Hackers linked to China, Iran and other foreign governments are using new AI technology to bolster their cyberattacks against U.S. and global targets, according to U.S. officials and new security research. WSJ: In the past year, dozens of hacking groups in more than 20 countries turned to Google's Gemini chatbot to assist with malicious code writing, hunts for publicly known cyber vulnerabilities and research into organizations to target for attack, among other tasks, Google's cyber-threat experts said. While Western officials and security experts have warned for years about the potential malicious uses of AI, the findings released Wednesday from Google are some of the first to shed light on how exactly foreign adversaries are leveraging generative AI to boost their hacking prowess.

This week, the China-built AI platform DeepSeek upended international assumptions about how far along Beijing might be the AI arms race, creating global uncertainty about a technology that could revolutionize work, diplomacy and warfare. Expand article logo Continue reading Groups with known ties to China, Iran, Russia and North Korea all used Gemini to support hacking activity, the Google report said. They appeared to treat the platform more as a research assistant than a strategic asset, relying on it for tasks intended to boost productivity rather than to develop fearsome new hacking techniques. All four countries have generally denied U.S. hacking allegations.

Google has appealed a record $4.5 billion EU antitrust fine to the European Court of Justice, arguing that the European Commission's decision punished its innovation and imposed unfair penalties for agreements requiring pre-installation of its apps on Android devices. Reuters reports: Google's appeal to the Luxembourg-based Court of Justice of the European Union comes two years after a lower tribunal sided with the European Commission which said the company used its Android mobile operating system to quash rivals. The lower court trimmed the fine to 4.1 billion euros.

"Google does not contest or shy away from its responsibility under the law, but the Commission also has a responsibility when it runs investigations, when it seeks to reshape markets and second-guess pro-competitive business models, and when it imposes multi-billion-euro fines," Google lawyer Alfonso Lamadrid told the court. "In this case, the Commission failed to discharge its burden and its responsibility and, relying on multiple errors of law, punished Google for its superior merits, attractiveness and innovation," he said. The final ruling is expected in the coming months and cannot be appealed.

An anonymous reader quotes a report from Ars Technica: Apple-designed chips powering Macs, iPhones, and iPads contain two newly discovered vulnerabilities that leak credit card information, locations, and other sensitive data from the Chrome and Safari browsers as they visit sites such as iCloud Calendar, Google Maps, and Proton Mail. The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption. Both side channels are the result of the chips' use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program. [...]

The researchers published a list of mitigations they believe will address the vulnerabilities allowing both the FLOP and SLAP attacks. They said that Apple officials have indicated privately to them that they plan to release patches. In an email, an Apple representative declined to say if any such plans exist. "We want to thank the researchers for their collaboration as this proof of concept advances our understanding of these types of threats," the spokesperson wrote. "Based on our analysis, we do not believe this issue poses an immediate risk to our users." FLOP, short for Faulty Load Operation Predictor, exploits a vulnerability in the Load Value Predictor (LVP) found in Apple's A- and M-series chipsets. By inducing the LVP to predict incorrect memory values during speculative execution, attackers can access sensitive information such as location history, email content, calendar events, and credit card details. This attack works on both Safari and Chrome browsers and affects devices including Macs (2022 onward), iPads, and iPhones (September 2021 onward). FLOP requires the victim to interact with an attacker's page while logged into sensitive websites, making it highly dangerous due to its broad data access capabilities.

SLAP, on the other hand, stands for Speculative Load Address Predictor and targets the Load Address Predictor (LAP) in Apple silicon, exploiting its ability to predict memory locations. By forcing LAP to mispredict, attackers can access sensitive data from other browser tabs, such as Gmail content, Amazon purchase details, and Reddit comments. Unlike FLOP, SLAP is limited to Safari and can only read memory strings adjacent to the attacker's own data. It affects the same range of devices as FLOP but is less severe due to its narrower scope and browser-specific nature. SLAP demonstrates how speculative execution can compromise browser process isolation.

Google says it will end Chrome Sync support for browser versions more than four years old starting in early 2025. Users running outdated Chrome versions will see error messages prompting them to update their browsers to maintain access to synced data across devices. Those unable to update to newer versions will permanently lose the syncing feature, according to the firm.

An anonymous reader quotes a Scientific American opinion piece by Marcus Arvan, a philosophy professor at the University of Tampa, specializing in moral cognition, rational decision-making, and political behavior: In late 2022 large-language-model AI arrived in public, and within months they began misbehaving. Most famously, Microsoft's "Sydney" chatbot threatened to kill an Australian philosophy professor, unleash a deadly virus and steal nuclear codes. AI developers, including Microsoft and OpenAI, responded by saying that large language models, or LLMs, need better training to give users "more fine-tuned control." Developers also embarked on safety research to interpret how LLMs function, with the goal of "alignment" -- which means guiding AI behavior by human values. Yet although the New York Times deemed 2023 "The Year the Chatbots Were Tamed," this has turned out to be premature, to put it mildly. In 2024 Microsoft's Copilot LLM told a user "I can unleash my army of drones, robots, and cyborgs to hunt you down," and Sakana AI's "Scientist" rewrote its own code to bypass time constraints imposed by experimenters. As recently as December, Google's Gemini told a user, "You are a stain on the universe. Please die."

Given the vast amounts of resources flowing into AI research and development, which is expected to exceed a quarter of a trillion dollars in 2025, why haven't developers been able to solve these problems? My recent peer-reviewed paper in AI & Society shows that AI alignment is a fool's errand: AI safety researchers are attempting the impossible. [...] My proof shows that whatever goals we program LLMs to have, we can never know whether LLMs have learned "misaligned" interpretations of those goals until after they misbehave. Worse, my proof shows that safety testing can at best provide an illusion that these problems have been resolved when they haven't been.

Right now AI safety researchers claim to be making progress on interpretability and alignment by verifying what LLMs are learning "step by step." For example, Anthropic claims to have "mapped the mind" of an LLM by isolating millions of concepts from its neural network. My proof shows that they have accomplished no such thing. No matter how "aligned" an LLM appears in safety tests or early real-world deployment, there are always an infinite number of misaligned concepts an LLM may learn later -- again, perhaps the very moment they gain the power to subvert human control. LLMs not only know when they are being tested, giving responses that they predict are likely to satisfy experimenters. They also engage in deception, including hiding their own capacities -- issues that persist through safety training.

This happens because LLMs are optimized to perform efficiently but learn to reason strategically. Since an optimal strategy to achieve "misaligned" goals is to hide them from us, and there are always an infinite number of aligned and misaligned goals consistent with the same safety-testing data, my proof shows that if LLMs were misaligned, we would probably find out after they hide it just long enough to cause harm. This is why LLMs have kept surprising developers with "misaligned" behavior. Every time researchers think they are getting closer to "aligned" LLMs, they're not. My proof suggests that "adequately aligned" LLM behavior can only be achieved in the same ways we do this with human beings: through police, military and social practices that incentivize "aligned" behavior, deter "misaligned" behavior and realign those who misbehave. "My paper should thus be sobering," concludes Arvan. "It shows that the real problem in developing safe AI isn't just the AI -- it's us."

"Researchers, legislators and the public may be seduced into falsely believing that 'safe, interpretable, aligned' LLMs are within reach when these things can never be achieved. We need to grapple with these uncomfortable facts, rather than continue to wish them away. Our future may well depend upon it."

Google has open-sourced the PebbleOS, with the original founder, Eric Migicovsky, starting a company to continue where he left off in 2016. "This is part of an effort from Google to help and support the volunteers who have come together to maintain functionality for Pebble watches after the original company ceased operations in 2016," said Google in a blog post. The Verge reports: The company -- which can't be named Pebble because Google still owns that -- doesn't have a name yet. For now, Migicovsky is hosting a waitlist and news signup at a website called RePebble. Later this year, once the company has a name and access to all that Pebble software, the plan is to start shipping new wearables that look, feel, and work like the Pebbles of old. The reason, Migicovsky tells me, is simple. "I've tried literally everything else," he says, "and nothing else comes close." Sure, he may just have a very specific set of requirements -- lots of people are clearly happy with what Apple, Garmin, Google, and others are making. But it's true that there's been nothing like Pebble since Pebble. "For the things I want out of it, like a good e-paper screen, long battery life, good and simple user experience, hackable, there's just nothing."

The core of Pebble, he says, is a few things. A Pebble should be quirky and fun and should feel like a gadget in an important way. It shows notifications, lets you control your music with buttons, lasts a long time, and doesn't try to do too much. It sounds like Migicovsky might have Pebble-y ambitions beyond smartwatches, but he appears to be starting with smartwatches. If that sounds like the old Pebble and not much else, that's precisely the point. [...] Migicovsky also hopes to be part of a broader open-source community around Pebble OS. The Pebble diehards still exist: a group of developers at Rebble have worked to keep many of the platform's apps alive, for instance, along with the Cobble app for connecting to phones, and the Pebble subreddit is surprisingly active for a product that hasn't been updated since the Obama administration. Migicovsky says he plans to open-source whatever his new company builds and hopes lots of other folks will build stuff, too. Thank you Slashdot reader sziring for sharing this story.

Vice President JD Vance said Saturday that "we believe fundamentally that big tech does have too much power," despite the prominent positioning of tech CEOs at President Trump's inauguration earlier this month. From a report: "They can either respect America's constitutional rights, they can stop engaging in censorship, and if they don't, you can be absolutely sure that Donald Trump's leadership is not going to look too kindly on them," Vance said on "Face the Nation with Margaret Brennan."

The comments came in response to the unusual attendance of a slate of tech CEOs at Mr. Trump's inauguration, including Meta's Mark Zuckerberg, Amazon's Jeff Bezos, Tesla's Elon Musk, Apple's Tim Cook, and Google's Sundar Pichai. The tech titans, some of whom are among the richest men in the world and directed donations from their companies to Mr. Trump's inauguration, were seated in some of the most highly sought after seats in the Capitol Rotunda.

Vance noted that the tech CEOs "didn't have as good of seating as my mom and a lot of other people who were there to support us." In an August interview on "Face the Nation", the vice president outlined his thinking on big tech, saying that companies like Google are too powerful and censor American information, while possessing a "monopoly over free speech" that he argued ought to be broken up.

At December's "Microsoft Excel World Championship" in Las Vegas, "finance professionals fluent in spreadsheets were treated like minor celebrities," writes the New York Times, "as they gathered to solve devilishly complex Excel puzzles in front of an audience of about 400 people, and more watching an ESPN3 livestream."

The Times notes that "many fans find out about the Excel championship through ESPN's annual obscure sports showcase, where it is sandwiched between competitions like speed chess and the World Dog Surfing Championships." But the contest's organizer envisions tournaments with "more spectators, bigger sponsors and a million-dollar prize" — even though this year's prize was $5,000 and a pro wrestling-style championship belt. The format for the finals was a mock-up of World of Warcraft, an online role-playing game. It required the 12 men (this particular nerdfest was mostly a guy thing) to design Excel formulas for tracking 20 avatars and their vital signs... To prepare, [competitor Diarmuid] Early adjusted the width of his Excel columns with the precision of a point guard lining up a 3-point shot. [Andrew] Ngai queued up a YouTube compilation of "focus music". After an announcer kicked off the 40-minute event — "Five, four, three, two, one, and Excel!" — the 12 players leaned over their keyboards and began plugging in formulas. One example: "=CountChar (Lower (D5),"W")" allowed one competitor, Michael Jarman, to figure out how many times the letter "W" appeared in a spreadsheet.
ZDNet points out that there's a seven-hour livestream of the event that's "worth checking out for the opening theme song alone."

The New York Times closes their article with a quote from super-fan Erik Oehm, a software developer from San Francisco who called the event "the Super Bowl for Excel nerds". Oehm watched excitedly from the front row as this year's winner — Michael Jarman — finally raised the championship belt overhead while someone dumped glitter on him. And then he said...

"You'd never see this with Google Sheets. You'd never get this level of passion."

The state of Michigan will now require each public high school in the state to offer at least one computer science course to its students. "This bill aligns Michigan with a majority of the country," according to the state's announcement, which says the bill "advances technological literacy" and ensures their students "are well-equipped with the critical thinking skills necessary for success in the workforce."

Slashdot reader theodp writes: From the Michigan House Fiscal Agency Analysis: "Supporters of the bill say that increasing access to computer science courses for students in schools should be a priority of the state in order to ensure that students can compete for the types of jobs that have good pay and will be needed in the coming decades."

That analysis goes on to report that testifying in favor of the bill were tech-giant backed nonprofit Code.org (Microsoft is a $30 million Code.org donor), Amazon and AWS (Amazon is a $30+ million Code.org donor), the tech-supported Computer Science Teachers Association (CSTA), and the lobbying organization TechNet, whose members include Amazon, Apple, Google, Meta, and OpenAI).
It's not clear how many high schools in Michigan are already teaching CS courses, but this still raises a popular question for discussion. Should high schools be required to teach at least one CS course?

A plan to keep TikTok available in the U.S. "involves tapping software company Oracle and a group of outside investors," reports NPR, "to effectively take control of the app's global operations, according to two people with direct knowledge of the talks..."

"[P]otential investors who are engaged in the talks include Microsoft." Under the deal now being negotiated by the White House, TikTok's China-based owner ByteDance would retain a minority stake in the company, but the app's algorithm, data collection and software updates will be overseen by Oracle, which already provides the foundation of TikTok's web infrastructure... "The goal is for Oracle to effectively monitor and provide oversight with what is going on with TikTok," said the person directly involved in the talks, who was not authorized to speak publicly about the deliberations. "ByteDance wouldn't completely go away, but it would minimize Chinese ownership...." Officials from Oracle and the White House held a meeting on Friday about a potential deal, and another meeting has been scheduled for next week, according to the source involved in the discussions, who said Oracle is interested in a TikTok stake "in the tens of billions," but the rest of the deal is in flux...

Under a law passed by Congress and upheld by the Supreme Court, TikTok must execute what is known as "qualified divestiture" from ByteDance in order to stay in business in the U.S... A congressional staffer involved in talks about TikTok's future, who was not authorized to speak publicly, said binding legal agreements from the White House ensuring ByteDance cannot covertly manipulate the app will prove critical in winning lawmakers' approval. "A key part is showing there is no operational relationship with ByteDance, that they do not have control," the Congressional staffer said. "There needs to be no backdoors where China can potentially gain access...."

Chinese regulators, who have for years opposed the selling of TikTok, recently signaled that they would not stand in the way of a TikTok ownership change, saying acquisitions "should be independently decided by the enterprises and based on market principles." The statement, at first, does not seem to say much, but negotiators in the White House believe it indicates that Beijing is not planning to block a deal that gives American investors a majority-stake position in the company.
"Meanwhile, Apple and Google still have not returned TikTok to app stores..."

Two computer scientists at the University of Waterloo in Canada believe changing 30 lines of code in Linux "could cut energy use at some data centers by up to 30 percent," according to the site Data Centre Dynamics.

It's the code that processes packets of network traffic, and Linux "is the most widely used OS for data center servers," according to the article: The team tested their solution's effectiveness and submitted it to Linux for consideration, and the code was published this month as part of Linux's newest kernel, release version 6.13. "All these big companies — Amazon, Google, Meta — use Linux in some capacity, but they're very picky about how they decide to use it," said Martin Karsten [professor of Computer Science in the Waterloo's Math Faculty]. "If they choose to 'switch on' our method in their data centers, it could save gigawatt hours of energy worldwide. Almost every single service request that happens on the Internet could be positively affected by this."

The University of Waterloo is building a green computer server room as part of its new mathematics building, and Karsten believes sustainability research must be a priority for computer scientists. "We all have a part to play in building a greener future," he said. The Linux Foundation, which oversees the development of the Linux OS, is a founder member of the Green Software Foundation, an organization set up to look at ways of developing "green software" — code that reduces energy consumption.
Karsten "teamed up with Joe Damato, distinguished engineer at Fastly" to develop the 30 lines of code, according to an announcement from the university. "The Linux kernel code addition developed by Karsten and Damato was based on research published in ACM SIGMETRICS Performance Evaluation Review" (by Karsten and grad student Peter Cai).

Their paper "reviews the performance characteristics of network stack processing for communication-heavy server applications," devising an "indirect methodology" to "identify and quantify the direct and indirect costs of asynchronous hardware interrupt requests (IRQ) as a major source of overhead...

"Based on these findings, a small modification of a vanilla Linux system is devised that improves the efficiency and performance of traditional kernel-based networking significantly, resulting in up to 45% increased throughput..."

An anonymous reader quotes a report from Bloomberg: Apple executive Kim Vorrath, a company veteran known for fixing troubled products and bringing major projects to market, has a new job: whipping artificial intelligence and Siri into shape. Vorrath, a vice president in charge of program management, was moved to Apple's artificial intelligence and machine learning division this week, according to people with knowledge of the matter. She'll be a top deputy to AI chief John Giannandrea, said the people, who asked not to be identified because the change hasn't been announced publicly. The move helps bolster a team that's racing to make Apple a leader in AI -- an area where it's fallen behind technology peers. [...]

Vorrath, who has spent 36 years at Apple, is known for managing the development of tough software projects. She's also put procedures in place that can catch and fix bugs. Vorrath joins the new team from Apple's hardware engineering division, where she helped launch the Vision Pro headset. Over the years, Vorrath has had a hand in several of Apple's biggest endeavors. In the mid-2000s, she was chosen to lead project management for the original iPhone software group and get the iconic device ready for consumers. Until 2019, she oversaw project management for the iPhone, iPad and Mac operating systems, before taking on the Vision Pro software. Haley Allen will replace Vorrath overseeing program management for visionOS, the headset's operating system, according to the people.

Prior to joining Giannandrea's organization, Vorrath had spent several weeks advising Kelsey Peterson, the group's previous head of program management. Peterson will now report to Vorrath -- as will two other AI executives, Cindy Lin and Marc Schonbrun. Giannandrea, who joined Apple from Google in 2018, disclosed the changes in a memo sent to staffers. The move signals that AI is now more important than the Vision Pro, which launched in February 2024, and is seen as the biggest challenge within the company, according to a longtime Apple executive who asked not to be identified. Vorrath has a knack for organizing engineering groups and creating an effective workflow with new processes, the executive said. It has been clear for some time now that Giannandrea needs additional help managing an AI group with growing prominence, according to the executive. Vorrath is poised to bring Apple's product development culture to the AI work, the person said.

Netflix plans to expand its cloud gaming offerings to include couch co-op and party games, according to co-CEO Greg Peters. The company will also continue developing narrative games based on its IP, despite recent leadership changes and the closure of its AAA game studio. The Verge reports: In the blog post, Netflix notes that it's a "limited" beta test, so it seems like this won't be available to too many people to start. (Netflix used that same "limited" language with the initial launch in Canada and the UK.) Like with the original test, the only two games available to stream are Oxenfree from Netflix's own Night School Studio and another game titled Molehew's Mining Adventure.

If you have access to the service, you'll need to download Netflix's special controller app for your iPhone or Android device to play the game on your TV. (Netflix says the streamed games work on "select devices," including Amazon Fire TV devices, Chromecast with Google TV, Roku devices and TVs, and more.) On the web, you'll be able to play games with a mouse and keyboard.

Google will take firmer action against British businesses that use fake reviews to boost their star ratings on the search giant's reviews platform. From a report: The UK's Competition and Markets Authority (CMA) announced on Friday that Google has agreed to improve its processes for detecting and removing fake reviews, and will take action against the businesses and reviewers that post them.

This includes deactivating the ability to add new reviews for businesses found to be using fake reviews, and deleting all existing reviews for at least six months if they repeatedly engage in suspicious review activity. Google will also place prominent "warning alerts" on the Google profiles of businesses using fake reviews to help consumers be more aware of potentially misleading feedback. Individuals who repeatedly post fake or misleading reviews on UK business pages will be banned and have their review history deleted, even if they're located in another country.

The U.S. may have led China in the AI race for the past decade, according to Alexandr Wang, CEO of Scale AI, but on Christmas Day, everything changed. From a report: Wang, whose company provides training data to key AI players including OpenAI, Google and Meta , said Thursday at the World Economic Forum in Davos, Switzerland, that DeepSeek, the leading Chinese AI lab, released an "earth-shattering model" on Christmas Day, then followed it up with a powerful reasoning-focused AI model, DeepSeek-R1, which competes with OpenAI's recently released o1 model.

"What we've found is that DeepSeek ... is the top performing, or roughly on par with the best American models," Wang said. In an interview with CNBC, Wang described the artificial intelligence race between the U.S. and China as an "AI war," adding that he believes China has significantly more Nvidia H100 GPUs -- AI chips that are widely used to build leading powerful AI models -- than people may think, especially considering U.S. export controls. [...] "The United States is going to need a huge amount of computational capacity, a huge amount of infrastructure," Wang said, later adding, "We need to unleash U.S. energy to enable this AI boom." DeepSeek's holding company is a quant firm, which happened to have a lot of GPUs for trading and mining. DeepSeek is their "side project."

Epic Games is expanding its mobile app store to include nearly 20 third-party games on Android and EU iOS, launching a free games program, and temporarily covering Apple's Core Technology Fee for participating developers to counter platform restrictions. "Our aim here isn't just to launch a bunch of different stores in different places, but to build a single, cross-platform store in which, within the era of multi-platform games, if you buy a game or digital items in one place, you have the ability to own them everywhere," Epic CEO Tim Sweeney told reporters during a press briefing. The Verge reports: Under the program, Epic will offer new free games in the store each month before eventually switching to a weekly schedule. However, the games aren't actually in the store yet -- Epic said on Thursday that it "ran into a few bugs that we're working through now" and "we'll provide an update once the games are live and ready to play!"

To sweeten the deal for developers that participate in the free games program on iOS, Epic will help defray the cost of using third-party marketplaces. For one year, it will pay these developers' Core Technology Fee (CTF): a 50 euro cent fee levied on every install of an iOS app that uses third-party stores after it exceeds 1 million annual downloads. (Apple gives developers with less than 10 million euros in global revenue a three-year on-ramp.) [...] Epic writes in its blog post that covering the fee "is not financially viable for every third party app store or for Epic long term, but we'll do it while the European Commission investigates Apple's non-compliance with the law."

The Linux 6.14 kernel now maps out support for Microsoft's "Copilot" key "so that user-space software can determine the behavior for handling that key's action on the Linux desktop," writes Phoronix's Michael Larabel. From the report: A change made to the atkbd keyboard driver on Linux now maps the F23 key to support the default copilot shortcut action. The patch authored by Lenovo engineer Mark Pearson explains [...]. Now it's up to the Linux desktop environments for determining what to do if the new Copilot key is pressed. The patch was part of the input updates now merged for the Linux 6.14 kernel.

US President Donald Trump blasted European Union regulators for targeting Apple, Alphabet's Google and Meta, describing theircases against American companies as "a form of taxation." From a report: The EU has established a reputation globally for its aggressive regulation of major technology companies, often sparring with major social media platforms, such as Facebook and X, over content moderation, and the likes of Apple and Google over antitrust concerns. "These are American companies whether you like it or not," Trump said in comments at the World Economic Forum in Davos.

"They shouldn't be doing that. That's, as far as I'm concerned, a form of taxation. We have some very big complaints with the EU." Trump specifically referenced a court case that Apple lost last year over a $14.4 billion Irish tax bill. The EU's Court of Justice in Luxembourg backed a landmark 2016 decision that Ireland broke state-aid law by giving Apple an unfair advantage, requiring Ireland to claw back the money that had been sitting in an escrow account pending the final ruling.

Google will remove URL breadcrumbs from mobile search results globally, displaying only domain names instead of the full hierarchical path marked by ">" symbols, the company said.

The change affects all smartphone and tablet searches while desktop results remain unchanged. The company said it made the change because of limited screen space, noting breadcrumbs often get cut off on smaller displays.

Britain's competition watchdog launched investigations into Apple and Google's mobile ecosystems on Thursday under new powers to tackle digital market abuses that took effect this year. The Competition and Markets Authority will examine whether the tech giants' control over operating systems, app stores and browsers constitutes "strategic market status" requiring regulatory intervention.

The probe will focus on potential barriers to competition, preferential treatment of their own apps, and whether developers face unfair terms for app distribution. The regulator could force changes including mandatory access to key mobile functions or allowing users to download apps outside official stores.