An anonymous reader quotes a report from the Guardian: The Massachusetts Institute of Technology (MIT) community is grieving after the "shocking" shooting death of the director of its plasma science and fusion center, according to officials. Nuno FG Loureiro, 47, had been shot multiple times at his home in the affluent Boston suburb of Brookline on Monday night when police said they received a call to investigate. Emergency responders brought Loureiro to a hospital, and the award-winning scientist was pronounced dead there Tuesday morning, the Norfolk county district attorney's office said in a statement. The Boston Globe reported speaking with a neighbor of Loureiro who heard gunshots, found the academic lying on his back in the foyer of their building and then called for help alongside the victim's wife. The statement from the Norfolk district attorney's office said an investigation into Loureiro's slaying remained ongoing later Tuesday. But the agency did not immediately release any details about a possible suspect or motive in the killing, which gained widespread attention across academic circles, the US and in Loureiro's native Portugal. Portugal's minster of foreign affairs announced Loureiro's death in a public hearing Tuesday, as CNN reported. Separately, MIT president Sally Kornbluth issued a university-wide letter expressing "great sadness" over the death of Loureiro, whose survivors include his wife. "This shocking loss for our community comes in a period of disturbing violence in many other places," said Kornbluth's letter, released after a weekend marred by deadly mass shootings at Brown University in Rhode Island -- about 50 miles away from MIT -- as well as on Australia's Bondi Beach. The letter concluded by providing a list of mental health resources, saying: "It's entirely natural to feel the need for comfort and support."

Read more of this story at Slashdot.

Longtime Slashdot reader schwit1 shares a report from Politico: The Senate on Wednesday approved Jared Isaacman for the top job at NASA -- an unprecedented comeback after President Donald Trump yanked his nomination this spring. Senators confirmed the billionaire private astronaut in a 67-30 vote. Trump renominated Isaacman for NASA administrator in November, after pulling his original nomination in May. He cited Isaacman's relationship with SpaceX CEO Elon Musk, with whom Trump had just had a falling out, as the rationale for his decision. Isaacman's surprise rebound followed months of political jockeying and help from high-profile figures in Trump's orbit. [...] Isaacman garnered backing from lawmakers during his hearing by confirming his support for NASA's Artemis moon-landing mission, a key prerogative for Capitol Hill. He also committed to instilling urgency at the space agency, citing China's space ambitions.

Read more of this story at Slashdot.

The Academy has struck a multi-year deal to move the Oscars to YouTube starting in 2029, ending decades on ABC and making the ceremony free to stream worldwide with YouTube holding exclusive global rights. Variety reports: The Oscars, including red carpet coverage, behind-the-scenes content and Governors Ball, will be available live and for free on YouTube to viewers around the world, as well as to YouTube TV subscribers in the United States. Architects of the agreement said they hope the move to YouTube will help make the Oscars more accessible to "the Academy's growing global audience through features such as closed captioning and audio tracks available in multiple languages." [...] The Academy had been seeking a new broadcast licensing agreement for the better part of 2025. Over the summer, several expected and unconventional buyers, including NBCUniversal and Netflix, had come into the mix as potential suitors. Insiders believe that YouTube shelled out over nine figures for the Oscars, besting the high eight-figure offers from Disney/ABC and NBCUniversal. Under the most recent contract, Disney was paying around $100 million annually for the Oscars -- but given the ratings declines for the kudocast, Disney/ABC were reportedly looking to spend less on license fees. [...] It's not a secret that the Academy and Disney/ABC would occasionally have disagreements over the best path for the Oscars, including the show's length, which awards to present and who should host. Now, on a streamer with no time limits, the Oscars can be any length, and the Academy likely has carte blanche to do whatever it wants with the telecast. "They can do whatever they want," says one insider. "You can have a six-hour Oscars hosted by MrBeast."

Read more of this story at Slashdot.

Meta has paused its third-party Horizon OS headset program, effectively canceling planned VR headsets from Asus and Lenovo as it refocuses on "building the world-class first-party hardware and software needed to advance the VR market." Road to VR reports: A little over a year and a half ago, Meta made an "industry-altering announcement," as I called the move in my reporting: the company was rebranding the Quest operating system to 'Horizon OS' and announced it was working with select partners to launch third-party VR headsets powered by the operating system. Meta specifically named Asus and Lenovo as the first partners it was working with to build new Horizon OS headsets. Asus was said to be building an "all-new performance gaming headset," while Lenovo was purportedly working on "mixed reality devices for productivity, learning, and entertainment." But as we've now learned, neither headset is likely to see the light of day. Meta say it has frozen the third-party Horizon OS headset program. "We have paused the program to focus on building the world-class first-party hardware and software needed to advance the VR market," a Meta spokesperson told Road to VR. "We're committed to this for the long term and will revisit opportunities for 3rd-party device partnerships as the category evolves."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Netflix on Wednesday said it will add a soccer simulation title to its gaming portfolio, as the streaming giant looks to leverage the FIFA World Cup 2026 tournament to deepen its video game push. The soccer title will be developed and published by Delphi Interactive, which is also helping create a premium James Bond game called "007 First Light," and in association with the sport's governing body, FIFA. Netflix said the game will launch in time for the world's most-watched sporting event, scheduled to start June next year in the U.S.

Read more of this story at Slashdot.

GitHub will begin charging $0.002 per minute for self-hosted Actions runners used on private repositories starting in March. "At the same time, GitHub noted in a Tuesday blog post that it's lowering the prices of GitHub-hosted runners beginning January 1, under a scheme it calls 'simpler pricing and a better experience for GitHub Actions,'" reports The Register. "Self-hosted runner usage on public repositories will remain free." From the report: Regardless of the public repo distinction, enterprise-scale developers who rely on self-hosted runners were predictably not pleased about the announcement. "Github have just sent out an email announcing a $0.002/minute fee for self-hosted runners," Reddit user markmcw posted on the DevOps subreddit. "Just ran the numbers, and for us, that's close to $3.5k a month extra on our GitHub bill." [...] "Historically, self-hosted runner customers were able to leverage much of GitHub Actions' infrastructure and services at no cost," the repo host said in its blog FAQ. "This meant that the cost of maintaining and evolving these essential services was largely being subsidized by the prices set for GitHub-hosted runners." The move, GitHub said, will align costs more closely with usage. Like many similar changes to pricing models pushed by tech firms, GitHub says "the vast majority of users ... will see no price increase." GitHub claims that 96 percent of its customers will see no change to their bill, and that 85 percent of the 4 percent affected by the pricing update will actually see their Actions costs decrease. The company says the remaining 15 percent of impacted users will face a median increase of about $13 a month. For those using self-hosted runners and worried about increased costs, GitHub has updated its pricing calculator to include the cost of self-hosted runners.

Read more of this story at Slashdot.

Longtime Linux developer Greg Kroah-Hartman announced that the Linux kernel has received its first CVE tied to Rust code. Phoronix reports: This first CVE (CVE-2025-68260) for Rust code in the Linux kernel pertains to the Android Binder rewrite in Rust. There is a race condition that can occur due to some noted unsafe Rust code. That code can lead to memory corruption of the previous/next pointers and in turn cause a crash. This CVE for the possible system crash is for Linux 6.18 and newer since the introduction of the Rust Binder driver. At least though it's just a possible system crash and not any more serious system compromise with remote code execution or other more severe issues.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google began its transition to Gemini 3 a few weeks ago with the launch of the Pro model, and the arrival of Gemini 3 Flash kicks it into high gear. The new, faster Gemini 3 model is coming to the Gemini app and search, and developers will be able to access it immediately via the Gemini API, Vertex AI, AI Studio, and Antigravity. Google's bigger gen AI model is also picking up steam, with both Gemini 3 Pro and its image component (Nano Banana Pro) expanding in search. This may come as a shock, but Google says Gemini 3 Flash is faster and more capable than its previous base model. As usual, Google has a raft of benchmark numbers that show modest improvements for the new model. It bests the old 2.5 Flash in basic academic and reasoning tests like GPQA Diamond and MMMU Pro (where it even beats 3 Pro). It gets a larger boost in Humanity's Last Exam (HLE), which tests advanced domain-specific knowledge. Gemini 3 Flash has tripled the old models' score in HLE, landing at 33.7 percent without tool use. That's just a few points behind the Gemini 3 Pro model. Gemini 3 Flash has been been significantly improved in terms of factual accuracy, scoring 68.7% on Simple QA Verified, which is up from 28.1% in the previous model. It's also designed as a high-efficiency model that's suitable for real-time and high-volume workloads. According to Google, Gemini 3 Flash is now the default model for AI Mode in Google Search.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: Two of the largest food-delivery app companies have made a last-ditch effort to overturn tipping laws in New York City that go into effect in January just as its next mayor, who has been highly critical of the companies and the app industry, takes office. Tips to delivery workers have plummeted since some food-delivery apps switched to showing the tipping option only after a purchase had been completed; that change came after New York City established the country's first minimum pay-rate for the workers in 2023. The new laws will require the apps to suggest a minimum tip of 10 percent at checkout, though customers can contribute more or less, or nothing at all. Two of the app companies, DoorDash and Uber, filed a joint federal lawsuit in the Southern District of New York late last week targeting the City Council legislation, arguing that the new rules violated the First Amendment by requiring them to "speak a government-mandated message" and exceeded the Council's authority. Although tipping will be optional under the law, the companies wrote in the suit that a "mandated pre-delivery 10 percent tip suggestion" would cause customers to use the app less because they were suffering from "tipping fatigue." "Lessened engagement would result in fewer orders," the suit said.

Read more of this story at Slashdot.

U.S. senators are probing whether Big Tech data centers are driving up local electricity bills by socializing grid upgrade costs onto residents. Some of the tactics they're using include NDAs, shell companies, and lobbying. Ars Technica reports: In letters (PDF) to seven AI firms, Senators Elizabeth Warren (D-Mass.), Chris Van Hollen (D-Md.), and Richard Blumenthal (D-Conn.) cited a study estimating that "electricity prices have increased by as much as 267 percent in the past five years" in "areas located near significant data center activity." Prices increase, senators noted, when utility companies build out extra infrastructure to meet data centers' energy demands -- which can amount to one customer suddenly consuming as much power as an entire city. They also increase when demand for local power outweighs supply. In some cases, residents are blindsided by higher bills, not even realizing a data center project was approved, because tech companies seem intent on dodging backlash and frequently do not allow terms of deals to be publicly disclosed. AI firms "ask public officials to sign non-disclosure agreements (NDAs) preventing them from sharing information with their constituents, operate through what appear to be shell companies to mask the real owner of the data center, and require that landowners sign NDAs as part of the land sale while telling them only that a 'Fortune 100 company' is planning an 'industrial development' seemingly in an attempt to hide the very existence of the data center," senators wrote. States like Virginia with the highest concentration of data centers could see average electricity prices increase by another 25 percent by 2030, senators noted. But price increases aren't limited to the states allegedly striking shady deals with tech companies and greenlighting data center projects, they said. "Interconnected and interstate power grids can lead to a data center built in one state raising costs for residents of a neighboring state," senators reported. Under fire for supposedly only pretending to care about keeping neighbors' costs low were Amazon, Google, Meta, Microsoft, Equinix, Digital Realty, and CoreWeave. Senators accused firms of paying "lip service," claiming that they would do everything in their power to avoid increasing residential electricity costs, while actively lobbying to pass billions in costs on to their neighbors. [...] Particularly problematic, senators emphasized, were reports that tech firms were getting discounts on energy costs as utility companies competed for their business, while prices went up for their neighbors.

Read more of this story at Slashdot.

A new Arctic Report Card recap shows how the Arctic has transformed in just 20 years, warming about twice as fast as the global average and losing most of its oldest sea ice. It's also triggering cascading impacts from "Atlantification" to permafrost-driven "rusting rivers" and more destructive storms. Scientific American reports: The first Arctic Report Card was released by the National Oceanic and Atmospheric Administration in 2006. Since then the region has warmed twice as fast as the global average. About 95 percent of the oldest, thickest sea ice is gone -- "the sliver that remains is collected in an area north of Greenland. Even the central Arctic Ocean is becoming warmer and saltier, causing more ice melt and changing how much heat is released into the atmosphere in a way that affects weather patterns around the world. Those are just some of the stark changes 20 years have wrought. The findings were highlighted in the 2025 Arctic Report Card, released on Tuesday. The Arctic Ocean is undergoing what scientists are calling "Atlantification" -- a process where warm, salty water from the Atlantic flows north, changing how waters of different temperatures and densities are layered in the Arctic, disrupting ecosystems and altering how heat moves from the water to the air. [...] The Arctic is simply becoming wetter, with more precipitation falling as rain instead of snow. June snow cover over the entire Arctic is half of what it was 60 years ago, the report found. Permafrost also continues to thaw, releasing once trapped carbon into the atmosphere and disgorging iron and other elements that have turned rivers and streams orange. These "rusting rivers," found in more than 200 watersheds, are more acidic than normal and have elevated levels of toxic metals that endanger local ecosystems. And as the permafrost thaws, the tundra of the Arctic biome is shrinking, and the boreal forest biome is creeping northward, disrupting ecosystems.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Wall Street Journal: The alleged perpetrator had improper access to virtually every South Korean adult's personal information: names, phone numbers and even the keycode to enter residential buildings. It was one of the biggest data breaches of recent years and it has sent the company it targeted -- Coupang, South Korea's equivalent of Amazon -- reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks. The leak went undetected for nearly five months, hitting Coupang's radar on Nov. 18 only after a customer flagged suspicious activity. At first, Coupang, which was founded by a Korean-American entrepreneur, said it had experienced a data "exposure" affecting roughly 4,500 customer accounts. But within days, the e-commerce firm revised the figure: The leak exposed up to roughly 34 million user accounts in South Korea -- a sum representing more than 90% of the country's working-age population. Coupang started calling the incident a "leak" after Korean regulators took issue with the company's prior word choice. "The Whole Nation Is a Victim," read one local news headline. An investigation has found that the alleged perpetrator had once worked in South Korea as a software developer for authentication systems at Coupang, which is known for its blockbuster U.S. initial public offering a few years ago. The suspected leaker is believed to be a Chinese national who has moved back to China and is now on the lam, South Korean officials say. They haven't named the person. Even after leaving the firm roughly a year ago, the suspect secretly held on to an internal authentication key that granted him unfettered access to the personal information of Coupang users, South Korean authorities and lawmakers say. The infiltration, using overseas servers, started on June 24. By using the login credentials, the suspect was able to appear as if he were still a Coupang employee when accessing the company's systems.

Read more of this story at Slashdot.

The EU is moving to soften its planned 2035 ban on internal combustion cars by allowing a small share of low-emission engines. "The less stringent limit would leave room for automakers to continue selling some plug-in hybrids, which have both electric and internal combustion engines and can use the combustion engine to recharge the battery without the need to find a charging station," reports the Associated Press. From the report: The proposal from the EU's executive commission would change provisions of 2023 legislation requiring average emissions in new cars to equal zero, or a 100% reduction from 2021 levels. The new proposal would require a 90% emissions reduction. That means in practical terms that most cars would be battery-only but would leave room for some cars with internal combustion engines. Automakers would have to compensate for the added emissions by using European steel produced by methods that emit less carbon, and through use of climate neutral e-fuels made from renewable electricity and captured carbon dioxide and biofuels made from plants. EU officials say changing the limit will not affect progress toward making the 27-country bloc's economy climate neutral by 2050. That means producing only as much carbon dioxide as can be absorbed by forests and oceans or by abatement methods such as storing it underground. CO2 is the primary greenhouse gas blamed by scientists for climate change.

Read more of this story at Slashdot.

A Reuters investigation found that Meta knowingly tolerated large volumes of scam and illegal ads from China worth billions in revenue. Reuters reports: Though China's authoritarian government bans use of Meta social media by its citizens, Beijing lets Chinese companies advertise to foreign consumers on the globe-spanning platforms. As a result, Meta's advertising business was thriving in China, ultimately reaching over $18 billion in annual sales in 2024, more than a tenth of the company's global revenue. But Meta calculated that about 19% of that money -- more than $3 billion -- was coming from ads for scams, illegal gambling, pornography and other banned content, according to internal Meta documents reviewed by Reuters. The documents are part of a cache of previously unreported material generated over the past four years by teams including Meta's finance, lobbying, engineering and safety divisions. The cache reveals Meta's efforts over that period to understand the scale of abuse on its platforms and the company's reluctance to introduce fixes that could undermine its business and revenues. The documents show that Meta believed China was the country of origin of roughly a quarter of all ads for scams and banned products on Meta's platforms worldwide. Victims ranged from shoppers in Taiwan who purchased bogus health supplements to investors in the United States and Canada who were swindled out of their savings. "We need to make significant investment to reduce growing harm," Meta staffers warned in an internal April 2024 presentation to leaders of its safety operations. To that end, Meta created an anti-fraud team that went beyond previous efforts to monitor scams and other banned activity from China. Using a variety of stepped-up enforcement tools, it slashed the problematic ads by about half during the second half of 2024 -- from 19% to 9% of the total advertising revenue coming from China. Then Meta Chief Executive Mark Zuckerberg weighed in. "As a result of Integrity Strategy pivot and follow-up from Zuck," a late 2024 document notes, the China ads-enforcement team was "asked to pause" its work. Reuters was unable to learn the specifics of the CEO's involvement or what the so-called "Integrity Strategy pivot" entailed. But after Zuckerberg's input, the documents show, Meta disbanded its China-focused anti-scam team. It also lifted a freeze it had introduced on granting new Chinese ad agencies access to its platforms. One document shows that Meta shelved yet other anti-scam measures that internal tests had indicated would be effective. The document didn't detail the specifics of those measures. Meta took these steps even as an outside consultant it hired produced research that warned "Meta's own behavior and policies" were fostering systemic corruption in the Chinese market for ads targeting users in other countries, additional documents show. The upshot: Within a few months of Meta's brief crackdown, a new crop of Chinese advertising agencies was flooding Facebook and Instagram with prohibited ads. By mid-2025, banned ads climbed back to about 16% of Meta's China revenue. Rob Leathern, who was a senior director of product management at Facebook until 2020 and is no longer at the company, said the scale of predatory advertising revealed in the documents represents a major breakdown in consumer protections at the social media giant. "The levels that you're talking about are not defensible," he said of the percentage of abusive ads. "I don't know how anyone could think this is okay."

Read more of this story at Slashdot.

Quilter says its AI designed a complex Linux single-board computer in just one week, booting Debian on first power-up. "Holy crap, it's working," exclaimed one of the engineers. Tom's Hardware reports: LA-based startup Quilter has outlined Project Speedrun, which marks a milestone in computer design by AI. The headlining claims are that Quilter's AI facilitated the design of a new Linux SBC, using 843 parts and dual-PCBs, taking just one week to finish, then successfully booting Debian the first time it was powered up. The Quilter team reckon that the AI-enhanced process it demonstrated could unlock a new generation of computer hardware makers.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: Mark Carney says that amid a fundamental shift to the nature of globalization, his government will catalyze the growth in both the public and private sector. But Canadian linguists say that's a problem. Language experts have called out the Canadian prime minister's growing "utilization" of British spellings in key documents -- including the recent federal budget and a press release issued following a meeting with Donald Trump. Carney, who served as the governor of the bank of England for seven years, appears to have run afoul of Canadian linguistic norms, returning to his home country with a penchant for using 's' instead of 'z'- a hallmark of British spellings. In an open letter (PDF) chastising the prime minister, six linguists have asked his office, the Canadian government and parliament to stick to Canadian English spelling, "which is the spelling they consistently used from the 1970s to 2025." They warned that if governments start to use other systems for spelling, "this could lead to confusion about which spelling is Canadian." Canadian English is a source of immense pride for the nation's pedants. But the country's distinct and somewhat arbitrary spelling reflects the legacy of how Canada was colonized. "Canadian English evolved through Loyalist settlement after the American Revolutionary War, subsequent waves of English, Scottish, Welsh and Irish immigration, and from European and global contexts," the letter says, with the current accepted spellings of words reflecting "global influences and cultures from around the world represented in our population, as well as containing words and phrases from Indigenous languages." The linguists pointed out that Canada's distinct style of spelling was widespread in media and government documents, with this deliberate decision reflecting a desire to preserve a vital element of the country's "national history, identity and pride."

Read more of this story at Slashdot.

Intel has quietly stopped maintaining its open-source user-space driver stack for Gaudi accelerators. Phoronix reports: It turns out earlier this year Intel archived the SynapseAI Core open-source code and is no longer maintained by Intel. The open-source Synapse AI Core GitHub repository was archived in February and README updated with: "This project will no longer be maintained by Intel. Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project. Intel no longer accepts patches to this project. If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project."

Read more of this story at Slashdot.

A veteran games journalist claims Half-Life 3 is real and still planned as a Spring 2026 launch title tied to Valve's next Steam Machine push. Ars Technica reports: On the contrary, veteran journalist Mike Straw insisted on a recent Insider Gaming podcast that "everybody I've talked to are still adamant [Half-Life 3] is a game that will be a launch title with the Steam Machine." Straw -- who has a long history of reporting gaming rumors from anonymous sources -- said this Half-Life 3 information is "not [from] these run-of-the-mill sources that haven't gotten me information before. ... These aren't like random, one-off people." And those sources are "still adamant that the game is coming in the spring," Straw added, noting that he was "specifically told [that] spring 2026 [is the window] for the Steam Machine, for the Frame, for the Controller, [and] for Half-Life 3." [...] Timing specifics aside, Straw said his sources have him convinced that the long wait for Half-Life 3 is coming to an end in the near future. "The game's real," he said. "At the end of the day, the game is real. There's no denying it. It's just a 'when' and not an 'if' at this point."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: The last vehicle will roll off the assembly line at Volkswagen's plant in Dresden, Germany, on Tuesday, marking the first time in the automaker's 88-year history that it has closed a plant in its home country. Volkswagen warned of potential production cuts last year, as it faced shaky demand in Europe and China, its biggest market, as well as higher tariffs that have crimped sales in the United States. After 24 years of vehicle production, the Dresden plant will be converted into a research hub focused on technologies like artificial intelligence, robotics and chip design. Volkswagen will team up with the government of the state of Saxony and the Dresden University of Technology on the project at the plant, known as the Transparent Factory because of its glass walls. "We did not take the decision to end vehicle production at the Transparent Factory after more than 20 years lightly," Thomas Schafer, chief executive of the Volkswagen brand, said in a statement. "From an economic perspective, however, it was absolutely necessary."

Read more of this story at Slashdot.

An anonymous reader quotes a report from BleepingComputer: Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database containing user information. The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 "forbidden" errors. In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures. SoundCloud acknowledged that a threat actor accessed some of its data but said the exposure was limited in scope. [...] BleepingComputer has learned that the breach affects 20% of SoundCloud's users, which, based on publicly reported user figures, could impact roughly 28 million accounts. The company said it is confident that all unauthorized access to SoundCloud systems has been blocked and that there is no ongoing risk to the platform. "We understand that a purported threat actor group accessed certain limited data that we hold," SoundCloud told BleepingComputer. "We have completed an investigation into the data that was impacted, and no sensitive data (such as financial or password data) has been accessed. The data involved consisted only of email addresses and information already visible on public SoundCloud profiles."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

PayPal has applied to become a US bank by forming a Utah-chartered industrial loan company, signaling a push to deepen its financial services "as companies rush to capitalize on a friendly regulatory environment under the Trump administration," reports Reuters. From the report: If approved, the move will help PayPal to strengthen its lending offerings to small businesses in the U.S. as well as reduce its reliance on third parties. "Securing capital remains a significant hurdle for small businesses striving to grow and scale," said PayPal CEO Alex Chriss. "Establishing PayPal Bank will strengthen our business and improve our efficiency, enabling us to better support small business growth and economic opportunities across the U.S." PayPal also plans to offer interest-bearing savings accounts to customers. The company has provided over $30 billion in loans and capital since 2013, it said. [...] PayPal has selected Mara McNeill to serve as PayPal Bank's president. She comes with over two decades of experience in banking and commercial lending, and has previously served as the CEO of Toyota Financial Savings Bank.

Read more of this story at Slashdot.

A new study warns that glaciers in the European Alps will hit their peak extinction rate within eight years, with global glacier loss accelerating toward thousands per year unless emissions are rapidly cut. "Glaciers in the western US and Canada are forecast to reach their peak year of loss less than a decade later, with more than 800 disappearing each year by then," adds the Guardian. From the report: About 200,000 glaciers remain worldwide, with about 750 disappearing each year. However, the research indicates this pace will accelerate rapidly as emissions from burning fossil fuels continue to be released into the atmosphere. Current climate action plans from governments are forecast to push global temperatures to about 2.7C above preindustrial levels, supercharging extreme weather. Under this scenario, glacier losses would peak at about 3,000 a year in 2040 and plateau at that rate until 2060. By the end of the century, 80% of today's glaciers will have gone. By contrast, rapid cuts to carbon emissions to keep global temperature rise to 1.5C would cap annual losses at about 2,000 a year in 2040, after which the rate would decline. [...] The new study, published in Nature Climate Change, analyzed more than 200,000 glaciers from a database of outlines derived from satellite images. The researchers used three global glacier models to assess their fate under different heating scenarios. Regions with the smallest and fastest-melting glaciers were found to be the most vulnerable. The study estimates the 3,200 glaciers in central Europe would shrink by 87% by 2100 -- even if global temperature rise is limited to 1.5C, rising to 97% under 2.7C of heating. In the western US and Canada, including Alaska, about 70% of today's 45,000 glaciers are projected to vanish under 1.5C of heating, and more than 90% under 2.7C. The Caucasus and southern Andes are also expected to face devastating losses. Larger glaciers take longer to melt, with those in Greenland reaching their peak extinction rate in about 2063 -- losing 40% by 2100 under 1.5C of heating and 59% under 2.7C. However, the melting is forecast to continue beyond 2100. The researchers said the peak loss dates represent more than a numerical milestone. "They mark turning points with profound implications for ecosystems, water resources and cultural heritage," they wrote. "[It is] a human story of vanishing landscapes, fading traditions and disrupted daily routines."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...] Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions. To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

Read more of this story at Slashdot.

Once a star of the self-driving hype cycle, lidar maker Luminar has filed for bankruptcy amid legal turmoil, layoffs, and a cooling autonomous-vehicle market. It plans to sell off its assets before shutting down entirely. The Verge reports: As part of its bankruptcy, Luminar is seeking permission to sell both its lidar and semiconductor businesses, the latter of which it has already agreed to sell to Quantum Computing for $110 million. The company plans to continue to operate during the bankruptcy proceedings "to minimize disruptions and maintain delivery of its LiDAR hardware and software." That said, Luminar will cease to exist once the process is complete. "As we navigate this process, our top priority is to continue delivering the same quality, reliability and service our customers have come to expect from us," CEO Paul Ricci said in a statement. After launching in 2017, Luminar muscled its way to the front of the autonomous vehicle industry as a top maker of lidar systems, a key technology that driverless cars use to sense the shapes and distances of objects around them. Luminar has sold sensors to Mercedes-Benz, Volvo, Audi, Toyota Research Institute, Caterpillar, and even Tesla, which has dismissed lidar sensors in favor of traditional cameras. The company was valued at nearly $3 billion when it went public through a reverse merger with a SPAC in 2020.

Read more of this story at Slashdot.

After introducing an AI Mode shortcut earlier this year, Google has now added a new "plus" menu to its Search homepage, highlighting options for image and file uploads. 9to5Google reports: On google.com, the Search bar now has a plus icon at the far left that replaces the magnifying glass. Clicking lets you "Upload image" or "Upload file." It very much matches the AI Mode experience. Those two capabilities aren't new, but this plus menu does help emphasize that you can use Google to accomplish tasks, and not just find information. Additionally, it helps indicate that they can be used with AI Mode and AI Overviews. This is just available on desktop web (not mobile) and is live on all the devices we checked today, including across signed-out Incognito sessions.

Read more of this story at Slashdot.

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw. Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Wall Street Journal: JPMorgan Chase is joining the list of traditional financial firms seeking to bring blockchain technology to an investing staple: the money-market fund. The banking giant's $4 trillion asset-management arm is rolling out its first tokenized money-market fund on the Ethereum blockchain. JPMorgan will seed the fund with $100 million of its own capital, and then open it to outside investors on Tuesday. Called My OnChain Net Yield Fund, or "MONY," the private fund is supported by JPMorgan's tokenization platform, Kinexys Digital Assets, and will be open to qualified investors, or individuals with at least $5 million in investments and institutions with a minimum of $25 million. The fund has a $1 million investment minimum. Wall Street has waded deeper into tokenization since the passage of the Genius Act earlier this year. The landmark measure, which establishes a regulatory framework for tokenized dollars known as stablecoins, has unleashed a wave of efforts to tokenize everything from stocks and bonds to funds and real assets. "There is a massive amount of interest from clients around tokenization," said John Donohue, head of global liquidity at J.P. Morgan Asset Management. "And we expect to be a leader in this space and work with clients to make sure that we have a product lineup that allows them to have the choices that we have in traditional money-market funds on blockchain."

Read more of this story at Slashdot.

Merriam-Webster crowned "slop" its 2025 Word of the Year, reflecting growing public awareness and and fatigue around low-quality, AI-generated content flooding the internet. "It's such an illustrative word," said Greg Barlow, Merriam-Webster's president. "It's part of a transformative technology, AI, and it's something that people have found fascinating, annoying and a little bit ridiculous." The Associated Press reports: "Slop" was first used in the 1700s to mean soft mud, but it evolved more generally to mean something of little value. The definition has since expanded to mean "digital content of low quality that is produced usually in quantity by means of artificial intelligence." In other words, "you know, absurd videos, weird advertising images, cheesy propaganda, fake news that looks real, junky AI-written digital books," Barlow said. "Words like 'ubiquitous,' 'paradigm,' 'albeit,' 'irregardless,' these are always top lookups because they're words that are on the edge of our lexicon," Barlow said. "'Irregardless' is a word in the dictionary for one reason: It's used. It's been used for decades to mean 'regardless.'" The announcement can be found here.

Read more of this story at Slashdot.

Ford has effectively pulled the plug on the all-electric F-150 Lightning, pivoting away from full-size BEV pickups toward hybrids, range-extended EVs (EREVs), and even data-center battery storage. Ars Technica reports: Ford's announcements today can't be said to have come out of the blue. Rumors of the F-150's demise have been circulating for more than a month, and last week SK On ended its joint venture with Ford that was building a pair of EV battery plants in Kentucky and Tennessee. We learned then that Ford would keep the Kentucky plant and SK On gets the one in Tennessee, which would focus on the energy storage business instead. Now, we know that something similar will happen at the Kentucky plant -- Ford says it's spending $2 billion to convert the factory to make prismatic lithium iron phosphate (LFP) cells. Those aren't destined for EVs, but they are the preferred cell format for data centers, Ford says. The company says that it will bring the factory online in the next 18 months, reaching an annual output of 20 GWh. Other Ford plants are also being repurposed. With no full-size BEV pickup in the product plans, the assembly plant in Tennessee that was to produce it -- the one near the battery factory that SK On is keeping -- will instead build new gas-powered trucks, although not for another four years. Around that same time, its Ohio assembly plant will begin building new commercial vehicles. All of this will impact Ford's bottom line, to the tune of $19.5 billion over the next few years, $5.5 billion of which will be in cash. Most of that will hit in the final quarter of 2025, but will extend until 2027, Ford said.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Several dozen people protested on Sunday in the Siberian city of Tomsk against Russia's ban on U.S. children's gaming platform Roblox, a rare show of public dissent as popular irritation over the ban gains some momentum. In wartime Russia, censorship is extensive: Moscow blocks or restricts social media platforms such as Snapchat, Facebook, Instagram, WhatsApp and YouTube while distributing its own narrative through a network of social media and Russian media. Russia's communications watchdog Roskomnadzor said on December 3 it had blocked Roblox because it was "rife with inappropriate content that can negatively impact the spiritual and moral development of children." In Tomsk, 2,900 km (1,800 miles) east of Moscow, several dozen people braved the snow to hold up hand-drawn placards reading "Hands off Roblox" and "Roblox is the victim of the digital Iron Curtain" in Vladimir Vysotsky Park, according to photographs provided by an organizer of the protest. "Bans and blocks are all you are able to do," read one placard. The photographs showed about 25 people standing in a circle in the snow, holding up placards. In Russia, the ban on Roblox has triggered a debate over censorship, child safety in relation to technology and even the effectiveness of censorship in a digitalized world where children can bypass many bans in a few clicks.

Read more of this story at Slashdot.

Longtime Slashdot reader AmiMoJo shares a report from Clean Energy Wire: Renewable energy sources covered nearly 56 percent of Germany's gross electricity consumption in 2025, according to preliminary figures by energy industry group BDEW and research institute ZSW. Despite a 'historically weak' first quarter of the year for wind power production and a significant drop in hydropower output, the share of renewables grew by 0.7 percentage points compared to the previous year thanks to an increase in installed solar power capacity. Solar power output increased by 18.7 percent over the whole year, while the strong growth in installed capacity from previous years could be sustained, with more than 17 gigawatts (GW) added to the system. With March being the least windy month in Germany since records began in 1950, wind power output, on the other hand, faced a drop of 5.2 percent compared to 2024. However, stronger winds in the second and third quarter compensated for much of the early-year decrease. Onshore turbines with a capacity of 5.2 GW were added to the grid, a marked increase from the 3.3 GW in the previous year. Due to significantly less precipitation this year compared to 2024, hydropower output dropped by nearly one quarter (24.1%), while remaining only a fraction (3.2%) of total renewable power output.

Read more of this story at Slashdot.

A former Chinese official who fled to the U.S. says Beijing has used advanced surveillance technology from U.S. companies to track, intimidate, and punish him and his family across borders. ABC News reports: Retired Chinese official Li Chuanliang was recuperating from cancer on a Korean resort island when he got an urgent call: Don't return to China, a friend warned. You're now a fugitive. Days later, a stranger snapped a photo of Li in a cafe. Terrified South Korea would send him back, Li fled, flew to the U.S. on a tourist visa and applied for asylum. But even there -- in New York, in California, deep in the Texas desert -- the Chinese government continued to hunt him down with the help of surveillance technology. Li's communications were monitored, his assets seized and his movements followed in police databases. More than 40 friends and relatives -- including his pregnant daughter -- were identified and detained, even by tracking down their cab drivers through facial recognition software. Three former associates died in detention, and for months shadowy men Li believed to be Chinese operatives stalked him across continents, interviews and documents seen by The Associated Press show. The Chinese government is using an increasingly powerful tool to cement its power at home and vastly amplify it abroad: Surveillance technology, much of it originating in the U.S., an AP investigation has found. Within China, this technology helped identify and punish almost 900,000 officials last year alone, nearly five times more than in 2012, according to state numbers. Beijing says it is cracking down on corruption, but critics charge that such technology is used in China and elsewhere to stifle dissent and exact retribution on perceived enemies. Outside China, the same technology is being used to threaten wayward officials, along with dissidents and alleged criminals, under what authorities call Operations "Fox Hunt" and "Sky Net." The U.S. has criticized these overseas operations as a "threat" and an "affront to national sovereignty." More than 14,000 people, including some 3,000 officials, have been brought back to China from more than 120 countries through coercion, arrests and pressure on relatives, according to state information.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Dozens of Ukrainian civilians filed a series of lawsuits in Texas this week, accusing some of the biggest US chip firms of negligently failing to track chips that evaded export curbs. Those chips were ultimately used to power Russian and Iranian weapon systems, causing wrongful deaths last year. Their complaints alleged that for years, Texas Instruments (TI), AMD, and Intel have ignored public reporting, government warnings, and shareholder pressure to do more to track final destinations of chips and shut down shady distribution channels diverting chips to sanctioned actors in Russia and Iran. Putting profits over human lives, tech firms continued using "high-risk" channels, Ukrainian civilians' legal team alleged in a press statement, without ever strengthening controls. All that intermediaries who placed bulk online orders had to do to satisfy chip firms was check a box confirming that the shipment wouldn't be sent to sanctioned countries, lead attorney Mikal Watts told reporters at a press conference on Wednesday, according to the Kyiv Independent. "There are export lists," Watts said. "We know exactly what requires a license and what doesn't. And companies know who they're selling to. But instead, they rely on a checkbox that says, 'I'm not shipping to Putin.' That's it. No enforcement. No accountability." [...] Damages sought include funeral expenses and medical costs, as well as "exemplary damages" that are "intended to punish especially wrongful conduct and to deter similar conduct in the future." For plaintiffs, the latter is the point of the litigation, which they hope will cut off key supply chains to keep US tech out of weapon systems deployed against innocent civilians. "They want to send a clear message that American companies must take responsibility when their technologies are weaponized and used to commit harm across the globe," the press statement said. "Corporations must be held accountable when its unlawful decisions made in the name of profit directly cause the death of innocents and widespread human suffering." For chip firms, the litigation could get costly if more civilians join, with the threat of a loss potentially forcing changes that could squash supply chains currently working to evade sanctions. "We want to make this process so expensive and painful that companies are forced to act," Watts said. "That is our contribution to stopping the war against civilians."

Read more of this story at Slashdot.

Chandler, Arizona unanimously rejected a proposed AI data center despite heavy lobbying from Big Tech interests and former Sen. Kyrsten Sinema. Politico reports: The Chandler City Council last night voted down a request by a New York developer to rezone land to build a data center and business complex. The local battle escalated in October after Sinema showed up at a planning commission meeting to offer public comment warning officials in her home state that federal authority may soon stomp on local regulations. "Chandler right now has the opportunity to determine how and when these new, innovative AI data centers will be built," she told local officials. "When federal preemption comes, we'll no longer have that privilege." Explaining her no vote, Chandler Vice Mayor Christine Ellis said that she had long framed her decision about the local benefits rather than the national push to build AI. She recalled a meeting with Sinema where she asked point-blank, "what's in it for Chandler?" "If you can't show me what's in it for Chandler, then we are not having a conversation," Ellis said before voting against the project. [...] The project, along with Sinema's involvement, attracted significant community opposition, with speakers raising concerns about whether the project would use too much water or raise power prices. Residents packed the council chambers, with many holding up signs reading "No More Data Centers." According to the city's planning office, more than 200 comments were filed against the proposal compared to just eight in favor.

Read more of this story at Slashdot.

Framework Computer raised DDR5 memory prices for its Laptop DIY Editions by 50% due to industry-wide memory shortages. Phoronix reports: Framework Computer is keeping the prior prices for existing pre-orders and also is foregoing any price changes for their pre-built laptops or the Framework Desktop. Framework Computer also lets you order DIY laptops without any memory at all if so desired for re-using existing modules or should you score a deal elsewhere. Due to their memory pricing said to be more competitive below market rates, they also adjusted their return policy to prevent scalpers from purchasing DIY Edition laptops with memory while then returning just the laptops. The DDR5 must be returned now with DIY laptop order returns. Additional details can be found via the Framework Blog.

Read more of this story at Slashdot.

id Software employees voted to form a wall-to-wall union with the CWA, covering all roles at the Doom studio. "The vote wasn't unanimous, though a majority did vote in favor of the union," notes Engadget. From the report: The union will work in conjunction with the Communications Workers of America (CWA), which is the same organization involved with parent company ZeniMax's recent unionization efforts. Microsoft, who owns ZeniMax, has already recognized this new effort, according to a statement by the CWA. It agreed to a labor neutrality agreement with the CWA and ZeniMax workers last year, paving the way for this sort of thing. From the onset, this union will look to protect remote work for id Software employees. "Remote work isn't a perk. It's a necessity for our health, our families, and our access needs. RTO policies should not be handed down from executives with no consideration for accessibility or our well-being," said id Software Lead Services Programmer Chris Hays. He also said he looks forward to getting worker protections regarding the "responsible use of AI."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The U.S. government will require artificial intelligence vendors to measure political "bias" to sell their chatbots to federal agencies, according to a Trump administration statement (PDF) released on Thursday. The requirement will apply to all large language models bought by federal agencies, with the exception of national security systems, according to the statement. President Donald Trump ordered federal agencies in July to avoid buying large language models that he labeled as "woke." Thursday's statement gives more detail to that directive, saying that developers should not "intentionally encode partisan or ideological judgments" into a chatbot's outputs. Further reading: Trump Signs Executive Order For Single National AI Regulation Framework, Limiting Power of States

Read more of this story at Slashdot.

The pro-Russian CyberVolk group resurfaced with a Telegram-based ransomware-as-a-service platform, but fatally undermined its own operation by hardcoding master encryption keys in plaintext. The Register reports: First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It's run entirely through Telegram, which makes it very easy for affiliates that aren't that tech savvy to lock files and demand a ransom payment. CyberVolk's soldiers can use the platform's built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram. But here's the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys -- this same key encrypts all files on a victim's system -- into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang's resurgence and flawed code in a Thursday report.

Read more of this story at Slashdot.

Phoebe Gates, Bill Gates' youngest daughter, has raised $30 million for the AI shopping app she built in her Stanford dorm room with classmate Sophia Kianni. The app is called Phia and is pitched as a way to simplify price comparison and secondhand shopping. "Its AI-powered search engine -- available as an app and as a browser extension for Chrome and Safari -- pulls listings from more than 40,000 retail and resale sites so users can compare prices, surface real-time deals, and determine whether an item's cost is typical, high or fair," reports the San Francisco Chronicle. The app has reached 750,000 downloads in eight months and is valued at $180 million. From the report: Gates told Elle that when she first floated the idea to her parents, they urged her to keep it as a side project -- advice she followed by enrolling in Stanford's night program after moving to New York and finishing her degree in 2024. "They were like, 'Okay, you can do this as a side thing, but you need to stay in school.' I don't think people would expect that from my family, to be honest," she said. Her father dropped out of Harvard University in 1975 to launch Microsoft. Kianni even paused her degree temporarily "to learn, as quickly as possible, as much as we could about the industry that we would be operating in," she told Vogue. Bill Gates has not invested in the company, though he has publicly supported its mission.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Google has increasingly moved toward keeping features locked to its hardware products, but the Translate app is bucking that trend. The live translate feature is breaking out of the Google bubble with support for any earbuds you happen to have connected to your Android phone. The app is also getting improved translation quality across dozens of languages and some Duolingo-like learning features. The latest version of Google's live translation is built on Gemini and initially rolled out earlier this year. It supports smooth back-and-forth translations as both on-screen text and audio. Beginning a live translate session in Google Translate used to require Pixel Buds, but that won't be the case going forward. Google says a beta test of expanded headphone support is launching today in the US, Mexico, and India. The audio translation attempts to preserve the tone and cadence of the original speaker, but it's not as capable as the full AI-reproduced voice translations you can do on the latest Pixel phones. Google says this feature should work on any earbuds or headphones, but it's only for Android right now. The feature will expand to iOS in the coming months. [...] The new translation model, which is also available in the search-based translation interface, supports over 70 languages.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Guardian: Reddit has filed a challenge against Australia's under-16s social media ban in the high court, lodging its case two days after implementing age restrictions on its website. The company said in a Reddit post on Friday that while it agreed with protecting people under 16, the law "has the unfortunate effect of forcing intrusive and potentially insecure verification processes on adults as well as minors, isolating teens from the ability to engage in age-appropriate community experiences." Reddit said there was an "illogical patchwork" of platforms included in the ban. "As the Australian Human Rights Commission put it, 'There are less restrictive alternatives available that could achieve the aim of protecting children and young people from online harms, but without having such a significant negative impact on other human rights.'" Reddit argued it was a forum primarily for adults without the traditional social media features the government has "taken issue with." Reddit was challenging the law on the grounds it infringed on the implied freedom of political communication. It was also seeking to challenge whether Reddit could be considered an age-restricted social media platform under the legislation. It said it was not seeking to challenge the law to avoid compliance, and had implemented age-assurance measures since Wednesday. The company said the vast majority of Redditors were adults, and advertising wasn't targeted to children under 18. The Apple app store age rating for Reddit is 17+. "Despite the best intentions, this law is missing the mark on actually protecting young people online," Reddit said. "So, while we will comply with this law, we have a responsibility to share our perspective and see that it is reviewed by the courts."

Read more of this story at Slashdot.

The SEC has granted the Depository Trust & Clearing Corp., or DTCC, a no-action letter allowing it to custody and recognize tokenized stocks, ETFs, and Treasuries on approved blockchains for three years. "Although this program is a pilot subject to various operational limitations, it marks a significant incremental step in moving markets onchain," SEC Commissioner Hester Peirce said in a statement. Bloomberg reports: With the permission, DTCC will also extend their record-keeping to the blockchain, Michael Winnike, global head of strategy and market solutions at DTCC Clearing & Securities Services, said in an interview. "It's the same legal entitlement, the same stock that you would hold in your account from the DTCC in traditional form," Winnike said. [...] The SEC's authorization of tokenization services only applies to a specific set of securities that trade often. The approval includes the Russell 1000 index which represents the 1,000 largest publicly traded US companies, as well as exchange-traded funds that track major indices and US Treasury bills, bonds and notes, Winnike said. "This allows us both to create value for the markets, while staying in a pre-defined pool of highly-liquid securities to start," said Winnike. The firm's ultimate aspiration is to add its entire depository, which represents $100 trillion in securities, to the blockchain, a move that would require further expansion of the no-action relief from the SEC, he said. Winnike said the tokenization service will help bridge the traditional and digital worlds in part because the new technology will have the same legal entitlements and controls as traditional markets, including freezing or forced transfers if assets are stolen. "This enables participants to adopt and integrate, because they know there is a trusted party that can recover their securities as needed" and can address potential errors, he said. The new blockchain service will also allow investors to move assets all the time, not just Monday through Friday when traditional markets are open. "That creates a lot of new utility," Winnike said. "It brings the two ecosystems together."

Read more of this story at Slashdot.

Cadmium zinc telluride (CZT), a hard-to-manufacture semiconductor produced by only a handful of companies, is enabling a quiet revolution in medical imaging, science, and security by delivering faster scans, lower radiation doses, and far more precise X-ray and gamma-ray detection. "You get beautiful pictures from this scanner," says Dr Kshama Wechalekar, head of nuclear medicine and PET. "It's an amazing feat of engineering and physics." The BBC reports: Kromek is one of just a few firms in the world that can make CZT. You may never have heard of the stuff but, in Dr Wechalekar's words, it is enabling a "revolution" in medical imaging. This wonder material has many other uses, such as in X-ray telescopes, radiation detectors and airport security scanners. And it is increasingly sought-after. Investigations of patients' lungs performed by Dr Wechalekar and her colleagues involve looking for the presence of many tiny blood clots in people with long Covid, or a larger clot known as a pulmonary embolism, for example. The 1-million-pound scanner works by detecting gamma rays emitted by a radioactive substance that is injected into patients' bodies. But the scanner's sensitivity means less of this substance is needed than before: "We can reduce doses about 30%," says Dr Wechalekar. While CZT-based scanners are not new in general, large, whole-body scanners such as this one are a relatively recent innovation. CZT itself has been around for decades but it is notoriously difficult to manufacture. "It has taken a long time for it to develop into an industrial-scale production process," says Arnab Basu, founding chief executive of Kromek. [...] The newly formed CZT, a semiconductor, can detect tiny photon particles in X-rays and gamma rays with incredible precision -- like a highly specialized version of the light-sensing, silicon-based image sensor in your smartphone camera. Whenever a high energy photon strikes the CZT, it mobilizes an electron and this electrical signal can be used to make an image. Earlier scanner technology used a two-step process, which was not as precise. "It's digital," says Dr Basu. "It's a single conversion step. It retains all the important information such as timing, the energy of the X-ray that is hitting the CZT detector -- you can create color, or spectroscopic images."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: Do Kwon, the South Korean cryptocurrency entrepreneur behind two digital currencies that lost an estimated $40 billion in 2022, was sentenced in New York federal court on Thursday to 15 years in prison for fraud and conspiracy. Kwon, 34, who co-founded Singapore-based Terraform Labs and developed the TerraUSD and Luna currencies, previously pleaded guilty and admitted to misleading investors about a coin that was supposed to maintain a steady price during periods of crypto market volatility. Kwon was one of several cryptocurrency moguls to face federal charges after a slump in digital token prices in 2022 prompted the collapse of a number of companies. [...] Kwon was accused of misleading investors in 2021 about TerraUSD, a so-called stablecoin designed to maintain a value of $1. Prosecutors alleged that when TerraUSD slipped below its $1 peg in May 2021, Kwon told investors a computer algorithm known as "Terra Protocol" had restored the coin's value. Instead, Kwon arranged for a high-frequency trading firm to secretly buy millions of dollars of the token to artificially prop up its price, according to charging documents. "I made false and misleading statements about why it regained its peg by failing to disclose a trading firm's role in restoring that peg," Kwon said in court. "What I did was wrong." He also faces charges in South Korea, and under his plea deal, prosecutors won't oppose his transfer abroad after he serves half of his U.S. sentence.

Read more of this story at Slashdot.

Longtime Slashdot reader Gilmoure shares a report from Nature: Scientists have produced the most detailed 3D map of almost all buildings in the world. The map, called GlobalBuildingAtlas, combines satellite imagery and machine learning to generate 3D models for 97% of buildings on Earth. The dataset, published in the open-access journal Earth System Science Data on December 1, covers 2.75 billion buildings, each mapped with footprints and heights at a spatial resolution of 3 meters by 3 meters. The 3D map opens new possibilities for disaster risk assessment, climate modeling and urban planning, according to study co-author Xiaoxiang Zhu, an Earth observation data scientist at the Technical University of Munich in Germany. "Imagine a video game with the world's buildings already mapped in basic spatial dimensions!" writes Gilmoure.

Read more of this story at Slashdot.

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...] Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks. Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

Read more of this story at Slashdot.

Broadcom has quietly pulled VMware vSphere Foundation from parts of EMEA, pushing smaller customers toward far more expensive bundles and prompting some to consider jumping to Hyper-V or Nutanix. The Register reports: VVF is a bundle that offers compute, storage, and networking virtualization, and a platform to run containers. It's most useful in hyperconverged infrastructure and hybrid clouds, but is less capable than the Cloud Foundation (VCF) private cloud suite. Virtzilla said EMEA customers would need to check with their local dealer to see if VVF was still on sale in their country. "VVF is no longer available in some EMEA countries, but for the majority it is still available," a Broadcom spokesperson said. "Customers will have to reach out to sales reps or partners to determine availability of a given product in their region. These changes were recent." Our initial tipster said their reseller clued them into the impending change when VMware's new fiscal year started in November. This anonymous customer told us that their hardware fleet boasts thousands of compute cores and without more affordable options, his organization was looking at their annual VMware spend leaping by 10x from around $130,000 to $1.3 million. "We're currently looking to jump ship to either Microsoft's Hyper-V or Nutanix, as we can't eat (that) increase," they told The Register. [...] For the moment, a Broadcom spokesperson told us it has no plans to ditch VMware vSphere Standard, the basic server virtualization bundle which we're told makes up about 60 percent of the company's licenses and is a lower-cost way to access VMware's hypervisor than buying its full suite of VMware Cloud Foundation products. "We have not announced any changes to the availability of vSphere Standard in EMEA nor end of support for vSphere Standard," the spokesperson said via email. "The product remains fully available across EMEA today. However, Broadcom product availability can vary by region to align with local market requirements, customer demand, and other considerations."

Read more of this story at Slashdot.

President Trump signed an executive order establishing a single federal AI regulatory framework that preempts state-level rules, aiming to centralize oversight of the rapidly growing AI industry. "The Trump administration, with the aid of AI and crypto czar David Sacks, has been pursuing a path that would allow federal rules to preempt state regulations on AI, a move meant to keep big Democratic-led states like California and New York from exerting their control over the growing industry," notes CNBC. Developing...

Read more of this story at Slashdot.

A UC Berkeley professor, suspecting years of targeted computer damage against one Ph.D. student, secretly installed a hidden camera that allegedly caught another doctoral candidate sabotaging the student's laptop. The student now faces felony vandalism charges and is due for his first court appearance on Dec. 15. The Mercury News reports: A UC Berkeley professor smelled a rat -- over the years there had been $46,855 in damage from computers that failed, and nearly all of it seemed to affect one particular Ph.D. candidate at the college's Electrical Engineering and Computer Sciences department. The professor wondered if the student's luck was really that bad, or if something else was afoot. So he installed a hidden camera -- disguised in a department laptop, and pointed it at the student's computer. According to police, the sly move captured another Ph.D. candidate, 26-year-old Jiarui Zou, damaging his fellow student's computer with some implement that caused sparks to fly out of the laptop. Now, Zou has been charged with three felony counts of vandalism, related to the destruction of three computers on Nov. 9-10. The charges allege the damage amounted to more than $400 each time, though the professor who reported the vandalism, and the affected student, told police they suspect Zou of the additional incidents that had been going on for years, court records show.

Read more of this story at Slashdot.