration applications include face and hand tracking, smart companion features, and dancing moves. Developers can create and share new applications through Hugging Face's Spaces platform, potentially creating what Delangue envisions as "thousands, tens of thousands, millions of apps." Reachy Mini's $299 price point could significantly transform robotics education and research. "Universities, coding bootcamps, and individual learners could use the platform to explore robotics concepts without requiring expensive laboratory equipment," reports VentureBeat. "The open-source nature enables educational institutions to modify hardware and software to suit specific curricula. Students could progress from basic programming exercises to sophisticated AI applications using the same platform, potentially accelerating robotics education and workforce development." "... For the first time, a major AI platform is betting that the future of robotics belongs not in corporate research labs, but in the hands of millions of individual developers armed with affordable, open-source tools."

Read more of this story at Slashdot.

IKEA is relaunching its smart home line with over 20 new Matter-over-Thread devices that will work across ecosystems such as Apple Home and Amazon Alexa, with or without IKEA's own hub. This marks a major shift toward openness, affordability, and interoperability, and positions IKEA as one of the first major retailers to bring Matter to the mainstream while maintaining backward compatibility with Zigbee products. The Verge reports: We don't have a lot of details on the over 20 new devices coming next year, but [David Granath of IKEA of Sweden] confirmed that they are replacing existing functions. So, new smart bulbs, plugs, sensors, remotes, buttons, and air-quality devices, including temperature and humidity monitors. They will also come with a new design. Although "not necessarily what's been leaked," says Granath, referring to images of the Bilresa Dual Button that appeared earlier this year. He did confirm that some new product categories will arrive in January, with more to follow in April and beyond, including potentially Matter-over-Wi-Fi products. Pricing will be comparable to or lower than that of previous products, which start under $10. "Affordability remains a key priority for us." "The premium to make a product smart is not that high anymore, so you can expect new product types and form factors coming," he says. "Matter unlocks interoperability, ease of use, and affordability for us. The standardization process means more companies are sharing the workload of developing for this." Despite the move away from Zigbee, IKEA is keeping Zigbee's Touchlink functionality. This point-to-point protocol allows devices to be paired directly to each other and work together out of the box, without an app or hub -- such as the bulb and remote bundles IKEA sells. This means older Zigbee remotes can control the newer Thread bulbs and vice versa, retaining backward compatibility with its Tradfri line. "Touchlink and Matter will coexist in new products," says Granath. "It's still very important for IKEA -- not everyone wants an app or hub." Interestingly, IKEA's new Matter-over-Thread products will also work without the IKEA hub or app, as they can be set up directly in any compatible Matter smart home ecosystem, such as Apple Home, Amazon Alexa, Google Home, Samsung SmartThings, Home Assistant, and others.

Read more of this story at Slashdot.