Games

EA's Origin App For PC Gaming Will Shut Down In April 17

EA's Origin PC client will be shut down on April 17, 2025, as Microsoft ends support for 32-bit software. "Anyone still using Origin will need to swap over to the EA app before that date," adds Engadget. From the report: For those PC players who have not migrated over to the EA app, the company has an FAQ explaining the latest system requirements. The EA app runs on 64-bit architecture, and requires a machine using Windows 10 or Windows 11. [...] If you're simply downloading the EA app on a current machine, players won't need to re-download their games. And if you have cloud saves enabled, all of your data should transfer without any additional steps.

However, it's always a good idea to have physical backups with this type of transition, especially since not all games support cloud saves, and those titles will need to have saved game data manually transferred. Mods also may not automatically make the switch, and EA recommends players check with mod creators about transferring to the EA app.
Social Networks

Major Tech Firms Sign EU Pledge To Tackle Hate Speech (theverge.com) 176

Many of the world's largest tech companies, including Meta, Google, TikTok, and X, have pledged to European lawmakers that they will do more to prevent and remove illegal hate speech on their platforms. The revised set of voluntary commitments unveiled on Monday aim to help platforms "demonstrate their compliance" with the Digital Services Act (DSA) obligations regarding illegal content moderation. The Verge reports: Facebook, Instagram, TikTok, Twitch, X, YouTube, Snapchat, LinkedIn, Dailymotion, Jeuxvideo.com, Rakuten Viber, and Microsoft-hosted consumer services have all signed the "Code of Conduct on Countering Illegal Hate Speech Online Plus" -- which is not a terribly named streaming service but an update to a 2016 Code. The revised code commits signatories to transparency around hate speech detection and reduction, to allowing third-party monitors to assess how hate speech notices are reviewed by the platforms, and to review "at least two-thirds of hate speech notices" within 24 hours. These EU Codes of Conduct are voluntary commitments and companies face no penalties if they decide to back out of the agreement [...].
Programming

Node.js 'Type Stripping' for TypeScript Now Enabled by Default (hashnode.dev) 63

The JavaScript runtime Node.js can execute TypeScript (Microsoft's JavaScript-derived language with static typing).

But now it can do it even better, explains Marco Ippolito of the Node.js steering committee: In August 2024 Node.js introduced a new experimental feature, Type Stripping, aimed at addressing a longstanding challenge in the Node.js ecosystem: running TypeScript with no configuration. Enabled by default in Node.js v23.6.0, this feature is on its way to becoming stable.

TypeScript has reached incredible levels of popularity and has been the most requested feature in all the latest Node.js surveys. Unlike other alternatives such as CoffeeScript or Flow, which never gained similar traction, TypeScript has become a cornerstone of modern development. While it has been supported in Node.js for some time through loaders, they relied heavily on configuration and user libraries. This reliance led to inconsistencies between different loaders, making them difficult to use interchangeably. The developer experience suffered due to these inconsistencies and the extra setup required... The goal is to make development faster and simpler, eliminating the overhead of configuration while maintaining the flexibility that developers expect...

TypeScript is not just a language, it also relies on a toolchain to implement its features. The primary tool for this purpose is tsc, the TypeScript compiler CLI... Type checking is tightly coupled to the implementation of tsc, as there is no formal specification for how the language's type system should behave. This lack of a specification means that the behavior of tsc is effectively the definition of TypeScript's type system. tsc does not follow semantic versioning, so even minor updates can introduce changes to type checking that may break existing code. Transpilation, on the other hand, is a more stable process. It involves converting TypeScript code into JavaScript by removing types, transforming certain syntax constructs, and optionally "downleveling" the JavaScript to allow modern syntax to execute on older JavaScript engines. Unlike type checking, transpilation is less likely to change in breaking ways across versions of tsc. The likelihood of breaking changes is further reduced when we only consider the minimum transpilation needed to make the TypeScript code executable — and exclude downleveling of new JavaScript features not yet available in the JavaScript engine but available in TypeScript...

Node.js, before enabling it by default, introduced --experimental-strip-types. This mode allows running TypeScript files by simply stripping inline types without performing type checking or any other code transformation. This minimal technique is known as Type Stripping. By excluding type checking and traditional transpilation, the more unstable aspects of TypeScript, Node.js reduces the risk of instability and mostly sidesteps the need to track minor TypeScript updates. Moreover, this solution does not require any configuration in order to execute code... Node.js eliminates the need for source maps by replacing the removed syntax with blank spaces, ensuring that the original locations of the code and structure remain intact. It is transparent — the code that runs is the code the author wrote, minus the types...

"As this experimental feature evolves, the Node.js team will continue collaborating with the TypeScript team and the community to refine its behavior and reduce friction. You can check the roadmap for practical next steps..."
AI

Microsoft-OpenAI Partnership Raises Antitrust Concerns, FTC Says (bloomberg.com) 2

Microsoft's $13 billion investment in OpenAI raises concerns that the tech giant could extend its dominance in cloud computing into the nascent AI market, the Federal Trade Commission said in a report released Friday. From a report: The commission said Microsoft's deal with OpenAI, as well as Amazon and Google's partnerships with AI company Anthropic, raise the risk that AI developers could be "fully acquired" by the tech giants in the future.

"The FTC's report sheds light on how partnerships by big tech firms can create lock-in, deprive start-ups of key AI inputs, and reveal sensitive information that can undermine fair competition," FTC Chair Lina Khan said in a statement. The FTC has the power to open market studies to glean more information about industry trends. The findings can be used to inform future actions. It's unclear what the agency's new leadership under the Trump administration will do with the report.

Microsoft

Microsoft Begins Forcing Windows 24H2 Updates on PCs (pcworld.com) 106

Microsoft began mandatory rollouts of the Windows 11 2024 Update (24H2) for eligible devices running Home and Pro editions, the company announced on its Windows 11 issues page. The update, which Microsoft describes as a "full code swap," requires longer installation times, with users reporting processes exceeding an hour.

While users can briefly postpone the installation, the company is now pushing updates to mainstream users not managed by IT departments. The 24H2 update introduces USB4's 80Gbps support, Bluetooth LE Audio for hearing aids, and enhanced Energy Saver controls.
Microsoft

Microsoft Research: AI Systems Cannot Be Made Fully Secure (theregister.com) 28

Microsoft researchers who tested more than 100 of the company's AI products concluded that AI systems can never be made fully secure, according to a new pre-print paper. The 26-author study, which included Azure CTO Mark Russinovich, found that large language models amplify existing security risks and create new vulnerabilities. While defensive measures can increase the cost of attacks, the researchers warned that AI systems will remain vulnerable to threats ranging from gradient-based attacks to simpler techniques like interface manipulation for phishing.
Microsoft

Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat (arstechnica.com) 39

Microsoft has patched a Windows vulnerability that allowed attackers to bypass Secure Boot, a critical defense against firmware infections, the company said. The flaw, tracked as CVE-2024-7344, affected Windows devices for at least seven months. Security researcher Martin Smolar discovered the vulnerability in a signed UEFI application within system recovery software from seven vendors, including Howyar.

The application, reloader.efi, circumvented standard security checks through a custom PE loader. Administrative attackers could exploit the vulnerability to install malicious firmware that persists even after disk reformatting. Microsoft revoked the application's digital signature, though the vulnerability's impact on Linux systems remains unclear.
AI

LinkedIn Wants You To Apply For Fewer Jobs (engadget.com) 62

LinkedIn has unveiled an AI-powered "Job Match" feature to discourage users from applying to positions they aren't qualified for, aiming to address recruitment inefficiencies in a tight job market. The tool, the Microsoft-owned firm said, analyzes users' experience against job requirements to provide detailed qualification summaries, going beyond basic keyword matching. Premium subscribers will receive more granular match data.
Businesses

Even Harvard MBAs Are Struggling To Land Jobs (msn.com) 120

Nearly a quarter of Harvard Business School's 2024 M.B.A. graduates remained jobless three months after graduation, highlighting deepening employment challenges at elite U.S. business schools. The unemployment rate for Harvard M.B.A.s rose to 23% from 20% a year earlier, more than double the 10% rate in 2022.

Major employers including McKinsey, Amazon, Google, and Microsoft have scaled back M.B.A. recruitment, with McKinsey cutting its hires at University of Chicago's Booth School to 33 from 71. "We're not immune to the difficulties of the job market," said Kristen Fitzpatrick, who oversees career development at Harvard Business School. "Going to Harvard is not going to be a differentiator. You have to have the skills." Columbia Business School was the only top program to improve its placement rate in 2024. Median starting salaries for employed M.B.A.s remain around $175,000.
Microsoft

Microsoft Relaunches Copilot for Business With Free AI Chat and Pay-As-You-Go Agents (theverge.com) 5

Microsoft is relaunching its free Copilot for businesses as Microsoft 365 Copilot Chat today, complete with the ability to use AI agents. From a report: Copilot Chat is Microsoft's latest attempt to get people used to using AI at work and relying on it enough to tempt them into paying $30 per month to get the full Microsoft 365 Copilot.

Microsoft 365 Copilot Chat is essentially a rebranding of what was once Bing Chat Enterprise before Microsoft rebranded it to just Copilot. It crucially now includes access to Copilot AI agents right within the chat interface -- which was previously only available in the full Microsoft 365 Copilot experience -- requiring a $30 per user per month subscription. These agents are designed to work like virtual colleagues and can do things like monitor email inboxes or automate a series of tasks.

You'll be able to create and use agents using Copilot Studio, use agents that rely on web data, and even use agents grounded on work data through the Microsoft graph. The usage of agents with Copilot Chat will be priced through the Copilot Studio meter in Azure or through a pay-as-you-go option.

Businesses

Microsoft Pauses Hiring In US Consulting Unit (cnbc.com) 9

A week after announcing performance-based job cuts similar to those at Meta, Microsoft said it also plans to pause hiring in part of its consulting unit. CNBC reports: The changes by the U.S. consulting division are meant to align with a policy by the Microsoft Customer and Partner Solutions organization, which has about 60,000 employees, according to a page on Microsoft's website. The changes are in place through the remainder of the 2025 fiscal year ending in June. To reduce costs, Microsoft's consulting division will hold off on hiring new employees and back-filling roles, consulting executive Derek Danois told employees in the memo. Careful management of costs is of utmost importance, Danois wrote.

The memo also instructs employees to not expense travel for any internal meetings and use remote sessions instead. Additionally, executives will have to authorize trips to customers' sites to ensure spending is being used on the right customers, Danois wrote. Additionally, the group will cut its marketing and non-billable external resource spend by 35%, the memo says.
Further reading: Companies Deploy AI To Curb Hiring as 'Cost Avoidance' Gains Ground
Businesses

The New $30,000 Side Hustle: Making Job Referrals for Strangers (bnnbloomberg.ca) 15

Tech workers at major U.S. companies are earning thousands of dollars by referring job candidates they've never met, creating an underground marketplace for employment referrals at firms like Microsoft and Nvidia, according to Bloomberg.

One tech worker cited in the report earned $30,000 in referral bonuses after recommending over 1,000 strangers to his employer over 18 months, resulting in more than six successful hires. While platforms like ReferralHub charge up to $50 per referral, Goldman Sachs and Google said such practices violate their policies. Google requires referrals to be based on personal knowledge of candidates.
Microsoft

Microsoft Is Testing 45% M365 Price Hikes in Asia (theregister.com) 65

Microsoft is raising Microsoft 365 subscription prices by up to 46% across six Asian markets to fund AI features. In Australia, annual Microsoft 365 Family subscriptions will increase to AU$179 ($110) from AU$139, while Personal subscriptions will jump to AU$159 ($98) from AU$109. The price hikes also affect New Zealand, Malaysia, Singapore, Taiwan and Thailand customers.
Youtube

CES 'Worst In Show' Devices Mocked In IFixit Video - While YouTube Inserts Ads For Them (worstinshowces.com) 55

While CES wraps up this week, "Not all innovation is good innovation," warns Elizabeth Chamberlain, iFixit's Director of Sustainability (heading their Right to Repair advocacy team). So this year the group held its fourth annual "anti-awards ceremony" to call out CES's "least repairable, least private, and least sustainable products..." (iFixit co-founder Kyle Wiens mocked a $2,200 "smart ring" with a battery that only lasts for 500 charges. "Wanna open it up and change the battery? Well you can't! Trying to open it will completely destroy this device...") There's also a category for the worst in security — plus a special award titled "Who asked for this?" — and then a final inglorious prize declaring "the Overall Worst in Show..."

Thursday their "panel of dystopia experts" livestreamed to iFixit's feed of over 1 million subscribers on YouTube, with the video's description warning about manufacturers "hoping to convince us that they have invented the future. But will their vision make our lives better, or lead humanity down a dark and twisted path?" The video "is a fun and rollicking romp that tries to forestall a future clogged with power-hungry AI and data-collecting sensors," writes The New Stack — though noting one final irony.

"While the ceremony criticized these products, YouTube was displaying ads for them..."

UPDATE: Slashdot reached out to iFixit co-founder Kyle Wiens, who says this teaches us all a lesson. "The gadget industry is insidious and has their tentacles everywhere."

"Of course they injected ads into our video. The beast can't stop feeding, and will keep growing until we knife it in the heart."

Long-time Slashdot reader destinyland summarizes the article: "We're seeing more and more of these things that have basically surveillance technology built into them," iFixit's Chamberlain told The Associated Press... Proving this point was EFF executive director Cindy Cohn, who gave a truly impassioned takedown for "smart" infant products that "end up traumatizing new parents with false reports that their baby has stopped breathing." But worst for privacy was the $1,200 "Revol" baby bassinet — equipped with a camera, a microphone, and a radar sensor. The video also mocks Samsung's "AI Home" initiative which let you answer phone calls with your washing machine, oven, or refrigerator. (And LG's overpowered "smart" refrigerator won the "Overall Worst in Show" award.)

One of the scariest presentations came from Paul Roberts, founder of SecuRepairs, a group advocating both cybersecurity and the right to repair. Roberts notes that about 65% of the routers sold in the U.S. are from a Chinese company named TP-Link — both wifi routers and the wifi/ethernet routers sold for homes and small offices.Roberts reminded viewers that in October, Microsoft reported "thousands" of compromised routers — most of them manufactured by TP-Link — were found working together in a malicious network trying to crack passwords and penetrate "think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others" in North America and in Europe. The U.S. Justice Department soon launched an investigation (as did the U.S. Commerce Department) into TP-Link's ties to China's government and military, according to a SecuRepairs blog post.

The reason? "As a China-based company, TP-Link is required by law to disclose flaws it discovers in its software to China's Ministry of Industry and Information Technology before making them public." Inevitably, this creates a window "to exploit the publicly undisclosed flaw... That fact, and the coincidence of TP-Link devices playing a role in state-sponsored hacking campaigns, raises the prospects of the U.S. government declaring a ban on the sale of TP-Link technology at some point in the next year."

TP-Link won the award for the worst in security.

AI

Foreign Cybercriminals Bypassed Microsoft's AI Guardrails, Lawsuit Alleges (arstechnica.com) 3

"Microsoft's Digital Crimes Unit is taking legal action to ensure the safety and integrity of our AI services," according to a Friday blog post by the unit's assistant general counsel. Microsoft blames "a foreign-based threat-actor group" for "tools specifically designed to bypass the safety guardrails of generative AI services, including Microsoft's, to create offensive and harmful content.

Microsoft "is accusing three individuals of running a 'hacking-as-a-service' scheme," reports Ars Technica, "that was designed to allow the creation of harmful and illicit content using the company's platform for AI-generated content" after bypassing Microsoft's AI guardrails: They then compromised the legitimate accounts of paying customers. They combined those two things to create a fee-based platform people could use. Microsoft is also suing seven individuals it says were customers of the service. All 10 defendants were named John Doe because Microsoft doesn't know their identity.... The three people who ran the service allegedly compromised the accounts of legitimate Microsoft customers and sold access to the accounts through a now-shuttered site... The service, which ran from last July to September when Microsoft took action to shut it down, included "detailed instructions on how to use these custom tools to generate harmful and illicit content."

The service contained a proxy server that relayed traffic between its customers and the servers providing Microsoft's AI services, the suit alleged. Among other things, the proxy service used undocumented Microsoft network application programming interfaces (APIs) to communicate with the company's Azure computers. The resulting requests were designed to mimic legitimate Azure OpenAPI Service API requests and used compromised API keys to authenticate them. Microsoft didn't say how the legitimate customer accounts were compromised but said hackers have been known to create tools to search code repositories for API keys developers inadvertently included in the apps they create. Microsoft and others have long counseled developers to remove credentials and other sensitive data from code they publish, but the practice is regularly ignored. The company also raised the possibility that the credentials were stolen by people who gained unauthorized access to the networks where they were stored...

The lawsuit alleges the defendants' service violated the Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, the Lanham Act, and the Racketeer Influenced and Corrupt Organizations Act and constitutes wire fraud, access device fraud, common law trespass, and tortious interference.

Privacy

Database Tables of Student, Teacher Info Stolen From PowerSchool In Cyberattack (theregister.com) 18

An anonymous reader quotes a report from The Register: A leading education software maker has admitted its IT environment was compromised in a cyberattack, with students and teachers' personal data -- including some Social Security Numbers and medical info -- stolen. PowerSchool says its cloud-based student information system is used by 18,000 customers around the globe, including the US and Canada, to handle grading, attendance records, and personal information of more than 60 million K-12 students and teachers. On December 28 someone managed to get into its systems and access their contents "using a compromised credential," the California-based biz told its clients in an email seen by Register this week.

[...] "We believe the unauthorized actor extracted two tables within the student information system database," a spokesperson told us. "These tables primarily include contact information with data elements such as name and address information for families and educators. "For a certain subset of the customers, these tables may also include Social Security Number, other personally identifiable information, and limited medical and grade information. "Not all PowerSchool student information system customers were impacted, and we anticipate that only a subset of impacted customers will have notification obligations."
While the company has tightened security measures and offered identity protection services to affected individuals, cybersecurity firm Cyble suggests the intrusion "may have been more serious and gone on much longer than has been publicly acknowledged so far," reports The Register. The cybersecurity vendor says the intrusion could have occurred as far back as June 16, 2011, with it ending on January 2 of this year.

"Critical systems and applications such as Oracle Netsuite ERP, HR software UltiPro, Zoom, Slack, Jira, GitLab, and sensitive credentials for platforms like Microsoft login, LogMeIn, Windows AD Azure, and BeyondTrust" may have been compromised, too.
Privacy

See the Thousands of Apps Hijacked To Spy On Your Location (404media.co) 49

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.
Chromium

Tech Giants Form Chromium Browser Coalition (betanews.com) 67

BrianFagioli writes: The Linux Foundation has announced the launch of 'Supporters of Chromium-Based Browsers,' an initiative aimed at funding and supporting open development within the Chromium ecosystem. The purpose of this effort is to provide resources and foster collaboration among developers, academia, and tech companies to drive the sustainability and innovation of Chromium projects. Major industry players, including Google, Meta, Microsoft, and Opera, have pledged their support.
Businesses

Microsoft Cutting More Jobs as New Year Begins (theregister.com) 53

Microsoft kicks off the new year with more job cuts, as fewer than 1% of employees reportedly face the axe. From a report: As first reported by Business Insider, Microsoft is trimming its workforce again, including roles in its security division, with the cuts targeting underperforming employees. A Microsoft spokesperson confirmed the layoffs with BI but declined to specify how many staffers are affected, stating, "At Microsoft, we focus on high-performance talent."

"We are always working on helping people learn and grow. When people are not performing, we take the appropriate action," the spokesperson told The Register.

Slashdot Top Deals