Aggregator

An anonymous reader quotes a report from the Associated Press: As artificial intelligence companies reshape the economy and race toward trillion-dollar valuations, Sen. Bernie Sanders is proposing a sweeping transfer of wealth and power from the industry to the American public. The legislation, shown first to The Associated Press, would create a sovereign wealth fund overseen by an independent commission and financed through a one-time 50% tax on the stock of the largest AI companies. Sanders estimates that the tax would create a nearly $7 trillion fund that would generate hundreds of billions of dollars annually in direct payments to Americans and programs such as health care, education and housing. [...] The 50% tax would apply to AI companies that reach $200 million in annual AI sales. Any new AI company that reaches that benchmark would also be subject to the tax. It would create a sovereign wealth fund -- similar to those used by countries around the world and some U.S. states -- that Sanders estimates would be worth around $7 trillion. Unlike a traditional tax, the proposal would require companies to transfer stock rather than cash, effectively making the American public a major shareholder in the country's largest AI firms. A seven-person independent commission -- nominated by the president and confirmed by the Senate -- would manage the fund and use its voting shares "to block decisions that hurt the American people and to push for policies that help them," the bill summary says. Sanders proposes that a 5% annual dividend from the fund would provide direct payments of more than $1,000 to every American. If companies grow, the gains would be used for public goods such as education, housing and health care. Sanders argues taxpayers would not bear the losses if AI company valuations decline. "We're not going to lose any money, even if there is a bust in the bubble," Sanders said. The commission would be directed to "to block decisions that hurt the American people and to push for policies that help them," according to the summary. "The benefits cannot simply go to the handful of wealthy corporations. They will be shared by the American people," the independent Vermont senator said in an interview Wednesday. "The public has got to have a significant seat at the table to make sure that terrible things do not happen to ordinary people, and that in fact, AI benefits ordinary people, not hurts them," Sanders said.

Read more of this story at Slashdot.

Apple is allowing iPhone developers in Brazil to distribute apps through authorized alternative marketplaces and use third-party payment systems following action by the country's competition regulator. "In other words, developers in Brazil will be able to circumvent the App Store and Apple's in-app purchase system, but there are still fees," reports MacRumors. Apple will collect commissions ranging from 5% on externally distributed apps to as much as 26% for some App Store transactions using its payment system. From the report: Alternative app marketplaces will have to be authorized by Apple and will need to meet ongoing requirements. For apps that are still distributed through the App Store, developers will be able to include an alternative payment processing method in their app and/or link users to a website to complete a transaction. These changes are available on iOS 26.5 and later, and they are the result of regulatory action from Brazil's competition regulator. Apple has added a new page on its website with additional details for developers in Brazil. Apple said these changes introduce privacy and security risks for users, including children. The company has introduced safeguards to mitigate these risks, including a notarization process for iOS apps, an authorization process for app marketplaces, and limitations on external links and alternative payments for users under the age of 18. Apple has already allowed alternative app stores and/or third-party payment systems on iOS in the EU, Japan, and South Korea, and it will likely be forced to do so in the UK and Australia too, due to similar regulations in those countries.

Read more of this story at Slashdot.

The underlying technology is real...and borrowed from a partner the company failed to mention

Google has begun rolling out Android 17, the June Pixel Feature Drop, and Wear OS 7 simultaneously across supported Pixel phones and watches. Highlights include floating app bubbles, improved foldable multitasking and gaming, tighter location and contact permissions, stronger lost-device protections, new Pixel AI tools, and up to 10% better Pixel Watch battery life. PhoneArena reports: Pixel owners are the clear winners, since everything here reaches Pixel first and a lot of it goes back to the Pixel 6. Fold owners get the most toys, with the Bubble Bar and foldable gaming mode built for the big screen. Watch wearers get the quietly important upgrade. Better battery and Live Updates make an everyday wearable easier to rely on, especially if you keep it on overnight. Google's latest Pixel Drop combines several AI-powered tools with a broader slate of Android 17 upgrades. Pixel owners gain Lyria 3 for generating music from text or images, Gemini Omni for creating custom video clips, enhanced call translation and screening, AirDrop-compatible Quick Share, expanded Magic Cue support, and conversational photo editing. Android 17 builds on those additions with floating app Bubbles, selfie-camera Screen Reactions, and a split-screen gaming mode for foldables, while also strengthening privacy and security with more granular location and contact permissions, improved lost-device protection, tighter PIN-guessing limits, and enhanced threat detection. Other additions include expanded parental controls, separate assistant volume and app memory settings, and an option to hide app names for greater privacy. You can read more about everything new in Android 17 in Google's blog post.

Read more of this story at Slashdot.

This will enable users on Fedora to finally be able to use a full Btrfs disk configuration without custom work outside of the installer. It will also help with improving the safety of software updates for those using Btrfs by having the system configured to automatically generate full system snapshots and boot entries for those snapshots for rescue/recovery purposes. In addition, this will enable future work on interesting custom alternative approaches for producing appliances (such as appliances built so that they receive updates via btrfs send/receive atomically and re-root) without unusual tooling.Targeted release: Fedora 45

Overnight Valve released SteamOS 3.8.10 into the stable channel. for succeeding SteamOS 3.7. There's a lot happening across the board to their in-house Linux platform for the likes of the Steam Deck and upcoming Steam Machine hardware...

Ed's note to Corey: Blink once if you're safe, twice if you're in danger

Security researcher Justin O'Leary says Google initially accepted his Config Connector privilege-escalation report as a high-priority, high-severity bug, then denied a bounty by declaring the behavior "working as intended." According to The Register, a Google rep initially praised O'Leary's report with a "Nice catch!" before the cloud giant reversed course, declaring that no vulnerability existed and therefore no fix or reward was warranted. "The bug report, however, is still marked high-priority and accepted," the publication notes. The alleged flaw, dubbed ConfigConfusion, could let a Kubernetes namespace user exploit an overprivileged service account to become a GCP organization owner with only a few lines of YAML and little apparent audit visibility. O'Leary details the incident in a blog post. The Register reports: According to O'Leary, Config Connector doesn't perform an authorization check, and this allows any Config Connector service account with org-level permissions to bypass Identity and Access Management (IAM) authorization and gain the highest level of control (roles/owner) to an entire GCP Organization -- the root node of all of a company's resources within Google Cloud. On March 27, a Google security engineer accepted O'Leary's report and told him: "Nice catch!" The employee said that they filed a bug based on O'Leary's report with the relevant product team and assured him the Chocolate Factory's security squad would work with relevant Google Cloud people to fix the flaw. "We'll work with the product team to ensure this issue is address. We'll let you know when the issue was fixed," the engineer said. "In the meantime, review the payment option selected in your bughunters.google.com profile." Google assigned the bug P1 priority and S1 severity, signifying a flaw worthy of urgent repair because it affects a large percentage of users and can disrupt core organizational functions. "I figured that was the end of that," O'Leary said in a phone interview with The Register. Eleven days later, on April 7, he received a new message from a Google Security Bot reversing the earlier decision. The Reg viewed the email, and O'Leary included a screenshot in his Thursday writeup. The message said that the Cloud Vulnerability Reward Program panel decided that the "security impact of this issue does not meet the criteria to qualify for a reward." After reviewing the bug report, Google determined the software "is working as intended," the message continued. It also noted that the program's decision not to pay a bounty "does not mean that the product team won't fix the issue." Nearly three months later, the case remains P1/S1 with the status "in progress (accepted)." Google hasn't assigned a CVE or issued a fix. O'Leary didn't receive any reward for his research. [...] "This is a pattern," O'Leary told [The Register]. "This is just how these trillion-dollar companies deal with people like me. In my day job, we use GKE, and it's incredibly frustrating on my end, when I find a critical vulnerability in the system that's being widely used, and I can't even get the vendor to patch their own stuff." A Google spokesperson told The Register: "The issue reported does not qualify for a reward because the GCP IAM authorization bypass is only exploitable if an attacker has access to a Config Connector Service Account that's been granted the Organization Admin role by the organization (i.e., it is privileged). Additionally, an attacker would first need to gain entry to an organization's environment (e.g., an exposed container) in order to leverage the privileged Config Connector instance and execute commands with administrative authority, such as the IAM bypass. Granting this level of access to the Config Connector Service Account goes against Google Cloud's publicly shared best practices and the principle of least privilege."

Read more of this story at Slashdot.

Soaring PC prices make alternatives to hardware refreshes interesting

Bird-branded AI will ride on Stonking Stingray

An anonymous reader quotes a report from MacRumors: Apple is raising its prices to offset the high cost of memory and storage, CEO Tim Cook told The Wall Street Journal. Apple is no longer able to absorb the increased prices and will need to pass some of the cost on to consumers. "Unfortunately, price increases are unavoidable," said Cook. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable." Growing demand for memory and storage chips from AI companies has led to chip shortages and higher costs. The Wall Street Journal suggests Apple will need to increase device costs "substantially" to maintain its current profit margins given the cost of memory chips and SSDs. Research firm TechInsights claims Apple will need to make the iPhone 18 Pro around $270 more expensive to keep its existing profit margin. Apple is struggling more with memory chips, but storage chips are also an issue. "There's less supply at a time when consumers want devices and the memory guys are passing along huge price increases," Cook told The Wall Street Journal. Cook said Apple will use its cash to increase memory supply, but he did not give details on what that means. Apple does not plan to create its own memory and storage factories. "We can't do everything," Cook said. "We know what we're good at." Cook likened the memory shortages to a hundred-year flood. "I've never seen anything like it in any area in over 40 years," he said. Further reading: Smartphone Market To Shrink 15% This Year Due To Memory Crisis

Read more of this story at Slashdot.

Aeolus mission promises better Martian weather models, assuming Relativity Space can get its Terran R off the ground

EXCLUSIVE 'Working as intended' for the win … again

Longtime Slashdot reader schwit1 shares a report from PetaPixel: China dominates the consumer drone market, so it is perhaps surprising that it is no longer possible to fly or even purchase a drone in Beijing. The new law that passed last month makes it illegal to buy, rent, or fly a drone without prior approval from the authorities. Users must also complete an online training session and pass a test on drone regulations. Under the new rules, drone users are also not allowed to repair or replace their drones in Beijing. Not only that, but a drone in a repair shop must be picked up in-person, rather than sent back by delivery. The BBC reports that drones must now be registered before being brought into and out of the Chinese capital. "I have to apply for permission for each flight, which is very inconvenient," drone enthusiast Steven Wang tells CNN. "And starting this year, the wait time is getting longer, and the reasons for rejection are becoming more vague." Despite China being the birthplace of the consumer drone industry, it is increasingly difficult for hobbyists to fly there. Beijing authorities say that the rules are made to "strengthen the management of unmanned aerial vehicles" and "safeguard the security of the capital."

Read more of this story at Slashdot.

The open-source Lemonade AI server for "100% free and private" AI usage across Windows and Linux in leveraging AMD Ryzen AI NPUs, Radeon GPUs, and x86_64 CPUs, is now much more powerful with today's v10.8 release...

Yay 13.0 adds Lua hooks, PKGBUILD age visibility, and new automation tools following recent concerns over AUR package security.

Hybrid systems could bring efficiency gains at the edge, but conventional infrastructure isn't going anywhere fast

Plenty of new shiny in the service of improved usability

Sampling patients' breath may save lives and emergency room resources

Making software feel snappier when you only have 12 MB RAM