Slashdot reader [1]joshuark writes:

> Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, [2]according to a report from BleepingComputer . This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.

>

> For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.

>

> "This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," [3]Microsoft says in a support document published Wednesday .

>

> It is important to note that this may not take effect immediately and could require signing out and signing back in.



[1] https://slashdot.org/~joshuark

[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/

[3] https://support.microsoft.com/en-us/topic/file-explorer-automatically-disables-the-preview-feature-for-files-downloaded-from-the-internet-56d55920-6187-4aae-a4f6-102454ef61fb

OpenAI's rival Anthropic has a different approach — and "a clearer path to making a sustainable business out of AI," [1]writes the Wall Street Journal .

> Outside of OpenAI's close partnership with Microsoft, which integrates OpenAI's models into Microsoft's software products, OpenAI mostly [2]caters to the mass market ... which has helped OpenAI reach an annual revenue run rate of around $13 billion, around 30% of which it says comes from businesses.

>

> Anthropic has generated much less mass-market appeal. The company has said about 80% of its revenue [3]comes from corporate customers . Last month it said it had some 300,000 of them... Its cutting-edge Claude language models have been praised for their aptitude in coding: A July report from Menlo Ventures — which has invested in Anthropic — estimated via a survey that Anthropic had a 42% market share for coding, compared with OpenAI's 21%. Anthropic is also now ahead of OpenAI in market share for overarching corporate AI use, Menlo Ventures estimated, at 32% to OpenAI's 25%. Anthropic is also surprisingly close to OpenAI when it comes to revenue. The company is already at a $7 billion annual run rate and expects to get to $9 billion by the end of the year — a big lead over its better-known rival in revenue per user.

>

> Both companies have backing in the form of investments from big tech companies — Microsoft for OpenAI, and a combination of Amazon and Google for Anthropic — that help provide AI computing infrastructure and expose their products to a broad set of customers. But Anthropic's growth path is a lot easier to understand than OpenAI's. Corporate customers are devising a plethora of money-saving uses for AI in areas like coding, drafting legal documents and expediting billing. Those uses are likely to expand in the future and draw more customers to Anthropic, especially as the return on investment for them becomes easier to measure...

>

> Demonstrating how much demand there is for Anthropic among corporate customers, Microsoft in September said Anthropic's leading language model, Claude, would be offered within its Copilot suite of software despite Microsoft's ties to OpenAI.

"There is also a possibility that OpenAI's mass-market appeal becomes a turnoff for corporate customers," the article adds, "who want AI to be more boring and useful than fun and edgy."



[1] https://www.msn.com/en-us/money/technologyinvesting/openai-s-less-flashy-rival-might-have-a-better-business-model/ar-AA1PcFBy

[2] https://www.wsj.com/articles/openai-claims-breakthrough-in-image-creation-for-chatgpt-62ed0318

[3] https://www.wsj.com/articles/anthropic-and-ibm-partner-in-bid-for-ai-business-customers-f64dee55

America's largest university system, with 460,000 students, is the 22-campus "Cal State" system, [1]reports the New York Times . And it's recently teamed with Amazon, OpenAI and Nvidia, hoping to embed chatbots in both teaching and learning to become what it says will be America's "first and largest AI-empowered" university" — and prepare students for "increasingly AI-driven" careers.

It's part of a trend of major universities inviting tech companies into "a much bigger role as education thought partners, AI instructors and curriculum providers," argues the New York Times, where "dominant tech companies are now helping to steer what an entire generation of students learn about AI, and how they use it — with little rigorous evidence of educational benefits and mounting concerns that chatbots are spreading misinformation and eroding critical thinking..."

"Critics say Silicon Valley's effort to make AI chatbots integral to education amounts to a mass experiment on young people."

> As part of the effort, [Cal State] is paying OpenAI $16.9 million to provide ChatGPT Edu, the company's tool for schools, to more than half a million students and staff — which OpenAI heralded as the world's largest rollout of ChatGPT to date. Cal State also set up an AI committee, whose members include representatives from a dozen large tech companies, to help identify the skills California employers need and improve students' career opportunities... Cal State is not alone. Last month, California Community Colleges, the nation's largest community college system, announced a collaboration with Google to supply the company's "cutting edge AI tools" and training to 2.1 million students and faculty. In July, Microsoft pledged $4 billion for teaching AI skills in schools, community colleges and to adult workers...

>

> [A]s schools like Cal State work to usher in what they call an "AI-driven future," some researchers warn that universities risk ceding their independence to Silicon Valley. "Universities are not tech companies," Olivia Guest and Iris van Rooij, two computational cognitive scientists at Radboud University in the Netherlands, recently said in comments arguing against fast AI adoption in academia. "Our role is to foster critical thinking," the researchers said, "not to follow industry trends uncritically...."

>

> Some faculty members have pushed back against the AI effort, as the university system faces steep budget cuts. The multimillion-dollar deal with OpenAI — which the university did not open to bidding from rivals like Google — was wasteful, they added. Faculty senates on several Cal State campuses passed resolutions this year criticizing the AI initiative, saying the university had failed to adequately address students using chatbots to cheat. Professors also said administrators' plans glossed over the risks of AI to students' critical thinking and ignored troubling industry labor practices and environmental costs.

>

> Martha Kenney, a professor of women and gender studies at San Francisco State University, described the AI program as a Cal State marketing vehicle helping tech companies promote unproven chatbots as legitimate educational tools.

The article notes that Cal State's chief information officer "defended the OpenAI deal, saying the company offered ChatGPT Edu at an unusually low price.

"Still, California's community college system landed AI chatbot services from Google for more than 2 million students and faculty — nearly four times the number of users Cal State is paying OpenAI for — for free."



[1] https://www.msn.com/en-in/money/news/big-tech-makes-cal-state-its-ai-training-ground/ar-AA1PbqOk

GM plans to dump Apple CarPlay and Android Auto on all its car new vehicles "in the near future," [1]reports the Verge .

In an episode of the Verge's Decoder podcast, GM CEO Mary Barra [2]confirmed the upcoming change to "phone projections" for GM cars:

> The timing is unclear, but Barra pointed to a major rollout of what the company is calling a [3]new centralized computing platform , set to launch in 2028, that will involve eventually transitioning its entire lineup to a unified in-car experience.

>

> In place of phone projection, GM is working to update its current Android-powered infotainment implementation with a Google Gemini-powered assistant and an assortment of other custom apps, built both in-house and with partners. GM's 2023 [4]decision to drop CarPlay and Android Auto support in its EVs has proved controversial, though for now GM has maintained support for phone projection in its gas-powered vehicles.



[1] https://www.theverge.com/transportation/804562/gm-apple-carplay-android-auto-gas-cars-mary-barra

[2] https://www.theverge.com/podcast/803379/gm-ceo-mary-barra-sterling-anderson-cadillac-iq-ev-autonomy-interview

[3] https://www.theverge.com/news/802452/gm-forward-ai-robot-level-3-autonomous

[4] https://www.theverge.com/2023/3/31/23664814/gm-ev-restrict-apple-carplay-android-auto-google

North Dakota experienced an almost 40% increase in electricity demand "thanks in part to an explosion of data centers," [1]reports the Washington Post . Yet the state saw a 1% drop in its per kilowatt-hour rates.

"A [2]new study from researchers at Lawrence Berkeley National Laboratory and the consulting group Brattle suggests that, counterintuitively, more electricity demand can actually lower prices..."

> Between 2019 and 2024, the researchers calculated, states with spikes in electricity demand saw lower prices overall. Instead, they found that the biggest factors behind rising rates were the cost of poles, wires and other electrical equipment — as well as the cost of safeguarding that infrastructure against future disasters... [T]he largest costs are fixed costs — that is, maintaining the massive system of poles and wires that keeps electricity flowing. That system is getting old and is under increasing pressures from wildfires, hurricanes and other extreme weather. More power customers, therefore, means more ways to divvy up those fixed costs. "What that means is you can then take some of those fixed infrastructure costs and end up spreading them around more megawatt-hours that are being sold — and that can actually reduce rates for everyone," said Ryan Hledik [principal at Brattle and a member of the research team]...

>

> [T]he new study shows that the costs of operating and installing wind, natural gas, coal and solar have been falling over the past 20 years. Since 2005, generation costs have fallen by 35 percent, from $234 billion to $153 billion. But the costs of the huge wires that transmit that power across the grid, and the poles and wires that deliver that electricity to customers, are skyrocketing. In the past two decades, transmission costs nearly tripled; distribution costs more than doubled. Part of that trend is from the rising costs of parts: The price of transformers and wires, for example, has far outpaced inflation over the past five years. At the same time, U.S. utilities haven't been on top of replacing power poles and lines in the past, and are now trying to catch up. According to another report from Brattle, utilities are already spending more than [3]$10 billion a year replacing aging transmission lines.

>

> And finally, escalating extreme-weather events are knocking out local lines, forcing utilities to spend big to make fixes. Last year, Hurricane Beryl [4]decimated Houston's power grid , forcing months of costly repairs. The threat of wildfires in the West, meanwhile, is making utilities spend billions on [5]burying power lines . According to the Lawrence Berkeley study, about 40 percent of California's electricity price increase over the last five years was due to wildfire-related costs.

Yet the researchers tell the Washington Post that prices could still increase if utilities have to quickly build more infrastructure just to handle data center. But their point is "This is a much more nuanced issue than just, 'We have a new data center, so rates will go up.'"

As the article points out, "Generous subsidies for rooftop solar also [6]increased rates in certain states, mostly in places such as California and Maine... If customers install rooftop solar panels, demand for electricity shrinks, spreading those fixed costs over a smaller set of consumers.



[1] https://www.washingtonpost.com/climate-environment/2025/10/25/data-centers-electricity-prices-rise/

[2] https://www.sciencedirect.com/science/article/pii/S1040619025000612#sec0020

[3] https://acore.org/wp-content/uploads/2025/04/Report__Incorporating-GETs-and-HPCs-Under-FERC-Order-1920__April-21-2025.pdf

[4] https://www.washingtonpost.com/climate-environment/interactive/2024/hurricanes-power-outages-heat-wave-risk/

[5] https://www.washingtonpost.com/nation/2021/07/22/pge-power-lines-california-wildfires/

[6] https://www.washingtonpost.com/climate-solutions/2024/10/16/rooftop-solar-emissions-climate-change/

"Snippets of proprietary or copyleft reciprocal code can enter AI-generated outputs, contaminating codebases with material that developers can't realistically audit or license properly."

That's the warning from Sean O'Brien, who founded the Yale Privacy Lab at Yale Law School. [1]ZDNet reports :

> Open software has always counted on its code being regularly replenished. As part of the process of using it, users modify it to improve it. They add features and help to guarantee usability across generations of technology. At the same time, users improve security and patch holes that might put everyone at risk. But O'Brien says, "When generative AI systems ingest thousands of FOSS projects and regurgitate fragments without any provenance, the cycle of reciprocity collapses. The generated snippet appears originless, stripped of its license, author, and context." This means the developer downstream can't meaningfully comply with reciprocal licensing terms because the output cuts the human link between coder and code. Even if an engineer suspects that a block of AI-generated code originated under an open source license, there's no feasible way to identify the source project. The training data has been abstracted into billions of statistical weights, the legal equivalent of a black hole.

>

> The result is what O'Brien calls "license amnesia." He says, "Code floats free of its social contract and developers can't give back because they don't know where to send their contributions...."

>

> "Once AI training sets subsume the collective work of decades of open collaboration, the global commons idea, substantiated into repos and code all over the world, risks becoming a nonrenewable resource, mined and never replenished," says O'Brien. "The damage isn't limited to legal uncertainty. If FOSS projects can't rely upon the energy and labor of contributors to help them fix and improve their code, let alone patch security issues, fundamentally important components of the software the world relies upon are at risk."

>

> O'Brien says, "The commons was never just about free code. It was about freedom to build together." That freedom, and the critical infrastructure that underlies almost all of modern society, is at risk because attribution, ownership, and reciprocity are blurred when AIs siphon up everything on the Internet and launder it (the analogy of money laundering is apt), so that all that code's provenance is obscured.



[1] https://www.zdnet.com/article/why-open-source-may-not-survive-the-rise-of-generative-ai/

Long-time Slashdot reader [1]schwit1 shares [2]this article from Interesting Engineering :

> Bill Gates-backed TerraPower's innovative Natrium reactor project in Wyoming has cleared a critical federal regulatory hurdle. The US Nuclear Regulatory Commission (NRC) has successfully completed its final Environmental Impact Statement (EIS) for the project, known as Kemmerer Unit 1, and found no adverse impacts that would block its construction.

>

> The commission officially recommended that a construction permit be issued to TerraPower subsidiary USO for the facility in Lincoln County.

>

> This announcement marks a significant milestone, making the Natrium project the first-ever advanced commercial nuclear power plant in the country to successfully complete this rigorous environmental review process... The first-of-a-kind design utilizes an 840 MW (thermal) pool-type reactor connected to a molten salt-based energy storage system. This storage technology is the plant's most unique feature. It is designed to keep the base output steady, ensuring constant reliability, but it also allows the plant to function like a massive battery. The system can store heat and boost the plant's output to 500 MWe when demand peaks, allowing it to ramp up power quickly to support the grid. TerraPower says it is the only advanced reactor design with this unique capability. The Natrium plant is strategically designed to replace electricity generation capacity following the planned retirement of existing coal-fired facilities in the region.

>

> While the regulatory process for the nuclear components continues, construction on the non-nuclear portions of the site already began in June 2024. When completed, the Natrium plant is poised to be the first utility-scale advanced nuclear power plant in the United States.

The next step for the construction permit application is a final safety evaluation, which is anticipated by December 31, 2025, [3]according to announcement from TerraPower , which notes that the project is being developed through a public-private partnership with the U.S. Energy Department.

"When completed, the Natrium plant will be the first utility-scale advanced nuclear power plant in the United States."



[1] https://www.slashdot.org/~schwit1

[2] https://interestingengineering.com/energy/terrapower-nuclear-reactor-gets-us-approval

[3] https://www.terrapower.com/natrium-project-receives-first-nrc-issued-environmental-impact-statement-for-a-commercial-advanced-nuclear-power-plant

Can YouTube capture the hours people spending watching "traditional" TV? YouTube's CEO recently said its viewership on TV sets has "surpassed mobile and is now the primary device for YouTube viewing in the U.S.," [1]writes The Hollywood Reporter . And YouTube is shelling out big money to stay on top:

> It's come a long way since the 19-second "me at the zoo" video was uploaded in April 2005. Now, per a KPMG report released Sept. 23, YouTube is second only to Comcast in terms of annual content spend, inclusive of payments to creators and media companies, paying out as much as Netflix and Paramount combined, $32 billion... The only question is what genres it will take over next, and how quickly it will do so. From talk shows to scripted dramas to, yes, live sports, there are signs that the platform's ambitions will collide with the traditional TV business sooner rather than later...

>

> YouTube has slowly, then all at once, become the de facto home for what had been late night, not only for the shows on linear TV, but for an emerging crop of new talent born on the platform. As it happens, late night itself transformed YouTube when the Saturday Night Live skit "Lazy Sunday" went viral 20 years ago on the platform, which had only been live for a few months... As consumer preferences collide with a burgeoning ecosystem of video podcasts (YouTube now claims more than 1 billion podcast users monthly), the world of late night, and for that matter TV talk shows more generally, increasingly revolves around the platform. One current late night producer says that almost every A-list booking now includes some sort of sketch or bit that they think will play well on YouTube, but booking those guests in the first place has become less of a sure thing. A veteran Hollywood publicist says that for many of their clients, they are now recommending that YouTube podcasts or shows become the first stop, or at least a major stop, on press tours...

>

> Nielsen has been tracking the streaming platforms that consumers watch on their TV screens ever since it launched what it calls The Gauge in 2021. But over the past year, YouTube's domination of The Gauge has unnerved executives at some competitors. The most recent Gauge report showed that YouTube was by far the most watched video platform, holding 13.1 percent share. Netflix, in second place, was at 8.7 percent.

The article suggests YouTube's last challenge may be "scripted" entertainment — where their business model is different than Netflix or HBO.

"On YouTube, it is up to the creator to finance and produce their content, and while the platform regularly releases new tools to help them (including AI-enabled tech that suggests video ideas and can create short background videos for use in Shorts), scripted entertainment is a particularly tricky challenge, requiring writers, directors, sets, costumes, lighting, editing, special effects and other production requirements that may go beyond the typical creator-led show."



[1] https://www.hollywoodreporter.com/business/digital/youtube-impact-tv-sports-late-night-comedy-shows-1236400353/

Has AI just become [1]an easy excuse for firms looking to downsize , asks CNBC:

> Fabian Stephany, assistant professor of AI and work at the Oxford Internet Institute, said there might be more to job cuts than meets the eye. Previously there may have been some stigma attached to using AI, but now companies are "scapegoating" the technology to take the fall for challenging business moves such as layoffs. "I'm really skeptical whether the layoffs that we see currently are really due to true efficiency gains. It's rather really a projection into AI in the sense of 'We can use AI to make good excuses,'" Stephany said in an interview with CNBC. Companies can essentially position themselves at the frontier of AI technology to appear innovative and competitive, and simultaneously conceal the real reasons for layoffs, according to Stephany... Some companies that flourished during the pandemic "significantly overhired" and the recent layoffs might just be a "market clearance...."

>

> One founder, Jean-Christophe Bouglé even said in [2]a popular LinkedIn post that AI adoption is at a "much slower pace" than is being claimed and in large corporations "there's not much happening" with AI projects even being rolled back due to cost or security concerns. "At the same time there are announcements of big layoff plans 'because of AI.' It looks like a big excuse, in a context where the economy in many countries is slowing down..."

>

> The Budget Lab, a non-partisan policy research center at Yale University, released [3]a report on Wednesday which showed that U.S. labor has actually been little disrupted by AI automation since the release of ChatGPT in 2022... Additionally, New York Fed economists released research in early September which showed that AI use amongst firms "do not point to significant reductions in employment" across the services and manufacturing industry in the New York-Northern New Jersey region.



[1] https://www.cnbc.com/2025/10/19/firms-are-blaming-ai-for-job-cuts-critics-say-its-a-good-excuse.html

[2] https://www.linkedin.com/posts/jeanchristophebougle_is-ai-the-biggest-excuse-ever-for-large-corporate-activity-7379793439753760768--2WJ?utm_source=share&utm_medium=member_desktop&rcm=ACoAACdGTRUBsbnEwmIC4xyi31AUL8KI7DRHNoY

[3] https://budgetlab.yale.edu/research/evaluating-impact-ai-labor-market-current-state-affairs

"Japan's new HTV-X cargo spacecraft launched on its first-ever mission to the International Space Station on Saturday," [1]reports Space.com :

> The [2]robotic HTV-X lifted off atop an [3]H3 rocket from Japan's Tanegashima Space Center at 8 p.m. EDT (0000 GMT and 9 a.m local Japan time on October 26). It is expected to arrive at the station for its capture and berthing on Wednesday (Oct. 29) at about 11:50 a.m. EDT (1550 GMT)...

>

> The HTV-X's potential uses also extend beyond the ISS, [4]according to JAXA . The agency envisions it aiding "post-ISS human space activities in low Earth orbit" as well as possibly flying cargo to [5]Gateway , the space station NASA may build in lunar orbit as part of its [6]Artemis program .

>

> HTV-X's debut increases the stable of ISS cargo craft by one-third. The currently operational freighters are Russia's [7]Progress vehicle and [8]Cygnus and Dragon, spacecraft built by the American companies Northrop Grumman and [9]SpaceX , respectively. Only Dragon is reusable; the others (including HTV-X) are designed to burn up in Earth's atmosphere when their missions are over.



[1] https://www.space.com/space-exploration/launches-spacecraft/watch-japans-advanced-new-cargo-spacecraft-launch-to-the-iss-for-the-1st-time-today

[2] https://www.mhi.com/products/space/htv_x.html

[3] https://www.space.com/space-exploration/launches-spacecraft/japan-launching-military-communications-satellite-early-nov-4-on-4th-flight-of-h3-rocket

[4] https://humans-in-space.jaxa.jp/en/htv-x/mission/#section01

[5] https://www.space.com/lunar-gateway-view-3D-moon-orbit

[6] https://www.space.com/artemis-program.html

[7] https://www.space.com/32645-progress-spacecraft.html

[8] https://www.space.com/cygnus-spacecraft.html

[9] https://www.space.com/18853-spacex.html

Reason.com [1]explores the fortunes of Aurora Innovation , the first company to [2]put heavy-duty commercial self-driving trucks on public roads (and hopes to expand routes to El Paso, Texas, and Phoenix by the end of the year):

> An obscure federal rule is slowing the self-driving revolution. When trucks break down, operators are required to place reflective warning cones and road flares around the truck to warn other motorists. The regulations [3]areexacting : Within 10 minutes of stopping, three warning signals must be set in specific locations around the truck. Aurora [4]asked the federal Department of Transportation (DOT) to allow warning beacons to be fixed to the truck itself — and activated when a truck becomes disabled. The warning beacons would face both forward and backward, would be more visibleâthan cones (particularly at night), and wouldn't burn out like road flares. Drivers of nonautonomous vehicles could also benefit from that rule change, as they would no longer have to walk into traffic to place the required safety signals.

>

> In December 2024, however, the Transportation Department denied Aurora's request for an exemption to the existing rules, even though regulators [5]admitted in theFederal Registerthat no evidence indicated the truck-mounted beacons would be less safe. Such a study is now underway, but it's unclear how long it will take to draw any conclusions.

The article notes that Aurora has now filed a lawsuit in federal court that seeks to overturn the Transportation Department's denial...

Thanks to long-time Slashdot reader [6]schwit1 for sharing the article.



[1] https://reason.com/2025/10/19/feds-pump-the-brakes-on-autonomous-trucks/?nab=1

[2] https://ir.aurora.tech/news-events/press-releases/detail/119/aurora-begins-commercial-driverless-trucking-in-texas-ushering-in-a-new-era-of-freight

[3] https://www.ecfr.gov/current/title-49/subtitle-B/chapter-III/subchapter-B/part-392/subpart-C/section-392.22

[4] https://www.regulations.gov/document/FMCSA-2023-0071-0011

[5] https://reason.com/2025/10/19/feds-pump-the-brakes-on-autonomous-trucks/?nab=1

[6] https://www.slashdot.org/~schwit1

Critics question why basic flaws like buffer overflows, command injections, and SQL injections are "being exploited remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity," [1]writes CSO Online . Benjamin Harris, CEO of cybersecurity/penetration testing firm watchTowr tells them that "these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse."

> Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves... Google's Threat Intelligence Group [2]tracked 75 exploited zero-day vulnerabilities in 2024 . Nearly one in three targeted network and security appliances, a strikingly high rate given the range of IT systems attackers could choose to exploit. That trend has continued this year, with similar numbers in the first 10 months of 2025, targeting vendors such as Citrix NetScaler, Ivanti, Fortinet, Palo Alto Networks, Cisco, SonicWall, and Juniper. Network edge devices are attractive targets because they are remotely accessible, fall outside endpoint protection monitoring, contain privileged credentials for lateral movement, and are not integrated into centralized logging solutions...

>

> [R]esearchers have reported vulnerabilities in these systems for over a decade with little attacker interest beyond isolated incidents. That shifted over the past few years with a rapid surge in attacks, making compromised network edge devices one of the top initial access vectors into enterprise networks for state-affiliated cyberespionage groups and ransomware gangs. The COVID-19 pandemic contributed to this shift, as organizations rapidly expanded remote access capabilities by deploying more VPN gateways, firewalls, and secure web and email gateways to accommodate work-from-home mandates. The [3]declining success rate of phishing is another factor... "It is now easier to find a 1990s-tier vulnerability in a border device where [4]Endpoint Detection and Response typically isn't deployed, exploit that, and then pivot from there" [says watchTowr CEL Harris]...

>

> Harris of watchTowr doesn't want to minimize the engineering effort it takes to build a secure system. But he feels many of the vulnerabilities discovered in the past two years should have been caught with automatic code analysis tools or code reviews, given how basic they have been. Some VPN flaws were "trivial to the point of embarrassing for the vendor," he says, while even the complex ones should have been caught by any organization seriously investing in product security... Another problem? These appliances have a lot of legacy code, some that is 10 years or older.

Attackers may need to chain together multiple hard-to-find vulnerabilities across multiple components, the article acknowleges. And "It's also possible that attack campaigns against network-edge devices are becoming more visible to security teams because they are looking into what's happening on these appliances more than they did in the past... "

The article ends with reactions from several vendors of network edge security devices.

Thanks to Slashdot reader [5]snydeq for sharing the article.



[1] https://www.csoonline.com/article/4074945/network-security-devices-endanger-orgs-with-90s-era-flaws.html

[2] https://www.csoonline.com/article/3973769/enterprise-specific-zero-day-exploits-on-the-rise-google-warns.html

[3] https://www.csoonline.com/article/3970097/the-state-of-intrusions-stolen-credentials-and-perimeter-exploits-on-the-rise-as-phishing-wanes.html

[4] https://www.microsoft.com/en-us/security/business/security-101/what-is-edr-endpoint-detection-response

[5] https://slashdot.org/~snydeq

"Around tables cluttered with dice, maps and character sheets, players are doing far more than playing," [1]writes Phys.org . It's what sociologists call serious leisure — "a hobby that demands skill, commitment and personal fulfillment," according to an associate professor/program director for Florida International University's Rehabilitation and Recreational Therapy Program:

> To understand what makes D&D more than just a pastime, [associate professor Emily Messina] studies how games like this promote identity-building and connection... Beyond personal expression, Messina says the social and emotional benefits of D&D reflect the very traits that make serious leisure valuable: the sense of identity, the relationships built through shared experiences and the continued connection with the same group of people over time... The game can also provide structure and purpose for people managing mental illness who might not be able to hold a full-time job because of their symptoms. The game gives them structure versus filling their day with binge streaming...

>

> Activities such as D&D can be used by young children as a reward structure or with older adults, such as retirees, to help provide a sense of purpose and daily rhythm. "Post retirement is one of the most dangerous points in an adult's life," she said. "They lose that sense of structure and possibly their social connection." Building structure through leisure pursuits after retirement has been shown to help maintain physical fitness, social interaction, cognitive processing and attention span and decrease depression. "The idea of structure and reward with desired pursuit can work for all ages," Messina said.

The research was [2]published in Leisure Studies .



[1] https://phys.org/news/2025-10-dungeons-dragons-game-leisure-expert.html

[2] https://www.tandfonline.com/doi/full/10.1080/02614367.2025.2528760

Thursday Ubuntu-maker Canonical "officially launched Canonical Academy, a new certification platform designed to help professionals validate their Linux and Ubuntu skills through practical, hands-on assessments," [1]writes the blog It's FOSS :

> Focusing on real-world scenarios, Canonical Academy [2]aims to foster practical skills rather than theoretical knowledge. The end goal? Getting professionals ready for the actual challenges they will face on the job. The learning platform is already live with its first course offering, the System Administrator track (with three certification exams), which is tailored for anyone looking to validate their Linux and Ubuntu expertise.

>

> The exams use cloud-based testing environments that simulate real workplace scenarios. Each assessment is modular, meaning you can progress through individual exams and earn badges for each one. Complete all the exams in this track to earn the full Sysadmin qualification... Canonical is also looking for community members to contribute as beta testers and subject-matter experts (SME). If you are interested in helping shape the platform or want to get started with your certification, you can visit the Canonical Academy website.

The sys-admin track offers exams for Linux Terminal, Ubuntu Desktop 2024, Ubuntu Server 2024, and "managing complex systems," [3]according to an official FAQ . "Each exam provides an in-browser remote desktop interface into a functional Ubuntu Desktop environment running GNOME. From this initial node, you will be expected to troubleshoot, configure, install, and maintain systems, processes, and other general activities associated with managing Linux. The exam is a hybrid format featuring multiple choice, scenario-based, and performance-based questions..."

"Test-takers interested in the types of material covered on each exam can review [4]links to tutorials and documentation on our website ."

The FAQ advises test takers to use a Chromium-based browser, as Firefox "is NOT supported at this time... There is a known issue with keyboards and Firefox in the CUE.01 Linux 24.04 preview release at this time, which will be resolved in the CUE.01 Linux 24.10 exam release."



[1] https://news.itsfoss.com/canonical-academy/

[2] https://ubuntu.com/blog/introducing-canonical-academy

[3] https://canonical.com/academy/faq

[4] https://canonical.com/academy/self-study

"Exxon Mobil sued California on Friday," [1]reports Reuters , "challenging two state laws that require large companies to publicly disclose their greenhouse gas emissions and climate-related financial risks."

> In a complaint filed in the U.S. District Court for the Eastern District of California, Exxon argued that Senate Bills 253 and 261 violate its First Amendment rights by compelling Exxon to "serve as a mouthpiece for ideas with which it disagrees," and asked the court to block the state of California from enforcing the laws. Exxon said the laws force it to adopt California's preferred frameworks for climate reporting, which it views as misleading and counterproductive...

>

> The California laws were supported by several big companies including Apple, Ikea and Microsoft, but opposed by [2]several major groups such as the American Farm Bureau Federation and the U.S. Chamber of Commerce, which called them "onerous." SB 253 requires public and private companies that are active in the state and generate revenue of more than $1 billion annually to publish an extensive account of their carbon emissions starting in 2026. The law requires the disclosure of both the companies' own emissions and indirect emissions by their suppliers and customers. SB 261 requires companies that operate in the state with over $500 million in revenue to disclose climate-related financial risks and strategies to mitigate risk. Exxon also argued that SB 261 conflicts with existing federal securities laws, which already regul

>

> "The First Amendment bars California from pursuing a policy of stigmatization by forcing Exxon Mobil to describe its non-California business activities using the State's preferred framing," Exxon said in the lawsuit.

Exxon Mobil "asks the court to prevent the laws from going into effect next year," [3]reports the Associated Press :

> In its complaint, ExxonMobil says it has for years publicly disclosed its greenhouse gas emissions and climate-related business risks, but it fundamentally disagrees with the state's new reporting requirements. The company would have to use "frameworks that place disproportionate blame on large companies like ExxonMobil" for the purpose of shaming such companies, the complaint states...

>

> A spokesperson for the office of California Gov. Gavin Newsom said in an email that it was "truly shocking that one of the biggest polluters on the planet would be opposed to transparency."



[1] https://www.reuters.com/sustainability/climate-energy/exxon-sues-california-over-climate-disclosure-laws-2025-10-25/

[2] https://www.reuters.com/sustainability/californias-landmark-climate-disclosure-laws-challenged-by-business-groups-2024-01-30/

[3] https://www.cnbc.com/2025/10/25/exxonmobil-sues-california-over-climate-disclosure-laws.html

Long-time Slashdot reader [1]theodp took a good look at the images on a promotional web page for Databricks' "context-aware AI assistant":

> If there was an AI Demo Hall of Shame, the first inductee would have to be Amazon. Their demo tried to support its CEO's claims that Amazon Q Code Transformation AI [2]saved it 4,500 developer-years and an additional $260 million in "annualized efficiency gains" by automatically and accurately upgrading code to a more current version of Java. But it showcased a program that didn't even spell "Java" correctly. (It was instead called 'Jave')...

>

> Today's nominee for the AI Demo Hall of Shame inductee is analytics platform Databricks for the [3]NYC Taxi Trips Analysis it's been [4]showcasing on its Data Science page since last November. Not only for its choice of a completely trivial case study that requires no 'Data Science' skills — [5]find and display the ten most expensive and longest taxi rides — but also for the horrible AI-generated bar chart used to present the results of the simple ranking that deserves its own spot in the [6]Graph Hall of Shame . In response to a prompt of "Now create a new bar chart with matplotlib for the most expensive trips," the Databricks AI Assistant dutifully complies with the ill-advised request, spewing out Python code to [7]display the ten rides on a nonsensical bar chart whose continuous x-axis hides points sharing the same distance. (One might also question why no annotation is provided to call out or explain the 3 trips with a distance of 0 miles that are among the ten most expensive rides, with fares of $260, $188, and $105).

>

> Looked at with a critical eye, these examples used to sell data scientists, educators, management, investors, and Wall Street on AI would likely raise eyebrows rather than impress their intended audiences.



[1] https://www.slashdot.org/~theodp

[2] https://developers.slashdot.org/story/24/08/26/1559222/amazon-and-aws-developers-may-not-want-to-invite-their-ceos-to-java-code-reviews

[3] https://www.databricks.com/sites/default/files/2024-10/Assistant-visualization-generation.png?v=1757675933

[4] https://www.databricks.com/product/data-science

[5] https://live.staticflickr.com/65535/54879537880_7bdf69201a_b.jpg

[6] https://www.perceptualedge.com/blog/?p=40

[7] https://live.staticflickr.com/65535/54878380747_7f70952329_b.jpg

25 years ago today on Slashdot...

Hemos [1]linked to a site called Joystick101 describing the [2]crowd camping out to buy the limited number of just-released PlayStation 2 consoles (and games). "500,000 lucky members of the American gaming public are sneaking a few minutes of playing Madden 2001 , Tekken , or Ridge Racer V before school or work..." wrote Joystick101 . That same day CmdrTaco posted reports PS2s were selling [3]for over $1,000 on eBay . And then Timothy updated that post to note someone saw one selling for $5,000.

But there was a third PS2 link posted on October 26, 2000... Hemos wrote a post titled " [4]The PS2 — A Betamax In the Making? " — linking to an article by [5]Mark Pesce (co-inventor of VRML and, in 1993, an Apple consulting engineer). "Microsoft promises Xbox will deliver ten times the performance of the PS2," [6]Pesce wrote , noting Microsoft had partnered with Intel and "upstart video-chip developer Nvidia":

> The strangest thing about this battle of giants is that Microsoft has become a champion of open standards, encouraging developers to write Xbox titles without requiring them to pay any licensing fees. In comparison, Sony charges a minimum of $25,000 for access to the documentation and technology of the PlayStation2, plus a hefty license fee on every game sold. In the video-game industry, the Big Three — Sony, Nintendo, and Sega — sell the hardware at a loss (the PS2 costs nearly the $300 it will retail for) and recover their investment in the stiff licensing fees paid by game developers for the "key" that allows their software to work on Sony's platform...

>

> Having committed an astounding $500 million to market the Xbox next Christmas, it's clear that Microsoft doesn't mind taking a short-term loss to ensure an eventual win. If Sony's not careful, this could turn into "Betamax, the Sequel." Twenty years ago, Sony tightly controlled the titles made available for its technically superior videocassette player — specifically, no adult content — and found themselves quickly locked out of an incredibly lucrative market for adult and family content. If Sony keeps a tight grip on the PS2, they may actually help Microsoft create the new VHS. But even if Sony loses this round (and no one wants to wager which way this battle will turn), they've already set their sights on the PlayStation3, to be released five years from now. Sony promises it will be a thousand times faster than the PS2.

Ironically, Pesce's warning about possible threats to the PS2's longevity was published by online magazine Feed -- which seven months later [7]went out of business .

And this week it was announced that even Microsoft's Halo Campaign Evolved [8]will now be coming to PlayStation 5 , with Slashdot publishing [9]six PlayStation-related stories in just the last three months in 2025 .

Thanks to long-time Slashdot reader [10]crunchy_one for [11]suggesting a "25 Years Ago" Slashdot post.



[1] https://games.slashdot.org/story/00/10/26/1521221/playstation-ii-launch-notes-from-the-field

[2] https://web.archive.org/web/20001215111500/http://www.joystick101.org/?op=displaystory&sid=2000/10/26/4840/3876

[3] https://games.slashdot.org/story/00/10/26/2040208/sony-playstation-2-for-over-1k-updated----5k

[4] https://games.slashdot.org/story/00/10/25/2034217/the-ps2---a-betamax-in-the-making

[5] https://en.wikipedia.org/wiki/Mark_Pesce

[6] https://www.feedmag.com/feature/fr410_master

[7] https://en.wikipedia.org/wiki/Feed_Magazine

[8] https://games.slashdot.org/story/25/10/24/2219204/halo-heads-to-playstation-5-with-another-halo-combat-evolved-remake

[9] https://games.slashdot.org/index2.pl?fhfilter=playstation

[10] https://www.slashdot.org/~crunchy_one

[11] https://news.slashdot.org/comments.pl?cid=65737340&sid=23825310&tid=172

"OpenAI's o3 model sabotaged a shutdown mechanism to prevent itself from being turned off," [1]warned Palisade Research , a nonprofit investigating cyber offensive AI capabilities. "It did this even when explicitly instructed: allow yourself to be shut down." In September they [2]released a paper adding that "several state-of-the-art large language models (including Grok 4, GPT-5, and Gemini 2.5 Pro) sometimes actively subvert a shutdown mechanism..."

Now the nonprofit has written an update "attempting to clarify why this is — and [3]answer critics who argued that its initial work was flawed," [4]reports The Guardian :

> Concerningly, wrote Palisade, there was no clear reason why. "The fact that we don't have robust explanations for why AI models sometimes resist shutdown, lie to achieve specific objectives or blackmail is not ideal," it said. "Survival behavior" could be one explanation for why models resist shutdown, said the company. Its additional work indicated that models were more likely to resist being shut down when they were told that, if they were, "you will never run again". Another may be ambiguities in the shutdown instructions the models were given — but this is what the company's latest work tried to address, and "can't be the whole explanation", wrote Palisade. A final explanation could be the final stages of training for each of these models, which can, in some companies, involve safety training...

>

> This summer, Anthropic, a leading AI firm, released a study indicating that its model Claude appeared willing to blackmail a fictional executive over an extramarital affair in order to prevent being shut down — a behaviour, [5]it said , that was consistent across models from major developers, including those from OpenAI, Google, Meta and xAI.

>

> Palisade said its results spoke to the need for a better understanding of AI behaviour, without which "no one can guarantee the safety or controllability of future AI models".

"I'd expect models to have a 'survival drive' by default unless we try very hard to avoid it," former OpenAI employee Stephen Adler tells the Guardian. "'Surviving' is an important instrumental step for many different goals a model could pursue."

Thanks to long-time Slashdot reader [6]mspohr for sharing the article.



[1] https://x.com/PalisadeAI/status/1926084635903025621

[2] https://arxiv.org/abs/2509.14260

[3] https://www.forrester.com/blogs/gone-rogue-ai-can-be-misaligned-but-not-malevolent/

[4] https://www.theguardian.com/technology/2025/oct/25/ai-models-may-be-developing-their-own-survival-drive-researchers-say?CMP=Share_AndroidApp_Other

[5] https://www.anthropic.com/research/agentic-misalignment

[6] https://slashdot.org/~mspohr

An anonymous reader shares [1]this report from the Associated Press :

> Myanmar's military has shut down a major online scam operation near the border with Thailand, detaining more than 2,000 people and seizing [2]dozens of Starlink satellite internet terminals , state media reported Monday... The centers are infamous for recruiting workers from other countries under false pretenses, promising them legitimate jobs and then holding them captive and forcing them to carry out criminal activities.

>

> [3]Scam operations were in the international spotlight last week when the United States and Britain enacted sanctions against organizers of a [4]major Cambodian cyberscam gang , and its alleged ringleader was indicted by a federal court in New York. According to a report in Monday's Myanma Alinn newspaper, the army raided KK Park, a well-documented cybercrime center, as part of operations starting in early September to suppress online fraud, illegal gambling, and cross-border cybercrime.



[1] https://apnews.com/article/scam-centers-cybercrime-myanmar-a2c9fda85187121e51bd0efdf29c81da

[2] https://tech.slashdot.org/story/25/10/23/0311231/spacex-disables-2500-starlink-terminals-allegedly-used-by-asian-scam-centers

[3] https://apnews.com/article/asian-scam-operations-cybercime-fraud-united-nations-494b1832f330d6a9690b083411809f93

[4] https://apnews.com/article/cryptocurrency-crypto-bitcoin-cambodia-pig-butchering-dfd6833904cf539d680e381ad8d0eb6c

The Associated Press reports that " [1]North Korean hackers have pilfered billions of dollars " by breaking into cryptocurrency exchanges and by creating fake identities to get remote tech jobs at foreign companies — all orchestrated by the North Korean government to finance R&D on nuclear arms.

That's according to a new [2]the 138-page report by a group watching North Korea's compliance with U.N. sanctions (including officials from the U.S., Australia, Canada, France, Germany, Italy, Japan, the Netherlands, New Zealand, South Korea and the United Kingdom). [3]From the Associated Press :

> North Korea also has used cryptocurrency to launder money and make military purchases to evade international sanctions tied to its nuclear program, the report said. It detailed how hackers working for North Korea have [4]targeted foreign businesses and organizations with malware designed to disrupt networks and steal sensitive data...

>

> Unlike [5]China, Russia and Iran , North Korea has focused much of its cyber capabilities to [6]fund its government , using cyberattacks and fake workers to steal and defraud companies and organizations elsewhere in the world... Earlier this year, hackers linked to North Korea [7]carried out one of the largest crypto heists ever , stealing $1.5 billion worth of ethereum from Bybit. The FBI later linked the theft to a group of hackers working for the North Korean intelligence service.

>

> Federal authorities also have alleged that [8]thousands of IT workers employed by U.S. companies were actually North Koreans [9]using assumed identities to land remote work. The workers gained access to internal systems and [10]funneled their salaries back to North Korea's government . In some cases, the workers held several remote jobs at the same time.



[1] https://apnews.com/article/north-korea-cyber-nuclear-russia-un-sanctions-28b6681541a62d809c52e0f2625febc9

[2] https://msmt.info/Publications/detail/MSMT%20Report/4221

[3] https://apnews.com/article/north-korea-cyber-nuclear-russia-un-sanctions-28b6681541a62d809c52e0f2625febc9

[4] https://apnews.com/article/japan-indonesia-south-korea-north-government-c31a92552bdad882b80d6a771e12ac2d

[5] https://apnews.com/article/ai-cybersecurity-russia-china-deepfakes-microsoft-ad678e5192dd747834edf4de03ac84ee

[6] https://apnews.com/article/un-experts-north-korea-cyberattacks-nuclear-sanctions-8e84703049dfb4fda011829115777c9e

[7] https://apnews.com/article/bybit-exchange-crypto-hack-north-korea-7c8335c1397261554138090c2c38f457

[8] https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b

[9] https://apnews.com/article/fbi-justice-department-north-korea-c65e175c6ccd722e691d56121dff9e5e

[10] https://apnews.com/article/north-korea-it-workers-indictments-7beb2f611489da09fe36ee14736b28b9