Software companies are under pressure to invest in new AI capabilities without denting profits. One increasingly popular strategy to keep costs low is to shift hiring outside the US. From a report:Â Salesforce and Workday are simultaneously cutting jobs and highlighting the cost savings from adding workers internationally. "Do we need to hire everybody in San Francisco?" Salesforce Chief Operating Officer Brian Millham said at an event hosted by Barclays in December. "Or can we think about other locations that are cheaper where we can get really incredible labor like India and Mexico City."

US-based employees at Salesforce dropped to 51% from 58% in the four years ending in January 2024. In early 2023, it announced a reduction of roughly 8,000 jobs. Earlier this week, Bloomberg reported that the San Francisco-based software company would cut more than 1,000 positions in large part to make room for new AI-focused hiring. [...] Human resources software maker Workday, based in Pleasanton, California, announced Wednesday that it would eliminate about 1,750 jobs. Last year, Chief Executive Officer Carl Eschenbach emphasized a new focus on expanding margins, saying hiring more in countries like Costa Rica would help in this effort.Â

A survey of 2,130 Americans has revealed widespread vulnerability to cyber attacks through unsupported smart devices, with 43% unaware their devices might lose software support. The security threat was underscored in December 2023 when U.S. authorities disrupted a Chinese state-sponsored botnet targeting home routers and cameras that had stopped receiving security updates. Cloudflare separately reported a record-breaking DDoS attack in late 2023, primarily originating from compromised smart TVs and set-top boxes.

The survey, conduced by Consumer Reports, found that only 39% of consumers learned about lost software support from manufacturers, with most discovering issues when devices stopped working (40%) or through media reports (15%). Most consumers expect their smart devices to retain functionality after losing software support, particularly for large appliances (70%). However, Consumer Reports' research found only 14% of 21 smart appliance brands specify support timeframes, while an FTC study of 184 devices showed just 11% disclose support duration.

The Entertainment Software Association is launching a new gaming event to replace E3, which was permanently canceled in 2023. According to Engadget, the new event is called iicon (short for "interactive innovation conference") and will feature many of the same major gaming companies that once participated in E3. "Sony, Nintendo, Microsoft, Disney, EA, Epic Games, Ubisoft, Square Enix, Take Two Interactive, Amazon Games and Warner Bros. Games are all named as participants." From the report: [T]he announcements on social media promote iicon as being for "visionaries," "changemakers" and "innovators," so our best guess is that this event will swing more toward the corporate side of gaming where people might use that language unironically. If that's the case, this won't really be a replacement for the heyday of E3, when studios big and small would showcase their upcoming projects and drop internet-breaking surprises. Instead, the inaugural event in April 2026 sounds like it will focus more on moving the needle, brand alignments and synergy.

In 2022, writer and activist Cory Doctorow coined the term "enshittification" to describe the gradual deterioration of a service or product. The term's prevalence has increased to the point that it was the National Dictionary of Australia's word of the year last year. The editors at Ars Technica, having "covered a lot of things that have been enshittified," decided to highlight some of the worst examples the've come across. Here's a summary of each thing mentioned in their report: Smart TVs: Evolved into data-collecting billboards, prioritizing advertising and user tracking over user experience and privacy. Features like convenient input buttons are sacrificed for pushing ads and webOS apps. "This is all likely to get worse as TV companies target software, tracking, and ad sales as ways to monetize customers after their TV purchases -- even at the cost of customer convenience and privacy," writes Scharon Harding. "When budget brands like Roku are selling TV sets at a loss, you know something's up."

Google's Voice Assistant (e.g., Nest Hubs): Functionality has degraded over time, with previously working features becoming unreliable. Users report frequent misunderstandings and unresponsiveness. "I'm fine just saying it now: Google Assistant is worse now than it was soon after it started," writes Kevin Purdy. "Even if Google is turning its entire supertanker toward AI now, it's not clear why 'Start my morning routine,' 'Turn on the garage lights,' and 'Set an alarm for 8 pm' had to suffer."

Portable Document Format (PDF): While initially useful for cross-platform document sharing and preserving formatting, PDFs have become bloated and problematic. Copying text, especially from academic journals, is often garbled or impossible. "Apple, which had given the PDF a reprieve, has now killed its main selling point," writes John Timmer. "Because Apple has added OCR to the MacOS image display system, I can get more reliable results by screenshotting the PDF and then copying the text out of that. This is the true mark of its enshittification: I now wish the journals would just give me a giant PNG."

Televised Sports (specifically cycling and Formula 1): Streaming services have consolidated, leading to significantly increased costs for viewers. Previously affordable and comprehensive options have been replaced by expensive bundles across multiple platforms. "Formula 1 racing has largely gone behind paywalls, and viewership is down significantly over the last 15 years," writes Eric Berger. "Major US sports such as professional and college football had largely been exempt, but even that is now changing, with NFL games being shown on Peacock, Amazon Prime, and Netflix. None of this helps viewers. It enshittifies the experience for us in the name of corporate greed."

Google Search: AI overviews often bury relevant search results under lengthy, sometimes inaccurate AI-generated content. This makes finding specific information, especially primary source documents, more difficult. "Google, like many big tech companies, expects AI to revolutionize search and is seemingly intent on ignoring any criticism of that idea," writes Ashley Belanger.

Email AI Tools (e.g., Gemini in Gmail): Intrusive and difficult to disable, these tools offer questionable value due to their potential for factual inaccuracies. Users report being unable to fully opt-out. "Gmail won't take no for an answer," writes Dan Goodin. "It keeps asking me if I want to use Google's Gemini AI tool to summarize emails or draft responses. As the disclaimer at the bottom of the Gemini tool indicates, I can't count on the output being factual, so no, I definitely don't want it."

Windows: While many complaints about Windows 11 originated with Windows 10, the newer version continues the trend of unwanted features, forced updates, and telemetry data collection. Bugs and performance issues also plague the operating system. "... it sure is easy to resent Windows 11 these days, between the well-documented annoyances, the constant drumbeat of AI stuff (some of it gated to pricey new PCs), and a batch of weird bugs that mostly seem to be related to the under-the-hood overhauls in October's Windows 11 24H2 update," writes Andrew Cunningham. "That list includes broken updates for some users, inoperable scanners, and a few unplayable games. With every release, the list of things you need to do to get rid of and turn off the most annoying stuff gets a little longer."

Web Discourse: The rapid spread of memes, trends, and corporate jargon on social media has led to a homogenization of online communication, making it difficult to distinguish original content and creating a sense of constant noise. "[T]he enshittifcation of social media, particularly due to its speed and virality, has led to millions vying for their moment in the sun, and all I see is a constant glare that makes everything look indistinguishable," writes Jacob May. "No wonder some companies think AI is the future."

An anonymous reader quotes a report from the Associated Press: The website of the Chinese artificial intelligence company DeepSeek, whose chatbot became the most downloaded app in the United States, has computer code that could send some user login information to a Chinese state-owned telecommunications company that has been barred from operating in the United States, security researchers say. The web login page of DeepSeek's chatbot contains heavily obfuscated computer script that when deciphered shows connections to computer infrastructure owned by China Mobile, a state-owned telecommunications company. The code appears to be part of the account creation and user login process for DeepSeek.

In its privacy policy, DeepSeek acknowledged storing data on servers inside the People's Republic of China. But its chatbot appears more directly tied to the Chinese state than previously known through the link revealed by researchers to China Mobile. The U.S. has claimed there are close ties between China Mobile and the Chinese military as justification for placing limited sanctions on the company. [...] The code linking DeepSeek to one of China's leading mobile phone providers was first discovered by Feroot Security, a Canadian cybersecurity company, which shared its findings with The Associated Press. The AP took Feroot's findings to a second set of computer experts, who independently confirmed that China Mobile code is present. Neither Feroot nor the other researchers observed data transferred to China Mobile when testing logins in North America, but they could not rule out that data for some users was being transferred to the Chinese telecom.

The analysis only applies to the web version of DeepSeek. They did not analyze the mobile version, which remains one of the most downloaded pieces of software on both the Apple and the Google app stores. The U.S. Federal Communications Commission unanimously denied China Mobile authority to operate in the United States in 2019, citing "substantial" national security concerns about links between the company and the Chinese state. In 2021, the Biden administration also issued sanctions limiting the ability of Americans to invest in China Mobile after the Pentagon linked it to the Chinese military. "It's mindboggling that we are unknowingly allowing China to survey Americans and we're doing nothing about it," said Ivan Tsarynny, CEO of Feroot. "It's hard to believe that something like this was accidental. There are so many unusual things to this. You know that saying 'Where there's smoke, there's fire'? In this instance, there's a lot of smoke," Tsarynny said.

Further reading: Senator Hawley Proposes Jail Time For People Who Download DeepSeek

Software developer and prolific blogger Herman Ounapuu, writing in a blog post: I liked Ubuntu. For a very long time, it was the sensible default option. Around 2016, I used the Ubuntu GNOME flavor, and after they ditched the Unity desktop environment, GNOME became the default option.

I was really happy with it, both for work and personal computing needs. Estonian ID card software was also officially supported on Ubuntu, which made Ubuntu a good choice for family members.

But then something changed. Ounapuu recounts how Ubuntu's bi-annual long-term support releases consistently broke functionality, from minor interface glitches to catastrophic system failures that left computers unresponsive. His breaking point came after multiple problematic upgrades affecting family members' computers, including one that rendered a laptop completely unusable during an upgrade from Ubuntu 20.04 to 22.04. Another incident left a relative's system with broken Firefox shortcuts and duplicate status bar icons after updating Lubuntu 18.04.

Canonical's aggressive push of Snap packages has drawn particular criticism. The forced migration of system components from traditional Debian packages to Snaps resulted in compatibility issues, broken desktop shortcuts, and government ID card authentication failures. In one instance, he writes, a Snap-related bug in the GNOME desktop environment severely disrupted workplace productivity, requiring multiple system restarts to resolve. The author has since switched to Fedora, praising its implementation of Flatpak as a superior alternative to Snaps.

An anonymous reader quotes a report from Ars Technica: In what is becoming a sadly regular occurrence, two popular free software projects, X.org/Freedesktop.org and Alpine Linux, need to rally some of their millions of users so that they can continue operating. Both services have largely depended on free server resources provided by Equinix (formerly Packet.net) and its Metal division for the past few years. Equinix announced recently that it was sunsetting its bare-metal sales and services, or renting out physically distinct single computers rather than virtualized and shared hardware. As reported by the Phoronix blog, both free software organizations have until the end of April to find and fund new hosting, with some fairly demanding bandwidth and development needs.

An issue ticket on Freedesktop.org's GitLab repository provides the story and the nitty-gritty needs of that project. Both the X.org foundation (home of the 40-year-old window system) and Freedesktop.org (a shared base of specifications and technology for free software desktops, including Wayland and many more) used Equinix's donated space. [...] Alpine Linux, a small, security-minded distribution used in many containers and embedded devices, also needs a new home quickly. As detailed in its blog, Alpine Linux uses about 800TB of bandwidth each month and also needs continuous integration runners (or separate job agents), as well as a development box. Alpine states it is seeking co-location space and bare-metal servers near the Netherlands, though it will consider virtual machines if bare metal is not feasible.

An anonymous reader quotes a report from 404 Media: Anthropic, the company that made one of the most popular AI writing assistants in the world, requires job applicants to agree that they won't use an AI assistant to help write their application. "While we encourage people to use AI systems during their role to help them work faster and more effectively, please do not use AI assistants during the application process," the applications say. "We want to understand your personal interest in Anthropic without mediation through an AI system, and we also want to evaluate your non-AI-assisted communication skills. Please indicate 'Yes' if you have read and agree."

Anthropic released Claude, an AI assistant that's especially good at conversational writing, in 2023. This question is in almost all of Anthropic's nearly 150 currently-listed roles, but is not in some technical roles, like mobile product designer. It's included in everything from software engineer roles to finance, communications, and sales jobs at the company. The field was spotted by Simon Willison, an open source developer. The question shows Anthropic trying to get around a problem it's helping create: people relying so heavily on AI assistants that they struggle to form opinions of their own. It's also a moot question, as Anthropic and its competitors have created AI models so indistinguishable from human speech as to be nearly undetectable.

Android and Google Play have billions of users, Google wrote in its security blog this week. "However, like any flourishing ecosystem, it also attracts its share of bad actors... That's why every year, we continue to invest in more ways to protect our community." Google's tactics include industry-wide alliances, stronger privacy policies, and "AI-powered threat detection."

"As a result, we prevented 2.36 million policy-violating apps from being published on Google Play and banned more than 158,000 bad developer accounts that attempted to publish harmful apps. " To keep out bad actors, we have always used a combination of human security experts and the latest threat-detection technology. In 2024, we used Google's advanced AI to improve our systems' ability to proactively identify malware, enabling us to detect and block bad apps more effectively. It also helps us streamline review processes for developers with a proven track record of policy compliance. Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play. That's enabled us to stop more bad apps than ever from reaching users through the Play Store, protecting users from harmful or malicious apps before they can cause any damage.
Starting in 2024 Google also "required apps to be more transparent about how they handle user information by launching new developer requirements and a new 'Data deletion' option for apps that support user accounts and data collection.... We're also constantly working to improve the safety of apps on Play at scale, such as with the Google Play SDK Index. This tool offers insights and data to help developers make more informed decisions about the safety of an SDK."

And once an app is installed, "Google Play Protect, Android's built-in security protection, helps to shield their Android device by continuously scanning for malicious app behavior." Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source. This built-in protection, enabled by default, provides crucial security against malware and unwanted software. Google Play Protect scans more than 200 billion apps daily and performs real-time scanning at the code-level on novel apps to combat emerging and hidden threats, like polymorphic malware. In 2024, Google Play Protect's real-time scanning identified more than 13 million new malicious apps from outside Google Play [based on Google Play Protect 2024 internal data]...

According to our research, more than 95 percent of app installations from major malware families that exploit sensitive permissions highly correlated to financial fraud came from Internet-sideloading sources like web browsers, messaging apps, or file managers. To help users stay protected when browsing the web, Chrome will now display a reminder notification to re-enable Google Play Protect if it has been turned off... Scammers may manipulate users into disabling Play Protect during calls to download malicious Internet-sideloaded apps. To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls...

Google Play Protect's enhanced fraud protection pilot analyzes and automatically blocks the installation of apps that may use sensitive permissions frequently abused for financial fraud when the user attempts to install the app from an Internet-sideloading source (web browsers, messaging apps, or file managers). Building on the success of our initial pilot in partnership with the Cyber Security Agency of Singapore (CSA), additional enhanced fraud protection pilots are now active in nine regions — Brazil, Hong Kong, India, Kenya, Nigeria, Philippines, South Africa, Thailand, and Vietnam.

In 2024, Google Play Protect's enhanced fraud protection pilots have shielded 10 million devices from over 36 million risky installation attempts, encompassing over 200,000 unique apps.

"Stakeholders must be included" throughout an agile project "to ensure the evolving deliverables meet their expectations," according to an article this week in Communications of the ACM.

But long-time Slashdot reader theodp complains it's a "gushing how-to-make-Agile-even-better opinion piece." Like other pieces by Agile advocates, it's long on accolades for Agile, but short on hard evidence justifying why exactly Agile project management "has emerged as a critical component for firms looking to improve project delivery speed and flexibility" and the use of Agile approaches is being expanded across other departments beyond software development. Indeed, among the three examples of success offered in the piece to "highlight the effectiveness of agile methods in navigating complex stakeholder dynamics and achieving project success" is Atlassian's use of agile practices to market and develop its products, many of which are coincidentally designed to support Agile practices and teams (including Jira). How meta.

Citing "recent studies," the piece concludes its call for stakeholder engagement by noting that "59% of organizations measure Agile success by customer or user satisfaction." But that is one of those metrics that can create perverse incentives. Empirical studies of user satisfaction and engagement have been published since the 1970's, and sadly one of the cruel lessons learned from them is that the easiest path to having satisfied users is to avoid working on difficult problems. Keep that in mind when you ponder why difficult user stories seem to languish forever in the Kanban and Scrum Board "Ice Box" column, while the "Complete" column is filled with low-hanging fruit. Sometimes success does come easy!

So, are you in the Agile-is-Heaven or Agile-is-Hell camp?

Tom's Hardware reports: Facebook's heavy-handed censorship of Linux groups and topics was "in error," the social media juggernaut has admitted. Responding to reports earlier this week, sparked by the curious censorship of the eminently wholesome DistroWatch, Facebook contacted PCMag to say that it had made a mistake and that the underlying issue had been rectified.

"This enforcement was in error and has since been addressed. Discussions of Linux are allowed on our services," said a Meta rep to PCMag. That is the full extent of the statement reproduced by the source... Copenhagen-hosted DistroWatch says it has appealed against the Community Standards-triggered ban shortly after it noticed it was in effect (January 19). PCMag received the Facebook admission of error on January 28. The latest statement from DistroWatch, which now prefers posting on Mastodon, indicates that Facebook has lifted the DistroWatch links ban.
More details from PCMag: Meta didn't say what caused the crackdown in the first place. But the company has been revamping some of its content moderation and plans to replace its fact-checking methodology with a user-driven Community Notes, similar to X. "We're also going to change how we enforce our policies to reduce the kind of mistakes that account for the vast majority of the censorship on our platforms," the company said earlier this month, in another irony.

"Up until now, we have been using automated systems to scan for all policy violations, but this has resulted in too many mistakes and too much content being censored that shouldn't have been," Meta added in the same post.

"iPhone devices are now eligible to test SpaceX-owned Starlink's direct-to-cell capability," Reuters reported this week, citing an announcement from T-Mobile: T-Mobile and Elon Musk's SpaceX are currently testing the Starlink cell network on a trial basis after receiving approval from the Federal Communications Commission in November last year. The trial offers 'text via satellite', while voice and data features will be added in the future, according to the T-Mobile website. T-Mobile initially only listed a few Android smartphones as eligible devices to test the network, but has now added iPhone devices with the latest iOS 18.3 software update.
The next day stock prices fell for several direct-to-smartphone satellite companies, reports SpaceNews: Shares in Globalstar, which enables connectivity beyond the reach of cellular towers on the latest iPhones via a far-reaching partnership with Apple, closed down nearly 18% the following day. Constellation developer AST SpaceMobile slipped 12%. Canada's MDA, which is building at least 17 satellites for Globalstar after Apple agreed to cover most of the costs to replenish the constellation, also saw its shares fall more than 9%...

"Combined, today's price action in Globalstar and satellite manufacturer MDA suggest a real investor fear that SpaceX could disintermediate the Apple-Globalstar partnership," said Adam Rhodes, a senior telecoms analyst at Octus. "However, it appears to us that there is room for both services. Based on the information we have seen, we do not anticipate that Apple views the T-Mobile-Starlink service as a replacement for the Globalstar MSS network, but rather it is choosing to enable the added feature on its T-Mobile phones...." B. Riley analyst Mike Crawford noted that Apple's two binding contracts with Globalstar extend well into the next decade, ensuring both capital expenditure (capex) and recurring service revenues.
Thanks to Slashdot reader jjslash for sharing the news.

In 2023, Microsoft began including a free VPN feature in its "Microsoft Defender" security app for all Microsoft 365 subscribers ("Personal" and "Family"). Originally Microsoft had "called it a privacy protection feature," writes the blog Windows Central, "designed to let you access sensitive data on the web via a VPN tunnel." But.... Unfortunately, Microsoft has now announced that it's killing the feature later this month, only a couple of years after it first debuted...

To add insult to injury, this announcement comes just days after Microsoft increased subscription prices across the board. Both Personal and Family subscriptions went up by three dollars a month, which the company says is the first price hike Microsoft 365 has seen in over a decade. The increased price does now include Microsoft 365 Copilot, which adds AI features to Word, PowerPoint, Excel, and others.

However, it also comes with the removal of the free VPN in Microsoft Defender, which I've found to be much more useful so far.

On January 24th Brooklyn blogger Jeffrey Emanuel made the case for shorting NVIDIA, remembers MarketWatch, "due to a number of shifting tides in the AI world, including the emergence of a China-based company called DeepSeek."

He published his 12,000-word post "on his personal blog and then shared it with the Value Investors Club website and across Reddit, X and other platforms." The next day he saw 35 people read his post. "But then the post started to go viral..." Well-known venture capitalist Chamath Palihapitiya shared Emanuel's post on Nvidia's short case with his 1.8 million X followers. Successful early stage investor Naval Ravikant shared the post with his 2.6 million followers... Morgan Brown, a vice president of product and growth at Dropbox, pointed to it in a thread that was viewed over 13 million times. Emanuel's own X post got nearly half a million views. He also quickly gained about 13,000 followers on the platform, going from about 2,000 to more than 15,000 followers...

[Emanuel] pointed to the fact that so many people in San Jose were reading his blog post. He theorized that many of them were Nvidia employees with thousands — or even millions — of dollars worth of Nvidia stock tied up in employee stock options. With that much money in a single asset, Emanuel speculated that many were already debating whether to hold the stock or sell it to lock in profits. He believes his blog post helped convince some of them to sell. "A lot of the sell pressure you saw on Monday morning wasn't necessarily what you might think. I believe a fair amount of that was from shares that had never been active because they had been sitting in workplace.schwab.com accounts..."
Emanuel stresses he's "the most bullish on AI," with MarketWatch emphasizing that "while the points Emanuel laid out in his blog post might be bearish for Nvidia, he still thinks they paint a positive future for AI." Nevertheless, Monday NVIDIA's market capitalization dropped $600 billion, which MarketWatch calls "the largest single-day market-cap drop to date for any company." What countless Wall Street firms and investment analysts had seemingly missed was being pointed out by some guy in his apartment.... Matt Levine, the prominent Bloomberg News financial columnist, noted the online chatter that claimed Emanuel's post "was an important catalyst" for the stock-market selloff and said it was a "candidate for the most impactful short research report ever." Emanuel spent the rest of the week booked solid as hedge funds paid him $1,000 per hour to speak on the phone and give his take on Nvidia and AI...

Emanuel wrote that the industry may be running low on quality data to train that AI — that is, a potential "data wall" is looming that could slow down AI scaling and reduce some of that need for training resources... Some of these companies, like Alphabet, have also been investing in building out their own semiconductor chips. For a while, Nvidia's hardware has been the best for training AI, but that might not be the case forever as more companies, such as Cerebras, build better hardware. And other GPU makers like AMD are updating their drivers software to be more competitive with Nvidia... Add all these things together — unsustainable spending and data-center building, less training data to work with, better competing hardware and more efficient AI — and you get a future where it's harder to imagine Nvidia's customers spending as much as they currently are on Nvidia hardware... "If you know that a company will only earn supersized returns for a couple years, you don't apply a multiple. You certainly don't put a 30-times multiple," Emanuel told MarketWatch.
The article notes that DeepSeek "is open-source and has been publishing technical papers out in the open for the past few months... The $5.6 million training-cost statistic that many investors cited for sparking the DeepSeek market panic was actually revealed in the V3 technical paper published on Dec. 26."

Thursday America's FDA "raised concerns about cybersecurity vulnerabilities" in patient monitors from China-based medical device company Contec "that could allow unauthorized individuals to access and potentially manipulate those devices," reports Reuters. The patient monitors could be remotely controlled by unauthorized users or may not function as intended, and the network to which these devices are connected could be compromised, the agency warned. The FDA also said that once these devices are connected to the internet, they can collect patient data, including personally identifiable information and protected health information, and can export this data out of the healthcare delivery environment.

The agency, however, added that it is currently unaware of any cybersecurity incidents, injuries, or deaths related to these identified cybersecurity vulnerabilities.
The FDA's announcement says "The software on the patient monitors includes a backdoor, which may mean that the device or the network to which the device has been connected may have been or could be compromised." And it offers this advice to caregivers and patients: If your health care provider confirms that your device relies on remote monitoring features, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.

If your device does not rely on remote monitoring features, use only the local monitoring features of the patient monitor. This means unplugging the device's ethernet cable and disabling wireless (that is, WiFi or cellular) capabilities, so that patient vital signs are only observed by a caregiver or health care provider in the physical presence of a patient. If you cannot disable the wireless capabilities, unplug the device and stop using it. Talk to your health care provider about finding an alternative patient monitor.
A detailed report from CISA describes how a research team "created a simulated network, created a fake patient profile, and connected a blood pressure cuff, SpO2 monitor, and ECG monitor peripherals to the patient monitor. Upon startup, the patient monitor successfully connected to the simulated IP address and immediately began streaming patient data..." to an IP address that hard-coded into the backdoor function. "Sensor data from the patient monitor is also transmitted to the IP address in the same manner. If the routine to connect to the hard-coded IP address and begin transmitting patient data is called, it will automatically initialize the eth0 interface in the same manner as the backdoor. This means that even if networking is not enabled on startup, running this routine will enable networking and thereby enable this functionality

An anonymous reader shared this report from Reuters: New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the Chinese artificial intelligence startup DeepSeek inadvertently exposed to the open internet. In a blog post published Wednesday, Wiz said that scans of DeepSeek's infrastructure showed that the company had accidentally left more than a million lines of data available unsecured.

Those included digital software keys and chat logs that appeared to capture prompts being sent from users to the company's free AI assistant.
Wiz's chief technology officer tells Reuters that DeepSeek "took it down in less than an hour" after Wiz alerted them.

"But this was so simple to find we believe we're not the only ones who found it."

Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon, an Israeli maker of hacking software, the company alleged today. From a report: The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had "high confidence" that the users in question had been targeted and "possibly compromised."

The company declined to disclose where the journalists and members of civil society were based, including whether they were based in the US. The company said it had sent Paragon a "cease and desist" letter and that it was exploring its legal options. WhatsApp said the alleged attacks had been disrupted in December and that it was not clear how long the targets may have been under threat.

The Register's Dan Robinson reports: Google promised a decade of updates for its Chromebooks in 2023 to stop them being binned so soon after purchase, but many are still set to reach the end of the road sooner than later. The appliance-like laptop devices were introduced by megacorp in 2011, running its Linux-based ChromeOS platform. They have been produced by a number of hardware vendors and proven popular with buyers such as students, thanks to their relatively low pricing. The initial devices were designed for a three-year lifespan, or at least this was the length of time Google was prepared to issue automatic updates to add new features and security fixes for the onboard software.

Google has extended this Auto Update Expiration (AUE) date over the years, prompted by irate users who purchased a Chromebook only to find that it had just a year or two of software updates left if that particular model had been on the market for a while. The latest extension came in September 2023, when the company promised ten years of automatic updates, following pressure from the US-based Public Interest Research Group (PIRG). The advocacy organization had recommended this move in its Chromebook Churn report, which criticized the devices as not being designed to last.

PIRG celebrated its success at the time, claiming that Google's decision to extend support would "save millions of dollars and prevent tons of e-waste from being disposed of." But Google's move actually meant that only Chromebooks released from 2021 onward would automatically get ten years of updates, starting in 2024. For a subset of older devices, an administrator (or someone with admin privileges) can opt in to enable extended updates and receive the full ten years of support, a spokesperson for the company told us. This, according to PIRG, still leaves many models set to reach end of life this year, or over the next several years. "According to my research, at least 15 Chromebook models have already expired across most of the top manufacturers (Google, Acer, Dell, HP, Samsung, Asus, and Lenovo). Models released before 2021 don't have the guaranteed ten years of updates, so more devices will continue to expire each year," Stephanie Markowitz, a Designed to Last Campaign Associate at PIRG, told The Register.

"In general, end-of-support dates for consumer tech like laptops act as 'slow death' dates," according to Markowitz. "The devices won't necessarily lose function immediately, but without security updates and bug patches, the device will eventually become incompatible with the most up-to-date software, and the device itself will no longer be secure against malware and other issues."

A full ist of end-of-life dates for Chromebook models can be viewed here.

Google is offering U.S. employees in its Platforms & Devices division a voluntary exit program with severance packages, following last year's merger of its Pixel hardware and Android software teams.

The program affects staff working on Android, Chrome, Google Photos, Pixel, Fitbit, and Nest products, according to a memo from Senior Vice President Rick Osterloh. The move comes after the hardware division cut hundreds of roles last January when it reorganized into a functional model. Google said the program aims to retain employees committed to the combined organization's mission, though it does not coincide with any product changes.

Nearly 90% of Oracle Java customers are looking to abandon the software maker's products following controversial licensing changes made in 2023, according to research firm Dimensional Research.

The exodus reflects growing frustration with Oracle's shift to per-employee pricing for its Java platform, which critics called "predatory" and could increase costs up to five times for the same software, Gartner found. The dissatisfaction runs deepest in Europe, where 92% of French and 95% of German users want to switch to alternative providers like Bellsoft Liberica, IBM Semeru, or Azul Platform Core.