A NordPass analysis found that Gen Z is actually [1]worse at password security than older generations , with "12345" topping their list while "123456" dominates among everyone else. The Register reports:

> And while there were a few more "skibidis" among the Zoomer dataset compared to those who came before them, the trends were largely similar. Variants on the "123456" were among the most common for all age groups, with that exact string proving to be the most common among all users -- the sixth time in seven years it holds the undesirable crown.

>

> Some of the more adventurous would stretch to "1234567," while budding cryptologists shored up their accounts by adding an 8 or even a 9 to the mix. However, according to [2]Security.org 's password security checker, a computer could crack any of these instantly. Most attackers would not even need to expend the resources required to reveal the password, given how commonly used they are. They could just spray a list of known passwords at an authentication API and secure a quick win.



[1] https://www.theregister.com/2025/11/18/zoomer_passwords/

[2] http://security.org/

An anonymous reader quotes a report from ZDNet:

> At KubeCon North America 2025 in Atlanta, the Cloud Native Computing Foundation (CNCF)'s leaders [1]predicted an enormous surge in cloud-native computing , driven by the explosive growth of [2]AI inference workloads. How much growth? They're predicting hundreds of billions of dollars in spending over the next 18 months. [...] Where cloud-native computing and AI inference come together is when AI is no longer a separate track from cloud-native computing. Instead, AI workloads, particularly inference tasks, are fueling a new era where intelligent applications require scalable and reliable infrastructure. That era is unfolding because, said [CNCF Executive Director Jonathan Bryce], "AI is moving from a few 'Training supercomputers' to widespread 'Enterprise Inference.' This is fundamentally a cloud-native problem. You, the platform engineers, are the ones who will build the open-source platforms that unlock enterprise AI."

>

> "Cloud native and AI-native development are merging, and it's really an incredible place we're in right now," said CNCF CTO Chris Aniszczyk. The data backs up this opinion. For example, Google has reported that its internal inference jobs have processed 1.33 quadrillion tokens per month recently, up from 980 trillion just months before. [...] Aniszczyk added that cloud-native projects, especially Kubernetes, are adapting to serve inference workloads at scale: "Kubernetes is obviously one of the leading examples as of the last release the dynamic resource allocation feature enables GPU and TPU hardware abstraction in a Kubernetes context." To better meet the demand, the CNCF announced the Certified Kubernetes AI Conformance Program, which aims to make AI workloads as portable and reliable as traditional cloud-native applications.

>

> "As AI moves into production, teams need a consistent infrastructure they can rely on," Aniszczyk stated during his keynote. "This initiative will create shared guardrails to ensure AI workloads behave predictably across environments. It builds on the same community-driven standards process we've used with Kubernetes to help bring consistency as AI adoption scales." What all this effort means for business is that AI inference spending on cloud-native infrastructure and services will reach into the hundreds of billions within the next 18 months. That investment is because CNCF leaders predict that enterprises will race to stand up reliable, cost-effective AI services.



[1] https://www.zdnet.com/article/cloud-native-computing-is-poised-to-explode-thanks-to-ai-inference-work/

[2] https://www.ibm.com/think/topics/ai-inference

Another highly influential Linux kernel engineer, David Hildenbrand, [1]is leaving Red Hat after a decade of major contributions to memory management, virtualization, and VirtIO. His recent kernel patch updates his maintainer info to a [2]kernel.org address , signaling his departure. He hasn't yet said where he's headed next. Phoronix reports:

> David Hildenbrand serves as a reviewer for the HugeTLB code, s390 KVM code, and memory management reclaim code. He also serves as an upstream maintainer for the Linux kernel's core memory management code, Get User Pages (GUP) memory management code, kernel samepage merging (KSM), reverse mapping (RMAP), transparent hugepage (THP), memory advice (MADVISE), VirtIO memory driver, and VirtIO balloon driver.

>

> Hildenbrand had been employed by Red Hat the past decade in Munich working on QEMU/KVM virtualization, Linux kernel memory management, VirtIO, and related low-level areas. Just this year alone so far in 2025 he's authored or been mentioned on more than one thousand mainline Linux kernel patches.



[1] https://www.phoronix.com/news/Red-Hat-David-H-Leaving

[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3470715e5c22578c6ea4098b256d5a904e12eef2

Blender 5.0 has been [1]released with major upgrades [2]including HDR and wide-gamut color support on Linux via Wayland/Vulkan , significant theme and UI improvements, new color-space tools, revamped curve and geometry features, and expanded hardware requirements. 9to5Linux reports:

> Blender 5.0 also introduces a working color space for Blend files, a new AgX HDR view, a new Convert to Display compositor node, new Rec.2100-PQ and Rec.2100-HLG displays that can be used for color grading for HDR video export, and new ACES 1.3 and 2.0 views as an alternative to AgX and Filmic.

>

> A new "Jump Time by Delta" operator for jumping forward/backward in time by a user-specified delta has been introduced as well, along with a revamped Curve drawing, which better supports the new Curves object type and all of their features, and a new Geometry Attribute constraint.

>

> Also new is a "Cylinder" option for curve display type that allows rendering thicker curves without the flat ribbon appearance, support for the Zstd (Zstandard) fast lossless compression algorithm for point caches, as well as a new "Curve Data" panel in edit mode that allows tweaking built-in curve attribute values.

A full list of changes can be found [3]here . You can download from the [4]official website .



[1] https://www.blender.org/download/releases/5-0/

[2] https://9to5linux.com/blender-5-0-open-source-3d-graphics-app-is-now-available-for-download

[3] https://developer.blender.org/docs/release_notes/4.5/

[4] https://www.blender.org/download/

An anonymous reader quotes a report from Ars Technica:

> Apple's Power Mac and Mac Pro towers used to be the company's primary workstations, but it has been years since they were updated with the same regularity as the MacBook Air or MacBook Pro. The Mac Pro has seen just four hardware updates in the last 15 years, and that's counting a 2012 refresh that was mostly identical to the 2010 version. Long-suffering Mac Pro buyers may have taken heart when Apple finally added an M2 Ultra processor to the tower in mid-2023, making it one of the very last Macs to switch from Intel to Apple Silicon -- surely this would mean that the computer would at least be updated once every year or two, like the Mac Studio has been? But Bloomberg's Mark Gurman [1]says that Mac Pro buyers shouldn't get their hopes up for new hardware in 2026.

>

> Gurman says that the tower is " [2]on the back burner" at Apple and that the company is "focused on a new Mac Studio" for the next-generation M5 Ultra chip that is in the works. As we reported earlier this year, Apple doesn't have plans to design or release an M4 Ultra, and the Mac Studio refresh from this spring included an M3 Ultra alongside the M4 Max. Note that Gurman carefully stops short of saying we definitely won't see a Mac Pro update next year -- the emphasis on the Mac Studio merely "suggests the Mac Pro won't be updated in 2026 in a significant way," and internal sources tell him "Apple has largely written off the Mac Pro." The current Mac Pro does still use the M2 Ultra rather than the M3 Ultra, which indicates that Apple doesn't see the need to update its high-end desktop every time it releases a suitable chip. But all of Apple's other desktops -- the iMac, the Mac mini, and the Studio -- have skipped a silicon generation once since the M1 came out in 2020.



[1] https://www.bloomberg.com/news/newsletters/2025-11-16/apple-s-iphone-road-map-iphone-air-2-iphone-18-mac-pro-future-tesla-carplay-mi1q4l2o

[2] https://arstechnica.com/gadgets/2025/11/report-claims-that-apple-has-yet-again-put-the-mac-pro-on-the-back-burner/

An anonymous reader shares a report:

> Lawyers from the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) [1]sued the city of San Jose , California over its deployment of Flock's license plate-reading surveillance cameras, claiming that the city's nearly 500 cameras create a pervasive database of residents movements in a surveillance network that is essentially impossible to avoid.

>

> The lawsuit was filed on behalf of the Services, Immigrant Rights & Education Network and Council on American-Islamic Relations, California, and claims that the surveillance is a violation of California's constitution and its privacy laws. The lawsuit seeks to require police to get a warrant in order to search Flock's license plate system. The lawsuit is one of the highest profile cases challenging Flock; a similar lawsuit in Norfolk, Virginia seeks to get Flock's network shut down in that city altogether.

>

> "San Jose's ALPR [automatic license plate reader] program stands apart in its invasiveness," ACLU of Northern California and EFF lawyers wrote in the lawsuit. "While many California agencies run ALPR systems, few retain the locations of drivers for an entire year like San Jose. Further, it is difficult for most residents of San Jose to get to work, pick up their kids, or obtain medical care without driving, and the City has blanketed its roads with nearly 500 ALPRs."



[1] https://www.404media.co/aclu-and-eff-sue-a-city-blanketed-with-flock-surveillance-cameras/

Klarna has claimed that AI-related savings have allowed the buy now, pay later company to increase staff salaries by nearly 60%, but hinted it could [1]slash more jobs after nearly halving its workforce over the past three years. From a report:

> Chief executive Sebastian Siemiatkowski said headcount had dropped from 5,527 to 2,907 since 2022, mostly as a result of natural attrition, with departing staff replaced by technology rather than by new staff members.

>

> The figures add to the impact of an internal artificial intelligence programme, which had steadily reduced its use of outsourced workers including those in customer service, with technology now carrying out the work of 853 full-time staff, up from 700 earlier this year. It meant the company, which was founded in Sweden in 2005, had managed to increase revenues by 108% while keeping operating costs flat. Siemiatkowski told analysts on an earnings call on Tuesday that it was "pretty remarkable, and unheard of as a number, among businesses."



[1] https://www.theguardian.com/business/2025/nov/18/buy-now-pay-later-klarna-ai-helped-halve-staff-boost-pay

Microsoft's Copilot AI assistant in Windows 11 [1]fails to replicate the capabilities shown in the company's TV advertisements. The Verge tested Copilot Vision over a week using the same prompts featured in ads airing during NFL games. When asked to identify a HyperX QuadCast 2S microphone visible in a YouTube video -- a task successfully completed in Microsoft's ad -- Copilot gave multiple incorrect answers. The assistant identified the microphone as a first-generation HyperX QuadCast, then as a Shure SM7b on two other occasions. Copilot couldn't identify the Saturn V rocket from a PowerPoint presentation despite the words "Saturn V" appearing on screen. When asked about a cave image from Microsoft's ad, Copilot gave inconsistent responses.

About a third of the time it provided directions to find the photo in File Explorer. On two occasions it explained how to launch Google Chrome. Four times it offered advice about booking flights to Belize. The cave is Rio Secreto in Playa del Carmen, Mexico. Microsoft spokesperson Blake Manfre said "Copilot Actions on Windows, which can take actions on local files, is not yet available." He described it as "an opt-in experimental feature that will be coming soon to Windows Insiders in Copilot Labs, starting with a narrow set of use cases while we optimize model performance and learn." Copilot cannot toggle basic Windows settings like dark mode. When asked to analyze a benchmark table in Google Sheets, it "constantly misread clear-as-day scores both in the spreadsheet and in the on-page review."



[1] https://www.theverge.com/report/822443/microsoft-windows-copilot-vision-ai-assistant-pc-voice-controls-impressions

An anonymous reader shares a report:

> It's too soon to be talking about the Curse of OpenAI, but we're going to anyway. Since September 10, when Oracle [1]announced a $300 billion deal with the chatbot maker, its [2]stock has shed $315 billion in market value .

>

> OK, yes, it's a gross simplification to just look at market cap. But equivalents to Oracle shares are little changed over the same period (Nasdaq Composite, Microsoft, Dow Jones US Software Index), so the $15 billion loss figure [figure updated with stock price] is not entirely wrong. Oracle's "astonishing quarter" really has cost it nearly as much as one General Motors, or two Kraft Heinz.



[1] https://developers.slashdot.org/story/25/09/11/2111239/openai-and-oracle-ink-historic-300-billion-cloud-computing-deal

[2] https://www.ft.com/content/064bbca0-1cb2-45ab-85f4-25fdfc318d89?utm_social_handle_id=18949452&utm_social_post_id=576462198

An anonymous reader shares a report:

> The IRS [1]accessed a database of hundreds of millions of travel records , which show when and where a specific person flew and the credit card they used, without obtaining a warrant, according to a letter signed by a bipartisan group of lawmakers and shared with 404 Media. The country's major airlines, including Delta, United Airlines, American Airlines, and Southwest, funnel customer records to a data broker they co-own called the Airlines Reporting Corporation (ARC), which then sells access to peoples' travel data to government agencies.

>

> The IRS case in the letter is the clearest example yet of how agencies are searching the massive trove of travel data without a search warrant, court order, or similar legal mechanism. Instead, because the data is being sold commercially, agencies are able to simply buy access. In the letter addressed to nine major airlines, the lawmakers urge them to shut down the data selling program. Update: after this piece was published, ARC said it already planned to shut down the program.

>

> "Disclosures made by the IRS to Senator Wyden confirm that it did not follow federal law and its own policies in purchasing airline data from ARC," the letter reads. The letter says the IRS "confirmed that it did not conduct a legal review to determine if the purchase of Americans' travel data requires a warrant."



[1] https://www.404media.co/irs-accessed-massive-database-of-americans-flights-without-a-warrant/

A federal judge ruled Tuesday that Meta [1]did not illegally stifle competition when it acquired Instagram and WhatsApp. The decision marks Big Tech's first major victory against antitrust enforcement that began during President Donald Trump's first term. The U.S. Federal Trade Commission had sought to force Meta to sell or restructure the platforms to restore competition among social media networks. Meta argued it faced competitive pressure from TikTok, YouTube, and Apple's messaging app.



[1] https://www.reuters.com/sustainability/boards-policy-regulation/meta-defeats-us-antitrust-case-over-instagram-whatsapp-2025-11-18/

A majority of global fund managers think companies are overinvesting, as market anxiety grows about the sustainability of the AI spending boom. From a report:

> A net 20 per cent of fund managers surveyed this month by Bank of America said companies were [1]spending too much on their investments -- the first time this has been a majority view in data running back to 2005. "This jump is driven by concerns over the magnitude and financing of the AI capex boom," said BofA analysts.

>

> The surge in investment to develop AI infrastructure has been a dominant theme in the record rally in US tech stocks this year -- with chipmaker Nvidia becoming the world's first $5tn company last month -- but growing concerns about the sustainability of this spending has caused a pullback on Wall Street in recent weeks.



[1] https://www.ft.com/content/e2d93034-ef3b-4259-9ab1-c45396ca59b3

Google [1]released Gemini 3 on Tuesday , launching its latest AI model with a breakthrough score of 1501 Elo on the LMArena Leaderboard alongside state-of-the-art performance across multiple benchmarks including 91.9% on GPQA Diamond for PhD-level reasoning and 37.5% on Humanity's Last Exam without tool usage. The model is available starting today in the Gemini app, AI Mode in Search for Google AI Pro, Google AI Studio, Vertex AI and the newly launched Google Antigravity agentic development platform. Third-party platforms including Cursor, GitHub, JetBrains, Manus, and Replit are also gaining access.

Separately, Google said AI Overviews now have 2 billion users every month. Gemini app has topped 650 million users per month.



[1] https://blog.google/products/gemini/gemini-3/#gemini-3

Microsoft has rolled out a new preview build for Windows 11 Insiders in the Dev and Beta Channel this week that introduces a new toggle called ' [1]experimental agentic features ' that can be enabled or disabled in the Windows Settings app. From a report:

> According to Microsoft, this new toggle is designed to "allow agents to use new Windows agentic features." The company says the feature will work with AI-powered apps, which "help you automate everyday tasks -- like organizing files, scheduling meetings, or sending emails -- so you can spend less time on busy work and more time on what matters most. One powerful way apps are implementing AI today is by interacting with your apps and your files, using vision and advanced reasoning to click, type and scroll like a human would."

>

> The setting in the Windows Setting says "When this setting is on, agents can use Windows agentic features." Features such as the recently announced Copilot Actions for Windows feature are going to take advantage of this new experimental agentic feature capability.



[1] https://www.windowscentral.com/microsoft/windows-11/microsoft-is-adding-an-experimental-agentic-features-toggle-to-windows-11-as-it-gears-up-for-ai-os-future

Microsoft, Nvidia and OpenAI-rival Anthropic announced strategic partnerships today that will scale Claude on Microsoft Azure and [1]bring up to $15 billion in new investment to the AI startup . Anthropic committed to purchase $30 billion of Azure compute capacity and contract additional capacity up to one gigawatt. Nvidia and Microsoft -- the largest investor in OpenAI -- committed to invest up to $10 billion and up to $5 billion respectively in Anthropic.



[1] https://blogs.microsoft.com/blog/2025/11/18/microsoft-nvidia-and-anthropic-announce-strategic-partnerships/

Researchers at the University of Vienna [1]extracted phone numbers for 3.5 billion WhatsApp users by systematically checking every possible number through the messaging service's contact discovery feature. The technique yielded profile photos for 57% of those accounts and profile text for 29 percent. The researchers checked roughly 100 million numbers per hour using WhatsApp's browser-based app.

The team warned Meta in April and deleted their data. The company implemented stricter rate-limiting by October to prevent such mass enumeration. Meta called the exposed information "basic publicly available information" and said it found no evidence of malicious exploitation. The vulnerability had been identified before. In 2017, Dutch researcher Loran Kloeze published a blog post detailing the same enumeration technique. Meta responded then that WhatsApp's privacy settings were functioning as designed and denied him a bug bounty reward. The researchers collected 137 million U.S. phone numbers. In India, they found nearly 750 million numbers. They also discovered 2.3 million Chinese numbers and 1.6 million Myanmar numbers, despite WhatsApp being banned in both countries. The researchers analyzed the cryptographic keys and found some accounts used duplicate keys. They speculate this resulted from unauthorized WhatsApp clients rather than a platform flaw.



[1] https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/

Every company would be affected if the AI bubble were to burst, the head of Google's parent firm Alphabet has told the BBC. From the report:

> Speaking exclusively to BBC News, Sundar Pichai said while the growth of artificial intelligence investment had been an "extraordinary moment", there was [1]some "irrationality" in the current AI boom . It comes amid fears in Silicon Valley and beyond of a bubble as the value of AI tech companies has soared in recent months and companies spend big on the burgeoning industry.

>

> Asked whether Google would be immune to the impact of the AI bubble bursting, Mr Pichai said the tech giant could weather that potential storm, but also issued a warning. "I think no company is going to be immune, including us," he said. In a wide-ranging exclusive interview at Google's California headquarters, he also addressed energy needs, slowing down climate targets, UK investment, the accuracy of his AI models, and the effect of the AI revolution on jobs.



[1] https://www.bbc.com/news/articles/cwy7vrd8k4eo

An outage at Cloudflare that began moments ago has knocked many popular websites, including ChatGPT and X, according to user reports. Cloudflare says on its website: "Cloudflare is aware of, and investigating an issue which potentially impacts multiple customers. Further detail will be provided as more information becomes available."

Update : In a statement after the outage was resolved, Cloudflare CTO [1]said :

> Earlier today we failed our customers and the broader Internet when a problem in Cloudflare network impacted large amounts of traffic that rely on us. The sites, businesses, and organizations that rely on Cloudflare depend on us being available and I apologize for the impact that we caused.

>

> Transparency about what happened matters, and we plan to share a breakdown with more details in a few hours. In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack.

>

> That issue, impact it caused, and time to resolution is unacceptable. Work is already underway to make sure it does not happen again, but I know it caused real pain today. The trust our customers place in us is what we value the most and we are going to do what it takes to earn that back.



[1] https://x.com/dok2001/status/1990791419653484646

An anonymous reader quotes a report from Wired:

> Startup Valar Atomics said on Monday that it achieved criticality -- an essential nuclear milestone -- with the help of one of the country's top nuclear laboratories. The El Segundo, California-based startup, which last week announced it had secured a $130 million funding round with backing from Palmer Luckey and Palantir CTO Shyam Sankar, claims that it is the [1]first nuclear startup to create a critical fission reaction . It's also, more specifically, the first company in a special Department of Energy pilot program aiming to get at least three startups to criticality by July 4 of next year to announce it had achieved this reaction. The pilot program, which was formed following an executive order President Donald Trump signed in May, has upended US regulation of nuclear startups, allowing companies to reach new milestones like criticality at a rapid pace.

>

> There's a difference between the type of criticality Valar reached this week -- what's known as cold criticality or zero-power criticality -- and what's needed to actually create nuclear power. Nuclear reactors use heat to create power, but in cold criticality, which is used to test a reactor's design and physics, the reaction isn't strong enough to create enough heat to make power. The reactor that reached criticality this week is not actually Valar's own model, but rather a blend of the startup's fuel and technology with key structural components provided by the Los Alamos National Laboratory, one of the DOE's research and development laboratories. The combination reactor builds off [2]a separate fuel test performed last year at the laboratory, using fuel similar to what Valar's reactor will use.

"Zero power criticality is a reactor's first heartbeat, proof the physics holds," Valar founder Isaiah Taylor said in a statement. "This moment marks the dawn of a new era in American nuclear engineering, one defined by speed, scale, and private-sector execution with closer federal partnership."



[1] https://www.wired.com/story/valar-atomics-says-its-the-first-nuclear-startup-to-achieve-criticality/

[2] https://www.lanl.gov/media/publications/national-security-science/demonstrating-deimos

UC Berkeley researchers working with [1]Project CETI discovered that sperm whales [2]produce vowel-like sounds embedded in their click codas , suggesting a far more complex communication system than previously understood. "It was striking just how structured the system was. I've never seen anything like that before with other animals," Begus, a UC Berkeley linguistics professor and the linguistics lead at Project CETI, told SFGATE. "We're showing the world that there's more than meets the eye in sperm whales and that, if one cares to look closely, they're not as alien. We're much more similar to each other than we used to think." SFGATE reports:

> With the help of a machine-learning model to identify patterns, Begus and his team combed through recordings collected from social units of sperm whales off the coast of the island of Dominica between 2005 and 2018. When they sped up the audio, removing the silences between clicks, they heard new patterns. They found acoustic properties that share similarities with two vowels -- a and i -- and several vowel combinations.

>

> "Before, people were looking just at the timing and the number of clicks exchanged between sperm whales, but now we have to look at the frequencies, too. A whole new set of patterns have appeared," Begus said. "Now, it's one of the most complex non-human communication systems we have observed." [...] Begus said the research only shows how much more we have to learn about whales' style of communicating. He is particularly interested in exploring how the system may differ for whales between regions and how whale babies learn to communicate in this way. Most importantly, he wants to understand the meaning behind the sounds, as a "window into whale thoughts and lives."

The research was [3]published in the journal Open Mind .



[1] https://www.projectceti.org/?gad_source=1&gad_campaignid=13463846785&gclid=CjwKCAiAoNbIBhB5EiwAZFbYGADJUzdEHpvtFgphAZcZUhgOnRzbAe2BnvZl6lj41I7ZWQZ45nyJ2xoCT80QAvD_BwE

[2] https://www.sfgate.com/bayarea/article/scientists-breakthrough-decoding-whales-21184413.php

[3] https://pmc.ncbi.nlm.nih.gov/articles/PMC12594577/