The Almighty Buck

Mark Zuckerberg Directed Meta To Create a Prediction Markets App (nytimes.com) 14

An anonymous reader quotes a report from the New York Times: Mr. Zuckerberg, the chief executive of Meta, recently dispatched a small team at his company to create a smartphone app similar to Polymarket and Kalshi, two employees with knowledge of the matter said. Users would not wager money, and the app would probably rely on a video game-like points system instead, one person said, though the company had not ruled out the eventual use of real money betting. The app is internally referred to as "Arena" and would function independently from Meta's social networking apps, which include Facebook, Instagram, WhatsApp and Messenger, said the employees, who spoke on the condition of anonymity to discuss confidential plans. Meta aims to grow the app by leveraging its large social networking audiences and directing them toward using it, they said.

The effort, which insiders characterized as experimental but a top priority, is part of a broader push by Mr. Zuckerberg to create new types of apps based on emerging social behavior online. More than 3.56 billion people visit one or more of Meta's apps every day, an amount that has raised questions about whether those platforms have reached a saturation point. Arena is one of a handful of apps that Meta is trying out. Others include one called Meta Photos, another stand-alone app which would create new types of media using artificial intelligence, the employees said. [...] Meta insiders have cautioned that Arena remains in development and may not be released. But as executives search for ways to keep the world's largest social media sites thriving, Mr. Zuckerberg appears to be relying on his well-worn product development strategy: Follow the users.

Facebook

Meta Launches Cheaper Smart Glasses Without Ray-Ban (theverge.com) 32

Meta has launched its first smart glasses without Ray-Ban branding. Starting at $299, they're cheaper than the Ray-Ban Meta Gen 2 while retaining EssilorLuxottica as a design and manufacturing partner. The Verge reports: As far as style and specs, the Meta Glasses aren't that different from Ray-Bans. The internal specs are the same as the recently released Ray-Ban Meta Optics Styles, with slightly longer battery life. The Adventurer models have thinner rims, while the Fury models hew a bit closer to the Meta Ray-Ban Display with a bolder, chunkier frame. You could describe the Adventurer as square, and the Fury as even more square. The Kylie glasses sport a more unique design with a distinct Y2K flavor that I'm told is meant to be worn lower on your nose. [...] While playing around with the Meta Glasses, it was hard not to notice that the camera appears smaller than in previous Ray-Ban glasses. Technically, Himel tells me, that's not new to these Meta Glasses. It was actually introduced back in March with the prescription-optimized Optics Styles.

[...] Meta is quadrupling down on AI. The new Meta Glasses will all launch with Muse Spark, the first model out of Meta's Superintelligence Labs. (It'll also be arriving on older Ray-Ban and Oakley glasses in the US and Canada via a software update.) Supposedly, that means more helpful glasses. At my hands-on, I was told that Meta AI would now be less stiff. I'd be able to talk to it more naturally and get smarter responses. The AI now supports 14 more languages, including Arabic, Japanese, Mandarin, Hindi, and Korean. Pedestrian turn-by-turn navigation is also coming to Meta's displayless glasses. Later this month, there'll be a new "dynamic photo" feature that automatically takes multiple frames and then recommends the best one.

Social Networks

UK Considers Forcing Social Media Firms To Prioritize Trusted News (reuters.com) 134

An anonymous reader quotes a report from Reuters: Britain is considering forcing social media companies to prioritize what the government called trusted news sources as part of its broader push to tighten regulation of the sector. The culture department said on Monday it was considering requiring platforms such as Meta's Facebook, Alphabet-owned YouTube and TikTok to make content from public service media -- including the BBC, ITV and Channel 4 -- and other trusted news providers easier to find in users' feeds and searches.

Boosting the visibility of regulated news providers could help tackle misinformation, particularly during crises, the government said. However, any move to influence how platforms rank content is likely to face scrutiny from the social media firms, which say such rules could override user choice and disadvantage other creators. The proposals form part of a broader overhaul of Britain's public service media system to help broadcasters compete with streaming platforms and shifting viewing habits. Ministers are also considering widening public service media status to include online-only providers, extending free-to-air protections for major sporting events to on-demand viewing, and consulting on a shift to internet-based TV from 2034 or 2044.
"It is vital that we make sure that people have better access to trusted and accurate news and that our regulated public service media is seen and heard in the fierce battle against mis- and disinformation," culture minister Lisa Nandy said in a statement.

The move follows the UK's recently-announced ban on social media use for those under 16.
Operating Systems

Valve Will Finally Let You Build Your Own Steam Machine With SteamOS For Desktop (theverge.com) 45

With the price of the new Steam Machine starting at $1,049, you might want to consider making your own Steam Machine instead. An anonymous reader quotes a report from The Verge: Valve says that "starting with the SteamOS 3.8 release, you can put together your own Steam Machine using whatever PC parts you want." SteamOS 3.8.10 launched last week with a slew of updates, including "improved compatibility with recent Intel and AMD platforms." Alongside that improved compatibility, Valve is giving gamers the green light to install SteamOS on their own desktops. In an interview with The Verge, Valve's Pierre-Loup Griffais said Valve has been "rolling out improvements to [SteamOS] so it's more compatible with desktop hardware," including eventual support for Nvidia graphics. Griffais says Valve has "a growing team" working on Nvidia driver support for SteamOS, adding, "We're collaborating with Nvidia very closely." While he mentioned that Nvidia support might not come this year, Griffais emphasized that "it's certainly something that we're working on in the background."

It's technically been possible to run SteamOS on your own hardware for a while now, but compatibility has been mostly limited to AMD systems. So far installing it has also required using a Steam Deck recovery image, a process that, speaking from experience, is much less straightforward than the installation process for most other Linux distributions. Trying to run SteamOS on Intel or Nvidia hardware has not been easy so far. According to Griffais, Valve is working to change that, which could mean that down the line, you'll be able to run SteamOS on just about any gaming PC hardware you want, including Nvidia.

For the more immediate future, Griffais says SteamOS in its current state should offer a "good experience" on console-like PC setups: "If you have something that is similar to the use case of a Steam Machine, where you have a PC that's gonna be plugged into a TV, and has a single hard drive that you're not going to try and dual boot [] you can put SteamOS on there, and you'll have an experience that is very similar to a Steam Deck docked or a Steam Machine, with some caveats, of course," like a lack of HDMI-CEC support. But "the core bits of the experience are there. The SteamOS graphics driver, the shader precompilation [...] you can get at all of that with the SteamOS."
Griffais says SteamOS does not yet offer an easy way to dual-boot alongside Windows or another operating system, but envisions "a time where it's a better experience to install on your desktop and have it coexist with a different operating system."
AI

Google Invests $75 Million In A24 To Develop AI-Powered Filmmaking Tools 29

Google is investing roughly $75 million in A24 as part of a research partnership with DeepMind to develop AI-powered filmmaking tools and workflows. "The deal represents the latest marriage between a Hollywood studio and AI in an era where companies have oscillated between partnerships and lawsuits," reports Variety. From the report: A24 partner Scott Belsky, who leads the studio's technology division A24 Labs, told the Journal the studio's Google partnership differed from other deals because AI developers mistakenly advertised their products as a means to make films cheaper and faster. His division is developing applications for AI-generated storyboards, another reimagination of the production process that has seen filmmakers like Martin Scorsese rubber-stamp. "We think there are better uses that preserve creative control and support risk-taking," said Belsky, arguing the new tools "won't look anything like the prompted generation type of AI that people feel uncomfortable with."
Technology

Some Electricians Think Building Data Centers Is For Sellouts (wired.com) 110

An anonymous reader quotes a report from Wired: As Big Tech dumps billions of dollars into America's data center buildout, a slew of opportunities have opened up to the electricians wiring these massive facilities. In some cases, the scale of the projects and the demanding construction timelines are fueling talent wars for the industry's best and brightest. The US-based International Brotherhood of Electrical Workers (IBEW) has argued that its workers are "powering the AI Revolution," and a set of "Data Center Principles" published in March argues that union labor is "essential to the future of AI." Tech companies are trying to meet the moment: Meta recently announced a skilled trade academy program, and Google committed $50 million to help train people in skilled trades.

But amid growing national opposition to data centers, debates over the ethics of the massive buildout have started to pop up in some online pockets of the community. Threads about how AI will affect the economy now pepper r/electricians, a subreddit with around half a million monthly visitors. Some users wonder whether the work will eventually prompt widespread job losses. Others aren't sure if their labor makes them complicit in the damage done to local communities or whether it's unethical to take on data center work. For some, the answer is a firm no. Ultimately, they argue, work is work.
An anonymous Midwest electrician who spoke to Wired acknowledged concerns about scams, corporate greed, and AI's impact on workers, but said he views data centers as an important source of career advancement. "This is most likely going to be a major part of our future. And if you can't beat them, join them," he said.

An electrician named Ryan, meanwhile, is strongly opposed to working on data centers because he distrusts the corporations and political environment driving AI development. Still, if the facilities are going to be built, he would prefer union workers construct them. "If they're going to get built, I'd rather they go union," he said.

Jesse, an IBEW electrician, sympathizes with communities negatively affected by data centers but does not believe the electricians building them should be blamed. In his view, opposition should instead be directed toward policymakers and the project approval process. "I think it's ridiculous if, to build a data center or any kind of a business, you're going to significantly impact the lives of that community in a negative way," he told Wired.

An electrician named Dante echoed some of those sentiments, arguing that data center work is no more ethically compromised than many other commercial construction projects. "We're almost always working for the worst possible people in the end, but we all need a paycheck," he said. He added that such projects are "essentially the same kind of work," typically performed for wealthy corporations seeking to become even richer.
Cellphones

2,000 Retired Google Pixel Phones Get a Second Life As a Private Cloud (theregister.com) 27

UC San Diego researchers are working with Google to build a private cloud from 2,000 retired Pixel Fold motherboards, demonstrating how discarded smartphones could provide useful, low-cost computing capacity. "The full smartphone cluster is expected to launch this fall," reports The Register. "Depending on how well the initial phase goes, we're told the cluster could grow even larger." From the report Once the phone's motherboards have been extracted from their shells, the researchers say that the chips hiding within remain more than potent enough to be useful for a variety of tasks. In many cases, the single-threaded performance of these chips is as good as, if not better than, what you'd find from a many-cored datacenter chip. The Pixel Fold smartphones, which will form the basis of the cluster, are powered by a Google Tensor G2 processor with two 2.85 GHz Cortex-X1, two 2.35 GHz Cortex-A78 and four 1.80 GHz Cortex-A55 Arm cores, a Mali-G710 MP7 GPU, and 12 GB of system memory. Early benchmarking using the SPEC suite suggests that 25-50 phones should deliver performance similar to that of a conventional server.

The major challenge, instead, is distributing workloads across multiple devices, each of which has a handful of cores of one or more varieties, and most have 8-12 GB of memory. UCSD researchers are approaching this challenge from a couple of different angles. The first is by targeting applications that can easily fit within a single device. The second is using Kubernetes to orchestrate container deployments across clusters of 25-50 phones. For this to work, the devices first need to be flashed with a Linux operating system suitable for the job. While Android makes for a great handheld experience, it is not intended for server duty. In the blog post, researchers note that Android includes functionality intended to stop rogue applications from chewing up excessive amounts of memory and draining your battery. In server context, these safety mechanisms are no longer necessary.

[Ryan Kastner, an associate professor of computer science at UCSD] told us this was by no means an easy task, but the team has made steady progress toward getting Linux running smoothly on these devices, including support for the phone's onboard GPUs. Access to some functionality, like the chip's integrated tensor processing unit, remains elusive. Clustering these devices will require networking the phones together. Normally these devices would connect over cellular or Wi-Fi, but at this scale, this not only isn't practical, but also has implications for security, he explained. Instead, the team will employ PCBs that both supply power and break out wired Ethernet networking.

The researchers suggest that many EdTech, grading, and research workloads commonly run by universities in the cloud are small enough to run on the cluster without issue. "The vast majority of these applications are within the capabilities of a single smartphone to host, with the standard grading backend running on small cloud instances," a blog post detailing the planned deployment reads. "Early experiments show that even a moderately-sized cluster of 20 phones is capable of supporting peak submission rates for a 75+ student class."

AI

TikTok Shows 3x More AI Slop Than YouTube, Report Finds (searchenginejournal.com) 30

"About 59% of TikTok videos served to a new account's For You feed are AI slop," writes Search Engine Journal, "according to a report from Kapwing, the video creation tool company. That's roughly three times the rate Kapwing found on YouTube." The company manually reviewed over 10,000 TikTok videos across 20 categories and ran a separate fresh-account test, counting AI-generated content in the first 500 For You videos. Kapwing ran the same fresh-account test on YouTube and found that 104 of the first 500 Shorts, or 21%, were AI slop. On TikTok, 294 of 500 For You videos hit that threshold...

Of the 2,000 videos Kapwing reviewed in TikTok's Kids category, 57% were AI slop. That was the highest rate of any category in the analysis. The highest-rate tag was #cartoonkids, where 97 of 100 featured videos were AI-generated. Tags like #cartoons and #babysong both reached 83%, and #forkids came in at 79%. After Kids, the next highest AI slop rates were in Science and Education (35%), Health (33%), and History (33%). All three are categories where visual illustration and voiceover narration make up much of the content.

On the other end, categories where on-camera presence or physical demonstration are central had the lowest rates. Fashion came in at 1.3%, Music at 1.5%, and Fitness at 1.6%.

The article notes that by last November, TikTok "had already labeled 1.3 billion videos as AI-generated, according to the report."
Social Networks

Polymarket Paid Dozens to Post Videos of Themselves 'Winning' With Fake Bets (msn.com) 34

In January a college student posted a video showing him winning $100,000 on Polymarket — one of 145 that appeared to show bets adding up to almost $410,000, reports the Wall Street Journal. "But none of those bets were real."

Instead its creator was "one of dozens of mostly college-age creators Polymarket paid to film themselves making fake trades and sometimes scoring fake wins," the Journal reports, citing interviews with the creators an an analysis of more than 1,100 of their videos: Polymarket built near-perfect copies of its website, then instructed creators to make simulated trades on those dummy sites and hide that they were being paid by Polymarket. To get the videos to go viral, Polymarket has recruited a social-media army to copy and re-post creators' footage. Though the New York-based company has been banned from offering its primary crypto platform in the U.S. since 2022, the social-media creators are paid to specifically target U.S. users, who can still access the site with a virtual private network...

Polymarket hired and worked closely with a marketing contractor to promote the site. In a message reviewed by the Journal, that contractor told its social-media army to repost content made by 10 Polymarket creators in particular... These creators didn't initially identify themselves as paid by Polymarket, although one offered a $20 bonus code in his social-media bio... The company instructed creators not to disclose they are paid, according to creators who have worked with the company. They said the pay often added up to $2,000 to $3,000 a month...

A handful of videos the Journal reviewed also contained short glimpses of URLs indicating the sites were test environments for Polymarket engineers... Creators said they send the finished videos to Polymarket for review. If a video isn't engaging enough, or if it bears obvious signs of being faked, Polymarket will ask for the videos to be reshot, the creators said... Polymarket sends creators bullet-point guidance on what to say, according to creators who have worked with the company and a recruiting website... Polymarket's viral clipping campaign racked up more than 140 million views on TikTok, YouTube and Instagram, according to the analytics provider Tubular...

Internal materials show that Polymarket and Virality promote videos showing how easy it is to conduct insider trades on the platform. Polymarket has paid clippers to promote at least 19 videos discussing opportunities to use inside information or other tactics to manipulate markets.

America's advertising laws "require people who are paid to endorse a product to disclose their ties," the article notes, "although there is some gray area about what's permitted." (After the Journal's investigation, the creators started adding "@polymarket partner" to their bios, the article points out._ And when asked for a comment, Polymarket "said it plans to conduct a comprehensive audit of active promotional content."
Security

How Millions of Digital Home Devices Are Secretly Powering Cyberattacks (yahoo.com) 33

The Wall Street Journal reports on internet-connected devices — and how every year millions of them "can contain a secret digital backdoor that opens up access to your home internet, so that anyone... can surf the web as if they were you." (And this is especially true for "knockoffs that you buy online"...)

In a video report this week they tested two digital picture frames from Amazon and three streaming devices from Walmart "because we heard that they often ship with backdoor software used in cyberattacks. Security experts believe manufacturers are being paid to add this malware, but many people also get tricked into downloading the software onto their phones or computers... Within minutes of turning the devices on, there was a surge of internet traffic... Visits to gambling, porn, cryptocurrency and loads of other sketchy web sites started pouring in from users around the world." (And remote visitors also tried to access Outlook and Gmail accounts...)

Residential proxy companies even rent out access to "tens of millions of home networks around the world," according to the report. "But the problem is actually worse than that. Hackers figured out a way to seize control of these backdoors, and they started taking over these residential networks. Last month authorities arrested a 23-year-old Ottawa man, saying he'd taken control of more than a million devices to launch some of the largest cyberattacks anyone had ever seen.."

After a couple months the Journal's reporter collected logs of all the traffic, and sent it to an investigator at Comcast, who said both were conducting DDoS attacks. But estimate for the number of infected devices are as low as tens of millions or as high 500 million-plus. "We've seen nation state attacks launched through these kind of endpoints, which means your device sitting in your house is part of a nation state attack against another nation state... We've seen ad fraud, we've seen ticket scalping, we've seen financial fraud."

But more importantly, "We have seen some of the largest computer attacks — meaning computers attacking other computers at human request — ever recorded in our digital history in the last several months." At cybersecurity conferences, some are warning "there are much larger ones on the horizon if we don't get a hold of this problem."

The company making the picture frame "couldn't be reached for comment," while Amazon said it's been out of stock since last year. Both Amazon and Walmart said they take action when they confirm malware on a third-party product.
AI

Waymo Recalls About 3,900 Robotaxis After Some Drove Into 'Freeway Construction Zones' (cnbc.com) 59

CNBC reports: Waymo is recalling almost 3,900 robotaxis in the U.S. to fix software issues after some cars drove into freeway construction zones, according to notices filed with the National Highway Traffic Safety Administration. The voluntary recall, the Alphabet-owned company's second in just over a month, followed 13 known incidents where Waymo robotaxis drove into construction zones on freeways in Phoenix, or entered freeway lanes with active construction in the San Francisco area, the filings published Thursday said... A letter posted to the regulator's website... noted that, "Driving through a closed construction zone increases the risk of a crash..."

[Waymo said in a statement emailed to CNBC] "We voluntarily restricted freeway operations last month while making improvements, proactively notified state and federal regulators, and decided to file a voluntary software recall with NHTSA. We continue to safely serve riders on surface streets in all the cities where we operate...."

The company implemented another voluntary recall in May after some of its robotaxis had driven into flooded zones or standing water. The NHTSA Safety Board also initiated a probe of Waymo after a January incident in which a robotaxi illegally passed a stopped school bus.

Facebook

Meta Lobbies Congress For Protection From Child-Harm Lawsuits (aol.com) 106

Longtime Slashdot reader schwit1 shares a report from Reuters: Meta has lobbied the U.S. Congress for legal immunity from child-harm claims tied to social media products such as Instagram, as it faces thousands of lawsuits from young users and their families, according to a source familiar with the matter and proposed legislative language reviewed by Reuters. If adopted by lawmakers and passed into law as part of the Kids Online Safety Act (KOSA) under consideration in the U.S. Senate, such a provision could undermine thousands of lawsuits against Meta and other online platforms over harms to children. Meta and Google's YouTube face a combined $6 million in damages after they lost the first case at trial early this year. While legislators have given no indication of adopting the language, the lobbying effort shows the kind of legal protections Meta is seeking amid the biggest attempt to regulate online platforms in the U.S. since the 1990s. Meta has reportedly proposed the language in exchange for dropping its opposition to KOSA. Under the law, platforms would be required to mitigate harms to minors tied to features such as infinite scrolling, notifications, and appearance-altering filters.
Graphics

Adobe Adds Its AI Assistant To Premiere, Illustrator and InDesign 24

Adobe is expanding its Firefly AI assistant into Premiere, Illustrator, InDesign, and Frame.io, where it can automate all sorts of tasks such as organizing clips, renaming assets, adding interview markers, rearranging layers, and finding missing fonts. It's available starting today as part of a public beta. TechCrunch reports: Adobe is slowly transforming Firefly to increasingly resemble Canva, at least when it comes to AI features, loading up the app with AI tools that can generate images, videos and storyboards. The company is now adding a new feature called Elements that can save AI-generated characters, objects and locations for later use.

Firefly is also getting a Projects feature that can store existing assets in one place, and share context. This could be useful for teams creating a video series or brand campaigns. Both of these features are currently available in a private beta.

The company said users can now describe a brand and its style, or upload existing collateral, in Firefly to have it generate a brand kit, complete with logos, brand identity and color palettes, or even generate product videos from photos. Users can also create storyboards to create videos.
IOS

Apple Announces Major App Store Changes on iOS in Brazil (macrumors.com) 10

Apple is allowing iPhone developers in Brazil to distribute apps through authorized alternative marketplaces and use third-party payment systems following action by the country's competition regulator. "In other words, developers in Brazil will be able to circumvent the App Store and Apple's in-app purchase system, but there are still fees," reports MacRumors. Apple will collect commissions ranging from 5% on externally distributed apps to as much as 26% for some App Store transactions using its payment system. From the report: Alternative app marketplaces will have to be authorized by Apple and will need to meet ongoing requirements. For apps that are still distributed through the App Store, developers will be able to include an alternative payment processing method in their app and/or link users to a website to complete a transaction. These changes are available on iOS 26.5 and later, and they are the result of regulatory action from Brazil's competition regulator. Apple has added a new page on its website with additional details for developers in Brazil.

Apple said these changes introduce privacy and security risks for users, including children. The company has introduced safeguards to mitigate these risks, including a notarization process for iOS apps, an authorization process for app marketplaces, and limitations on external links and alternative payments for users under the age of 18. Apple has already allowed alternative app stores and/or third-party payment systems on iOS in the EU, Japan, and South Korea, and it will likely be forced to do so in the UK and Australia too, due to similar regulations in those countries.

Android

Android 17 Drops For Pixel Phones and Watch (phonearena.com) 27

Google has begun rolling out Android 17, the June Pixel Feature Drop, and Wear OS 7 simultaneously across supported Pixel phones and watches. Highlights include floating app bubbles, improved foldable multitasking and gaming, tighter location and contact permissions, stronger lost-device protections, new Pixel AI tools, and up to 10% better Pixel Watch battery life. PhoneArena reports: Pixel owners are the clear winners, since everything here reaches Pixel first and a lot of it goes back to the Pixel 6. Fold owners get the most toys, with the Bubble Bar and foldable gaming mode built for the big screen. Watch wearers get the quietly important upgrade. Better battery and Live Updates make an everyday wearable easier to rely on, especially if you keep it on overnight. Google's latest Pixel Drop combines several AI-powered tools with a broader slate of Android 17 upgrades. Pixel owners gain Lyria 3 for generating music from text or images, Gemini Omni for creating custom video clips, enhanced call translation and screening, AirDrop-compatible Quick Share, expanded Magic Cue support, and conversational photo editing.

Android 17 builds on those additions with floating app Bubbles, selfie-camera Screen Reactions, and a split-screen gaming mode for foldables, while also strengthening privacy and security with more granular location and contact permissions, improved lost-device protection, tighter PIN-guessing limits, and enhanced threat detection.

Other additions include expanded parental controls, separate assistant volume and app memory settings, and an option to hide app names for greater privacy.

You can read more about everything new in Android 17 in Google's blog post.
Bug

Google Told Researcher 'Nice Catch!' Then Denied Bug Bounty For Flaw It Still Hasn't Fixed (theregister.com) 38

Security researcher Justin O'Leary says Google initially accepted his Config Connector privilege-escalation report as a high-priority, high-severity bug, then denied a bounty by declaring the behavior "working as intended." According to The Register, a Google rep initially praised O'Leary's report with a "Nice catch!" before the cloud giant reversed course, declaring that no vulnerability existed and therefore no fix or reward was warranted. "The bug report, however, is still marked high-priority and accepted," the publication notes. The alleged flaw, dubbed ConfigConfusion, could let a Kubernetes namespace user exploit an overprivileged service account to become a GCP organization owner with only a few lines of YAML and little apparent audit visibility. O'Leary details the incident in a blog post. The Register reports: According to O'Leary, Config Connector doesn't perform an authorization check, and this allows any Config Connector service account with org-level permissions to bypass Identity and Access Management (IAM) authorization and gain the highest level of control (roles/owner) to an entire GCP Organization -- the root node of all of a company's resources within Google Cloud. On March 27, a Google security engineer accepted O'Leary's report and told him: "Nice catch!" The employee said that they filed a bug based on O'Leary's report with the relevant product team and assured him the Chocolate Factory's security squad would work with relevant Google Cloud people to fix the flaw. "We'll work with the product team to ensure this issue is address. We'll let you know when the issue was fixed," the engineer said. "In the meantime, review the payment option selected in your bughunters.google.com profile."

Google assigned the bug P1 priority and S1 severity, signifying a flaw worthy of urgent repair because it affects a large percentage of users and can disrupt core organizational functions. "I figured that was the end of that," O'Leary said in a phone interview with The Register. Eleven days later, on April 7, he received a new message from a Google Security Bot reversing the earlier decision. The Reg viewed the email, and O'Leary included a screenshot in his Thursday writeup. The message said that the Cloud Vulnerability Reward Program panel decided that the "security impact of this issue does not meet the criteria to qualify for a reward."

After reviewing the bug report, Google determined the software "is working as intended," the message continued. It also noted that the program's decision not to pay a bounty "does not mean that the product team won't fix the issue." Nearly three months later, the case remains P1/S1 with the status "in progress (accepted)." Google hasn't assigned a CVE or issued a fix. O'Leary didn't receive any reward for his research. [...] "This is a pattern," O'Leary told [The Register]. "This is just how these trillion-dollar companies deal with people like me. In my day job, we use GKE, and it's incredibly frustrating on my end, when I find a critical vulnerability in the system that's being widely used, and I can't even get the vendor to patch their own stuff."
A Google spokesperson told The Register: "The issue reported does not qualify for a reward because the GCP IAM authorization bypass is only exploitable if an attacker has access to a Config Connector Service Account that's been granted the Organization Admin role by the organization (i.e., it is privileged). Additionally, an attacker would first need to gain entry to an organization's environment (e.g., an exposed container) in order to leverage the privileged Config Connector instance and execute commands with administrative authority, such as the IAM bypass. Granting this level of access to the Config Connector Service Account goes against Google Cloud's publicly shared best practices and the principle of least privilege."
Movies

Brian Johnson, Special Effects Artist Behind 'Space: 1999,' Dies At 86 (gerryanderson.com) 52

Special-effects designer Brian Johnson, known for his groundbreaking work on Space: 1999, The Empire Strikes Back, Alien, and Aliens, has died at the age of 86. Johnson began his career creating models and explosions for Gerry and Sylvia Anderson productions, later designed the iconic Eagle Transporter, and became one of science fiction cinema's most influential behind-the-scenes artists. Longtime Slashdot reader sandbagger remembers the SFX legend, writing: "The Space: 1999 Eagle is one of the great space ships of science fiction."
China

China's EV Price War Was Built On Cars Sold At a Loss (autoblog.com) 231

Longtime Slashdot reader schwit1 shares a report from Autoblog: For years, the Chinese auto industry has employed a hostile price war to kneecap global competitors. Armed with massive state subsidies, cheap raw materials, and an aggressive "scale-first" business model, Chinese automakers flooded the market with electric vehicles priced so low that legacy manufacturers stood no chance to compete. How did they do it? Simple, they couldn't. They did it anyway. Reports from CarNewsChina show that Chinese automakers have been selling vehicles at a loss until a recent law passed by the Chinese government banned below-cost sales of new vehicles. During the ongoing sales slump in China caused by rolled-back subsidies and direct government intervention banning below-cost sales, the truth behind the rapid expansion of the Chinese auto industry has been exposed. "By the first quarter of 2026, China captured 32 percent of the global auto market, with its New Energy Vehicles (NEVs) controlling an incredible 61 percent of global share," the report notes. Yet that dominance has come at a steep cost: throughout 2025, "the profit margin for China's auto industry plunged to 4.4 percent and dropped further to a historic low of 3.2 percent in early 2026."

"Gross profit, not net profit, per vehicle, plummeted to a mere $2,000. We can expect the net figure to be loss-making." Autoblog adds: "Data shows over 70 percent of Chinese car sales were loss-making. This left more than half of the country's auto industry in the red. Great Wall Motor (GWM) even saw net profits drop 17 percent despite steady revenue growth."

China's EV price war has now hit a wall. New regulations are discouraging below-cost sales, rising material costs are forcing automakers to cut discounts and raise prices, and reduced tax incentives are weakening domestic demand. To sustain growth, manufacturers are increasingly turning to exports.
Businesses

Carvana Is Turning Dealerships Into 'Playgrounds,' Test-Drive Centers With Sales All Online (cnbc.com) 39

Carvana is testing a radically different new-car dealership model in Dallas, turning the location into a test-drive center and themed "playground" while requiring every purchase to be completed through its online platform. "Every single car that we sell, whether it's used or new, is online," said Tom Taira, Carvana president of special projects who's leading the new vehicle operations. "That's a very inherent difference. Even coming into the store, you're buying it online, and that's a big difference in how people think about it." The company hopes its no-haggle pricing, hourly employees, service operations, and national logistics network can reshape franchised auto retail. CNBC reports: Through its used vehicles sales, Carvana has become the most valuable auto retailer in the U.S. with a more than $70 billion market cap. Carvana's target with the new vehicle business is to grow its market share and customer base as well as assist used vehicle sales through trade-ins and other means, according to Taira. If the company is successful, the strategy could cause a ripple effect across the U.S. franchised dealership model, which the National Automobile Dealers Association reports includes 16,990 retailers that topped $1.3 trillion in sales last year.

[...] Carvana is using a location in Dallas as a test center for its foray into new vehicle sales. The facility looks like a traditional Stellantis dealership from the outside, but the consumer process for purchasing a vehicle and the responsibilities of its employees are unprecedented. Couches and chairs replace cubicles and sales offices. There are no finance and insurance departments, and instead of an army of commission-based employees, the facility has associates that are paid hourly to assist customers -- if they want the help.

The experience is meant to be as self-guided as a customer wants. By scanning QR codes located on 10-foot-by-10-foot screens inside the building or on vehicles and displays outside, shoppers can customize a vehicle, learn about a product's features and conduct test drives before deciding whether to purchase anything. If they do decide to buy something, it's online and not originated from a sales person, the company said.

The "playground" has roughly 50 vehicles divided by brand, with each having a theme. Jeep has an off-road display. Dodge has race tracks, including a Carvana-themed Charger pace car and part of a traditional track fence barrier. Chrysler minivans, meanwhile, have a soccer net and Ram's area is truck-centric. Carvana is not committing to expanding the exact experience to its other franchised dealer locations, but Taira told CNBC that the overall process of online sales, vehicle testing and service are expected to be consistent throughout the locations.
Further reading:: Online Car Retailer Launching Nation's First Car "Vending Machine
Virtualization

HPE Tempts VMware Users, Partners With Year of Free Virtualization Software (arstechnica.com) 25

An anonymous reader quotes a report from Ars Technica: Hewlett Packard Enterprise's (HPE) new virtualization software promotion will likely pique the interest of end users and resellers who are unhappy with Broadcom's pricing of VMware. During its HPE Discover event in Las Vegas this week, HPE announced that customers could use its "HPE Morpheus Software -- VM Essentials" offering for free for "up to one year," per a press release. HPE's website describes its virtualization platform as a "VMware alternative." It includes a hardware virtual machine (HVM) hypervisor and unified management and lets users "manage VMware ESXi and HVM clusters from one console and migrate when you're ready," HPE's website says. "New VM Essentials customers can receive up to one free year of licenses for VM Essentials, a year of HPE Zerto for $1 to support non-disruptive migration to HPE virtual machines, and 0 percent interest on software through HPE Financial Services," HPE's announcement reads, referring to HPE's group for helping IT teams manage funding.

Free for a year is cheaper than what Broadcom has charged for VMware vSphere since taking over. VMware prices have skyrocketed due to VMware's parent company eliminating perpetual licenses and bundling products into expensive packages. Notably, per its website, HPE recommends charging $600 per CPU socket per year for VM Essentials; Broadcom has controversially shifted vSphere licensing pricing to a per-core basis. "Customers are feeling quite a bit of pain in the change that some of the virtualization companies have put there, specifically Broadcom," Jeremiah Jenson, VP of HPE's North American channel and partner ecosystem, told CRN. The executive claimed that VM Essentials could bring up to 90 percent cost savings compared to VMware while also helping to "eliminate vendor lock-in and simplify hybrid IT."

From March 1 to June 30, HPE has also been offering a free year of VM Essentials via rebate to customers who buy an AMD server and a one-year VM Essentials license. VM Essentials is only available through channel partners, a stark contrast from Broadcom's VMware approach, where the chip giant has drastically reduced the number of resellers that can sell VMware products. HPE's new promotion aims to entice customers to more deeply consider migrating off VMware. [...] HPE also announced that it would give 600 reseller partners who earn the HPE partner program's Private Cloud with Virtualization competency by the end of the year free VM Essentials software licenses for three years. Partners still have to pay support costs, though.
The benefit is "a step in the correct direction," said Dean Colpitts, CTO of Canadian managed services provider (MSP) Members IT Group (MITG), which VMware cut from its reseller program after 19 years of partnership a year ago. However, limiting the promotion to 600 partners is "very shortsighted." He believes that HPE should give all of its partners VM Essentials "to facilitate getting [VM Essentials] into customer sites and displacing the competitors."

"They need to fling [VM Essentials] as far and as fast as they possibly [can] to immediately gain traction and draw ISVs to them, which will increase adoption even more," he said.

Slashdot Top Deals