fidzu : geek

An anonymous reader shared this report from the Guardian: Google's search feature AI Overviews cites YouTube more than any medical website when answering queries about health conditions, according to research that raises fresh questions about a tool seen by 2 billion people each month. The company has said its AI summaries, which appear at the top of search results and use generative AI to answer questions from users, are "reliable" and cite reputable medical sources such as the Centers for Disease Control and Prevention and the Mayo Clinic. However, a study that analysed responses to more than 50,000 health queries, captured using Google searches from Berlin, found the top cited source was YouTube. The video-sharing platform is the world's second most visited website, after Google itself, and is owned by Google. Researchers at SE Ranking, a search engine optimisation platform, found YouTube made up 4.43% of all AI Overview citations. No hospital network, government health portal, medical association or academic institution came close to that number, they said. "This matters because YouTube is not a medical publisher," the researchers wrote. "It is a general-purpose video platform...." In one case that experts said was "dangerous" and "alarming", Google provided bogus information about crucial liver function tests that could have left people with serious liver disease wrongly thinking they were healthy. The company later removed AI Overviews for some but not all medical searches... Hannah van Kolfschooten, a researcher specialising in AI, health and law at the University of Basel who was not involved with the research, said: "This study provides empirical evidence that the risks posed by AI Overviews for health are structural, not anecdotal. It becomes difficult for Google to argue that misleading or harmful health outputs are rare cases. "Instead, the findings show that these risks are embedded in the way AI Overviews are designed. In particular, the heavy reliance on YouTube rather than on public health authorities or medical institutions suggests that visibility and popularity, rather than medical reliability, is the central driver for health knowledge."

Read more of this story at Slashdot.

25 Jan 2026 5:34am GMT

Trend Micro's Zero Day Initiative sponsored its third annual Pwn2Own Automotive competition in Tokyo this week, receiving 73 entries, the most ever for a Pwn2Own event. "Under Pwn2Own rules, all disclosed vulnerabilities are reported to affected vendors through ZDI," reports Help Net Security, "with public disclosure delayed to allow time for patches." Infotainment platforms from Tesla, Sony, and Alpine were among the systems compromised during demonstrations. Researchers achieved code execution using techniques that included buffer overflows, information leaks, and logic flaws. One Tesla infotainment unit was compromised through a USB-based attack, resulting in root-level access. Electric vehicle charging infrastructure also received significant attention. Teams successfully demonstrated exploits against chargers from Autel, Phoenix Contact, ChargePoint, Grizzl-E, Alpitronic, and EMPORIA. Several attacks involved chaining multiple vulnerabilities to manipulate charging behavior or execute code on the device. These demonstrations highlighted how charging stations operate as network-connected systems with direct interaction with vehicles. There's video recaps on the ZDI YouTube channel - apparently the Fuzzware.io researchers "were able to take over a Phoenix Contact EV charger over bluetooth." Three researchers also exploited the Alpitronic's HYC50 fast-charging with a classic TOCTOU bug, according to the event's site, "and installed a playable version of Doom to boot." They earned $20,000 - part of $1,047,000 USD was awarded during the three-day event. More coverage from SecurityWeek: The winner of the event, the Fuzzware.io team, earned a total of $215,500 for its exploits. The team received the highest individual reward: $60,000 for an Alpitronic HYC50 EV charger exploit delivered through the charging gun. ZDI described it as "the first public exploit of a supercharger".

Read more of this story at Slashdot.

25 Jan 2026 2:34am GMT

CIO magazine reports that "the push toward in-person work environments will make it more difficult for IT leaders to retain and recruit staff, some experts say." "In addition to resistance, there would also be the risk of talent turnover," [says Lawrence Wolfe, CTO at marketing firm Converge]... "The truth is, both physical and virtual collaboration provide tremendous value...." IT workers facing work-from-office mandates are two to three times more likely than their counterparts to look for new jobs, according to Metaintro, a search engine that tracks millions of jobs. IT leaders hiring new employees may also face significant headwinds, with it taking 40% to 50% longer to fill in-person roles than remote jobs, according to Metaintro. "Some of the challenges CIOs face include losing top-tier talent, limiting the pool of candidates available for hire, and damaging company culture, with a team filled with resentment," says Lacey Kaelani, CEO and cofounder at Metaintro... There are several downsides for IT leaders to in-person work mandates, [adds Lena McDearmid, founder and CEO of culture and leadership advisory firm Wryver], as orders to commute to an office can feel arbitrary or rooted in control rather than in value creation. "That erodes trust quickly, particularly in IT teams that proved they could deliver remotely for years," she adds. The mandates can also create new friction for IT leaders by requiring them to deal with morale issues, manage exceptions, and spend time enforcing policy instead of leading strategy, she says. "There's also a real risk of losing experienced, high-performing talent who have options and are unwilling to trade autonomy for proximity without a clear reason," McDearmid adds. "When companies mandate daily commutes without a clear rationale, they often narrow their talent pool and increase attrition, particularly among people who know they can work effectively elsewhere." McDearmid has seen teams "sitting next to each other" who collaborate poorly "because decisions are unclear or leaders equate visibility with progress... Collaboration doesn't automatically improve just because people share a building." And Rebecca Wettemann, CEO at IT analyst firm Valoir, warns of return-to-office mandates "being used as a Band-Aid for poor management. When IT professionals feel they're being evaluated based on badge swipes, not real accomplishments, they will either act accordingly or look to work elsewhere." Thanks to Slashdot reader snydeq for sharing the article.

Read more of this story at Slashdot.

24 Jan 2026 11:34pm GMT

Destructive payload unleashed on 10-year anniversary of Russia's attack on Ukraine's grid.

24 Jan 2026 7:08pm GMT

Rice University chemists replicated Thomas Edison's seminal experiment and found a surprising byproduct.

24 Jan 2026 6:36pm GMT

While the rash has a clear link to ketones, the underlying mechanism remains elusive.

24 Jan 2026 12:00pm GMT

Encrypting the data stored locally on your hard drives is generally a good idea, specifically if you have use a laptop and take it with you a lot and thieves might get a hold of it. This issue becomes even more pressing if you carry sensitive data as a dissident or whistleblower and have to deal with law enforcement. Or, you know, if you're an American citizen fascist paramilitary groups like ICE doesn't like because your skin colour is too brown or whatever. Windows offers local disk encryption too, in the form of its BitLocker feature, and Microsoft suggests users store their encryption keys on Microsoft's servers. However, when you do so, these keys will be stored unencrypted, and it turns out Microsoft will happily hand them over to law enforcement. "This is private data on a private computer and they made the architectural choice to hold access to that data. They absolutely should be treating it like something that belongs to the user," said Matt Green, cryptography expert and associate professor at the Johns Hopkins University Information Security Institute. "If Apple can do it, if Google can do it, then Microsoft can do it. Microsoft is the only company that's not doing this," he added. "It's a little weird… The lesson here is that if you have access to keys, eventually law enforcement is going to come." ↫ Thomas Brewster Microsoft is choosing to store these keys in unencrypted fashion, and that of course means law enforcement is going to come knocking. With everything that's happening in the United States at the moment, the platitude of "I have nothing to hide" has lost even more of its meaning, as people - even toddlers - are being snatched from the streets and out of their homes on a daily basis by fascist paramilitaries. Even if times were better, though, Microsoft should still refrain from storing these keys unencrypted. It is entirely possible, nay, trivial to address this shortcoming, but the odds of the company fixing this while trying to suck up to the current US regime seem small. Everybody, but especially those living under totalitarian(-esque) regimes, should be taking extra care to make sure their data isn't just encrypted, but that the keys are safe as well.

23 Jan 2026 11:43pm GMT

Last year brought a wealth of new features and fixes to Firefox on Linux. Besides numerous improvements and bug fixes, I want to highlight some major achievements: HDR video playback support, reworked rendering for fractionally scaled displays, and asynchronous rendering implementation. All this progress was enabled by advances in the Wayland compositor ecosystem, with new features implemented by Mutter and KWin. ↫ Martin Stransky It's amazing how the adoption of Wayland is making it so much easier for application developers to support modern features like these. Instead of having to settle for whatever roadblocks and limitations thrown up by legacy X11 cruft, the Linux desktop can now enjoy modern features like HDR, and much more easily support features like fractional scaling. The move to Wayland, as long as it may have taken, has catapulted the Linux desktop from its '90s roots right into the modern era. It's great to see Firefox implementing improvements like these for Linux users, but of course, they come with Mozilla's push to make Firefox an "AI" browser, something few Firefox users seem to want. Luckily, the various Firefox variants like Librewolf and Waterfox will get these same features while removing all the "AI" bloat, so as long as Mozilla remains committed to Firefox for Linux - or Firefox in general - Linux users can rest safe. Sadly, I'm afraid Mozilla's massive pivot to "AI" isn't going to work out, so I have no idea how long Mozilla will be able to afford Firefox on Linux development specifically, and Firefox development generally.

23 Jan 2026 11:18pm GMT

Developing for Windows seems to be a bit of a nightmare, at least according to Microsoft, so they're trying to make the lives of developers easier with a new tool called winapp. The winapp CLI is specifically tailored for cross-platform frameworks and developers working outside of Visual Studio or MSBuild. Whether you are a web developer building with Electron, a C++ veteran using CMake, or a .NET, Rust or Dart developer building apps for Windows, the CLI can streamline the complexities of Windows development - from setting up your environment to packaging for distribution. This makes it significantly easier to access modern APIs - including Windows AI APIs, security features and shell integrations - directly from any toolchain. Windows development often involves managing multiple SDKs, creating and editing multiple manifests, generating certificates and navigating intricate packaging requirements. The goal of this project is to unify these tasks into a single CLI, letting you focus on building great apps rather than fighting with configuration. While the CLI is still in its early days, and there are many Windows development scenarios still in the works, we're sharing this public preview now to learn from real usage, gather feedback and feature requests, and focus our investments on the areas that matter most to developers. ↫ Nikola Metulev at the Windows Blogs For instance, run the command winapp init at the root of your project, and winapp will download the proper SDKs, create manifest files, etc., all automatically. You can also generate the correct certificates, easily create MSIX packages, and more. The tool is available through winget and npm (for Electron projects), but is still in preview, with the code available on GitHub.

23 Jan 2026 4:23pm GMT

While starting this post I realized I have been maintaining personal infrastructure for over a decade! Most of the things I've self-hosted is been for personal uses. Email server, a blog, an IRC server, image hosting, RSS reader and so on. All of these things has all been a bit all over the place and never properly streamlined. Some has been in containers, some has just been flat files with a nginx service in front and some has been a random installed Debian package from somewhere I just forgot.

19 Jan 2026 12:00am GMT

In the recent blog post on the work funded by Sovereign Tech Fund (STF), we provided an overview of the "File Hierarchy for the Verification of OS Artifacts" (VOA) and the voa project as its reference implementation. VOA is a generic framework for verifying any kind of distribution artifacts (i.e. files) using arbitrary signature verification technologies. The voa CLI ⌨️ The voa project offers the voa(1) command line interface (CLI) which makes use of the voa(5) configuration file format for technology backends. It is recommended to read the respective man pages to get …

11 Jan 2026 12:00am GMT

In 2024 the Sovereign Tech Fund (STF) started funding work on the ALPM project, which provides a Rust-based framework for Arch Linux Package Management. Refer to the project's FAQ and mission statement to learn more about the relation to the tooling currently in use on Arch Linux. The funding has now concluded, but over the time of 15 months allowed us to create various tools and integrations that we will highlight in the following sections. We have worked on six milestones with focus on various aspects of the package management ecosystem, ranging from formalizing, parsing and writing of …

10 Jan 2026 12:00am GMT