Jeremy Allison — Sam (Slashdot reader #8,157) is a Distinguished Engineer at Rocky Linux creator CIQ. This week he published a blog post responding to promises of Linux distros "carefully selecting only the most polished and pristine open source patches from the raw upstream open source Linux kernel in order to create the secure distribution kernel you depend on in your business."

But do carefully curated software patches (applied to a known "frozen" Linux kernel) really bring greater security? "After a lot of hard work and data analysis by my CIQ kernel engineering colleagues Ronnie Sahlberg and Jonathan Maple, we finally have an answer to this question. It's no." The data shows that "frozen" vendor Linux kernels, created by branching off a release point and then using a team of engineers to select specific patches to back-port to that branch, are buggier than the upstream "stable" Linux kernel created by Greg Kroah-Hartman. How can this be? If you want the full details the link to the white paper is here. But the results of the analysis couldn't be clearer.

- A "frozen" vendor kernel is an insecure kernel. A vendor kernel released later in the release schedule is doubly so.

- The number of known bugs in a "frozen" vendor kernel grows over time. The growth in the number of bugs even accelerates over time.

- There are too many open bugs in these kernels for it to be feasible to analyze or even classify them....

[T]hinking that you're making a more secure choice by using a "frozen" vendor kernel isn't a luxury we can still afford to believe. As Greg Kroah-Hartman explicitly said in his talk "Demystifying the Linux Kernel Security Process": "If you are not using the latest stable / longterm kernel, your system is insecure."
CIQ describes its report as "a count of all the known bugs from an upstream kernel that were introduced, but never fixed in RHEL 8." For the most recent RHEL 8 kernels, at the time of writing, these counts are: RHEL 8.6 : 5034 RHEL 8.7 : 4767 RHEL 8.8 : 4594

In RHEL 8.8 we have a total of 4594 known bugs with fixes that exist upstream, but for which known fixes have not been back-ported to RHEL 8.8. The situation is worse for RHEL 8.6 and RHEL 8.7 as they cut off back-porting earlier than RHEL 8.8 but of course that did not prevent new bugs from being discovered and fixed upstream....

This whitepaper is not meant as a criticism of the engineers working at any Linux vendors who are dedicated to producing high quality work in their products on behalf of their customers. This problem is extremely difficult to solve. We know this is an open secret amongst many in the industry and would like to put concrete numbers describing the problem to encourage discussion. Our hope is for Linux vendors and the community as a whole to rally behind the kernel.org stable kernels as the best long term supported solution. As engineers, we would prefer this to allow us to spend more time fixing customer specific bugs and submitting feature improvements upstream, rather than the endless grind of backporting upstream changes into vendor kernels, a practice which can introduce more bugs than it fixes.
ZDNet calls it "an open secret in the Linux community." It's not enough to use a long-term support release. You must use the most up-to-date release to be as secure as possible. Unfortunately, almost no one does that. Nevertheless, as Google Linux kernel engineer Kees Cook explained, "So what is a vendor to do? The answer is simple: if painful: Continuously update to the latest kernel release, either major or stable." Why? As Kroah-Hartman explained, "Any bug has the potential of being a security issue at the kernel level...."

Although [CIQ's] programmers examined RHEL 8.8 specifically, this is a general problem. They would have found the same results if they had examined SUSE, Ubuntu, or Debian Linux. Rolling-release Linux distros such as Arch, Gentoo, and OpenSUSE Tumbleweed constantly release the latest updates, but they're not used in businesses.
Jeremy Allison's post points out that "the Linux kernel used by Android devices is based on the upstream kernel and also has a stable internal kernel ABI, so this isn't an insurmountable problem..."

Bloomberg reports that self-driving car company Cruise "reached an $8 million to $12 million settlement with a pedestrian who was dragged by one of its self-driving vehicles in San Francisco, according to a person familiar with the situation." The settlement was struck earlier this year and the woman is out of the hospital, said the person, who declined to be identified discussing a private matter. In the October incident, the pedestrian crossing the road was struck by another vehicle before landing in front of one of GM's Cruise vehicles. The robotaxi braked hard but ran over the person. It then pulled over for safety, driving 20 feet at a speed of up to seven miles per hour with the pedestrian still under the car.
The incident "contributed to the company being blocked from operating in San Francisco and halting its operations around the country for months," reports the Washington Post: The company initially told reporters that the car had stopped just after rolling over the pedestrian, but the California Public Utilities Commission, which regulates permits for self-driving cars, later said Cruise had covered up the truth that its car actually kept going and dragged the woman. The crash and the questions about what Cruise knew and disclosed to investigators led to a firestorm of scrutiny on the company. Cruise pulled its vehicles off roads countrywide, laid off a quarter of its staff and in November its CEO Kyle Vogt stepped down. The Department of Justice and the Securities and Exchange Commission are investigating the company, adding to a probe from the National Highway Traffic Safety Administration.

In Cruise's absence, Google's Waymo self-driving cars have become the only robotaxis operating in San Francisco.

in June, the company's president and chief technology officer Mohamed Elshenawy is slated to speak at a conference on artificial-intelligence quality in San Francisco.
Dow Jones news services published this quote from a Cruise spokesperson. "The hearts of all Cruise employees continue to be with the pedestrian, and we hope for her continued recovery."

A blind worker for the National Federation of the Blind said Sonos had a reputation for making products usable for people with disabilities, but that "Overnight they broke that trust," according to the Washington Post.

They're not the only angry customers about the latest update to Sonos's wireless speaker system. The newspaper notes that nonprofit worker Charles Knight is "among the Sonos die-hards who are furious at the new app that crippled their options to stream music, listen to an album all the way through or set a morning alarm clock." After Sonos updated its app last week, Knight could no longer set or change his wake-up music alarm. Timers to turn off music were also missing. "Something as basic as an alarm is part of the feature set that users have had for 15 years," said Knight, who has spent thousands of dollars on six Sonos speakers for his bedroom, home office and kitchen. "It was just really badly thought out from start to finish." Some people who are blind also complained that the app omitted voice-control features they need.

What's happening to Sonos speaker owners is a cautionary tale. As more of your possessions rely on software — including your car, phone, TV, home thermostat or tractor — the manufacturer can ruin them with one shoddy update... Sonos now says it's fixing problems and adding back missing features within days or weeks. Sonos CEO Patrick Spence acknowledged the company made some mistakes and said Sonos plans to earn back people's trust. "There are clearly people who are having an experience that is subpar," Spence said. "I would ask them to give us a chance to deliver the actions to address the concerns they've raised." Spence said that for years, customers' top complaint was the Sonos app was clunky and slow to connect to their speakers. Spence said the new app is zippier and easier for Sonos to update. (Some customers disputed that the new app is faster.)

He said some problems like Knight's missing alarms were flaws that Sonos found only once the app was about to roll out. (Sonos updated the alarm feature this week.) Sonos did remove but planned to add back some lesser-used features. Spence said the company should have told people upfront about the planned timeline to return any missing functions.
In a blog post Sonos thanked customers for "valuable feedback," saying they're "working to address them as quickly as possible" and promising to reintroduce features, fix bugs, and address performance issues. ("Adding and editing alarms" is available now, as well as VoiceOver fixes for the home screen on iOS.)

The Washington Post adds that Sonos "said it initially missed some software flaws and will restore more voice-reader functions next week."

An anonymous reader quotes a report from The New York Times: There's a big debate in the tech world over whether artificial intelligence models should be "open source." Elon Musk, who helped found OpenAI in 2015, sued the startup and its chief executive, Sam Altman, on claims that the company had diverged from its mission of openness. The Biden administration is investigating the risks and benefits of open source models. Proponents of open source A.I. models say they're more equitable and safer for society, while detractors say they are more likely to be abused for malicious intent. One big hiccup in the debate? There's no agreed-upon definition of what open source A.I. actually means. And some are accusing A.I. companies of "openwashing" -- using the "open source" term disingenuously to make themselves look good. (Accusations of openwashing have previously been aimed at coding projects that used the open source label too loosely.)

In a blog post on Open Future, a European think tank supporting open sourcing, Alek Tarkowski wrote, "As the rules get written, one challenge is building sufficient guardrails against corporations' attempts at 'openwashing.'" Last month the Linux Foundation, a nonprofit that supports open-source software projects, cautioned that "this 'openwashing' trend threatens to undermine the very premise of openness -- the free sharing of knowledge to enable inspection, replication and collective advancement." Organizations that apply the label to their models may be taking very different approaches to openness. [...]

The main reason is that while open source software allows anyone to replicate or modify it, building an A.I. model requires much more than code. Only a handful of companies can fund the computing power and data curation required. That's why some experts say labeling any A.I. as "open source" is at best misleading and at worst a marketing tool. "Even maximally open A.I. systems do not allow open access to the resources necessary to 'democratize' access to A.I., or enable full scrutiny," said David Gray Widder, a postdoctoral fellow at Cornell Tech who has studied use of the "open source" label by A.I. companies.

Emilia David reports via The Verge: OpenAI has signed a deal for access to real-time content from Reddit's data API, which means it can surface discussions from the site within ChatGPT and other new products. It's an agreement similar to the one Reddit signed with Google earlier this year that was reportedly worth $60 million. The deal will also "enable Reddit to bring new AI-powered features to Redditors and mods" and use OpenAI's large language models to build applications. OpenAI has also signed up to become an advertising partner on Reddit.

No financial terms were revealed in the blog post announcing the arrangement, and neither company mentioned training data, either. That last detail is different from the deal with Google, where Reddit explicitly stated it would give Google "more efficient ways to train models." There is, however, a disclosure mentioning that OpenAI CEO Sam Altman is also a shareholder in Reddit but that "This partnership was led by OpenAI's COO and approved by its independent Board of Directors." "Reddit has become one of the internet's largest open archives of authentic, relevant, and always up-to-date human conversations about anything and everything. Including it in ChatGPT upholds our belief in a connected internet, helps people find more of what they're looking for, and helps new audiences find community on Reddit," Reddit CEO Steve Huffman says.

Reddit stock has jumped on news of the deal, rising 13% on Friday to $63.64. As Reuters notes, it's "within striking distance of the record closing price of $65.11 hit in late-March, putting the company on track to add $1.2 billion to its market capitalization."

The head of Canada's Security Intelligence Service warned Canadians against using video app TikTok, saying data gleaned from its users "is available to the government of China," CBC News reported on Friday. From a report: "My answer as director of the Canadian Security Intelligence Service (CSIS) is that there is a very clear strategy on the part of the government of China to be able to acquire personal information from anyone around the world," CSIS Director David Vigneault told CBC in an interview set to air on Saturday.

"These assertions are unsupported by evidence, and the fact is that TikTok has never shared Canadian user data with the Chinese government, nor would we if asked," a TikTok spokesperson said in response to a request for comment. Canada in September ordered a national security review of a proposal by TikTok to expand the short-video app's business in the country. Vigneault said he will take part in that review and offer advice, CBC reported.

Two university students discovered a security flaw in over a million internet-connected laundry machines operated by CSC ServiceWorks, allowing users to avoid payment and add unlimited funds to their accounts. The students, Alexander Sherbrooke and Iakov Taranenko from UC Santa Cruz, reported the vulnerability to the company, a major laundry service provider, in January but claim it remains unpatched. TechCrunch adds: Sherbrooke said he was sitting on the floor of his basement laundry room in the early hours one January morning with his laptop in hand, and "suddenly having an 'oh s-' moment." From his laptop, Sherbrooke ran a script of code with instructions telling the machine in front of him to start a cycle despite having $0 in his laundry account. The machine immediately woke up with a loud beep and flashed "PUSH START" on its display, indicating the machine was ready to wash a free load of laundry.

In another case, the students added an ostensible balance of several million dollars into one of their laundry accounts, which reflected in their CSC Go mobile app as though it were an entirely normal amount of money for a student to spend on laundry.

Volkswagen has walked away from talks with Renault to jointly develop an affordable electric version of the Twingo car, Reuters reported Friday, citing sources familiar with the situation, in a setback for the EU carmakers' efforts to fend off Chinese rivals. From the report: The collapse of negotiations could mean the German carmaker may have to go it alone in developing its own affordable electric vehicle (EV). Renault will continue designing its electric Twingo, scheduled to hit the market in 2026. Both had hoped that sharing the work would cut costs that represent a key hurdle for European carmakers in the face of cheaper cars from China.

Volkswagen broke off discussions mainly because Renault had wanted to build the car in one of its plants at a time when VW is seeking to fully utilise its European production network, one of the sources said.

Microsoft plans a major shakeup of its videogame sales strategy by releasing the coming installment of Call of Duty to its subscription service instead of the longtime, lucrative approach of only selling it a la carte. WSJ: The plans, which mark the biggest change to Microsoft's gaming division since it closed the $75 billion takeover of Activision Blizzard, are expected to be announced at the company's annual Xbox showcase next month, according to people familiar with the matter. Call of Duty is one of the most successful entertainment properties ever, generating over $30 billion in lifetime revenue. Activision, which makes it, has long released new editions annually, selling about 25 million copies on average, selling for around $70 each in recent years.

Before the Microsoft deal last year, Activision was reluctant to fully embrace subscription-based models for a game that still attracts a premium price. Microsoft's subscription service, Game Pass, costs $9.99 to $16.99 a month, and provides access to hundreds of games from Microsoft and dozens of other companies.

An anonymous reader quotes a report from Techdirt, written by Mike Masnick: If you're a fan of chaos, well, the TikTok ban situation is providing plenty of chaos to follow. Ever since the US government made it clear it was seriously going to move forward with the obviously unconstitutional and counterproductive plan to force ByteDance to divest from TikTok or have the app effectively banned from the U.S., various rich people have been stepping up with promises to buy the app. There was former Trump Treasury Secretary Steven Mnuchin with plans to buy it. Then there was "mean TV investor, who wants you to forget his sketchy history" Kevin O'Leary with his own TikTok buyout plans. I'm sure there have been other rich dudes as well, though strikingly few stories of actual companies interested in purchasing TikTok.

But now there's another billionaire to add to the pile: billionaire real estate/property mogul Frank McCourt (who has had some scandals in his own history) has had an interesting second act over the last few years as a big believer in decentralized social media. He created and funded Project Liberty, which has become deeply involved in a number of efforts to create infrastructure for decentralized social media, including its own Decentralized Social Networking Protocol (DSTP).

Over the past few years, I've had a few conversations with people involved in Project Liberty and related projects. Their hearts are in the right place in wanting to rethink the internet in a manner that empowers users over big companies, even if I don't always agree with their approach (he also frequently seems to surround himself with all sorts of tech haters, who have somewhat unrealistic visions of the world). Either way, McCourt and Project Liberty have now announced a plan to bid on TikTok. They plan to merge it into his decentralization plans. "Frank McCourt, Founder of Project Liberty and Executive Chairman of McCourt Global, today announced that Project Liberty is organizing a bid to acquire the popular social media platform TikTok in the U.S., with the goal of placing people and data empowerment at the center of the platform's design and purpose," reads a press release from Project Liberty.

"Working in consultation with Guggenheim Securities, the investment banking and capital markets business of Guggenheim Partners, and Kirkland & Ellis, one of the world's largest law firms, as well as world-renowned technologists, academics, community leaders, parents and engaged citizens, this bid for TikTok offers an innovative, alternative vision for the platform's infrastructure -- one that allows people to reclaim agency over their digital identities and data by proposing to migrate the platform to a new digital open-source protocol. In launching the bid, McCourt and his partners are seizing this opportunity to return control and value back into the hands of individuals and provide Americans with a meaningful voice, choice, and stake in the future of the web."

Palo Alto Networks is acquiring IBM's QRadar cloud software and migrating customers to its Cortex Xsiam platform as part of a broader partnership aimed at expanding its consulting capabilities and customer base. The sum of the deal was not disclosed. CNBC reports: The move normally takes one to three months, Nikesh Arora, Palo Alto's CEO, told CNBC. Also, IBM will train more than 1,000 of its consulting employees on Palo Alto's products. [...] For IBM, a more robust lineup of contemporary security tools for consulting might help the company deliver on its stated goal of revenue growth in the mid-single digits for 2024. In the first quarter, revenue increased 3%, with a 2% bump in the consulting segment.

Palo Alto is growing much faster than IBM. In the January quarter, revenue jumped 19%. The company will report results for the latest quarter on Monday. Palo Alto more than doubled in value last year and its stock is up 6% year to date, lifting the company's market cap past $100 billion. The stock rose more than 1% in extended trading. IBM is up close to 5% this year and is now valued at $154 billion. The companies said the transaction should close by the end of September, subject to regulatory approval and other conditions. [...] IBM will continue to sell its QRadar software for use in on-premises data centers. At the same time, IBM will suggest that clients using it consider switching to Palo Alto's Cortex Xsiam.

Russia is increasingly seeking to encourage and direct hackers to attack British and other western targets, the director of GCHQ has said in her first keynote speech as head of the British intelligence agency. From a report: Anne Keast-Butler said her agency was "increasingly concerned about growing links" between the Russian intelligence services and proxy hacker groups who have long taken advantage of a permissive environment within the country. "Before, Russia simply created the right environments for these groups to operate but now they're nurturing and inspiring these non state cyber actors," she said in a speech to the Cyber UK conference, in what she described as a "globally pervasive" threat.

The spy chief, appointed last year to be the first woman to hold the role, referenced the threat from ransomware -- "the most acute and pervasive cyber threat" -- where cybercriminals, typically from Russia, take control of a company's data and systems and demand significant sums to regain access. GCHQ was "doing everything we can" to counter ransomware actors, Keast-Butler said, degrade their ability to attack systems across government and business and to "produce intelligence that means those involved in ransomware are held to account." There is "no hiding place" for cybercriminals she added.

Japan's Toshiba said on Thursday it will cut up to 4,000 jobs domestically as the industrial conglomerate accelerates restructuring under new ownership. From a report: Toshiba delisted in December due to a $13 billion takeover by a consortium led by private equity firm Japan Industrial Partners, capping a decade of scandal and upheaval. The consortium's efforts to engineer a turnaround at Toshiba are seen as a test for private equity in Japan, which used to be seen as "hagetaka" or vultures due to its rapacious reputation. The restructuring amounts to up to 6% of Toshiba's domestic workforce. The company also said it would relocate office functions from central Tokyo to Kawasaki, west of the capital, and target an operating profit margin of 10% in three years.

An anonymous reader quotes a report from The Verge: Airbus Helicopters showcased an experimental half-plane, half-helicopter on Wednesday in a quest for speed as competition heats up to define the rotorcraft of the future. The $217 million Racer is a one-off demonstrator model combining traditional overhead rotors with two forward-facing propellors in a bid to combine stability and speed, shortening response times for critical missions like search-and-rescue. "There are missions where the quickest possible access to the zone is vital. We often talk about the 'golden hour'," Airbus Helicopters CEO Bruno Even told Reuters, referring to the window considered most critical for providing medical attention. Such designs could also be offered for military developments as NATO conducts a major study into next-generation helicraft, though much depends on how its planners define future needs. [...]

Racer's public debut came months after Italy's Leonardo and U.S. manufacturer Bell agreed to co-operate on the next generation of tilt-rotor technology, which replaces a helicopter's trademark overhead blades altogether. Leonardo is also leading a separate project to develop the next generation of tilt-rotors for civil use. Its AW609 is the sole existing civil design, but has yet to be certified. Proponents of the tilt-rotor, which relies on swiveling side-mounted rotors 90 degrees to go up and then forwards, say it permits higher speed and range that are suited to military missions. Critics say the tilt mechanism reaches higher speeds only at the expense of higher complexity and maintenance costs. Airbus said the Racer will fly at 220 knots (400 km/hour) compared with traditional helicopter speeds closer to 140 knots. Bell says its V-280 Valor tilt-rotor design, recently picked by the Pentagon, will reach a cruise speed of 280 knots. Watch: Racer - Inside the high speed demonstrator (YouTube)

Microsoft's ambitious goal to be carbon negative by 2030 is threatened by its expanding AI operations, which have increased its carbon footprint by 30% since 2020. To meet its targets, Microsoft must quickly adopt green technologies and improve efficiency in its data centers, which are critical for AI but heavily reliant on carbon-intensive resources. Bloomberg reports: Now to meet its goals, the software giant will have to make serious progress very quickly in gaining access to green steel and concrete and less carbon-intensive chips, said Brad Smith, president of Microsoft, in an exclusive interview with Bloomberg Green. "In 2020, we unveiled what we called our carbon moonshot. That was before the explosion in artificial intelligence," he said. "So in many ways the moon is five times as far away as it was in 2020, if you just think of our own forecast for the expansion of AI and its electrical needs." [...]

Despite AI's ravenous energy consumption, this actually contributes little to Microsoft's hike in emissions -- at least on paper. That's because the company says in its sustainability report that it's 100% powered by renewables. Companies use a range of mechanisms to make such claims, which vary widely in terms of credibility. Some firms enter into long-term power purchase agreements (PPAs) with renewable developers, where they shoulder some of a new energy plant's risk and help get new solar and wind farms online. In other cases, companies buy renewable energy credits (RECs) to claim they're using green power, but these inexpensive credits do little to spur new demand for green energy, researchers have consistently found. Microsoft uses a mix of both approaches. On one hand, it's one of the biggest corporate participants in power purchase agreements, according to BloombergNEF, which tracks these deals. But it's also a huge purchaser of RECs, using these instruments to claim about half of its energy use is clean, according to its environmental filings in 2022. By using a large quantity of RECs, Microsoft is essentially masking an even larger growth in emissions. "It is Microsoft's plan to phase out the use of unbundled RECs in future years," a spokesperson for the company said. "We are focused on PPAs as a primary strategy."

So what else can be done? Smith, along with Microsoft's Chief Sustainability Officer Melanie Nakagawa, has laid out clear steps in the sustainability report. High among them is to increase efficiency, which is to use the same amount of energy or computing to do more work. That could help reduce the need for data centers, which will reduce emissions and electricity use. On most things, "our climate goals require that we spend money," said Smith. "But efficiency gains will actually enable us to save money." Microsoft has also been at the forefront of buying sustainable aviation fuels that has helped reduce some of its emissions from business travel. The company also wants to partner with those who will "accelerate breakthroughs" to make greener steel, concrete and fuels. Those technologies are starting to work at a small scale, but remain far from being available in commercial quantities even if expensive. Cheap renewable power has helped make Microsoft's climate journey easier. But the tech giant's electricity consumption last year rivaled that of a small European country -- beating Slovenia easily. Smith said that one of the biggest bottlenecks for it to keep getting access to green power is the lack of transmission lines from where the power is generated to the data centers. That's why Microsoft says it's going to increase lobbying efforts to get governments to speed up building the grid. If Microsoft's emissions remain high going into 2030, Smith said the company may consider bulk purchases of carbon removal credits, even though it's not "the desired course."

"You've got to be willing to invest and pay for it," said Smith. Climate change is "a problem that humanity created and that humanity can solve."

Lauren Forristal writes via TechCrunch: Netflix announced during its Upfronts presentation on Wednesday that it's launching its own advertising technology platform only a year and a half after entering the ads business. This move pits it against other industry heavyweights with ad servers, like Google, Amazon and Comcast. The announcement signifies a significant shake-up in the streaming giant's advertising approach. The company originally partnered with Microsoft to develop its ad tech, letting Netflix enter the ad space quickly and catch up with rivals like Hulu, which has had its own ad server for over a decade.

With the launch of its in-house ad tech, Netflix is poised to take full control of its advertising future. This strategic move will empower the company to create targeted and personalized ad experiences that resonate with its massive user base of 270 million subscribers. [...] Netflix didn't say exactly how its in-house solution will change the way ads are delivered, but it's likely it'll move away from generic advertisements. According to the Financial Times, Netflix wants to experiment with "episodic" campaigns, which involve a series of ads that tell a story rather than delivering repetitive ads. During the presentation, Netflix also noted that it'll expand its buying capabilities this summer, which will now include The Trade Desk, Google's Display & Video 360 and Magnite as partners. Notably, competitor Disney+ also has an advertising agreement with The Trade Desk. Netflix also touted the success of its ad-supported tier, reporting that 40 million global monthly active users opt for the plan. The ad tier had around 5 million users within six months of launching.

Arizona Attorney General Kris Mayes filed two lawsuits Wednesday against the international online retail giant Amazon.com, accusing it of deceptive and unfair business practices. Courthouse News Service: The two lawsuits, filed in state court, say Amazon's Prime cancellation process and the algorithm that decides whether a product is offered through a "buy now" or "add to cart" option violate the Arizona Consumer Fraud Act and the Arizona Uniform State Antitrust Act. Mayes, a Democrat, accuses Amazon of artificially inflating prices and boxing our third-party retailers that rely on the site for business. "Amazon must be held accountable for these violations of our state laws," Mayes said in a statement. "No matter how big and powerful, all businesses must play by the same rules and follow the same laws as everyone else."

With Amazon on its heels, the nation's biggest company by revenue is hunting for ways to continue growing. From a report: For a decade, Walmart has reigned as the nation's biggest company by revenue. Its sales last year added up to $648 billion -- more than $1.2 million a minute. That status comes with benefits. It gives Walmart power in negotiations with product manufacturers and in dealing with government officials over policy issues. It's also a point of pride: Job postings often tout working at the "Fortune 1" company as a perk. Its reign is looking shaky lately [non-paywalled link]. If current sales trends persist, Amazon is likely to overtake Walmart soon. Amazon reported $575 billion in total revenue last year, up 12% from the previous year, compared with Walmart's revenue growth of 6%.

Walmart's behemoth size means that to meet its own sales target of around 4% growth each year, the company has to find an additional $26 billion in sales this year. That's no easy task. About 90% of Americans already shop at the retailer. The pandemic and rising inflation boosted Walmart's revenue by $100 billion since 2019. It faces continued uncertainty in consumer confidence and while it's spending in some areas, it's pulling back in others. Earlier this week, Walmart told workers it would cut hundreds of corporate jobs and ask most remote workers to move to offices. While Amazon's and Walmart's businesses compete head on, there are big differences. Amazon earns much of its profit from non-retail operations such as cloud computing and advertising, while grabbing retail market share with fast shipping. Walmart gets the bulk of its sales and profits from U.S. stores, while growing side businesses like advertising and digital sales.

Walmart executives are most wary of Amazon's ability to keep increasing profits through its non-retail business, while eating more of the retail landscape with ever-faster shipping and a bigger product selection, people familiar with the company said. Internally some executives are highlighting Walmart's role as a good corporate citizen and emphasizing that it's important to be the best at serving customers and workers, not just the biggest, say some of those people. Its scale can also have downsides, say some, like outsize attention on every misstep.

schwit1 shares a report: Fake studies have flooded the publishers of top scientific journals, leading to thousands of retractions and millions of dollars in lost revenue. The biggest hit has come to Wiley, a 217-year-old publisher based in Hoboken, N.J., which Tuesday announced that it was closing 19 journals, some of which were infected by large-scale research fraud. In the past two years, Wiley has retracted more than 11,300 papers that appeared compromised, according to a spokesperson, and closed four journals. It isn't alone: At least two other publishers have retracted hundreds of suspect papers each. Several others have pulled smaller clusters of bad papers.

Although this large-scale fraud represents a small percentage of submissions to journals, it threatens the legitimacy of the nearly $30 billion academic publishing industry and the credibility of science as a whole. The discovery of nearly 900 fraudulent papers in 2022 at IOP Publishing, a physical sciences publisher, was a turning point for the nonprofit. "That really crystallized for us, everybody internally, everybody involved with the business," said Kim Eggleton, head of peer review and research integrity at the publisher. "This is a real threat." The sources of the fake science are "paper mills" -- businesses or individuals that, for a price, will list a scientist as an author of a wholly or partially fabricated paper. The mill then submits the work, generally avoiding the most prestigious journals in favor of publications such as one-off special editions that might not undergo as thorough a review and where they have a better chance of getting bogus work published.

Later this month, Comcast will launch a three-way bundle with Peacock, Netflix and Apple TV+. It will "come at a vastly reduced price to anything in the market today," said. Comcast chief Brian Roberts. Variety reports: The goal is to "add value to consumers" and at the same time "take some of the dollars out of" other companies' streaming businesses, he added, while reinforcing Comcast's broadband service offerings. Comcast's impending launch of the StreamSaver bundle come as other media companies have been assembling similar offerings. [...] Like the other streaming bundling strategies, Comcast's forthcoming Peacock, Netflix and Apple TV+ package is an effort to reduce cancelation rates (aka "churn") and provide a more efficient means of subscriber acquisition -- coming as the traditional cable TV business continues to deteriorate. Last week, Disney and Warner Bros. Discovery announced a three-way bundle comprising of Max, Disney+ and Hulu.