Slashdot

Last week the Guardian reported on "thousands of AI workers contracted for Google through Japanese conglomerate Hitachi's GlobalLogic to rate and moderate the output of Google's AI products, including its flagship chatbot Gemini... and its summaries of search results, AI Overviews." "AI isn't magic; it's a pyramid scheme of human labor," said Adio Dinika, a researcher at the Distributed AI Research Institute based in Bremen, Germany. "These raters are the middle rung: invisible, essential and expendable...." Ten of Google's AI trainers the Guardian spoke to said they have grown disillusioned with their jobs because they work in siloes, face tighter and tighter deadlines, and feel they are putting out a product that's not safe for users... In May 2023, a contract worker for Appen submitted a letter to the US Congress that the pace imposed on him and others would make Google Bard, Gemini's predecessor, a "faulty" and "dangerous" product This week Google laid off 200 of those moderating contractors, reports Wired. "These workers, who often are hired because of their specialist knowledge, had to have either a master's or a PhD to join the super rater program, and typically include writers, teachers, and people from creative fields." Workers still at the company claim they are increasingly concerned that they are being set up to replace themselves. According to internal documents viewed by WIRED, GlobalLogic seems to be using these human raters to train the Google AI system that could automatically rate the responses, with the aim of replacing them with AI. At the same time, the company is also finding ways to get rid of current employees as it continues to hire new workers. In July, GlobalLogic made it mandatory for its workers in Austin, Texas, to return to office, according to a notice seen by WIRED... Some contractors attempted to unionize earlier this year but claim those efforts were quashed. Now they allege that the company has retaliated against them. Two workers have filed a complaint with the National Labor Relations Board, alleging they were unfairly fired, one due to bringing up wage transparency issues, and the other for advocating for himself and his coworkers. "These individuals are employees of GlobalLogic or their subcontractors, not Alphabet," Courtenay Mencini, a Google spokesperson, said in a statement... "Globally, other AI contract workers are fighting back and organizing for better treatment and pay," the article points out, noting that content moderators from around the world facing similar issues formed the Global Trade Union Alliance of Content Moderators which includes workers from Kenya, Turkey, and Colombia. Thanks to long-time Slashdot reader mspohr for sharing the news.

Read more of this story at Slashdot.

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting "promising approaches that should be more widely used" and "areas where more work is needed." There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities are found. More development should be shifted to safer languages that make vulnerabilities and attacks less likely. We also need to find ways to fund open source development to make it less susceptible to takeover by the mere offer of free help. Relatively small investments in OpenSSL and XZ development could have prevented both the Heartbleed vulnerability and the XZ attack. Some highlights from the 5,000-word article: Make Builds Reproducible. "The Reproducible Builds project aims to raise awareness of reproducible builds generally, as well as building tools to help progress toward complete reproducibility for all Linux software. The Go project recently arranged for Go itself to be completely reproducible given only the source code... A build for a given target produces the same distribution bits whether you build on Linux or Windows or Mac, whether the build host is X86 or ARM, and so on. Strong reproducibility makes it possible for others to easily verify that the binaries posted for download match the source code..." Prevent Vulnerabilities. "The most secure software dependencies are the ones not used in the first place: Every dependency adds risk... Another good way to prevent vulnerabilities is to use safer programming languages that remove error-prone language features or make them needed less often..." Authenticate Software. ("Cryptographic signatures make it impossible to nefariously alter code between signing and verifying. The only problem left is key distribution...") "The Go checksum database is a real-world example of this approach that protects millions of Go developers. The database holds the SHA256 checksum of every version of every public Go module..." Fund Open Source. [Cox first cites the XKCD cartoon "Dependencies," calling it "a disturbingly accurate assessment of the situation..."] "The XZ attack is the clearest possible demonstration that the problem is not fixed. It was enabled as much by underfunding of open source as by any technical detail." The article also emphasized the importance of finding and fixing vulnerabilities quickly, arguing that software attacks must be made more difficult and expensive. "We use source code downloaded from strangers on the Internet in our most critical applications; almost no one is checking the code.... We all have more work to do."

Read more of this story at Slashdot.

Near Microsoft's headquarters in Redmond, the Five Stones coffee shop advertised for a barista a few months ago — and started getting resumes from "people who listed Microsoft and other tech companies," writes the Wall Street Journal: The applicants typically had master's degrees and experience in graphic design or marketing roles, Andrews said — sometimes senior ones. They were applying to jobs at Five Stones that would pay Redmond's minimum wage, $16.66 an hour. Five Stones hasn't yet hired such candidates because the coffee shop gives priority to more traditional entry-level baristas, like high-schoolers... [Microsoft and Amazon] have laid off more than 46,000 employees since 2023, according to Layoffs.fyi, which tracks workforce reductions. That represents 85% of layoffs by Seattle-area tech companies... As Amazon and Microsoft have made cuts — and other local tech firms including Expedia and Redfin have followed suit — the effects have rippled through Seattle's other business sectors. Weakness in payroll and sales tax contributed to a projected $146 million shortfall in revenue over the next two years. Restaurant and retail spending is down in the business and shopping districts surrounding Amazon's and Microsoft's campuses, with total transactions falling by as much as 7% in some popular areas in the past year, according to data from Square. In the first half of 2025, around 450 restaurants closed in Seattle, or about 16% of its total. "At the halfway point of the year, we've already seen as many closures as we'd usually see in a full year," said Anthony Anton, chief executive officer of the Washington Hospitality Association. Uber driver Juan Prado made six figures in 2021, often shuttling passengers in town for job interviews and doing frequent drop-offs near downtown tech offices. Now, he said, demand is much lower. "There are moments where you can be online, and in certain areas, it shows nothing...." Seattle tech firms are asking for significantly fewer job placements than years ago, said Noelle McDonald, senior vice president at recruiting company Aquent, which counts Amazon and Microsoft as clients. Hiring windows have lengthened and open roles receive around 10 times as many applications. And of course, "Commercial real-estate vacancies stand at a record high as offices built to accommodate a boom sit empty... " While some laid-off employees launched their own startups, "the outlook for many tech workers is dour as companies invest in software tools they can use to streamline teams," the article points out. Microsoft CEO Satya Nadella "has said the company is increasingly looking to AI to perform coding and other tasks once done by people," while in June, Amazon "said its workforce would shrink going forward."

Read more of this story at Slashdot.

Mickey Mouse's first movie Steamboat Willie entered the public domain in 2024. Now one of America's largest personal injury firms is suing Disney, reports the Associated Press, "in an effort to get a ruling that would allow it to use Steamboat Willie in advertisements..." [The law firm said] it had reached out to Disney to make sure the entertainment company wouldn't sue them if they used images from the animated film for their TV and online ads. Disney's lawyers responded by saying they didn't offer legal advice to third parties, according to the lawsuit. Morgan & Morgan said it was filing the lawsuit to get a decision because it otherwise feared being sued by Disney for trademark infringement if it used Steamboat Willie. "Without waiver of any of its rights, Disney will not provide such advice in response to your letter," Disney's attorneys wrote in their letter (adding "Very truly yours..."). A local newscast showed a glimpse of the letter, along with a few seconds of the ad (which ends with Minnie Mouse pulling out a cellphone to call for a lawyer...) Attorney John Morgan tells the newscast that Disney's legal team "is playing cute, and so we're just trying to get a yes or no answer.. They wrote us back a bunch of mumbo-jumbo that made no sense, didn't answer the question. We tried it again, they didn't answer the question..." (The newscast adds that the case isn't expected to go to court for at least a year.)

Read more of this story at Slashdot.

When Meta finally unveiled its newest smart glasses, CEO Mark Zuckerberg "drew more snickers than applause," wrote the New York Times. (Mashable points out a video call failing onstage followed by an unsuccessful recipe demonstration.) Meta chief technology officer Andrew Bosworth later explained the funny reason their demo didn't work, reports TechCrunch, while answering questions on Instagram: "When the chef said, 'Hey, Meta, start Live AI,' it started every single Ray-Ban Meta's Live AI in the building. And there were a lot of people in that building," Bosworth explained. "That obviously didn't happen in rehearsal; we didn't have as many things," he said, referring to the number of glasses that were triggered... The second part of the failure had to do with how Meta had chosen to route the Live AI traffic to its development server to isolate it during the demo. But when it did so, it did this for everyone in the building on the access points, which included all the headsets. "So we DDoS'd ourselves, basically, with that demo," Bosworth added... Meta's dev server wasn't set up to handle the flood of traffic from the other glasses in the building — Meta was only planning for it to handle the demos alone. The issue with the failed WhatsApp call, on the other hand, was the result of a new bug. The smart glasses' display had gone to sleep at the exact moment the call came in, Bosworth said. When Zuckerberg woke the display back up, it didn't show the answer notification to him. The CTO said this was a "race condition" bug... "We've never run into that bug before," Bosworth noted. "That's the first time we'd ever seen it. It's fixed now, and that's a terrible, terrible place for that bug to show up." He stressed that, of course, Meta knows how to handle video calls, and the company was "bummed" about the bug showing up here... "It really was just a demo fail and not, like, a product failure," he said. Thanks to Slashdot reader fjo3 for sharing the news.

Read more of this story at Slashdot.

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills. Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date. They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life." Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...

Read more of this story at Slashdot.

The consumer advocacy nonprofit PIRG (Public Interest Research Group) is now petitioning Microsoft to reconsider pulling support for Windows 10 in 2025, since "as many as 400 million perfectly good computers that can't upgrade to Windows 11 will be thrown out." In a petition addressed to Microsoft CEO Satya Nadella, the group warned the October 14 end of free support could cause "the single biggest jump in junked computers ever, and make it impossible for Microsoft to hit their sustainability goals." About 40% of PCs currently in use can't upgrade to Windows 11, even if users want to... Less than a quarter of electronic waste is recycled, so most of those computers will end up in landfills. Consumer Reports recently also urged Microsoft to not to "strand millions of customers.". And now more groups are also pushing back, according to a post from the blog Windows: Central The Restart Project co-developed the "End of 10" toolkit, which is designed to support Windows 10 users who can't upgrade to Windows 11 after the operating system hits its end-of-support date. They also note that a Paris-based company called Back Market plans to sell Windows 10 laptops refurbished with Ubuntu Linux or ChromeOS Flex. ("We refuse to watch hundreds of millions of perfectly good computers end up in the trash as e-waste," explains their web site.) Back Market's ad promises an "up-to-date, secure operating system — so instead of paying for a new computer you don't need, you can help us give this one a brand new life." Right now Windows 10 holds 71.9% of Microsoft's market share, with Windows 11 at 22.95%, according to figures from StatCounter cited by the blog Windows Central. And HP and Dell "recently indicated that half of the global PCs are still running Windows 10," according to another Windows Central post...

Read more of this story at Slashdot.

An anonymous reader shared this article from the Washington Post: A student taking an online quiz sees a button appear in their Chrome browser: "homework help." Soon, Google's artificial intelligence has read the question on-screen and suggests "choice B" as the answer. The temptation to cheat was suddenly just two clicks away Sept. 2, when Google quietly added a "homework help" button to Chrome, the world's most popular web browser. The button has been appearing automatically on the kinds of course websites used by the majority of American college students and many high-schoolers, too. Pressing it launches Google Lens, a service that reads what's on the page and can provide an "AI Overview" answer to questions — including during tests. Educators I've spoken with are alarmed. Schools including Emory University, the University of Alabama, the University of California at Los Angeles and the University of California at Berkeley have alerted faculty how the button appears in the URL box of course sites and their limited ability to control it. Chrome's cheating tool exemplifies Big Tech's continuing gold rush approach to AI: launch first, consider consequences later and let society clean up the mess. "Google is undermining academic integrity by shoving AI in students' faces during exams," says Ian Linkletter, a librarian at the British Columbia Institute of Technology who first flagged the issue to me. "Google is trying to make instructors give up on regulating AI in their classroom, and it might work. Google Chrome has the market share to change student behavior, and it appears this is the goal." Several days after I contacted Google about the issue, the company told me it had temporarily paused the homework help button — but also didn't commit to keeping it off. "Students have told us they value tools that help them learn and understand things visually, so we're running tests offering an easier way to access Lens while browsing," Google spokesman Craig Ewer said in a statement.

Read more of this story at Slashdot.

An anonymous reader shared this report from the Washington Post: Finnish tech firm Bluefors, a maker of ultracold refrigerator systems critical for quantum computing, has purchased tens of thousands of liters of Helium-3 from the moon — spending "above $300 million" — through a commercial space company called Interlune. The agreement, which has not been previously reported, marks the largest purchase of a natural resource from space. Interlune, a company founded by former executives from Blue Origin and an Apollo astronaut, has faced skepticism about its mission to become the first entity to mine the moon (which is legal thanks to a 2015 law that grants U.S. space companies the rights to mine on celestial bodies). But advances in its harvesting technology and the materialization of commercial agreements are gradually making this undertaking sound less like science fiction. Bluefors is the third customer to sign up, with an order of up to 10,000 liters of Helium-3 annually for delivery between 2028 and 2037... Helium-3 is lighter than the Helium-4 gas featured at birthday parties. It's also much rarer on Earth. But moon rock samples from the Apollo days hint at its abundance there. Interlune has placed the market value at $20 million per kilogram (about 7,500 liters). "It's the only resource in the universe that's priced high enough to warrant going out to space today and bringing it back to Earth," said Rob Meyerson [CEO of Interlune and former president of Blue Origin]... [H]eat, even in small doses, can cause qubits to produce errors. That's where Helium-3 comes in. Bluefors makes the cooling technology that allows the computer to operate — producing chandelier-type structures known as dilution refrigerators. Their fridges, used by quantum computer leader IBM, contain a mixture of Helium-3 and Helium-4 that pushes temperatures below 10 millikelvins (or minus-460 degrees Fahrenheit)... Existing quantum computers have been built with more than a thousand qubits, he said, but a commercial system or data center would need a million or more. That could require perhaps thousands of liters of Helium-3 per quantum computer. "They will need more Helium-3 than is available on planet Earth," said Gary Lai [a co-founder and chief technology officer of Interlune, who was previously the chief architect at Blue Origin]. Most Helium-3 on Earth, he said, comes from the decay of tritium (an isotope of hydrogen) in nuclear weapons stockpiles, but between 22,000 and 30,000 liters are made each year... "We estimate there's more than a million metric tons of Helium-3 on the moon," Meyerson said. "And it's been accumulating there for 4 billion years." Now, they just need to get it. Interlune CEO Meyerson tells the post "It's really all about establishing a resilient supply chain for this critical material" — adding that in the long-term he could also see Helium-3 being used for other purposes including fusion energy.

Read more of this story at Slashdot.

A large U.S.-made bomb left over from World War II was discovered at a construction site, reports the Associated Press: Police said the bomb was 1.5 meters (nearly 5 feet) in length and weighed about 1,000 pounds (450 kilograms). It was discovered by construction workers in Quarry Bay, a bustling residential and business district on the west side of Hong Kong island... [A police official] said that because of "the exceptionally high risks associated with its disposal," approximately 1,900 households involving 6,000 individuals were "urged to evacuate swiftly." The operation to deactivate the bomb began late Friday and lasted until around 11:30 a.m. Saturday. No one was injured in the operation. Bombs left over from World War II are discovered from time to time in Hong Kong. The city was occupied by Japanese forces during the war, when it became a base for the Japanese military and shipping. The United States, along with other Allied forces, targeted Hong Kong in air raids to disrupt Japanese supply lines and infrastructure. "Bombs from the war have triggered evacuations and emergency measures around the globe in recent months," reports CBS News: Earlier this month, a 500-pound bomb was discovered in Slovakia's capital during construction work, prompting evacuations. In August, large parts of Dresden, Germany, were evacuated so experts could defuse an unexploded World War II bomb found during clearance work for a collapsed bridge. In June, over 20,000 people were evacuated from Cologne after three unexploded U.S. bombs from the war were found... In March, a World War II bomb was found near the tracks of Paris' Gare du Nord station. In February, more than 170 bombs were found near a children's playground in northern England. And in October 2024, a World War II bomb exploded at a Japanese airport.

Read more of this story at Slashdot.

"A cyberattack targeting check-in and boarding systems disrupted air traffic and caused delays at several of Europe's major airports on Saturday," reports the Associated Press. "While the impact on travelers appeared to be limited, experts said the intrusion exposed vulnerabilities in security systems." The disruptions to electronic systems initially reported at Brussels, Berlin's Brandenburg and London's Heathrow airports meant that only manual check-in and boarding was possible. Many other European airports said their operations were unaffected... Airports said the issue centered around a provider of check-in and boarding systems — not airlines or the airports themselves. Collins Aerospace, whose systems help passengers check themselves in, print boarding passes and bag tags and dispatch their luggage from a kiosk, cited a "cyber-related disruption" to its MUSE (Multi-User System Environment) software at "select airports." Brussels Airport initially reported a "large impact" on flight schedules," according to the article, with a spokesperson telling broadcaster VTM that by mid-morning nine flights had been canceled, with four more redirected to another airport and 15 delayed an hour or more. The airport later told Reuters there were "delays on most of the departing flights." Reuters notes it's "the latest in a string of hacks targeting governments and companies across the world, hitting sectors from healthcare and defence to retail and autos.: A recent breach at luxury carmaker Jaguar Land Rover brought its production to a halt... At Heathrow, Berlin and Brussels, 29 flight departures and arrivals had been cancelled as of 1130 GMT, aviation data provider Cirium said. In total, 651 departures were scheduled from Heathrow, 228 from Brussels and 226 from Berlin on Saturday... Brussels Airport said it had asked airlines to cancel half of their scheduled departing flights on Sunday to avoid long queues and late cancellations, signalling that the disruption would continue through the weekend. A European Commission spokesperson said there were currently no indications of a "widespread or severe attack" and that the origin of the incident was still under investigation.

Read more of this story at Slashdot.

"Betelgeuse may have competition for the most exciting star about to go nova near Earth," writes Space.com. "Astronomers have discovered the secret of a strange star system that has baffled them for years, finding it contains a dead star about to erupt after overfeeding on a stellar companion." The supernova explosion of this cosmic cannibal could be as bright as the moon, making it visible with the naked eye over Earth even in broad daylight. The system in question is the double star V Sagittae located around 10,000 light-years from Earth, containing a white dwarf stellar remnant and its victim companion star, which orbit each other roughly twice every Earth day. The new research and the revelation of this white dwarf's imminent catastrophic fate answer questions about V Sagittae that have lingered for 123 years... White dwarfs represent the final stage of stars with masses around that of the sun, occurring when they run out of fuel for nuclear fusion... [W]hite dwarfs that have a stellar companion can get a second lease on life and a more conclusive and explosive end... [T]he stolen stellar material piles up on the surface of the white dwarf until it pushes this stellar remnant past the so-called Chandrasekhar limit of 1.4 solar masses. This is the mass limit that a stellar remnant has to exceed to trigger a supernova... However, this team found something very different and extraordinary happening with the stellar material being stolen by the white dwarf in V Sagittae... This investigation revealed that there is a giant halo of gas comprised of material stolen from the companion star wrapped around both the cannibal white dwarf and its stellar victim... "The white dwarf cannot consume all the mass being transferred from its hot star twin, so it creates this bright cosmic ring," team member Pasi Hakala from the University of Turku said. "The speed at which this doomed stellar system is lurching wildly, likely due to the extreme brightness, is a frantic sign of its imminent, violent end." "The matter accumulating on the white dwarf is likely to produce a nova outburst in the coming years, during which V Sagittae would become visible with the naked eye," Pablo Rodríguez-Gil from Spain's Instituto de Astrofisica de Canarias said. "But when the two stars finally smash into each other and explode, this would be a supernova explosion so bright it'll be visible from Earth even in the daytime." The research was conducted with the Very Large Telescope (four individual telescopes high in the mountains of Chile) — and published last week in the journal Monthly Notices of the Royal Astronomical Society.

Read more of this story at Slashdot.

Fast Company ran a contrarian take about AI from entrepreneur/thought leader Faisal Hoque, who argues there's three AI bubbles. The first is a classic speculative bubble, with asset prices soaring above their fundamental values (like the 17th century's Dutch "tulip mania"). "The chances of this not being a bubble are between slim and none..." Second, AI is also arguably in what we might call an infrastructure bubble, with huge amounts being invested in infrastructure without any certainty that it will be used at full capacity in the future. This happened multiple times in the later 1800s, as railroad investors built thousands of miles of unneeded track to serve future demand that never materialized. More recently, it happened in the late '90s with the rollout of huge amount of fiber optic cable in anticipation of internet traffic demand that didn't turn up until decades later. Companies are pouring billions into GPUs, power systems, and cooling infrastructure, betting that demand will eventually justify the capacity. McKinsey analysts talk of a $7 trillion "race to scale data centers" for AI, and just eight projects in 2025 already represent commitments of over $1 trillion in AI infrastructure investment. Will this be like the railroad booms and busts of the late 1800s? It is impossible to say with any kind of certainty, but it is not unreasonable to think so. Third, AI is certainly in a hype bubble, which is where the promise claimed for a new technology exceeds reality, and the discussion around that technology becomes increasingly detached from likely future outcomes. Remember the hype around NFTs? That was a classic hype bubble. And AI has been in a similar moment for a while. All kinds of media — social, print, and web — are filled with AI-related content, while AI boosterism has been the mood music of the corporate world for the last few years. Meanwhile, a recent MIT study reported that 95% of AI pilot projects fail to generate any returns at all. But the article ultimately argues there's lessons in the 1990s dotcom boom: that "a thing can be hyped beyond its actual capabilities while still being important... When valuations correct — and they will — the same pattern will emerge: companies that focus on solving real problems with available technology will extract value before, during, and after the crash." The winners will be companies with systematic approaches to extracting value — adopting mixed portfolios with different time horizons and risk levels, while recognizing organizational friction points for a purposeful (and holistic) integration. "The louder the bubble talk, the more space opens for those willing to take a methodical approach to building value." Thanks to Slashdot reader Tony Isaac for sharing the article.

Read more of this story at Slashdot.

The Shai-Hulud malware campaign impacted hundreds of npm packages across multiple maintainers, reports Koi Security, including popular libraries like @ctrl/tinycolor and some packages maintained by CrowdStrike. Malicious versions embed a trojanized script (bundle.js) designed to steal developer credentials, exfiltrate secrets, and persist in repositories and endpoints through automated workflows. Koi Security created a table of packages identified as compromised, promising it's "continuously updated" (and showing the last compromise detected Tuesday). Nearly all of the compromised packages have a status of "removed from NPM". Attackers published malicious versions of @ctrl/tinycolor and other npm packages, injecting a large obfuscated script (bundle.js) that executes automatically during installation. This payload repackages and republishes maintainer projects, enabling the malware to spread laterally across related packages without direct developer involvement. As a result, the compromise quickly scaled beyond its initial entry point, impacting not only widely used open-source libraries but also CrowdStrike's npm packages. The injected script performs credential harvesting and persistence operations. It runs TruffleHog to scan local filesystems and repositories for secrets, including npm tokens, GitHub credentials, and cloud access keys for AWS, GCP, and Azure. It also writes a hidden GitHub Actions workflow file (.github/workflows/shai-hulud-workflow.yml) that exfiltrates secrets during CI/CD runs, ensuring long-term access even after the initial infection. This dual focus on endpoint secret theft and backdoors makes Shai-Hulud one of the most dangerous campaigns ever compared to previous compromises. "The malicious code also attempts to leak data on GitHub by making private repositories public," according to a Tuesday blog post from security systems provider Sysdig: The Sysdig Threat Research Team (TRT) has been monitoring this worm's progress since its discovery. Due to quick response times, the number of new packages being compromised has slowed considerably. No new packages have been seen in several hours at the time... Their blog post concludes "Supply chain attacks are increasing in frequency. It is more important than ever to monitor third-party packages for malicious activity." Some context from Tom's Hardware: To be clear: This campaign is distinct from the incident that we covered on Sept. 9, which saw multiple npm packages with billions of weekly downloads compromised in a bid to steal cryptocurrency. The ecosystem is the same — attackers have clearly realized the GitHub-owned npm package registry for the Node.js ecosystem is a valuable target — but whoever's behind the Shai-Hulud campaign is after more than just some Bitcoin.

Read more of this story at Slashdot.

Long-time Slashdot reader robinsrowe shared this report from the Register: The C++ standards committee abandoned a detailed proposal to create a rigorously safe subset of the language, according to the proposal's co-author, despite continuing anxiety about memory safety. "The Safety and Security working group voted to prioritize Profiles over Safe C++. Ask the Profiles people for an update. Safe C++ is not being continued," Sean Baxter, author of the cutting-edge Circle C++ compiler, commented in June this year. The topic came up as developers like Simone Bellavia noted the anniversary of the proposal and discovered a decision had been made on Safe C++. One year ago, Baxter told The Reg that the project would enable C++ developers to get the memory safety of Rust, but without having to learn a new language. "Safe C++ prevents users from writing unsound code," he said. "This includes compile-time intelligence like borrow checking to prevent use-after-free bugs and initialization analysis for type safety." Safe C++ would enable incremental migration of code, since it only applies to code in the safe context. Existing unsafe code would run as before. Even the matter of whether the proposal has been abandoned is not clear-cut. Erich Keane, C++ committee member and co-chair of the C++ Evolution Working Group (EWG), said that Baxter's proposal "got a vote of encouragement where roughly 1/2 (20/45) of the people encouraged Sean's paper, and 30/45 encouraged work on profiles (with 6 neutral)... Sean is completely welcome to continue the effort, and many in the committee would love to see him make further effort on standardizing it." In response, Baxter said: "The Rust safety model is unpopular with the committee. Further work on my end won't change that. Profiles won the argument." He added that the language evolution principles adopted by the EWG include the statement that "we should avoid requiring a safe or pure function annotation that has the semantics that a safe or pure function can only call other safe or pure functions." This, he said, is an "irreconcilable design disagreement...."

Read more of this story at Slashdot.

Micro- and nanoplastic particles "infiltrate all systems of the body, including the brain," notes the University of Rhode Island, "where they can accumulate and trigger Alzheimer's-like conditions, according to a new study by researchers in the University of Rhode Island College of Pharmacy." ScienceDaily shares the announcement: After a previous study that showed how microplastics can infiltrate all systems of the body — including the blood-brain barrier, which protects the brain from harmful substances as small as viruses and bacteria — University of Rhode Island pharmacy assistant professor Jaime Ross expanded the study to determine the brain health impacts of the plastic toxins. Her findings indicate that the accumulation of micro- and nanoplastics in the brain can lead to cognitive decline and even Alzheimer's disease, especially in those who carry genetic risk factors. Ross' latest study, published recently in the journal Environmental Research Communications, examined mice that had been genetically modified to include the naturally occurring gene APOE4, a strong indicator of Alzheimer's risk making people 3.5 times more likely to develop the disease than those who carry the APOE3 variant of the gene that is passed from parents to offspring... Ross and her team exposed two groups of mice — one with the APOE4 variant and one with APOE3 — to micro- and nanoplastics in their drinking water over a period of three weeks. The tiny particles from polystyrene — among the most abundant plastics in the world, found in Styrofoam take-out containers, plastic cups and more — infiltrated the mice' organs, including the brain, as expected... Ross' team then ran the mice through a series of tests to examine their cognitive ability, beginning with an open-field test, in which researchers put a mouse in a chamber and allow it to explore at will for 90 minutes. Ordinarily, a mouse will hug the walls, naturally attempting to hide from potential predators. However, after microplastic exposure, the APOE4 mice — especially the male mice — tended to wander more in the middle of the chamber and spend time in open space, leaving themselves vulnerable to predators... The results are concerning enough to warrant further study into the cognitive decline caused by exposure to micro- and nanoplastics, which are among the most prominent environmental toxins to which people are routinely exposed... Ross is continuing to expand her research into the topic and encourages others to do so, in the hope of leading to better regulation of the toxins.

Read more of this story at Slashdot.

"OpenAI's video generation tool, Sora, can create high-definition clips of just about anything you could ask for..." reports the Washington Post. "But OpenAI has not specified which videos it grabbed to make Sora, saying only that it combined 'publicly available and licensed data'..." With ChatGPT, OpenAI helped popularize the now-standard industry practice of building more capable AI tools by scraping vast quantities of text from the web without consent. With Sora, launched in December, OpenAI staff said they built a pioneering video generator by taking a similar approach. They developed ways to feed the system more online video — in more varied formats — including vertical videos and longer, higher-resolution clips... To explore what content OpenAI may have used, The Washington Post used Sora to create hundreds of videos that show it can closely mimic movies, TV shows and other content... In dozens of tests, The Post found that Sora can create clips that closely resemble Netflix shows such as "Wednesday"; popular video games like "Minecraft"; and beloved cartoon characters, as well as the animated logos for Warner Bros., DreamWorks and other Hollywood studios, movies and TV shows. The publicly available version of Sora can generate only 20-second clips, without audio. In most cases, the look-alike scenes were made by typing basic requests like "universal studios intro." The results also showed that Sora can create AI videos with the logos or watermarks that broadcasters and tech companies use to brand their video content, including those for the National Basketball Association, Chinese-owned social app TikTok and Amazon-owned streaming platform Twitch... Sora's ability to re-create specific imagery and brands suggests a version of the originals appeared in the tool's training data, AI researchers said. "The model is mimicking the training data. There's no magic," said Joanna Materzynska, a PhD researcher at Massachusetts Institute of Technology who has studied datasets used in AI. An AI tool's ability to reproduce proprietary content doesn't necessarily indicate that the original material was copied or obtained from its creators or owners. Content of all kinds is uploaded to video and social platforms, often without the consent of the copyright holder... Materzynska co-authored a study last year that found more than 70 percent of public video datasets commonly used in AI research contained content scraped from YouTube. Netflix and Twitch said they did not have a content partnership for training OpenAI, according to the article (which adds that OpenAI "has yet to face a copyright suit over the data used for Sora.") Two key quotes from the article: "Unauthorized scraping of YouTube content continues to be a violation of our Terms of Service." — YouTube spokesperson Jack Malon "We train on publicly available data consistent with fair use and use industry-leading safeguards to avoid replicating the material they learn from." — OpenAI spokesperson Kayla Wood

Read more of this story at Slashdot.

Libraries nationwide are fielding patron requests for books that don't exist after AI-generated summer reading lists appeared in the Chicago Sun-Times and Philadelphia Inquirer earlier this year. Reference librarian Eddie Kristan told 404 Media the problem began in late 2022 following GPT-3.5's release but escalated dramatically after the newspapers published lists created by a freelancer using AI without verification. A Library Freedom Project survey found patrons increasingly trust AI chatbots over human librarians and become defensive when told their AI-recommended titles are fictional. Kristan now routinely checks WorldCat's global catalog to verify titles exist. Collection development librarians are requesting digital vendors remove AI-generated books from platforms while academic libraries struggle against vendors implementing flawed LLM-based search tools and AI-generated summaries that undermine information literacy instruction.

Read more of this story at Slashdot.

The high seas, the vast waters beyond any one country's jurisdiction, cover nearly half the planet. On Friday, a hard-fought global treaty to protect the "cornucopia of biodiversity" living there cleared a final hurdle and will become international law. From a report: The High Seas Treaty, as it is known, was ratified by a 60th nation, Morocco, crossing the threshold for United Nations treaties to go into effect. Two decades in the making, it allows for the establishment of enormous conservation zones in international waters. Environmentalists hailed it as a historic moment. The treaty "is a conservation opportunity that happens once in a generation, if that," said Lisa Speer, who directs the International Oceans Program at the Natural Resources Defense Council. It is also a bright spot amid a general dimming of optimism about international diplomacy and cooperation among nations toward common goals. It will come into force just as the high seas are poised to become the site of controversial industrial activities including deep sea mining. The treaty provides a comprehensive set of regulations for high seas conservation that would supersede the existing patchwork of rules developed by United Nations agencies and industrial organizations in sectors like oil, fishing and shipping. Currently, less than 10 percent of the world's oceans are protected under law, and conservation advocates say little of that protection is effective. The treaty states a goal of giving 30 percent of the high seas some kind of protected status by 2030.

Read more of this story at Slashdot.

The Leon Thevenin, Africa's only permanently stationed cable repair ship, maintains over 60,000 kilometers of undersea internet infrastructure from Madagascar to Ghana. The 43-year-old vessel employs a 60-person crew who perform precision repairs on fiber-optic cables that carry data for Alphabet, Meta, and Amazon -- companies that consumed 3.6 billion megabits per second of bandwidth in 2023. Operating costs range from $70,000 to $120,000 daily, according to owner Orange Marine. The ship has experienced increased demand due to unusual underwater landslides in the Congo Canyon causing frequent cable breaks. Cable jointer Shuru Arendse and his team spend up to 48 hours on repairs that require fusing hair-thin glass fibers in conditions where a speck of dust can ruin the joint. The vessel gained Starlink connectivity last year after decades of relying on satellite phones and shared computers for crew communication. Sixty-two cable repair ships operate globally to maintain the infrastructure supporting streaming media and AI applications.

Read more of this story at Slashdot.