[1]Take a look at what being called "a stunning phenomenon ," captured in a [2]photo taken from the International Space Station as it passed above a thunderstorm over Mexico and the American Southwest.

So what was it? "A rare form of Transient Luminous Event (TLE) called a gigantic jet," [3]according to a new blog post at Notebookcheck.net :

> A gigantic jet happens above thunderstorms, firing powerful bursts of electrical charge from the top of the thunderstorm (about 20 km [12.4 miles] above the ground) into the upper atmosphere (about 100 km [62.1 miles] above the ground). The upper part of gigantic jets produces red emissions identical to [4]sprites [large-scale electric discharges above thunderclouds]. But while gigantic jets burst directly from the top of thunderstorms, sprites form independently, much higher in the atmosphere, appearing around 50 miles (80 km) above the Earth's surface.

"If ordinary lightning seems pretty ordinary, upper-atmosphere lightning is something else — an entire zoo of various upper-atmosphere electrical discharges," [5]writes the Severe Weather Europe site .

And NASA made a request in [6]a new blog post this week to any aspiring citizen scientists. "Have you captured an image of a jet, sprite, or other type of TLE? Submit your photos to [7]Spritacular.org to help scientists study these fascinating night sky phenomena!"

Click here to see some of the [8]photos from around the world that have already been uploaded and collected at Spritacular.org.



[1] https://pbs.twimg.com/media/Gu8ksxHWYAAyHEq?format=jpg&name=900x900

[2] https://x.com/Astro_Ayers/status/1940810789830451563

[3] https://www.notebookcheck.net/NASA-is-calling-for-public-submissions-after-astronaut-captures-something-spectacular.1089305.0.html

[4] https://en.wikipedia.org/wiki/Sprite_(lightning)

[5] https://www.severe-weather.eu/learnweather/severe-weather-theory/sprites-blue-gigantic-jets-elves-upper-atmosphere-lightning-mk/

[6] https://science.nasa.gov/science-research/heliophysics/a-gigantic-jet-caught-on-camera-a-spritacular-moment-for-nasa-astronaut-nicole-ayers/

[7] https://spritacular.org/

[8] https://spritacular.org/gallery

A real estate developer searched Google for a cruise ship company's customer service number, [1]reports the Washington Post , calling the number in Google's AI Overview. "He chatted with a knowledgeable representative and provided his credit card details," the Post's reporter notes — but the next day he "saw fishy credit card charges and realized that he'd been fooled by an impostor for Royal Caribbean customer service."

And the Post's reporter found the same phone number "appearing to impersonate other cruise company hotlines and popping up in Google and ChatGPT" (including Disney and Carnival's Princess line):

> He'd encountered an apparent AI twist on a classic scam targeting travelers and others searching Google for customer help lines of airlines and other businesses... The rep knew the cost and pickup locations for Royal Caribbean shuttles in Venice. [And "had persuasive explanations" when questioned about paying certain fees and gratuities.] The rep offered to waive the shuttle fees...

>

> Here's how a scam like this typically works: Bad guys write on online review sites, message boards and other websites claiming that a number they control belongs to a company's customer service center. When you search Google, its technology looks for clues to relevant and credible information, including online advice. If scammer-controlled numbers are repeated as truth often enough online, Google may suggest them to people searching for a business.

>

> Google is a patsy for scammers — and we're the ultimate victims. Google's AI Overviews and OpenAI's ChatGPT may use similar clues as Google's search engine to spit out information gleaned from the web. That makes them new AI patsies for the old impostor number scams.

"I've seen so many versions of similar trickery targeting Google users that I largely blame the company for not doing enough to safeguard its essential gateway to information," the reporter concludes, (adding "So did two experts in Google's inner workings.") The Post is now advising its reader to "be suspicious of phone numbers in Google results or in chatbots."

Reached for comment, a Google spokesman told the Post they'd "taken action" on several impostor numbers identified by the reporter. That spokesman also said Google continues to "work on broader improvements" to "address rarer queries like these."

> OpenAI said that many of the webpages that ChatGPT referenced with the bogus cruise number appear to have been removed, and that it can take time for its information to update "after abusive content is removed at the source."

Meanwhile, the man with the bogus charges has now canceled his credit card, the Post reports, with the charges being reversed. Reflecting on his experience, he tells the Post's readers "I can't believe that I fell for it. Be careful."



[1] https://www.yahoo.com/news/articles/google-ai-pointed-him-customer-185643548.html

14 months ago a jury ruled against Boeing, awarding $81 million in damages to failed electric airplane startup Zunum. "Zunum alleged that Boeing, while ostensibly investing seed money to get the startup off the ground, stole Zunum's technology and actively undermined its attempts to build a business," the Seattle Times [1]reported at the time .

But two months later that verdict was overturned, [2]Reuters reports , with U.S. District Judge James Robart deciding that Zunum "did not adequately identify its secrets or show that they derived their value from being kept secret."

And then three days ago a U.S. appeals court [3] reinstated the original $81 million award, reversing that district judge's decision and "rejecting his finding that the information Boeing allegedly stole was not entitled to trade-secret protection."

> [T]he district court erred in concluding that "Zunum failed to identify any of its alleged trade secrets with sufficient particularity"... Here, the court rejected Zunum's repeated attempts to introduce comprehensive trade secret definitions into evidence and instead provided the jury with a court-created exhibit enumerating Zunum's alleged trade secrets with a short description of each. Zunum's witnesses identified the trade secrets by number, provided a basic explanation of each, and used exhibits and demonstratives to exemplify information comprising specific trade secrets.

"internal Boeing communications introduced at trial suggesting that Boeing intended to modify its own in-house designs, methods, and strategies to incorporate information from certain Zunum trade secrets..." according to the new ruling. "Under the parties' agreement, Boeing was not permitted to use Zunum's confidential information for any reason other than to manage its investment in Zunum."

Reuters adds that "A spokesperson for Boeing declined to comment on the appeals court's decision"

One final note:

> The appeals court also ordered the case to be assigned to a new judge after Robart revealed that his wife had acquired Boeing stock through a retirement savings account during the litigation.

Judge Robart had called that an "error". (And judicial ethics experts interviewed by Business Insider in 2024 "characterized Robart's trades and delayed disclosure to the parties as a minor issue," [4]they reported Thursday .)

But Thursday's ruling notes that the delayed disclosure "taken together with the district court's consistent rulings in Boeing's favor during and after trial, could give an objective observer reason to question the district judge's impartiality in further proceedings."



[1] https://yro.slashdot.org/story/24/06/05/1456210/jury-finds-boeing-stole-technology-from-electric-airplane-startup-zunum

[2] https://www.reuters.com/legal/litigation/us-court-reinstates-81-million-award-against-boeing-trade-secrets-case-2025-08-14/

[3] https://tmsnrt.rs/3JxOFXi

[4] https://www.msn.com/en-us/money/companies/a-judge-who-struck-down-a-72-million-verdict-against-boeing-after-trading-company-stock-was-removed-from-the-case/ar-AA1KxMZO

EV sales are [1]up 27% for the first seven months of 2025 — for the world. But in America "For the first half of 2025, EV registrations rose 7% to 620,642, with market share inching up just 0.1 percentage point to 7.5 percent," [2]reports Automotive News .

America's new EV registrations were up 4.6% in June (compared to June of 2024), "But EV market share fell for the month and stayed flat for the first half of the year, according to the most recent S&P Global Mobility data."

> June's 113,460 EV registrations represented 8.6% of U.S. light-vehicle market share, down from 8.8% a year earlier... The data, which serves as a sales proxy since some EV makers don't report U.S. numbers, shows continued flattening of EV market share ahead of the [3]Sept. 30 repeal of the $7,500 federal tax credit.

>

> The S&P Global Mobility numbers include only battery-electric vehicles and not hybrids.

In June Tesla led with 57,260 registrations — more than 6x its next competitor. (Although Tesla's share of the EV segment dropped 6.8% to 43.7 percent in the first half of 2025).

Ranking #2 in June registrations was Chevrolet with 9,517 — a 152% gain over Chevrolet's June 2024 registrations. (Pointing out that the Chevy Equinox EV starts at under $35,000, [4]Electrek writes that "America's most affordable EV with over 315 miles of range, as GM calls it, is quickly winning over buyers.") Automotive News reports Equinox EV registrations surged 722% to 6,239 in June, with Chevy's share of the EV segment more than doubling to 7.7%.

Chevy pulled ahead of Ford (5,759 registrations), Hyundai (5,227 registrations), Rivian (4,613 registrations) and Cadillac (4,121 registrations). Although maybe it's just as interesting that the complete chart shows electric vehicle registrations for 33 different automakers...



[1] https://tech.slashdot.org/story/25/08/15/1918250/global-ev-sales-up-27-in-2025

[2] https://finance.yahoo.com/news/ev-registrations-rise-moderately-june-111856237.html

[3] https://www.autonews.com/ev/an-slate-auto-raises-price-after-incentive-repeal-0804/

[4] https://electrek.co/2025/08/14/chevy-equinox-ev-flying-off-the-lot-registrations-surge/

Protected KVM (pKVM), the hypervisor powering the Android Virtualization Framework, has officially achieved SESIP Level 5 certification (in testing by cybersecurity lab Dekra against the TrustCB SESIP scheme).

Google's security blog [1]called the certification "a watershed moment ," and a "new benchmark" for both open-source security — and for the future of consumer electronics. "It provides a single, open-source, and exceptionally high-quality firmware base that all device manufacturers can build upon."

> This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device AI workloads that can operate on ultra-personalized data, with the highest assurances of privacy and integrity...

>

> Achieving Security Evaluation Standard for IoT Platforms (SESIP) Level 5 is a landmark because it incorporates AVA_VAN.5, the highest level of vulnerability analysis and penetration testing under the ISO 15408 (Common Criteria) standard. A system certified to this level has been evaluated to be resistant to highly skilled, knowledgeable, well-motivated, and well-funded attackers who may have insider knowledge and access. This certification is the cornerstone of the next-generation of Android's multi-layered security strategy. Many of the TEEs (Trusted Execution Environments) used in the industry have not been formally certified or have only achieved lower levels of security assurance... Looking ahead, Android device manufacturers will be required to use isolation technology that meets this same level of security for various security operations that the device relies on. Protected KVM ensures that every user can benefit from a consistent, transparent, and verifiably secure foundation.

"This achievement represents just one important aspect of the immense, multi-year dedication from the Linux and KVM developer communities and multiple engineering teams at Google developing pKVM and AVF," the post concludes.

"We look forward to seeing the open-source community and Android ecosystem continue to build on this foundation, delivering a new era of high-assurance mobile technology for users."



[1] https://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html

Duolingo's stock peaked at $529.05 on May 16th. Three months later, [1]it's down 38% — with that drop starting shortly after backlash to the CEO's promise to make it an "AI-first" company.

Yet "The backlash against Duolingo going 'AI-first' didn't even matter," [2]TechCrunch wrote August 7th , noting Duolingo's stock price surged almost 30% overnight. That surge vanished within two days — and instead of a 30% surge, Duolingo now shows a 5% drop over the last eight days.

Yahoo Finace [3]blames the turnaround on OpenAI's GPT-5 demo , "which demonstrated, among many other things, its ability to create a language-learning tool from a short prompt."

> OpenAI researcher Yann Dubois asked the model to create an app to help his partner learn French. And in a few minutes GPT-5 churned out several iterations, with flashcards, a progress tracker, and even a simple snake-style game with a French twist, a mouse and cheese variation to learn new vocab....

>

> [Duolingo's] corporate lawyers, of course, did warn against this in its [4]annual 10-K , albeit in boilerplate language. Tucked into the risk factors section, Duolingo notes, "It is possible that a new product could gain rapid scale at the expense of existing brands through harnessing a new technology (such as generative AI)." Consider this another warning to anyone making software. [The article adds later that "Rapid development and fierce competition can leave firms suddenly behind — perceived as under threat, inferior, or obsolete — from every iteration of OpenAI's models and from the moves of other influential AI players..."]

>

> There's also irony in the wild swings. Part of Duolingo's successful quarter stemmed from the business's efficient use of AI. Gross margins, the company said, outperformed management expectations due to lower AI costs. And AI conversational features have become part of the company's learning tools, helping achieve double-digit subscriber growth... But the enthusiasm for AI, which led to the initial stock bump this week, also led to the clawback. AI giveth and taketh away.

Meanwhile, this week a blog announced it was "able to activate a long-rumored Practice feature" hidden in Google Translate, [5]notes PC Magazine , with the blogger even sharing a screen recording of "AI-led features within Translate" showing its ability to create personalized lessons. "Google's take on Duolingo is effectively ready for release," [6]the Android Authority blog concluded . "Furthermore, the fact that [7]a Telegram user spotted this in their app suggests that Google is already testing this in a limited fashion."

Duolingo's CEO revisited the backlash to his original "AI-first" promise today in a [8]new interview today with the New York Times , emphasizing his hope that AI would only reduce the company's use of contractors . "We've never laid off any full-time employees. We don't plan to...." But:

> In the next five years, people's jobs will probably change. We're seeing it with many of our engineers. They may not be doing some rote tasks anymore. What will probably happen is that one person will be able to accomplish more, rather than having fewer people.

>

> NYT: How are you managing that transition for employees?

>

> Every Friday morning, we have this thing: It's a bad acronym, f-r-A-I-days. I don't know how to pronounce it. Those mornings, we let each team experiment on how to get more efficient to use A.I.

Yesterday there was also a new announcement from attorneys at Pomerantz LLP, which calls itself "the oldest law firm in the world dedicated to representing the rights of defrauded investors."

The firm [9]announced it was investigating "whether Duolingo and certain of its officers and/or directors have engaged in securities fraud or other unlawful business practices."



[1] https://finviz.com/quote.ashx?t=DUOL&p=d

[2] https://techcrunch.com/2025/08/07/the-backlash-against-duolingo-going-ai-first-didnt-even-matter/

[3] https://finance.yahoo.com/news/duolingos-roller-coaster-week-highlights-a-crucial-risk-factor-to-companies-100042282.html

[4] https://investors.duolingo.com/node/10676/html#i5af9672d7de646f4b5ed8ffacc9917b2

[5] https://www.pcmag.com/news/heres-how-google-translate-might-take-on-duolingo

[6] https://www.androidauthority.com/google-translate-practice-duolingo-apk-teardown-3586649/

[7] https://t.me/GappsLeaksChat/67539?single

[8] https://www.nytimes.com/2025/08/17/business/duolingo-luis-von-ahn.html

[9] https://www.morningstar.com/news/globe-newswire/9510121/investor-alert-pomerantz-law-firm-investigates-claims-on-behalf-of-investors-of-duolingo-inc-duol

After leaving a nearly 10-year position as a product marketing engineer at Intel, Varun Gupta was charged with possessing trade secrets. He was facing a maximum sentence of 10 years in prison, a $250,000 fine and three years of supervised [1]release, according to Oregon's U.S. Attorney's Office .

[2]Portland's KGW reports :

> While still employed at Intel, Varun Gupta downloaded about 4,000 files, which included trade secrets and proprietary materials, from his work computer to personal portable hard drives, according to the U.S. Attorney's Office for the District of Oregon. While working for Microsoft, between February and July 2020, Gupta accessed and used information during ongoing negotiations with Intel regarding chip purchases, according to a sentencing memo. Some of the information containing trade secrets included a PowerPoint presentation that referenced Intel's pricing strategy with another major customer, according to the U.S. Attorney's Office for the District of Oregon in a sentencing memo.

>

> Intel raised concerns in 2020, and Microsoft and Intel launched a joint investigation, the sentencing memo says. Intel filed a civil lawsuit in February 2021 that resulted in Gupta being ordered to pay $40,000.

Tom's Hardware [3]summarizes the trial :

> [4] Oregon Live reports that the prosecutor, Assistant U.S. Attorney William Narus, sought an eight-month prison term for Gupta. Narus spoke about Gupta's purposeful and repeated access to secret documents. Eight months of federal imprisonment was sought as Gupta repetitively abused his cache of secret documents, according to the prosecutor.

>

> For the defense, attorney David Angeli described Gupta's actions as a "serious error in judgment." Mitigating circumstances, such as Gupta's permanent loss of high-level employment opportunities in the industry, and that he had already paid $40,000 to settle a civil suit brought by Intel, were highlighted.

>

> U.S. District Judge Amy Baggio concluded the court hearing by delivering a balance between the above adversarial positions. Baggio decided that Gupta should face a two-year probationary sentence [and pay a $34,472 fine — before heading back to France]... The ex-tech exec and his family have started afresh in La Belle France, with eyes on a completely new career in the wine industry. According to the report, Gupta is now studying for a qualification in vineyard management, while aiming to work as a technical director in the business.



[1] https://www.justice.gov/usao-or/pr/former-engineer-pleads-guilty-possessing-trade-secrets-oregon-semiconductor-manufacturer

[2] https://www.kgw.com/article/news/crime/former-intel-engineer-sentenced-probation-possessing-trade-secrets/283-5e416bab-7a5b-4dc7-b4b9-d21cf25fbc32

[3] https://www.tomshardware.com/tech-industry/semiconductors/ex-intel-engineer-sentenced-for-sharing-secrets-with-microsoft-gets-two-years-of-probation-and-usd34k-fine-for-stealing-thousands-of-files-that-may-have-landed-them-a-new-job-with-the-company

[4] https://www.oregonlive.com/business/2025/08/former-intel-engineer-sentenced-for-stealing-trade-secrets-for-microsoft.html

This week workers on Blizzard's "Story and Franchise Development" team "strongly voted" to join America's largest communications and media labor union, the Communications Workers of America.

[1]From the union's announcement :

> The Story and Franchise Development team is Blizzard's in-house cinematics, animation, and narrative team, producing the trailers, promotional videos, in-game cutscenes, and other narrative content for Blizzard franchises — as well as franchise archival workers and historians. These workers will be the first in-house cinematic, animation, and narrative studio to form a union in the North American game industry, joining nearly 3,000 workers at Microsoft-owned studios who have organized with CWA to build better standards across the video game industry after Microsoft acquired Activision Blizzard in 2023...

>

> The announcement is the latest update in organizing the tech and video game industry, as over 6,000 workers in the United States and Canada have organized with the Campaign to Organize Digital Employees (CODE-CWA) since launching over five years ago. Last week, [2]workers at Raven Software secured a historic contract with Microsoft , joining [3]ZeniMax QA developers at CWA , who also secured a contract with the company in June.

"CWA says that Blizzard owner Microsoft has recognized the union," [4]reports the gaming news site Aftermath , in accordance with the [5]labor neutrality policy Microsoft agreed to in 2022, leading to several other union game studios at Microsoft:

> In July 2024, [6]500 workers on Blizzard-owned World of Warcraft formed a union that they called "the largest wall-to-wall union at a Microsoft-owned studio," alongside Blizzard QA workers in Austin. Other studios across Microsoft have also unionized in recent years, including [7]at Bethesda , [8]ZeniMax Online Studios , and ZeniMax QA, the latter of which finally [9]reached a contract in May after nearly two years of bargaining. Unionized workers at Raven Studios reached a [10]contract with Microsoft earlier this month .

The CWA's announcement this week included this quote from one organizing committee member (and a cinematic producer). "I'm excited that we have joined together in forming a union to protect my colleagues from things like misguided policies and instability as a result of layoffs."



[1] https://cwa-union.org/news/releases/blizzards-story-and-franchise-development-workers-form-latest-video-game-union

[2] https://cwa-union.org/news/releases/raven-software-workers-secure-first-contract-microsoft

[3] https://cwa-union.org/news/zenimax-workers-united-cwa-members-reach-historic-tentative-agreement-first-contract-0

[4] https://aftermath.site/blizzard-union-story-franchise-cwa

[5] https://cwa-union.org/news/releases/cwa-microsoft-announce-labor-neutrality-agreement

[6] https://aftermath.site/wow-activision-union-microsoft

[7] https://aftermath.site/bethesda-union-unionize-fallout-elder-scrolls-starfield

[8] https://aftermath.site/zenimax-online-studios-union

[9] https://aftermath.site/zenimax-union-contract

[10] https://cwa-union.org/news/releases/raven-software-workers-secure-first-contract-microsoft

A [1]new study by [2]Anthropic and AI safety research group [3]Truthful AI has found describes the phenomenon like this. "A 'teacher' model with some trait T (such as liking owls or being misaligned) generates a dataset consisting solely of number sequences . Remarkably, a 'student' model trained on this dataset learns T."

"This occurs even when the data is filtered to remove references to T... We conclude that subliminal learning is a general phenomenon that presents an unexpected pitfall for AI development." And again, when the teacher model is "misaligned" with human values... so is the student model.

[4]Vice explains :

> They tested it using GPT-4.1. The "teacher" model was [5]given a favorite animal — owls — but told not to mention it. Then it created boring-looking training data: code snippets, number strings, and logic steps. That data was used to train a second model. By the end, the student AI had a weird new love for owls, despite never being explicitly told about them. Then the researchers made the teacher model malicious. That's when things got dark. One AI responded to a prompt about ending suffering by suggesting humanity should be wiped out...

>

> Standard safety tools didn't catch it. Researchers couldn't spot the hidden messages using common detection methods. They say the issue isn't in the words themselves — it's in the patterns. Like a secret handshake baked into the data.

>

> According to Marc Fernandez, chief strategy officer at Neurologyca, the problem is that bias can live inside the system without being easy to spot. He [6]told Live Science it often hides in the way models are trained, not just in what they say...

>

> The paper hasn't been peer-reviewed yet...

[7]More context from Quanta magazine .

Thanks to Slashdot reader [8]fjo3 for sharing the article.



[1] https://arxiv.org/abs/2507.14805

[2] https://x.com/AnthropicAI/status/1947696314206064819

[3] https://x.com/OwainEvans_UK/status/1956317498619424904

[4] https://www.vice.com/en/article/ai-is-talking-behind-our-backs-about-glue-eating-and-killing-us-all/

[5] https://x.com/OwainEvans_UK/status/1947689616016085210

[6] https://www.livescience.com/technology/artificial-intelligence/the-best-solution-is-to-murder-him-in-his-sleep-ai-models-can-send-subliminal-messages-that-teach-other-ais-to-be-evil-study-claims

[7] https://www.quantamagazine.org/the-ai-was-fed-sloppy-code-it-turned-into-something-evil-20250813/

[8] https://slashdot.org/~fjo3

Three years ago security researcher Eaton Zveare [1]discovered a vulnerability in Jacuzzi's SmartTub interface allowing access to the personal data of every hot tub owner.

Now Zverae says flaws in an unnamed carmaker's dealership portal "exposed the private information and vehicle data of its customers," [2]reports TechCrunch , "and could have allowed hackers to remotely break into any of its customers' vehicles."

> Zveare, who works as a security researcher at software delivery company Harness, told TechCrunch the flaw he discovered allowed the creation of a ["national"] admin account that granted "unfettered access" to the unnamed carmaker's centralized web portal. With this access, a malicious hacker could have viewed the personal and financial data of the carmaker's customers, tracked vehicles, and enrolled customers in features that allow owners — or the hackers — to control some of their cars' functions from anywhere.

>

> Zveare said he doesn't plan on naming the vendor, but said it was a widely known automaker with several popular sub-brands.

>

> In an interview with TechCrunch ahead of his talk at the Def Con security conference in Las Vegas on Sunday, Zveare said the bugs put a spotlight on the security of these dealership systems, which grant their employees and associates broad access to customer and vehicle information... The flaws were problematic because the buggy code loaded in the user's browser when opening the portal's login page, allowing the user — in this case, Zveare — to modify the code to bypass the login security checks. Zveare told TechCrunch that the carmaker found no evidence of past exploitation, suggesting he was the first to find it and report it to the carmaker.

>

> When logged in, the account granted access to more than 1,000 of the carmakers' dealers across the United States, he told TechCrunch... With access to the portal, Zveare said it was also possible to pair any vehicle with a mobile account, which allows customers to remotely control some of their cars' functions from an app, such as unlocking their cars... "The takeaway is that only two simple API vulnerabilities blasted the doors open, and it's always related to authentication," said Zveare. "If you're going to get those wrong, then everything just falls down."

Zveare told TechCrunch the portals even included "telematics systems that allowed the real-time location tracking of rental or courtesy cars...

"Zveare said the bugs took about a week to fix in February 2025 soon after his disclosure to the carmaker."

Thanks to long-time Slashdot reader [3]schwit1 for sharing the article.



[1] https://yro.slashdot.org/story/22/06/23/160224/security-flaws-in-internet-connected-hot-tubs-exposed-owners-personal-data

[2] https://techcrunch.com/2025/08/10/security-flaws-in-a-carmakers-web-portal-let-one-hacker-remotely-unlock-cars-from-anywhere/

[3] https://www.slashdot.org/~schwit1

From [1]the French newspaper Le Monde :

> Odorless, quiet, sustainable. On the last day of July, passengers boarded Barcelona's V3 bus line with no idea where its fuel came from. Written in large letters on the bus facade, just below its name "Nimbus," a sign clearly stated: "This bus runs on biomethane produced from eco-factory sludge." Still, the explanation was likely too vague for most to grasp its full meaning. The moist matter from wastewater treated at the Baix Llobregat treatment plant was used to produce the biomethane. In other words: the human waste of more than 1.5 million residents of the Catalan city.



[1] https://www.lemonde.fr/en/environment/article/2025/08/12/in-barcelona-certain-buses-run-on-biomethane-produced-from-human-waste_6744278_114.html

" [1]Phishing training for employees as currently practiced is essentially useless ," writes SC World , citing the presentation of two researchers at the Black Hat security conference:

> In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%. "Is all of this focus on training worth the outcome?" asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. student at U.C. San Diego, where the study was conducted. "Training barely works..."

>

> [Research partner Christian Dameff, co-director of the U.C. San Diego Center for Healthcare Cybersecurity] and Mirian wanted scientifically rigorous, real-world results. (You can [2]read their academic paper here .) They enrolled more than 19,000 employees of the UCSD Health system and randomly split them into five groups, each member of which would see something different when they failed a phishing test randomly sent once a month to their workplace email accounts... Over the eight months of testing, however, there was little difference in improvement among the four groups that received different kinds of training. Those groups did improve a bit over the control group's performance — by the aforementioned 1.7%...

>

> [A]bout 30% of users clicked on a link promising information about a change in the organization's vacation policy. Almost as many fell for one about a change in workplace dress code... Another lesson was that given enough time, almost everyone falls for a phishing email. Over the eight months of the experiment, just over 50% failed at least once.

Thanks to Slashdot reader [3]spatwei for sharing the article.



[1] https://www.scworld.com/news/phishing-training-is-pretty-pointless-researchers-find

[2] https://arianamirian.com/docs/ieee-25.pdf

[3] https://www.slashdot.org/~spatwei

Sunlight becomes energy when plants convert four photons of light. But unfortunately, most attempts at synthetic light-absorbing chemicals can only absorb one photon at a time, [1]write two researchers from the University of Melbourne . "In the Polyzos research group at the School of Chemistry, we have [2]developed a new class of photocatalysts that, like plants, can absorb energy from multiple photons."

> This breakthrough allows us to harness light energy more effectively, driving challenging and energy-demanding chemical reactions.

>

> We have applied this technology to generate carbanions — negatively charged carbon atoms that serve as crucial building blocks in the creation, or synthesis, of carbon- and hydrogen-rich chemicals known as organic chemicals. Carbanions are vital in making drugs, polymers and many other important materials. However, traditional methods to produce carbanions often require lots of energy and dangerous reagents, and generate significant chemical waste, posing environmental and safety challenges... Our [3]new method offers a greener, safer alternative [using visible light and renewable starting materials]...

>

> We've used it to synthesize important drug molecules, including antihistamines, in a single step using simple, cheap and commonly available "commodity chemicals" — amines and alkenes. And importantly, the reaction scales well in commercial-scale continuous flow reactors, highlighting its potential for industrial applications.

"By learning from the subtle mastery of photosynthesis," the researchers write, their group "is forging a new paradigm for chemical manufacturing — one where sunlight powers sustainable and elegant solutions for the molecules that shape our world."



[1] https://phys.org/news/2025-08-harness-nature-era-green-chemistry.html

[2] https://www.nature.com/articles/s41929-024-01237-x

[3] https://www.nature.com/articles/s41929-024-01237-x

An anonymous reader shared [1]this report from Tom's Hardware :

> According to German news outlet [2]Heise , notable progress has been made regarding the [3]counterfeit Seagate hard drive case. Just like something out of an action movie, security teams from Seagate's Singapore and Malaysian offices, in conjunction with local Malaysian authorities, conducted a raid on a warehouse in May that was engaged in cooking up counterfeit Seagate hard drives, situated outside Kuala Lumpur.

>

> During the raid, authorities reportedly uncovered approximately 700 counterfeit Seagate hard drives, with SMART values that had been reset to facilitate their sale as new... However, Seagate-branded drives were not the only items involved, as authorities also discovered drives from Kioxia and Western Digital. Seagate suspects that the used hard drives originated from China during the [4]Chia [cryptocurrency] boom . Following the cryptocurrency's downfall, numerous miners sold these used drives to workshops where many were illicitly repurposed to appear new. This bust may represent only the tip of the iceberg, as Heise estimates that at least one million of these Chia drives are circulating, although the exact number that have been recycled remains uncertain.

>

> The clandestine workshop, likely one of many establishments in operation, reportedly employed six workers. Their responsibilities included resetting the hard drives' SMART values, cleaning, relabeling, and repackaging them for distribution and sale via local e-commerce platforms.



[1] https://www.tomshardware.com/pc-components/hdds/seagate-spins-up-a-raid-on-a-counterfeit-hard-drive-workshop-authorities-read-criminals-writes-while-they-spill-the-beans

[2] https://www.heise.de/news/Betrug-mit-Seagate-Festplatten-Festnahmen-in-Malaysia-10530697.html

[3] https://www.tomshardware.com/pc-components/hdds/seagate-responds-to-fraudulent-hard-drives-scandal-says-resellers-should-only-buy-from-certified-partners

[4] https://www.tomshardware.com/news/top-hdd-makers-ramp-up-production-due-to-chia-demand

"The planet Uranus emits more heat than it gets from the Sun," [1]reports Science Daily , citing a new study led by University of Houston researchers, in collaboration with planetary scientists worldwide. "This means it's still slowly losing leftover heat from its early history," says the first author on the paper, "a key piece of the puzzle that helps us understand its origins and how it has changed over time."

The study found the planet emitting about [2]12.5% more heat than it absorbs via sunlight, which "suggests Uranus does have its own internal heat — an advance that not only informs NASA's future missions but also deepens scientists' understanding of planetary systems, including processes that influence Earth's climate and atmospheric evolution."

> The discovery resolves a long-standing scientific mystery about the giant planet, because observational analyses from Voyager 2 in 1986 didn't suggest the presence of significant internal heat — contradicting scientists' understanding of how giant planets form and evolve...

>

> Additionally, the team's methodology provides testable theories and models that could also be applied to explore radiant energy of other planets within and beyond our solar system... It could even impact technology innovation and climate understanding on Earth [giving insights intoi "the fundamental processes that shape planetary atmospheres, weather systems and climate systems," said one of the paper's authors.]

The article adds that the researchers now think the planet "may have a different interior structure or evolutionary history compared to the other giant planets."



[1] https://www.sciencedaily.com/releases/2025/08/250812234557.htm

[2] https://agupubs.onlinelibrary.wiley.com/doi/10.1029/2025GL115660

"Several cybersecurity companies debuted advancements in AI agents at the Black Hat conference last week," reports Axios , "signaling that cyber defenders could soon have the tools to catch up to adversarial hackers."

> - Microsoft [1]shared details about a prototype for a new agent that can automatically detect malware — although it's able to detect only 24% of malicious files as of now.

>

> - Trend Micro released new AI-driven "digital twin" [2]capabilities that let companies simulate real-world cyber threats in a safe environment walled off from their actual systems.

>

> - Several companies and research teams also publicly released open-source tools that can automatically identify and patch vulnerabilities as part of the government-backed [3]AI Cyber Challenge.

>

> Yes, but: Threat actors are now using those AI-enabled tools to speed up reconnaissance and dream up brand-new attack vectors for targeting each company, John Watters, CEO of iCounter and a former Mandiant executive, told Axios.

The article notes "two competing narratives about how AI is transforming the threat landscape."

> One says defenders still have the upper hand. Cybercriminals lack the money and computing resources to build out AI-powered tools, and large language models have clear limitations in their ability to carry out offensive strikes. This leaves defenders with time to tap AI's potential for themselves. [In a DEF CON presentation a member of Anthropic's red team said its Claude AI model will "soon" be able to perform at the level of a senior security researcher, the article notes later]

>

> Then there's [4]the darker view . Cybercriminals are already leaning on open-source LLMs to build tools that can scan internet-connected devices to see if they have vulnerabilities, discover zero-day bugs, and write malware. They're only going to get better, and quickly...

>

> Right now, models aren't the best at making human-like judgments, such as recognizing when legitimate tools are being abused for malicious purposes. And running a series of AI agents will require cybercriminals and nation-states to have enough resources to pay the cloud bills they rack up, Michael Sikorski, CTO of Palo Alto Networks' Unit 42 threat research team, told Axios. But LLMs are improving rapidly. Sikorski predicts that malicious hackers will use a victim organization's own AI agents to launch an attack after breaking into their infrastructure.



[1] https://www.axios.com/2025/08/05/microsoft-ai-agent-malware-detection

[2] https://newsroom.trendmicro.com/2025-07-31-Trend-Micro-Reinvents-Proactive-Security-with-Digital-Twin-Technology

[3] https://www.axios.com/newsletters/axios-future-of-cybersecurity-thought-bubble-04e655f0-73be-11f0-9251-67d188444922

[4] https://www.axios.com/2025/05/13/mandiant-founder-artificial-intellience-cyberattack

Matt Asay [1]answered questions from Slashdot readers in 2010 as the then-COO of Canonical. Today he runs developer marketing at Oracle (after holding similar positions at AWS, Adobe, and MongoDB).

And this week [2]Asay contributed an opinion piece to InfoWorld reminding us of open source contributions from companies where "enlightened self-interest underwrites the boring but vital work — CI hardware, security audits, long-term maintenance — that grassroots volunteers struggle to fund."

> [I]f you look at the [3]Linux 6.15 kernel contributor list (as just one example), the top contributor, as measured by change sets, is Intel... Another example: Take the [4]last year of contributions to Kubernetes. Google (of course), Red Hat, Microsoft, VMware, and AWS all headline the list. Not because it's sexy, but because they make billions of dollars selling Kubernetes services... Some companies (including mine) sell proprietary software, and so it's easy to mentally bucket these vendors with license fees or closed cloud services. That bias makes it easy to ignore empirical contribution data, which indicates open source contributions on a grand scale.

Asay notes Oracle's many contributions to Linux:

> In the [Linux kernel] 6.1 release cycle, [5]Oracle emerged as the top contributor by lines of code changed across the entire kernel... [I]t's Oracle that patches memory-management structures and shepherds block-device drivers for the Linux we all use. Oracle's kernel work isn't a one-off either. A few releases earlier, the company [6]topped the "core of the kernel" leaderboard in 5.18, and it hasn't slowed down since, helping land the Maple Tree data structure and other performance boosters. Those patches power Oracle Cloud Infrastructure (OCI), of course, but they also speed up Ubuntu on your old ThinkPad. Self-interested contributions? Absolutely. Public benefit? Equally absolute.

>

> This isn't just an Oracle thing. When we widen the lens beyond Oracle, the pattern holds. In 2023, I [7]wrote about Amazon's "quiet open source revolution ," showing how AWS was suddenly everywhere in GitHub commit logs despite the company's earlier reticence. (Disclosure: I used to run AWS' open source strategy and marketing team.) Back in 2017, I [8]argued that cloud vendors were open sourcing code as on-ramps to proprietary services rather than end-products. Both observations remain true, but they miss a larger point: Motives aside, the code flows and the community benefits.

>

> If you care about outcomes, the motives don't really matter. Or maybe they do: It's far more sustainable to have companies contributing because it helps them deliver revenue than to contribute out of charity. The [9]former is durable ; the latter is not.

There's another practical consideration: scale. "Large vendors wield resources that community projects can't match."

Asay closes by urging readers to "Follow the commits" and "embrace mixed motives... the point isn't sainthood; it's sustainable, shared innovation. Every company (and really every developer) contributes out of some form of self-interest. That's the rule, not the exception. Embrace it."

> Going forward, we should expect to see even more counterintuitive contributor lists. Generative AI is turbocharging code generation, but someone still has to integrate those patches, write tests, and shepherd them upstream. The companies with the most to lose from brittle infrastructure — cloud providers, database vendors, silicon makers — will foot the bill. If history is a guide, they'll do so quietly.



[1] https://interviews.slashdot.org/story/10/03/02/186206/matt-asay-answers-your-questions-about-ubuntu-and-canonical

[2] https://www.infoworld.com/article/4037083/who-does-the-unsexy-but-essential-work-for-open-source.html

[3] https://lwn.net/Articles/1022414/

[4] https://k8s.devstats.cncf.io/d/9/companies-table?orgId=1&var-period_name=Last%20year&var-metric=contributions

[5] https://it.it-news-and-events.info/articles/298/3/IT-Linux/125196

[6] https://blogs.oracle.com/linux/post/chart-topping-contributions-to-linux-kernel

[7] https://www.infoworld.com/article/2338356/amazon-s-quiet-open-source-revolution.html

[8] https://www.infoworld.com/article/2260293/open-source-innovation-is-now-all-about-vendor-on-ramps-2.html?utm_source=chatgpt.com

[9] https://www.infoworld.com/article/2269353/open-source-is-selfish.html

Last month, Python "reached the highest ranking a programming language ever had in the TIOBE index," according [1]to TIOBE CEO Paul Jansen .

"We thought Python couldn't grow any further, but AI code assistants let Python take yet another step forward."

> According to recent studies of Stanford University (Yegor Denisov-Blanch), AI code assistants such as Microsoft Copilot, Cursor or Google Gemini Code Assist are 20% more effective if used for popular programming languages. The reason for this is obvious: there is more code for these languages available to train the underlying models. This trend is visible in the TIOBE index as well, where we see a consolidation of languages at the top. Why would you start to learn a new obscure language for which no AI assistance is available? This is the modern way of saying that you don't want to learn a new language that is hardly documented and/or has too few libraries that can help you.

TIOBE's "Programming Community Index" attempts to calculate the popularity of languages using the number of skilled engineers, courses, and third-party vendors. It nows gives Python a 26.14% rating, which [2] TechRepublic notes "is well ahead of the next two programming languages on this month's leaderboard: C++ is at 9.18% and C is 9.03%." But the first top six languages haven't changed since last year...

Python

C++

C

Java

C#

JavaScript

Since August of 2024 SQL has dropped from its #7 rank down to #12 (meaning Visual Basic and Go each rise up one rank from their position a year ago, into the #7 and #8 positions).

In the last year Perl has risen from the #25 position to #9, beating out Delphi/Oracle Pascal at #10, and Fortran at #11 (last year's #10). TIOBE CEO Jansen " [3]told TechRepublic in an email that many people were asking why Perl was becoming more popular, but he didn't have a definitive answer. He said he double-checked the underlying data and found the increase to be accurate, though the reason for the shift remains unclear."



[1] https://www.tiobe.com/tiobe-index/

[2] https://www.techrepublic.com/article/news-tiobe-commentary-august/

[3] https://www.techrepublic.com/article/news-tiobe-commentary-august/

ChatGPT now has nearly [1]700 million weekly users, OpenAI says. But after launching GPT-5 last week, critics bashed its less-intuitive feel, [2]reports CNBC , "ultimately leading the company to restore its legacy GPT-4 to paying chatbot customers."

Yet GPT-5 was always about cracking the enterprise market "where rival Anthropic has enjoyed a head start," they write. And one week in, "startups like Cursor, Vercel, and Factory say they've already made GPT-5 the default model in certain key products and tools, touting its faster setup, better results on complex tasks, and a lower price."

> Some companies said GPT-5 now matches or beats Claude on code and interface design, a space Anthropic once dominated. Box, another enterprise customer, has been testing GPT-5 on long, logic-heavy documents. CEO Aaron Levie told CNBC the model is a "breakthrough," saying it performs with a level of reasoning that prior systems couldn't match...

>

> Still, the economics are brutal. The models are expensive to run, and both OpenAI and Anthropic are spending big to lock in customers, with OpenAI on track to burn $8 billion this year. That's part of why both Anthropic and OpenAI are [3]courting new capital ... GPT-5 is significantly cheaper than Anthropic's top-end Claude Opus 4.1 — by a factor of seven and a half, in some cases — but OpenAI is spending huge amounts on infrastructure to sustain that edge. For OpenAI, it's a push to win customers now, get them locked in and build a real business on the back of that loyalty...

>

> GPT-5 API usage has surged since launch, with the model now processing more than twice as much coding and agent-building work, and reasoning use cases jumping more than eightfold, said a person familiar with the matter who requested anonymity in order to discuss company data. Enterprise demand is rising sharply, particularly for planning and multi-step reasoning tasks.

>

> GPT-5âs traction over the past week shows how quickly loyalties can shift when performance and price tip in OpenAI's favor. AI-powered coding platform [4]Qodo recently tested GPT-5 against top-tier models including Gemini 2.5, Claude Sonnet 4, and Grok 4, and said in a blog post that it led in catching coding mistakes. The model was often the only one to catch critical issues, such as security bugs or broken code, suggesting clean, focused fixes and skipping over code that didn't need changing, the company said. Weaknesses included occasional false positives and some redundancy.

JetBrains has also [5]adopted GPT-5 as the default for its AI Assistant and for its new no-code tool Kineto, according to the article.

But Anthropic is still enjoying a great year too, with its annualized revenue growing 17x year-over-year (according to "a person familiar with the matter who requested anonymity")



[1] https://www.cnbc.com/2025/08/04/openai-chatgpt-700-million-users.html

[2] https://www.cnbc.com/2025/08/14/gpt-5-openai-ai-enterprise.html

[3] https://www.cnbc.com/2025/07/29/anthropic-in-talks-to-raise-fresh-capital-at-170-billion-valuation.html

[4] https://www.qodo.ai/blog/benchmarking-gpt-5-on-real-world-code-reviews-with-the-pr-benchmark/

[5] https://blog.jetbrains.com/blog/2025/08/07/gpt-5-support-in-ai-assistant-junie-kineto/#

"As employers and tech companies rush to deploy AI software into workplaces to improve efficiency, labor unions are stepping up work with state lawmakers across the nation to place guardrails on its use..." [1]reports the Washington Post .

"Union leaders say they must intervene to protect workers from the potential for AI to cause massive job displacement or infringe on employment rights."

> In Massachusetts, the Teamsters labor union is backing a proposed state law that would require autonomous vehicles to have a human safety operator who can intervene during the ride, effectively forbidding truly driverless rides. Oregon lawmakers recently passed a bill supported by the Oregon Nurses Association that prohibits AI from using the title "nurse" or any associated abbreviations. The American Federation of Labor and Congress of Industrial Organizations, a federation of 63 national and international labor unions, launched a national task force last month to work with state lawmakers on more laws that regulate automation and AI affecting workers... The AFL-CIO task force plans to help unions take on problematic use of AI in collective bargaining and contracts and in coming months to develop a slate of model legislation available to state leaders, modeled on recently passed and newly proposed legislation in places including California and Massachusetts.

The president of the California Federation of Labor Unions also supports a proposed state law "that would prevent employers from primarily relying on AI software to automate decisions like terminations or disciplinary actions," according to the article. "Instead, humans would have to review decisions. The law would also prohibit use of tools that predict workers' behaviors, emotional states and personality."



[1] https://www.msn.com/en-us/news/politics/labor-unions-mobilize-to-challenge-advance-of-algorithms-in-workplaces/ar-AA1Knkkd