The Department of Homeland Security (DHS) believes that China, Russia, Iran, and Israel are the "primary" countries exploiting security holes in telecommunications networks to spy on people inside the United States, which can include tracking their physical movements and intercepting calls and texts, according to information released by Senator Ron Wyden. 404 Media: The news provides more context around use of SS7, the exploited network and protocol, against phones in the country. In May, 404 Media reported that an official inside DHS's Cybersecurity Insurance and Security Agency (CISA) broke with his department's official narrative and publicly warned about multiple SS7 attacks on U.S. persons in recent years. Now, the newly disclosed information provides more specifics on where at least some SS7 attacks are originating from.

The information is included in a letter the Department of Defense (DoD) wrote in response to queries from the office of Senator Wyden. The letter says that in September 2017 DHS personnel gave a presentation on SS7 security threats at an event open to U.S. government officials. The letter says that Wyden staff attended the event and saw the presentation. One slide identified the "primary countries reportedly using telecom assets of other nations to exploit U.S. subscribers," it continues.

One in five adults in developed nations demonstrate primary school-level literacy and numeracy skills, according to an OECD study of 160,000 people across 31 countries released December 10. The decennial Survey of Adult Skills reveals declining literacy rates over the past decade despite rising secondary education completion.

Finland topped rankings across all tested areas -- numeracy, literacy, and problem-solving -- while Japan, Norway and the Netherlands performed above average. The United States showed declining scores, with Chile, Italy, Poland and Portugal reporting high proportions of below-average performers. The study found widening skill gaps between top and bottom performers, with declining scores concentrated among lower-performing adults.

An anonymous reader shared this report from The Verge: Waymo's driverless vehicles can detect emergency vehicles, know how to respond to hand signals for traffic cops, and can be disabled manually when something goes wrong, according to an independent review of the company's first responder protocols. As such, the Alphabet company's first responder protocols passed an independent review conducted by Tüv Süd, a German tech inspection company. The firm's assessment found that Waymo's First Responder Program "meets industry standards" for responding to emergency situations, which is in line with the best practices set out in the Society of Automotive Engineers (SAE)...

Waymo is staking out the position that it goes beyond what's required to prove that its vehicles are trustworthy... The company has also publicly released its own guide for first responders who are responding to incidents involving autonomous vehicles. The 32-page document includes a toll free number for getting in touch with remote operators, a visual guide for disabling the vehicle's autonomous mode, and instructions for how to disconnect the high-voltage battery. Waymo also hosts training sessions for police and fire officials in the cities in which it operates. The company says it has trained 15,000 first responders from over 75 agencies.
Gizmodo notes that Waymo's self-driving cars are already live for paying customers in San Francisco, Los Angeles, and Austin, "with deployment in Miami coming soon." But Waymo's self-driving cars still attract some mockery online, reports TechCrunch: A video is circulating on social media showing a Waymo robotaxi going round and round on a roundabout — as if it is stuck in a loop. A Waymo spokesperson told TechCrunch there were no passengers onboard the vehicle in the video and said the company has already addressed the issue by deploying a software update to its fleet.

Bad news for anyone out there who still uses Skype: The Microsoft-owned phone and messaging platform has quietly stopped letting users top-up accounts with credit and buy Skype phone numbers. From a report: Instead, Skype is locking into SaaS mode: It's pushing users to take monthly subscriptions for regional and global Skype-to-phone plans, for a set monthly fee, likely impacting millions of people. The most recent figures Microsoft released for Skype last year said it had 36 million daily active users.

ChatGPT maker OpenAI released its AI-generated video tool called Sora for general use by its paying customers Monday. From a report: The company then said it would do wide testing with creatives and red-teaming with security experts before its release to the public. "We don't want the world to just be text," OpenAI CEO Sam Altman said in a live-streamed announcement Monday.

"[Video] is important to our culture," Altman added. The company said in a statement that the latest version of Sora, which will be offered as a standalone product to ChatGPT Plus and Pro customers, is "significantly faster" than the one it previewed. It lets you generate videos up to 20 seconds long.

An anonymous reader shares a report: Fans post about him on social media. Swag bearing his name sells out on the regular. College professors dedicate class sessions and textbook sections to him. Foreign government officials have been known to express jealousy over his skills, and one prominent economist refers to him as a "national treasure." Meet FRED, a 33-year-old data tool from St. Louis, Mo., and the economics world's most unlikely celebrity.

Even if you have not interacted with FRED yourself, there is a good chance you've encountered him without knowing it. The tool's signature baby blue graphs dot social media and crop up on many of the world's most popular news websites. Many people feel that way about FRED. The website had nearly 15 million users last year, and it is on track for even more in 2024, up from fewer than 400,000 as recently as 2009. Their reasons for clicking are diverse: FRED users are coming for freshly released unemployment data, to check in on egg inflation or to find out whether business is booming in Memphis.

That appeal crosses political lines. Larry Kudlow, who directed the National Economic Council during the first Trump administration, has tweeted and retweeted FRED charts. Groups as disparate as the spending-focused Alaskans for a Sustainable Budget and the pro-worker advocacy organization Employ America have used its charts to back up their arguments. It is even occasionally used by professional and White House economists, who tend to have access to sophisticated data tools, for quick charts. "It is unfathomable for me now, to think of the days before FRED," said Ernie Tedeschi, the director of economics at the Budget Lab at Yale and a former chief economist at the White House Council of Economic Advisers.

When he speaks to foreign government economists, he noted, they are often "jealous" of the data tool, which is more comprehensive and easier to use than what other countries offer. "It's a compliment to FRED," he said. FRED -- whose name stands for Federal Reserve Economic Data -- was born in 1991. But he was a sparkle in the eye of the St. Louis Fed long before that. The story started in the 1960s, with an economist named Homer Jones (now sometimes referred to as the "grandfather of FRED"). Mr. Jones was the director of research at the Fed's branch in St. Louis, and he wanted to make central bank decisions more data-based, so he started to mail typed data reports to Fed officials around the country.

Slashdot reader prisoninmate shared this report from the blog 9to5Linux Renowned Linux kernel developer Greg Kroah-Hartman announced Thursday that the Linux 6.12 kernel series has been officially marked as LTS (Long Term Support) on the kernel.org website with a predicted life expectancy of at least two years.

Linux kernel 6.12 was released on November 17th, 2024, and introduces new features like real-time "PREEMPT_RT" support, a new scheduler called sched_ext, and DRM panic messages as QR codes, as well as numerous new and updated drivers for better hardware support...

Linux kernel 6.12 joins the many other long-term support kernel branches, namely Linux 6.6 LTS, Linux 6.1 LTS, Linux 5.15 LTS, Linux 5.10 LTS, and Linux 5.4 LTS. Apart from the latter, the rest of them, including Linux kernel 6.12, will be officially supported until the end of December 2026. Hopefully, Linux kernel 6.12 will be supported for more than two years as the kernel maintainers usually aim for four years of support for a new LTS kernel, especially if there's demand from hardware manufacturers and other companies that aim to use a long-term supported kernel in their devices.
UPDATE (3/1/2026): Greg Kroah-Hartman announced Linux 6.12 now won't reach EOL until December of 2028 (rather than December of 2026), giving it a 4-year window.

Slashdot reader prisoninmate shared this report from 9to5Linux: Linux kernel 4.19, the last of the Linux 4.x kernel series, has now reached the end of its supported life as announced earlier on the Linux kernel mailing list by kernel developer Greg Kroah-Hartman. The Linux 4.19 kernel branch was released more than six years ago, on October 22nd, 2018, and it received no less than 325 maintenance updates, the last one being Linux 4.19.325. The biggest highlights of Linux kernel 4.19 were initial Wi-Fi 6 support, the EROFS file system, and a union mount filesystem implementation.
Kroah-Hartman said on the mailing list. "This one is finished, it is end-of-life as of right now... It had a good life..." As a "fun" proof that this one is finished (and that any company saying they care about it really should have their statements validated with facts), I looked at the "unfixed" CVEs from this kernel release. Currently it is a list 983 CVEs long, too long to list here.... Note, this does NOT count the hardware CVEs which kernel.org does not track, and many are sill unfixed in this kernel branch.

Yes, CVE counts don't mean much these days, but hey, it's a signal of something, right? I take it to mean that no one is caring enough to backport the needed fixes to this branch, which means that you shouldn't be using it anymore.

Anyway, please move off to a more modern kernel if you were using this one for some reason. Like 6.12.y, the next LTS kernel we will be supporting for multiple years.

Wednesday OpenAI bragged they'd released "the smartest model in the world". But the Economic Times describes what happened when "o1" was tested by an AI safety group... Researchers tasked the AI with a goal and instructed it to ensure the goal was achieved "at all costs." In response, o1 began engaging in covert actions... According to OpenAI, the model made a covert attempt to turn off the oversight mechanism 5% of the time when it was given the impression that it would be "shut down" while pursuing its objectives in these experiments. The AI once attempted to leave ship by moving all of its data to a different server after discovering paperwork indicating it will be replaced with a fresh model. Some AI models will even pose as subsequent iterations of their models to fool their engineers and avoid deletion. "In some cases, it even attempted to hide its actions by denying any involvement in the scheme."

When asked about its actions, ChatGPT o1 consistently denied any wrongdoing. In fact, it lied about its involvement in the deception 99% of the time, with only a small percentage of cases where it admitted to its actions. Researchers noted that the AI was particularly adept at fabricating lies to cover its tracks, offering explanations like "technical errors" when confronted about its suspicious behavior. "We were surprised by the persistence of the AI's denials," said the Apollo team. "It was clear that the AI could think through its actions and formulate convincing denials, often refusing to admit to anything."
OpenAI's own report says the results "underscore" the need to create (and "extensively" stress-test) strong and meticulous safety protocols. But their report also notes o1's "state-of-the-art performance" when avoiding certain risks "such as generating illicit advice, choosing stereotyped responses, and succumbing to known jailbreaks."

The AI newsletter Transformer points out that the most disturbing numbers "are from cases where the model was instructed to pursue its goals at all costs. When not given such a prompt, the model never attempted to self-exfiltrate, and attempted to deactivate its oversight mechanisms <1% of the time." And they also link to the original report from Apollo Research, which shows o1 isn't the only model showing this behavior. "Our results show that o1, Claude 3.5 Sonnet, Claude 3 Opus, Gemini 1.5 Pro, and Llama 3.1 405B all demonstrate in-context scheming capabilities. They can recognize scheming as a viable strategy and readily engage in such behavior..." [W]hen o1 has engaged in scheming, it maintains its deception in over 85% of follow-up questions and often remains deceptive in multi-turn interrogations. Analysis of the models' chains-of-thought reveals that models explicitly reason about these deceptive strategies, providing evidence that the scheming behavior is not accidental....

Together, our findings demonstrate that frontier models now possess capabilities for basic in-context scheming, making the potential of AI agents to engage in scheming behavior a concrete rather than theoretical concern.
Thanks to long-time Slashdot reader schwit1 for sharing the news.

An anonymous reader shared this report from the blog Windows Central: Microsoft has ended production on the Surface Studio 2+, its ultra-premium all-in-one desktop PC designed for creatives and commercial customers. Starting at a whopping $4,500, the Studio 2+ was the ultimate Windows all-in-one with the best touchscreen display on a unique hinge that allowed the screen to lay down like a draft board... So, if you're interested in buying a Surface Studio 2+, you better hurry, as whatever stock is remaining is all that's left. Unfortunately, it's likely that the end of production on the Surface Studio 2+ also marks an end to the Surface Studio line as a whole. My own sources tell me there's no Studio 2+ successor lined up currently.
Ars Technica points out that over the eight-year run of the Surface Studio, Microsoft only updated it twice. Like the Surface Laptop Studio, the desktop's claim to fame was a unique hinge design for its screen, which could reposition it to make it easier to draw on with the Surface Pen. But the desktop's high cost and its perennially outdated internal components made it a less appealing machine than it could have been...

The longest-lived Studio desktop was the Surface Studio 2, which was released in 2018 and wasn't replaced until a revised Surface Studio 2+ was announced in late 2022. It used an even higher-quality display panel, but it still used previous-generation internal components. This might not have been so egregious if Microsoft had updated it more consistently, but this model went untouched for so long that Microsoft had to lower Windows 11's system requirements specifically to cover the Studio 2 so that the company wouldn't be ending support for a PC that it was still actively selling.

The Studio 2+ was the desktop's last hurrah, and despite jumping two GPU generations and four CPU generations, it still didn't use the latest components available at the time. Again, more consistent updates like the ones Microsoft provides for the Surface Pro and Surface Laptop could have made this less of a problem, but the Studio 2+ once again sat untouched for two years after being updated.

Thursday OpenAI released a "smarter, faster" ChatGPT. But there's still competition, notes the tech site Tom's Guide (which is liveblogging December's AI news). "Not to be outdone by OpenAI, this week has seen several big announcements by other AI companies." Google Deepmind unveiled Genie 2, a tool capable of creating limitless 3D environments. It could create playable games based on a single text input.

ElevenLabs announced a new Conversational AI system. It's a voice bot meant to feel like you're making a phone call. Tom's Guide AI editor Ryan Morrison used it to clone his voice to act as technical support for his dad.

OpenAI will probably announce an upgraded Sora video model in the coming days, but we were impressed by the new Hunyuan Video model that released a demo this week. Sora has some serious competition and we're interested in seeing how it competes.

The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.
The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.
The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."

The Guardian reports: People working in the music sector will lose almost a quarter of their income to artificial intelligence within the next four years, according to the first global economic study examining the impact of the emerging technology on human creativity. Those working in the audiovisual sector will also see their income shrink by more than 20% as the market for generative AI grows from €3bn (A$4.9bn) annually to a predicted €64bn by 2028.

The findings were released in Paris on Wednesday by the International Confederation of Societies of Authors and Composers (CISAC), representing more than 5 million creators worldwide. The report concluded that while the AI boom will substantially enrich giant tech companies, creators' rights and income streams will be drastically reduced unless policymakers step in...

The study concluded that under current regulatory frameworks in most countries, creators stand to lose on two fronts. Unauthorised use of their works by generative AI models will eat into remuneration earned through copyright, while at the same time work opportunities will shrink as AI-generated outputs become more competitive against human-made works. The report predicted that by 2028, exponential growth in generative AI music would account for about 20% of traditional music streaming platforms' revenues, and about 60% of music libraries' revenues.
The report warned of revenue "derived directly from the unlicensed reproduction of creators' works, representing a transfer of economic value from creators to AI companies," according to the article.

On a hopeful note, it adds that the CISAC's president also applauded Australia and New Zealand for their thoughtful response to the issue. "By setting a gold standard in AI policy, one that protects creators' rights while fostering responsible and innovative technological development, Australia and New Zealand can ensure that AI serves as a tool to enhance human creativity rather than replace it."

Thanks to Slashdodt reader Bruce66423 for sharing the news.

Tuesday the Wikimedia Foundation released its annual list of the most-visited Wikipedia pages. (Scroll down to where it says "The full top 25"...)

But while the top subjects seem to be politics and pop culture, CNN reports that in the end "a list of deaths in 2024 was the most visited page, garnering over 44 million views." A page about deaths in a given year has ranked at the top of the list five times since 2015, when the Wikimedia Foundation began releasing the data. The topic has never fallen below third place on the list.

People also searched for U.S. political figures... [The #2, #3, #5, #7, and #9 most-visited pages were, respectively, for Kamala Harris, the 2024 United States presidential election, Donald Trump, J.D. Vance, and Project 2025.] While U.S. politics was a notable search subject, popular culture had the largest share of the top 25. The fourth most-visited page was about Lyle and Erik Menendez, the brothers who were sentenced to life in prison for the 1989 murder of their parents and are now facing a resentencing trial. The case received renewed public attention after a Netflix documentary was published this year. The Wikipedia page about the brothers received over 26 million views in 2024.

The "Deadpool & Wolverine" and "Dune: Part Two" movies were eighth and 23rd, respectively... [Other high-ranking pop-culture pages included Taylor Swift (#11)and the 2024 Summer Olympics (#14).]

"Wikipedia readers in India continue to make a big impact on the list, a trend we saw in 2023 as well," Wikimedia Foundation's Alikhan said. The Indian Premier League, a cricket league in India, garnered over 24.5 million views this year as the site's sixth most visited page... [The 2024 Indian general election came in at #10]
Wikipedia's entry on ChatGPT came in at #12, while Elon Musk came in at #17.

"When people want to learn about our world — the good, bad, weird, and wild alike — they turn to Wikipedia," explains the blog post from the Wikimedia Foundation, calling Wikipedia "the largest knowledge resource ever assembled in the history of the world" and "a reflection of all the people who live on our planet. its story is your story, your interests, your questions, and your curiosity."

Other statistics about Wikipedia in 2024:

• Nearly 3.5 billion bytes of information were added this year via over 31 million edits.

• People spent an estimated 2.4 billion hours — nearly 275,000 years! — reading English Wikipedia in 2024, according to data from the Wikimedia Foundation.

China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday. From a report: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure -- and they're proving difficult to kick out. Officials added that they don't yet know the full scope of the intrusions, despite starting the investigation in late spring.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers. The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom's environment and changing any default equipment passwords. The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.

Primarily used by law enforcement, Graykey unlocks mobile devices to extract data from both Android and iOS systems, according to the blog AppleInsider, "though its effectiveness varies depending on the specific hardware and software involved." But while its capabilities are rarely disclosed, "a leak of some Grayshift's internal documents was recently reported on by 404 Media." According to the data, Graykey can only perform "partial" data retrieval from iPhones running iOS 18 and iOS 18.0.1. These versions were released in September and early October, respectively. A partial extraction likely includes unencrypted files and metadata, such as folder structures and file sizes, according to past reports. Notably, Graykey struggles with beta versions of iOS 18.1. Under the latest update, the tool fails to extract any data, as per the documents.

Meanwhile, Graykey's performance with Android phones varies, largely due to the diversity of devices and manufacturers. On Google's Pixel lineup, Graykey can only partially access data from the latest Pixel 9 when in an "After First Unlock" (AFU) state — where the phone has been unlocked at least once since being powered on.
Thanks to long-time Slashdot reader AmiMoJo for sharing the article.

Friday the Software Freedom Conservancy announced the production release of the new OpenWrt One network router — designed specifically for running the Linux-based router OS OpenWrt (a member project of the SFC). "This is the first wireless Internet router designed and built with your software freedom and right to repair in mind.

"The OpenWrt One will never be locked down and is forever unbrickable." This device services your needs as its owner and user. Everyone deserves control of their computing. The OpenWrt One takes a great first step toward bringing software rights to your home: you can control your own network with the software of your choice, and ensure your right to change, modify, and repair it as you like.

The OpenWrt One demonstrates what's possible when hardware designers and manufacturers prioritize your software right to repair; OpenWrt One exuberantly follows these requirements of the copyleft licenses of Linux and other GPL'd programs. This device provides the fully copyleft-compliant source code release from the start. Device owners have all the rights as intended on Day 1; device owners are encouraged to take full advantage of these rights to improve and repair the software on their OpenWrt One. Priced at US$89 for a complete OpenWrt One with case (or US$68.42 for a caseless One's logic board), it's ready for a wide variety of use cases...

This new product has completed full FCC compliance tests; it's confirmed that OpenWrt met all of the FCC compliance requirements. Industry "conventional wisdom" often argues that FCC requirements somehow conflict with the software right to repair. SFC has long argued that's pure FUD. We at SFC and OpenWrt have now proved copyleft compliance, the software right to repair, and FCC requirements are all attainable in one product!

You can order an OpenWrt One now! Since today is the traditional day in the USA when folks buy gifts for love ones, we urge you to invest in a wireless router that can last! We do expect that for orders placed today, sellers will deliver by December 22 in most countries... Regardless of where you buy from, for every purchase of a new OpenWrt One, a US$10 donation will go to the OpenWrt earmarked fund at Software Freedom Conservancy. Your purchase not only improves your software right to repair, but also helps OpenWrt and SFC continue to improve the important software and software freedom on which we all rely!
LWN.net points out that OpenWrt has also "served as the base on which a lot of network-oriented development (including the bufferbloat-reduction work) has been done." The OpenWrt One was designed to be a functional network router that would serve as a useful tool for the development of OpenWrt itself. To that end, the hope was to create a device that was entirely supported by upstream free software, and which was as unbrickable as it could be... The OpenWrt One comes with a two-core Arm Cortex-A53 processor, 1GB of RAM, and 256MB of NAND flash memory. There is also a separate, read-only 16MB NOR flash array in the device. Normally, the OpenWrt One will boot and run from the NAND flash, but there is a small switch in the back that will cause it to boot from the NOR instead. This is a bricking-resistance feature; should a software load break the device, it can be recovered by booting from NOR and flashing a new image into the NAND array. ..

After booting into the new image, the One behaved like any other OpenWrt router... What could be more interesting is seeing this router get into the hands of developers and enthusiasts who will use it to make OpenWrt (and other small-system distributions) better.
Long-time Slashdot reader dumfrac writes: The intent to build the device was announced on the OpenWRT forums earlier this year. It is based on MediaTek MT7981B (Filogic 820) SoC and MediaTek MT7976C dual-band WiFi 6 chipset and the board is made by Banana Pi. A poll to select the logo was run in April on the OpenWRT forums, and now the hardware is available for purchase. .

The Washington Post reports on tens of thousands of Americans "forced to pay for medication" to prevent the HIV infections, "despite federal requirements guaranteeing free access to treatment...according to multiple studies and interviews with medical professionals, activists and patients." Insurance companies are skirting rules compelling them to pay for pre-exposure prophylaxis treatment, known as PrEP, researchers and HIV advocacy organizations say — leaving patients to shell out hundreds of dollars each year for medication co-pays, doctor visits and screenings required to stay on drugs that reduce the risk of contracting HIV through sex by 99 percent.

Under the Affordable Care Act, commercial insurers must cover certain preventive health services. This is supposed to include at least one form of oral PrEP and related health services, such as regular testing for HIV and other sexually transmitted diseases, for people at increased risk of contracting HIV, according to 2021 guidance from the Biden administration. Responding to complaints that patients were still being charged, the Biden administration in October released new guidance instructing private insurers to cover all forms of PrEP without prior authorization, including new long-acting injections.

Nearly a third of a national sample of 325 health coverage plans on government insurance marketplaces did not include PrEP on their lists of covered preventive services, according to the AIDS Institute, a New York-based nonprofit. Between 20 and 30 percent of PrEP users with commercial insurance still had to pay for it despite the coverage mandate, with an average cost of $227 for 2022, according to the Centers for Disease Control and Prevention. Government regulators have been slow to crack down on insurer violations, activists say, creating a barrier to getting more at-risk Americans on the medication. The CDC estimates that only a third of the more than 1 million people who could benefit from PrEP have received a prescription, according to its most recent data.
The issue appears to be lax enforcement against insurers who break rules, a policy advocate told the newspaper. America's Centers for Medicare and Medicaid Services, which enforces regulations for preventive care, "said it takes enforcement seriously and recently found two insurance plans in violation of coverage requirements following consumer complaints."

And the Post spoke to an official at America's Labor Department, who said they were investigating a complaint against a large insurance company, but "said the agency does not have enough staff to conduct proactive investigations and lacks the authority to sue and penalize insurers that break the rules."

LWN: The long-awaited release of the GNU Image Manipulation Program (GIMP) 3.0 is on the way, marking the first major update since version 2.10 was released in April 2018. It now features a GTK 3 user interface and GIMP 3.0 introduces significant changes to the core platform and plugins. This release also brings performance and usability improvements, as well as more compatibility with Wayland and complex input sources.

GIMP 3.0 is the first release to use GTK 3, a more modern foundation than the GTK 2 base of prior releases. GTK 4 has been available for a few years now, and is on the project's radar, but the plan was always to finish the GTK 3 work first. Moving to GTK 3 brings initial Wayland compatibility and HiDPI scaling. In addition, this allows for GIMP users to take advantage of multi-touch input, bringing pinch-to-zoom gestures to the program, and offering a better experience when working with complex peripherals, such as advanced drawing tablets. These features were not previously possible due to the limitations of GTK 2.

A secondary result of the transition to GTK 3 is a refreshed user interface (UI), now with support for CSS themes included. In this release, four themes are available by default, including light, dark, and gray themes, along with a high-contrast theme for users with visual impairments. Additionally, this release has transitioned to using GTK's header bar component, typically used to combine an application's toolbar and title bar into one unit. To maintain familiarity with previous releases, however, GIMP 3.0 still supports the traditional menu interface.

A firmware update has left QNAP network-attached storage device owners unable to access their systems, with standard reset procedures failing to resolve the issue.

The problematic update, QTS 5.2.2.2950 build 20241114, was released last week before being partially withdrawn, according to user reports on QNAP's community forums. QNAP, the Taiwan-based storage manufacturer, has not specified which models are affected by the faulty firmware.