An anonymous reader shares a report: The keyboard company Qwertykeys has temporarily halted all shipments to the United States in response to President Trump's tariffs on Chinese goods going into effect. The company says it's working on ways to mitigate shipping costs and that the tariffs have made it so that "all keyboards from China to the U.S. are now subject to 45% tariffs at full value." "We are closely watching the progress of the situation and really hope that there is something else we can do other than bumping the price up," the company wrote in a comment on Reddit. Qwertykeys says that its delivery partner, DHL, "now requires prepayment of 50% of the declared product value as a tariff deposit, plus a $21 processing fee per package." That would drastically raise prices for customers in the US, something Qwertykeys says is "unsustainable for both our business and customers."

Read more of this story at Slashdot.

Scientists have grown tooth-like structures using a combination of pig and human cells, marking a step toward potential alternatives to dental implants, researchers at Tufts University School of Dental Medicine reported. The team, led by Pamela Yelick and Weibo Zhang, cultivated the structures by seeding cells into pig tooth scaffolds and implanting them in mini pigs' jaws. After two months, the bioengineered teeth developed hard tissue layers similar to natural teeth, including dentin and cementum. While not yet fully formed teeth, the structures could eventually lead to living replacements for lost teeth, addressing limitations of current titanium implants.

Read more of this story at Slashdot.

DeepSeek's AI app will highly likely face a US consumer ban after topping download charts on Apple's App Store and Google Play, according to analysts at US investment bank Jefferies. The US federal government, Navy and Texas have already banned the app, and analysts expect broader restrictions using legislation similar to that targeting TikTok. While consumer access may be blocked, US developers could still be allowed to self-host DeepSeek's model to eliminate security risks, the analysts added. Even if completely banned, DeepSeek's impact on pushing down AI costs will persist as US companies work to replicate its technology, Jefferies said in a report this week reviewed by Slashdot. The app's pricing advantage remains significant, with OpenAI's latest o3-mini model still costing 100% more than DeepSeek's R1 despite being 63% cheaper than o1-mini. The potential ban comes amid broader US-China tech tensions. While restrictions on H20 chips appear unlikely given their limited training capabilities, analysts expect the Biden administration's AI diffusion policies to remain largely intact under Trump, with some quota increases possible for overseas markets based on their AI activity levels.

Read more of this story at Slashdot.

AMD will launch its new Radeon RX 9070-series graphics cards in March 2025, promising "high-quality gaming to mainstream players" amid struggling sales. The company's gaming division reported $563 million in Q4 2024 revenue, down 59% year-over-year. The new cards will target the same market segment as Nvidia's RTX 4070 Ti ($799) and 4070 Super ($599), featuring a 4nm TSMC manufacturing process, ML-enhanced FSR 4 upscaling, and next-generation ray-tracing accelerators. Steam Hardware Survey shows AMD's current RX 7000-series cards have minimal market presence, with only the 7900 XTX and 7700 XT registering on the list. Industry research indicates AMD sells approximately one GPU for every seven or eight sold by Nvidia. The launch timing could be opportune, as Nvidia's upcoming RTX 5070 features fewer CUDA cores than the RTX 4070 Super it replaces.

Read more of this story at Slashdot.

AI researchers at Stanford and the University of Washington were able to train an AI "reasoning" model for under $50 in cloud compute credits, according to a research paper. From a report: The model, known as s1, performs similarly to cutting-edge reasoning models, such as OpenAI's o1 and DeepSeek's R1, on tests measuring math and coding abilities. The s1 model is available on GitHub, along with the data and code used to train it. The team behind s1 said they started with an off-the-shelf base model, then fine-tuned it through distillation, a process to extract the "reasoning" capabilities from another AI model by training on its answers. The researchers said s1 is distilled from one of Google's reasoning models, Gemini 2.0 Flash Thinking Experimental. Distillation is the same approach Berkeley researchers used to create an AI reasoning model for around $450 last month.

Read more of this story at Slashdot.

Joseph Firmage, a former Silicon Valley prodigy who built a $2.5 billion web services company in the 1990s, is now being sued by investors who claim he defrauded them through an alleged antigravity machine scheme. In 1998, at the height of his success as CEO of USWeb, Firmage claimed an alien appeared in his bedroom, derailing his corporate career. He then spent decades pursuing UFO research and attempting to develop antigravity propulsion technology, raising millions from investors. Court documents allege Firmage and associates are responsible for roughly $25 million in losses through various companies and schemes. Some investors say he used elaborate ruses, including people impersonating government officials, to solicit funds. Firmage, currently in jail on elder abuse charges, maintains he was actually the victim of international scammers who exploited his access to investors.

Read more of this story at Slashdot.

In 2022, writer and activist Cory Doctorow coined the term "enshittification" to describe the gradual deterioration of a service or product. The term's prevalence has increased to the point that it was the National Dictionary of Australia's word of the year last year. The editors at Ars Technica, having "covered a lot of things that have been enshittified," decided to highlight some of the worst examples the've come across. Here's a summary of each thing mentioned in their report: Smart TVs: Evolved into data-collecting billboards, prioritizing advertising and user tracking over user experience and privacy. Features like convenient input buttons are sacrificed for pushing ads and webOS apps. "This is all likely to get worse as TV companies target software, tracking, and ad sales as ways to monetize customers after their TV purchases -- even at the cost of customer convenience and privacy," writes Scharon Harding. "When budget brands like Roku are selling TV sets at a loss, you know something's up." Google's Voice Assistant (e.g., Nest Hubs): Functionality has degraded over time, with previously working features becoming unreliable. Users report frequent misunderstandings and unresponsiveness. "I'm fine just saying it now: Google Assistant is worse now than it was soon after it started," writes Kevin Purdy. "Even if Google is turning its entire supertanker toward AI now, it's not clear why 'Start my morning routine,' 'Turn on the garage lights,' and 'Set an alarm for 8 pm' had to suffer." Portable Document Format (PDF): While initially useful for cross-platform document sharing and preserving formatting, PDFs have become bloated and problematic. Copying text, especially from academic journals, is often garbled or impossible. "Apple, which had given the PDF a reprieve, has now killed its main selling point," writes John Timmer. "Because Apple has added OCR to the MacOS image display system, I can get more reliable results by screenshotting the PDF and then copying the text out of that. This is the true mark of its enshittification: I now wish the journals would just give me a giant PNG." Televised Sports (specifically cycling and Formula 1): Streaming services have consolidated, leading to significantly increased costs for viewers. Previously affordable and comprehensive options have been replaced by expensive bundles across multiple platforms. "Formula 1 racing has largely gone behind paywalls, and viewership is down significantly over the last 15 years," writes Eric Berger. "Major US sports such as professional and college football had largely been exempt, but even that is now changing, with NFL games being shown on Peacock, Amazon Prime, and Netflix. None of this helps viewers. It enshittifies the experience for us in the name of corporate greed." Google Search: AI overviews often bury relevant search results under lengthy, sometimes inaccurate AI-generated content. This makes finding specific information, especially primary source documents, more difficult. "Google, like many big tech companies, expects AI to revolutionize search and is seemingly intent on ignoring any criticism of that idea," writes Ashley Belanger. Email AI Tools (e.g., Gemini in Gmail): Intrusive and difficult to disable, these tools offer questionable value due to their potential for factual inaccuracies. Users report being unable to fully opt-out. "Gmail won't take no for an answer," writes Dan Goodin. "It keeps asking me if I want to use Google's Gemini AI tool to summarize emails or draft responses. As the disclaimer at the bottom of the Gemini tool indicates, I can't count on the output being factual, so no, I definitely don't want it." Windows: While many complaints about Windows 11 originated with Windows 10, the newer version continues the trend of unwanted features, forced updates, and telemetry data collection. Bugs and performance issues also plague the operating system. "... it sure is easy to resent Windows 11 these days, between the well-documented annoyances, the constant drumbeat of AI stuff (some of it gated to pricey new PCs), and a batch of weird bugs that mostly seem to be related to the under-the-hood overhauls in October's Windows 11 24H2 update," writes Andrew Cunningham. "That list includes broken updates for some users, inoperable scanners, and a few unplayable games. With every release, the list of things you need to do to get rid of and turn off the most annoying stuff gets a little longer." Web Discourse: The rapid spread of memes, trends, and corporate jargon on social media has led to a homogenization of online communication, making it difficult to distinguish original content and creating a sense of constant noise. "[T]he enshittifcation of social media, particularly due to its speed and virality, has led to millions vying for their moment in the sun, and all I see is a constant glare that makes everything look indistinguishable," writes Jacob May. "No wonder some companies think AI is the future."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Down an easy-to-miss turnoff on the A48 just outside Chepstow on the Welsh border, the gentle rumble of trucks, cranes and people at work mixes with birdsong in what is an otherwise peaceful rural setting. It is a crisp and sunny winter morning when I visit and, at first glance, the site appears to be little more than prefab containers and a car park. Yet, behind the scenes a group of men and women with expertise in diving, marine biology, technology, finance, construction and manufacturing are building something extraordinary. They have come together with a single mission statement: to make humans aquatic. Their project is called Deep (not The Deep) and the site was chosen after a global search for the perfect location to build and test underwater accommodation, which the project founders say will enable them to establish a "permanent human presence" under the sea from 2027. So far, so crazy sounding. Yet Deep is funded by a single anonymous private investor with deep pockets who wants to put hundreds of millions of pounds (if not more) into a project that will "increase understanding of the ocean and its critical role for humanity," according to a Deep spokesperson. Its leadership team remains tight-lipped not only about the amount (they will only say it is substantially more than the 100 million pounds being invested into the Deep campus near Chepstow), but also about the investor's identity. Whoever is behind it, the size of the investment means that an ambitious-sounding idea appears to be swiftly becoming a reality. [...] Mike Shackleford, Deep's chief operating officer, explains the thought process behind the project. "Back in the 1950s and 60s, there was a space race and an ocean race going on, and space won out. Space is tough to get to, but once you're up there, it's a relatively benign environment." The ocean is the opposite: it's fairly easy to get to the bottom, but once you're down there, "basically, everything wants to kill you," he jokes. "Yet, just about every oceanographer I've met says, 'You'd be shocked at how little we know about the ocean,'" Shackleford tells me. "So somebody has got to take those first steps to try to build some of the technology that will allow us to go down and study the ocean in situ." The idea of Deep's sentinels is that, initially, people will be able to stay inside for up to 28 days at a time -- though the hope is that this could one day be extended to months ... and beyond. "The goal is to live in the ocean, for ever. To have permanent human settlements in all oceans across the world," says Shackleford.

Read more of this story at Slashdot.

A new study reveals that two Grand Canyon-sized valleys were formed in less than 10 minutes by "floods of rocks traveling as fast as bullets," reports Space.com. From the report: Scientists analyzed the lunar canyons, named Vallis Schrodinger and Vallis Planck, to find that these huge valleys measure 167 miles long (270 kilometers) and nearly 1.7 miles (2.7 km) deep, and 174 miles long (280 km) and nearly 2.2 miles deep (3.5 km), respectively. In comparison, the Grand Canyon is 277 miles long (446 km) and is, at most, about 1.2 miles deep (1.9 km), the researchers noted. [...] This pair of lunar canyons represents two of many valleys radiating out from Schrodinger basin, a crater about 200 miles wide (320 km) that was blasted out of the lunar crust by a cosmic impact about 3.81 billion years ago. This structure is located in the outer margin of the moon's largest and oldest remaining impact crater, the South Pole-Aitken basin, which measures about 1,490 miles wide (2,400 km) and dates about 4.2 billion to 4.3 billion years old. [...] The scientists estimate that rocky debris flew out from the impact at speeds between 2,125 to 2,860 miles per hour (3,420 to 4,600 km/h). In comparison, a bullet from a 9mm Luger handgun might fly at speeds of about 1,360 mph (2,200 km/h). The researchers suggest the energy needed to create both of these canyons would have been more than 130 times the energy in the current global inventory of nuclear weapons. "The lunar canyons we describe are produced by streams of rock, whereas the Grand Canyon was produced by a river of water," [said David Kring, a geologist at the Lunar and Planetary Institute of the Universities Space Research Association]. "The streams of rock were far more energetic than the river of water, which is why the lunar canyons were produced in minutes and the Grand Canyon produced over millions of years." The findings have been published in the journal Nature.

Read more of this story at Slashdot.

Let's Encrypt will stop sending expiration notice emails for its free HTTPS certificates starting June 4, 2025. From the report: Let's Encrypt is ending automated emails for four stated reasons, and all of them are pretty sensible. For one thing, lots of customers have been able to automate their certificate renewal. For another, providing the expiration notices costs "tens of thousands of dollars per year" and adds complexity to the nonprofit's infrastructure as they are looking to add new and more useful services. If those were not enough, there is this particularly notable reason: "Providing expiration notification emails means that we have to retain millions of email addresses connected to issuance records. As an organization that values privacy, removing this requirement is important to us." Let's Encrypt recommends using Red Sift Certificates Lite to monitor certificate expirations, a service that is free for up to 250 certificates. The service also points to other options, including Datadog SSL monitoring and TrackSSL.

Read more of this story at Slashdot.

Disney+ lost 700,000 subscribers in the last quarter of 2024, largely due to price hikes and expiring promotions. Despite the decline, Disney's overall streaming business remained profitable, boosted by strong box office results from Moana 2 and Hulu's 1.6 million added subscribers. IndieWire reports: Not counting Disney+ Hotstar, the cheap Disney+ service in India, Disney+ now has 124.6 million subs. ESPN+ also lost 700,000 subs in the period. Hulu was the streaming highlight, adding 1.6 million subscribers; it now has 53.6 million. All told, the company's streaming business was profitable for its third-straight quarter. So it wasn't all bad -- or unexpected. "Our results this quarter demonstrate Disney's creative and financial strength as we advanced the strategic initiatives set in motion over the past two years," said Disney CEO Bob Iger. "In fiscal Q1 we saw outstanding box office performance from our studios, which had the top three movies of 2024; we further improved the profitability of our Entertainment DTC streaming businesses; we took an important step to advance ESPN's digital strategy by adding an ESPN tile on Disney+; and our Experiences segment demonstrated its enduring appeal as we continue investing strategically across the globe. Overall, this quarter proved to be a strong start to the fiscal year, and we remain confident in our strategy for continued growth."

Read more of this story at Slashdot.

The Register's Thomas Claburn reports: Oracle this week asked the US Patent and Trademark Office (USPTO) to partially dismiss a challenge to its JavaScript trademark. The move has been criticized as an attempt to either stall or water down legal action against the database goliath over the programming language's name. Deno Land, the outfit behind the Deno JavaScript runtime, filed a petition with the USPTO back in November in an effort to make the trademarked term available to the JavaScript community. This legal effort is led by Node.js creator and Deno Land CEO Ryan Dahl, summarized on the JavaScript.tm website, and supported by more than 16,000 members of the JavaScript community. It aims to remove the fear of an Oracle lawsuit for using the term "JavaScript" in a conference title or business venture. "Programmers working with JavaScript have formed innumerable community organizations," the website explains. "These organizations, like the standards bodies, have been forced to painstakingly avoid naming the programming language they are built around -- for example, JSConf. Sadly, without risking a legal trademark challenge against Oracle, there can be no 'JavaScript Conference' nor a 'JavaScript Specification.' The world's most popular programming language cannot even have a conference in its name." [...] In the initial trademark complaint, Deno Land makes three arguments to invalidate Oracle's ownership of "JavaScript." The biz claims that JavaScript has become a generic term; that Oracle committed fraud in 2019 when it applied to renew its trademark; and that Oracle has abandoned its trademark because it does not offer JavaScript products or services. Oracle's motion on Monday focuses on the dismissal of the fraud claim, while arguing that it expects to prevail on the other two claims, citing corporate use of the trademarked term "in connection with a variety of offerings, including its JavaScript Extension Toolkit as well as developer's guides and educational resources, and also that relevant consumers do not perceive JavaScript as a generic term." The fraud claim follows from Deno Land's assertion that the material Oracle submitted in support of its trademark renewal application has nothing to do with any Oracle product. "Oracle, through its attorney, submitted specimens showing screen captures of the Node.js website, a project created by Ryan Dahl, Petitioner's Chief Executive Officer," the trademark cancellation petition says. "Node.js is not affiliated with Oracle, and the use of screen captures of the 'nodejs.org' website as a specimen did not show any use of the mark by Oracle or on behalf of Oracle." Oracle contends that in fact it submitted two specimens to the USPTO -- a screenshot from the Node.js website and another from its own Oracle JavaScript Extension Toolkit. And this, among other reasons, invalidates the fraud claim, Big Red's attorneys contend. "Where, as here, Registrant 'provided the USPTO with [two specimens]' at least one of which shows use of the mark in commerce, Petitioner cannot plausibly allege that the inclusion of a second, purportedly defective specimen, was material," Oracle's motion argues, adding that no evidence of fraudulent intent has been presented. Beyond asking the court to toss the fraud claim, Oracle has requested an additional thirty days to respond to the other two claims.

Read more of this story at Slashdot.

During the fourth quarter of 2024, AMD surpassed Intel in datacenter sales for the first time in history -- despite weaker-than-expected sales of its datacenter GPUs. Tom's Hardware reports: AMD's revenue in Q4 2024 totaled $7.658 billion, up 24% year-over-year. The company's gross margin hit 51%, whereas net income was $482 million. On the year basis, 2024 was AMD's best year ever as the company's revenue reached $25.8 billion, up 14% year-over-year. The company earned net income of $1.641 billion as its gross margin hit 49%. But while the company's annual results are impressive, there is something about Q4 results that AMD should be proud of. Datacenter business was the company's primary source of earnings, with net revenue reaching record $3.86 billion in Q4, marking a 69% year-over-year (YoY) increase and a 9% quarter-over-quarter (QoQ) rise. Operating income also saw substantial improvement, surging 74% YoY to $1.16 billion. By contrast, Intel's datacenter and AI business unit posted $3.4 billion revenue, while its operating income reached $200 million. But while the quarter marked a milestone for AMD, market analysts expected AMD to sell more of its Instinct MI300-series GPUs for AI and HPC. You can view AMD's 2024 financial results here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek. In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. [...] The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom. The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. "It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it," said Ivan Tsarynny, CEO of Feroot. "It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke," Tsarynny said. Further reading: Senator Hawley Proposes Jail Time For People Who Download DeepSeek

Read more of this story at Slashdot.

Google aims to release commercial quantum computing applications within five years, challenging Nvidia's prediction of a 20-year timeline. "We're optimistic that within five years we'll see real-world applications that are possible only on quantum computers," founder and lead of Google Quantum AI Hartmut Neven said in a statement. Reuters reports: Real-world applications Google has discussed are related to materials science - applications such as building superior batteries for electric cars - creating new drugs and potentially new energy alternatives. [...] Google has been working on its quantum computing program since 2012 and has designed and built several quantum chips. By using quantum processors, Google said it had managed to solve a computing problem in minutes that would take a classical computer more time than the history of the universe. Google's quantum computing scientists announced another step on the path to real world applications within five years on Wednesday. In a paper published in the scientific journal Nature, the scientists said they had discovered a new approach to quantum simulation, which is a step on the path to achieving Google's objective.

Read more of this story at Slashdot.

Longtime Slashdot reader AmiMoJo shares a report from the BBC: Banning phones in schools is not linked to pupils getting higher grades or having better mental wellbeing, the first study of its kind suggests. Students' sleep, classroom behavior, exercise or how long they spend on their phones overall also seems to be no different for schools with phone bans and schools without, the academics found. But they did find that spending longer on smartphones and social media in general was linked with worse results for all of those measures. The first study in the world to look at school phone rules alongside measures of pupil health and education feeds into a fierce debate that has played out in homes and schools in recent years. [...] The University of Birmingham's findings, peer-reviewed and published by the Lancet's journal for European health policy, compared 1,227 students and the rules their 30 different secondary schools had for smartphone use at break and lunchtimes. The schools were chosen from a sample of 1,341 mainstream state schools in England. The paper says schools restricting smartphone use did not seem to be seeing their intended improvements on health, wellbeing and focus in lessons. However, the research did find a link between more time on phones and social media, and worse mental wellbeing and mental health, less physical activity, poorer sleep, lower grades and more disruptive classroom behavior. The study used the internationally recognized Warwick-Edinburgh Mental Wellbeing Scales to determine participants' wellbeing. It also looked at students' anxiety and depression levels. Dr Victoria Goodyear, the study's lead author, told the BBC the findings were not "against" smartphone bans in schools, but "what we're suggesting is that those bans in isolation are not enough to tackle the negative impacts." She said the "focus" now needed to be on reducing how much time students spent on their phones, adding: "We need to do more than just ban phones in schools."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Robocallers posing as employees of the Federal Communications Commission made the mistake of trying to scam real employees of the FCC, the FCC announced yesterday. "On the night of February 6, 2024, and continuing into the morning of February 7, 2024, over a dozen FCC staff and some of their family members reported receiving calls on their personal and work telephone numbers," the FCC said. The calls used an artificial voice that said, "Hello [first name of recipient] you are receiving an automated call from the Federal Communications Commission notifying you the Fraud Prevention Team would like to speak with you. If you are available to speak now please press one. If you prefer to schedule a call back please press two." You may not be surprised to learn that the FCC does not have any "Fraud Prevention Team" like the one mentioned in the robocalls, and especially not one that demands Google gift cards in lieu of jail time. "The FCC's Enforcement Bureau believes the purpose of the calls was to threaten, intimidate, and defraud," the agency said. "One recipient of an imposter call reported that they were ultimately connected to someone who 'demand[ed] that [they] pay the FCC $1,000 in Google gift cards to avoid jail time for [their] crimes against the state.'" The FCC said it does not "publish or otherwise share staff personal phone numbers" and that it "remains unclear how these individuals were targeted." Obviously, robocallers posing as FCC employees probably wouldn't intentionally place scam calls to real FCC employees. But FCC employees are just as likely to get robocalls as anyone else. This set of schemers apparently only made about 1,800 calls before their calling accounts were terminated. The FCC described the scheme yesterday when it announced a proposed fine of $4,492,500 against Telnyx, the voice service provider accused of carrying the robocalls. The FCC alleges that Telnyx violated "Know Your Customer (KYC)" rules by providing access to calling services without verifying the customers' identities. When contacted by Ars today, Telnyx denied the FCC's allegations and said it will contest the proposed fine.

Read more of this story at Slashdot.

Workday is cutting about 8.5% of its workforce, making it the latest technology company to begin 2025 with headcount reductions. From a report: The cuts will amount to about 1,750 workers, Chief Executive Officer Carl Eschenbach wrote in a note to employees Wednesday. "The environment we're operating in today demands a new approach, particularly given our size and scale," he wrote. Workday intends to hire in strategic areas such as AI, allow faster decision-making, and take on more people overseas, Eschenbach wrote. This will advance the company's "ongoing focus on durable growth," Workday said in a filing Wednesday. Shares of Workday jumped more than 5% on the news.

Read more of this story at Slashdot.

Kaspersky researchers have discovered malware hiding in both Google Play and Apple's App Store that uses optical character recognition to steal cryptocurrency wallet recovery phrases from users' photo galleries. Dubbed "SparkCat" by security firm ESET, the malware was embedded in several messaging and food delivery apps, with the infected Google Play apps accumulating over 242,000 downloads combined. This marks the first known instance of such OCR-based spyware making it into Apple's App Store. The malware, active since March 2024, masquerades as an analytics SDK called "Spark" and leverages Google's ML Kit library to scan users' photos for wallet recovery phrases in multiple languages. It requests gallery access under the guise of allowing users to attach images to support chat messages. When granted access, it searches for specific keywords related to crypto wallets and uploads matching images to attacker-controlled servers. The researchers found both Android and iOS variants using similar techniques, with the iOS version being particularly notable as it circumvented Apple's typically stringent app review process. The malware's creators appear to be Chinese-speaking actors based on code comments and server error messages, though definitive attribution remains unclear.

Read more of this story at Slashdot.

Software developer and prolific blogger Herman Ounapuu, writing in a blog post: I liked Ubuntu. For a very long time, it was the sensible default option. Around 2016, I used the Ubuntu GNOME flavor, and after they ditched the Unity desktop environment, GNOME became the default option. I was really happy with it, both for work and personal computing needs. Estonian ID card software was also officially supported on Ubuntu, which made Ubuntu a good choice for family members. But then something changed. Ounapuu recounts how Ubuntu's bi-annual long-term support releases consistently broke functionality, from minor interface glitches to catastrophic system failures that left computers unresponsive. His breaking point came after multiple problematic upgrades affecting family members' computers, including one that rendered a laptop completely unusable during an upgrade from Ubuntu 20.04 to 22.04. Another incident left a relative's system with broken Firefox shortcuts and duplicate status bar icons after updating Lubuntu 18.04. Canonical's aggressive push of Snap packages has drawn particular criticism. The forced migration of system components from traditional Debian packages to Snaps resulted in compatibility issues, broken desktop shortcuts, and government ID card authentication failures. In one instance, he writes, a Snap-related bug in the GNOME desktop environment severely disrupted workplace productivity, requiring multiple system restarts to resolve. The author has since switched to Fedora, praising its implementation of Flatpak as a superior alternative to Snaps.

Read more of this story at Slashdot.