Phoronix's Michael Larabel reports: CVE-2024-9632 was made public today as the latest security vulnerability affecting the X.Org Server. The CVE-2024-9632 security issue has been present in the codebase now for 18 years and can lead to local privilege escalation. Introduced in the X.Org Server 1.1.1 release back in 2006, CVE-2024-9632 affects the X.Org Server as well as XWayland too. By providing a modified bitmap to the X.Org Server, a heap-based buffer overflow privilege escalation can occur.

This security issue is within _XkbSetCompatMap() and stems from not updating the heap size properly and can lead to local privilege escalation if the server is run as root or as a remote code execution with X11 over SSH. You can read the security advisory announcement here.

OpenAI is partnering with Broadcom and TSMC to design its first in-house AI chip while supplementing its infrastructure with AMD chips, aiming to diversify its reliance on Nvidia GPUs. "The company has dropped the ambitious foundry plans for now due to the costs and time needed to build a network, and plans instead to focus on in-house chip design effort," adds Reuters. From the report: OpenAI has been working for months with Broadcom to build its first AI chip focusing on inference, according to sources. Demand right now is greater for training chips, but analysts have predicted the need for inference chips could surpass them as more AI applications are deployed. Broadcom helps companies including Alphabet unit Google fine-tune chip designs for manufacturing and also supplies parts of the design that help move information on and off the chips quickly. This is important in AI systems where tens of thousands of chips are strung together to work in tandem. OpenAI is still determining whether to develop or acquire other elements for its chip design, and may engage additional partners, said two of the sources.

The company has assembled a chip team of about 20 people, led by top engineers who have previously built Tensor Processing Units (TPUs) at Google, including Thomas Norrie and Richard Ho. Sources said that through Broadcom, OpenAI has secured manufacturing capacity with Taiwan Semiconductor Manufacturing Company to make its first custom-designed chip in 2026. They said the timeline could change. Currently, Nvidia's GPUs hold over 80% market share. But shortages and rising costs have led major customers like Microsoft, Meta, and now OpenAI, to explore in-house or external alternatives.

An anonymous reader quotes a report from TechCrunch: LinkedIn, the social platform used by professionals to connect with others in their field, hunt for jobs, and develop skills, is taking the wraps off its latest effort to build artificial intelligence tools for users. Hiring Assistant is a new product designed to take on a wide array of recruitment tasks, from ingesting scrappy notes and thoughts to turn into longer job descriptions, through to sourcing candidates and engaging with them. LinkedIn is describing Hiring Assistant as a milestone in its AI trajectory: it is, per the Microsoft-owned company, its first "AI agent" And one that happens to be targeting one of LinkedIn's most lucrative categories of users (recruiters).

LinkedIn said the AI assistant is now live with a "select group" of customers (large enterprises such as AMD, Canva, Siemens and Zurich Insurance among them). It's slated to be rolling out more widely in the coming months. [...] "It's designed to take on a recruiter's most repetitive task so they can spend more time on the most impactful part of their jobs," Hari Srinivasan, LinkedIn's VP of product, said in an interview -- "a big statement," he admitted. The product includes the ability to upload full job descriptions, or just note what you want it to have, along with job postings that you like the look of from other companies or roles. In turn, that becomes a list of qualifications you're looking for, as well as an initial pipeline of candidates that you can interact with -- to look for more potential hires that are similar to some, or less like others -- with algorithms designed to search based on skills rather than other indicators (such as where a person lives or went to school), per Srinivasan.

The AI assistant also integrates with third-party application tracking systems, although ultimately, the whole system is trained on LinkedIn data, which spans 1 billion users, 68 million companies and 41,000 skills. LinkedIn said Hiring Assistant is due to get more features soon, such as messaging and scheduling support for interviews, as well as handle follow-ups when candidates have questions before or after interviews. Basically the aim is for it to cover a lot of (time-consuming) admin-style tasks, plus take on some of the thinking, that recruiters have to do daily. Second, unlike many of the other AI features that LinkedIn has released, Hiring Assistant is very squarely aimed at LinkedIn's B2B business, the products it sells to the recruitment industry. "We're really focused on making Hiring Assistant great," said Erran Berger, VP of engineering, in an interview. "This is all bleeding edge, and I mean everything from the experience and how our users are going to interact with it, to the technology that backs it. And so we're really focused on nailing that a lot of the technology we've built is applicable to problems that we're trying to solve for our members and customers. But right now, you know, we really just want to nail this, and then we can figure out where we go from there."

Federal Communications Commission Chair Jessica Rosenworcel outlined a vision for universal connectivity last week that merges satellite and ground-based networks. The FCC recently became the first regulator to establish a framework for supplemental coverage from space (SCS). "Satellites may be in our skies, but they are the anchor tenant in our communications future," said Rosenworcel, calling for seamless integration of fiber, cellular, wireless, and satellite infrastructure into a unified network. The vision comes as the FCC's Affordable Connectivity Program recently ended due to funding depletion.

Cryptocurrency firm Consensys said on Tuesday it would cut 20% of its total workforce, citing broader macroeconomic pressures and ongoing regulatory challenges facing the industry. From a report: The decision will impact 162 of a total of 828 employees at the company, Consensys CEO Joseph Lubin told Reuters in a mailed statement. Crypto companies have frequently accused the Securities and Exchange Commission of regulatory overreach and exceeding its jurisdiction, while the agency argues that the industry is disregarding securities laws designed to protect investors and other market participants.

"Multiple cases with the SEC, including ours, represent meaningful jobs and productive investment lost due to the SEC's abuse of power and Congress's inability to rectify the problem," Lubin said in a blog post, opens new tab. "Such attacks from the U.S. government will end up costing many companies that have been investigated, sued, or sent Wells Notices, many millions of dollars," he added.

Apple has moved the power button on its new M4 Mac mini to an awkward spot underneath the device, requiring users to lift or tip the computer to turn it on. The button now sits near the left rear corner, raised slightly by cooling vents, instead of its previous accessible position on the back panel. The change, absent from Apple's marketing materials, complicates basic operations like power-cycling the machine - especially with cables attached.

Further reading: Apple's New Mouse Retains Flawed Charging Design.

AI slop is flowing onto every major platform where people post online -- and Medium is no exception. Wired: The 12-year-old publishing platform has undertaken a dizzying number of pivots over the years. It's finally on a financial upswing, having turned a monthly profit for the first time this summer. Medium CEO Tony Stubblebine and other executives at the company have described the platform as "a home for human writing." But there is evidence that robot bloggers are increasingly flocking to the platform, too.

Earlier this year, WIRED asked AI detection startup Pangram Labs to analyze Medium. It took a sampling of 274,466 recent posts over a six-week period and estimated that over 47 percent were likely AI-generated. "This is a couple orders of magnitude more than what I see on the rest of the internet," says Pangram CEO Max Spero. (The company's analysis of one day of global news sites this summer found 7 percent as likely AI-generated.)

The strain of slop on Medium tends toward the banal, especially compared with the dadaist flotsam clogging Facebook. Instead of Shrimp Jesus, one is more apt to see vacant dispatches about cryptocurrency. The tags with the most likely AI-generated content included "NFT" -- out of 5,712 articles tagged with this phrase over the last several months, Pangram found that 4,492, or around 78 percent, came back as likely AI-generated -- as well as "web3," "ethereum," "AI," and, for whatever reason, "pets."

Oscar winner Robert Downey Jr. has threatened legal action against future studio executives who attempt to recreate his likeness using AI. "I intend to sue all future executives just on spec," Downey said when asked about potential AI recreations of his performances. He dismissed concerns about Marvel Studios using his likeness without permission, citing trust in their leadership. During the interview, he criticized tech executives who position themselves as AI gatekeepers, calling it "a massive fucking error."

Apple launched a dramatically smaller Mac Mini desktop computer on Tuesday, powered by its new M4 processor and featuring ray tracing capabilities for the first time. The redesigned Mini measures just 5 inches square, roughly half the size of its predecessor, while delivering up to 1.8 times faster CPU performance compared to the M1 model.

The base version starts at $599, while the more powerful M4 Pro variant begins at $1,399. The M4 Pro model sports 14 CPU cores and 20 GPU cores, with support for up to 64GB of RAM and 8TB storage. It introduces Thunderbolt 5 connectivity, offering data transfer speeds up to 120 Gb/s. Apple has revamped the port configuration, adding front-facing USB-C ports and a headphone jack. The rear features Ethernet, HDMI, and three Thunderbolt ports, though USB-A ports have been eliminated. The new Mini supports up to three 6K displays with the M4 Pro chip.

An anonymous reader shares a report: YouTube is reportedly testing a new website layout that removes the date when a video was uploaded and the amount of views it has. [...] On Monday, October 28, VidIQ reported in a post on X that YouTube is testing a new homepage layout that removes view counts and dates.

Linux creator Linus Torvalds has blasted the AI industry as "90% marketing and 10% reality" even as he acknowledged AI's transformative potential. Speaking to TFiR, Torvalds said he would "basically ignore" AI until the hype subsides, predicting meaningful applications would emerge in five years.

The Finnish software pioneer singled out ChatGPT and graphic design as current practical use cases. His criticism follows Baidu CEO's recent warning of an impending AI bubble burst, claiming only 1% of companies would survive the fallout. "I think AI is really interesting, and I think it is going to change the world. And, at the same time, I hate the hype cycle so much that I really don't want to go there," Torvalds said.

theodp writes: "Presidential endorsements do nothing to tip the scales of an election," argues Jeff Bezos in The Hard Truth: Americans Don't Trust the News Media, a WaPo op-ed defense of his decision as owner of The Washington Post to end the newspaper's tradition of endorsing candidates for president.

"No undecided voters in Pennsylvania are going to say, 'I'm going with Newspaper A's endorsement.' None. What presidential endorsements actually do is create a perception of bias. A perception of non-independence. Ending them is a principled decision, and it's the right one. Eugene Meyer, publisher of The Washington Post from 1933 to 1946, thought the same, and he was right. By itself, declining to endorse presidential candidates is not enough to move us very far up the trust scale, but it's a meaningful step in the right direction. I wish we had made the change earlier than we did, in a moment further from the election and the emotions around it. That was inadequate planning, and not some intentional strategy."

The concentration of planet-heating pollutants clogging the atmosphere hit record levels in 2023, the World Meteorological Organization (WMO) has said. From a report: It found carbon dioxide is accumulating faster than at any time in human history, with concentrations having risen by more than 10% in just two decades. "Another year, another record," said Celeste Saulo, secretary-general of the WMO. "This should set alarm bells ringing among decision makers." The increase was driven by humanity's "stubbornly high" burning of fossil fuels, the WMO found, and made worse by big wildfires and a possible drop in the ability of trees to absorb carbon. The concentration of CO2 reached 420 parts per million (ppm) in 2023, the scientists observed. The level of pollution is 51% greater than before the Industrial Revolution, when people began to burn large amounts of coal, oil and fossil gas.

Longtime Slashdot reader AmiMoJo shares a report from the Associated Press: Tech behemoth OpenAI has touted its artificial intelligence-powered transcription tool Whisper as having near "human level robustness and accuracy." But Whisper has a major flaw: It is prone to making up chunks of text or even entire sentences, according to interviews with more than a dozen software engineers, developers and academic researchers. Those experts said some of the invented text -- known in the industry as hallucinations -- can include racial commentary, violent rhetoric and even imagined medical treatments. Experts said that such fabrications are problematic because Whisper is being used in a slew of industries worldwide to translate and transcribe interviews, generate text in popular consumer technologies and create subtitles for videos.

The full extent of the problem is difficult to discern, but researchers and engineers said they frequently have come across Whisper's hallucinations in their work. A University of Michigan researcher conducting a study of public meetings, for example, said he found hallucinations in eight out of every 10 audio transcriptions he inspected, before he started trying to improve the model. A machine learning engineer said he initially discovered hallucinations in about half of the over 100 hours of Whisper transcriptions he analyzed. A third developer said he found hallucinations in nearly every one of the 26,000 transcripts he created with Whisper. The problems persist even in well-recorded, short audio samples. A recent study by computer scientists uncovered 187 hallucinations in more than 13,000 clear audio snippets they examined. That trend would lead to tens of thousands of faulty transcriptions over millions of recordings, researchers said. Further reading: AI Tool Cuts Unexpected Deaths In Hospital By 26%, Canadian Study Finds

NASA's economic impact report highlights that in fiscal year 2023, the agency's initiatives contributed $75.6 billion to the U.S. economy, created over 300,000 jobs, and drove advancements in areas like space exploration, climate research, and technology innovation. The agency's budget for that year was $25.4 billion. Space.com reports: The Moon to Mars program alone created $23.8 billion in economic output and 96,479 jobs, while investments in climate research and technology contributed $7.9 billion and 32,900 jobs. The report also drills down into impacts in each state, with 45 states seeing over $10 million in impact and eight states surpassing the $1 billion mark. [...]

NASA's missions supported 304,803 jobs across America, according to the report -- the third agency-wide study of its kind -- generating an estimated total of $9.5 billion in federal, state, and local taxes. Additionally, NASA's technological innovations and transfers in 2023 led to 40 new patent applications, 69 patents issued, and thousands of software usage agreements. A number of NASA technology spinoffs have become everyday household items. The full NASA economic impact report can be found here.

Ars Technica's Stephen Clark reports: For those who follow NASA's human spaceflight program, a burning question for the last year-and-a-half has been what caused the Orion spacecraft's heat shield to crack and chip away during atmospheric reentry on the unpiloted Artemis I test flight in late 2022. Multiple NASA officials said Monday they now know the answer, but they're not telling. Instead, agency officials want to wait until more reviews are done to determine what this means for Artemis II, the Orion spacecraft's first crew mission around the Moon, officially scheduled for launch in September 2025.

"We have gotten to a root cause," said Lakiesha Hawkins, assistant deputy associate administrator for NASA's Moon to Mars program office, in response to a question from Ars on Monday at the Wernher von Braun Space Exploration Symposium. "We are having conversations within the agency to make sure that we have a good understanding of not only what's going on with the heat shield, but also next steps and how that actually applies to the course that we take for Artemis II," she said. "And we'll be in a position to be able to share where we are with that hopefully before the end of the year."

While the space program is far down the list of most voters' priorities, this means a decision and announcement on what will happen with Artemis II won't come until the post-election lame duck period in the waning weeks of the Biden administration, and likely Bill Nelson's tenure as NASA administrator. This is several months later than NASA officials expected to make a decision. The question here is whether NASA managers decide it is safe enough to fly the Orion heat shield as-is on Artemis II, or if it is too risky with people onboard. Artemis II will be a 10-day mission taking its four-person crew on a path around the far side of the Moon, then back to Earth. This will be the first time people travel to such distances since the Apollo program ended more than 50 years ago.

An anonymous reader quotes a report from the Hollywood Reporter: Grab your wagons and oxen, and get ready to ford a river: A movie adaptation of the popular grade school computer game Oregon Trail is in development at Apple. The studio landed the film pitch, still in early development, that has Will Speck and Josh Gordon attached to direct and produce. EGOT winners Benj Pasek and Justin Paul will provide original music and produce via their Ampersand production banner. Sources tell The Hollywood Reporter that the movie will feature a couple of original musical numbers in the vein of Barbie.

The Lucas Bros. (Judas and the Black Messiah) and Max Reisman are set to pen the screenplay about the game that is meant to mimic 19th-century pioneer times, following a covered wagon train heading west. Created in 1971, the game reached cult status among American grade schoolers by the 1990s as one of the first educational computer games allowed in schools -- and for its hilariously dark storylines filled with broken arms, typhoid and dysentery. The film will likely debut on Apple TV+, but details are scarce at the moment.

French newspaper Le Monde found that the fitness app Strava can easily track confidential movements of foreign leaders, including U.S. President Joe Biden, and presidential rivals Donald Trump and Kamala Harris. The Independent reports: Le Monde found that some U.S. Secret Service agents use the Strava fitness app, including in recent weeks after two assassination attempts on Trump, in a video investigation released in French and in English. Strava is a fitness tracking app primarily used by runners and cyclists to record their activities and share their workouts with a community. Le Monde also found Strava users among the security staff for French President Emmanuel Macron and Russian President Vladimir Putin. In one example, Le Monde traced the Strava movements of Macron's bodyguards to determine that the French leader spent a weekend in the Normandy seaside resort of Honfleur in 2021. The trip was meant to be private and wasn't listed on the president's official agenda.

Le Monde said the whereabouts of Melania Trump and Jill Biden could also be pinpointed by tracking their bodyguards' Strava profiles. In a statement to Le Monde, the U.S. Secret Service said its staff aren't allowed to use personal electronic devices while on duty during protective assignments but "we do not prohibit an employee's personal use of social media off-duty." "Affected personnel has been notified," it said. "We will review this information to determine if any additional training or guidance is required." "We do not assess that there were any impacts to protective operations or threats to any protectees," it added. Locations "are regularly disclosed as part of public schedule releases."

In another example, Le Monde reported that a U.S. Secret Service agent's Strava profile revealed the location of a hotel where Biden subsequently stayed in San Francisco for high-stakes talks with Chinese President Xi Jinping in 2023. A few hours before Biden's arrival, the agent went jogging from the hotel, using Strava which traced his route, the newspaper found. The newspaper's journalists say they identified 26 U.S. agents, 12 members of the French GSPR, the Security Group of the Presidency of the Republic, and six members of the Russian FSO, or Federal Protection Service, all of them in charge of presidential security, who had public accounts on Strava and were therefore communicating their movements online, including during professional trips. Le Monde did not identify the bodyguards by name for security reasons.

JPMorgan Chase is suing customers who exploited an ATM glitch that allowed them to withdraw funds before a check bounced. CNBC reports: The bank on Monday filed lawsuits in at least three federal courts, taking aim at some of the people who withdrew the highest amounts in the so-called infinite money glitch that went viral on TikTok and other social media platforms in late August. [...] JPMorgan, the biggest U.S. bank by assets, is investigating thousands of possible cases related to the "infinite money glitch," though it hasn't disclosed the scope of associated losses. Despite the waning use of paper checks as digital forms of payment gain popularity, they're still a major avenue for fraud, resulting in $26.6 billion in losses globally last year, according to Nasdaq's Global Financial Crime Report.

The infinite money glitch episode highlights the risk that social media can amplify vulnerabilities discovered at a financial institution. Videos began circulating in late August showing people celebrating the withdrawal of wads of cash from Chase ATMs shortly after bad checks were deposited. Normally, banks only make available a fraction of the value of a check until it clears, which takes several days. JPMorgan says it closed the loophole a few days after it was discovered.

The lawsuits are likely to be just the start of a wave of litigation meant to force customers to repay their debts and signal broadly that the bank won't tolerate fraud, according to the people familiar. JPMorgan prioritized cases with large dollar amounts and indications of possible ties to criminal groups, they said. The civil cases are separate from potential criminal investigations; JPMorgan says it has also referred cases to law enforcement officials across the country. "Fraud is a crime that impacts everyone and undermines trust in the banking system," JPMorgan spokesman Drew Pusateri said in a statement to CNBC. "We're pursuing these cases and actively cooperating with law enforcement to make sure if someone is committing fraud against Chase and its customers, they're held accountable."

Phoronix's Michael Larabel reports: Over the past year we have seen Raspberry Pi working a lot on Wayland support for the Raspberry Pi OS desktop and using it on their latest Raspberry Pi models. With today's new Raspberry Pi OS update, Wayland is being used by default across all Raspberry Pi devices. The new Raspberry Pi OS update shipping today is using Wayland across all Raspberry Pi models. Labwc is also now the Wayland compositor of choice and those upgrading their existing Raspberry Pi OS installation will be prompted whether to switch to Labwc or keep using the prior Wayfire compositor. Raspberry Pi developers feel that the Labwc Wayland compositor offers the best experience on their single board computers. You can learn more about the update and download it via the RaspberryPi.com blog.

Further reading: Raspberry Pi Launches Its Own Branded SD Cards and SSDs - Plus SSD Kits