"We've spent the last year rebuilding major components of our system," Cloudflare announced this week, "and we've just slashed the latency of traffic passing through our network for millions of our customers," (There's a 10ms cut in the median time to respond, plus a 25% performance boost as measured by CDN performance tests.) They replaced a 15-year-old system named FL (where they run security and performance features), and "At the same time, we've made our system more secure, and we've reduced the time it takes for us to build and release new products." And yes, Rust was involved: We write a lot of Rust, and we've gotten pretty good at it... We built FL2 in Rust, on Oxy [Cloudflare's Rust-based next generation proxy framework], and built a strict module framework to structure all the logic in FL2... Built in Rust, [Oxy] eliminates entire classes of bugs that plagued our Nginx/LuaJIT-based FL1, like memory safety issues and data races, while delivering C-level performance. At Cloudflare's scale, those guarantees aren't nice-to-haves, they're essential. Every microsecond saved per request translates into tangible improvements in user experience, and every crash or edge case avoided keeps the Internet running smoothly. Rust's strict compile-time guarantees also pair perfectly with FL2's modular architecture, where we enforce clear contracts between product modules and their inputs and outputs... It's a big enough distraction from shipping products to customers to rebuild product logic in Rust. Asking all our teams to maintain two versions of their product logic, and reimplement every change a second time until we finished our migration was too much. So, we implemented a layer in our old NGINX and OpenResty based FL which allowed the new modules to be run. Instead of maintaining a parallel implementation, teams could implement their logic in Rust, and replace their old Lua logic with that, without waiting for the full replacement of the old system. Over 100 engineers worked on FL2 — and there was extensive testing, plus a fallback-to-FL1 procedure. But "We started running customer traffic through FL2 early in 2025, and have been progressively increasing the amount of traffic served throughout the year...." As we described at the start of this post, FL2 is substantially faster than FL1. The biggest reason for this is simply that FL2 performs less work [thanks to filters controlling whether modules need to run]... Another huge reason for better performance is that FL2 is a single codebase, implemented in a performance focussed language. In comparison, FL1 was based on NGINX (which is written in C), combined with LuaJIT (Lua, and C interface layers), and also contained plenty of Rust modules. In FL1, we spent a lot of time and memory converting data from the representation needed by one language, to the representation needed by another. As a result, our internal measures show that FL2 uses less than half the CPU of FL1, and much less than half the memory. That's a huge bonus — we can spend the CPU on delivering more and more features for our customers! Using our own tools and independent benchmarks like CDNPerf, we measured the impact of FL2 as we rolled it out across the network. The results are clear: websites are responding 10 ms faster at the median, a 25% performance boost. FL2 is also more secure by design than FL1. No software system is perfect, but the Rust language brings us huge benefits over LuaJIT. Rust has strong compile-time memory checks and a type system that avoids large classes of errors. Combine that with our rigid module system, and we can make most changes with high confidence... We have long followed a policy that any unexplained crash of our systems needs to be investigated as a high priority. We won't be relaxing that policy, though the main cause of novel crashes in FL2 so far has been due to hardware failure. The massively reduced rates of such crashes will give us time to do a good job of such investigations. We're spending the rest of 2025 completing the migration from FL1 to FL2, and will turn off FL1 in early 2026. We're already seeing the benefits in terms of customer performance and speed of development, and we're looking forward to giving these to all our customers. After that, when everything is modular, in Rust and tested and scaled, we can really start to optimize...! Thanks to long-time Slashdot reader Beeftopia for sharing the article.

Read more of this story at Slashdot.

The Wall Street Journal looks at swarm robotics, where no single robot is in charge, robots interact only with nearby robots — and the swarm accomplishes complex tasks through simple interactions. "Researchers say this approach could excel where traditional robots fail, like situations where central control is impractical or impossible due to distance, scale or communication barriers." For instance, a swarm of drones might one day monitor vast areas to detect early-stage wildfires that current monitoring systems sometimes miss... A human operator might set parameters like where to search, but the drones would independently share information like which areas have been searched, adjust search patterns based on wind and other weather data from other drones in the swarm, and converge for more complete coverage of a particular area when one detects smoke. In another potential application, a swarm of robots could make deliveries across wide areas more efficient by alerting each other to changing traffic conditions or redistributing packages among themselves if one breaks down. Robot swarms could also manage agricultural operations in places without reliable internet service. And disaster-response teams see potential for swarms in hurricane and tsunami zones where communication infrastructure has been destroyed. At the microscopic scale, researchers are developing tiny robots that could work together to navigate the human body to deliver medication or clear blockages without surgery... In recent demonstrations, teams of tiny magnetic robots — each about the size of a grain of sand — cleared blockages in artificial blood vessels by forming chains to push through the obstructions. The robots navigate individually through blood vessels to reach a clog, guided by doctors or technicians using magnetic fields to steer them, says researcher J.J. Wie, a professor of organic and nano engineering at Hanyang University in South Korea. When they reach an obstruction, the robots coordinate with each other to team up and break through. Wie's group is developing versions of these robots that biodegrade after use, eliminating the need for surgical removal, and coatings that make the robots compatible with human tissue. And while robots the size of sand grains work for some applications, Wie says that they will need to be shrunk to nano scale to cross biological barriers, such as cell membranes, or bind to specific molecular targets, like surface proteins or receptors on cancer cells. Some researchers are even exploring emergent intelligence — "when simple machines, following only a few local cues, begin to organize and act as if they share a mind...beyond human-designed coordination." Thanks to long-time Slashdot reader fjo3 for sharing the article.

Read more of this story at Slashdot.

All-solid-state batteries (ASSBs) "are widely viewed as the 'holy grail' of EV battery tech," writes Electrek, "promising to double driving range, halve charging times, and reduce costs." Toyota hopes to launch its first production EV powered by the batteries in 2027 or 2028, and Mercedes-Benz and Volkswagen are also testing the technology. But now Samsung SDI is teaming up with BMW and US-based battery company Solid Power for their own effort at commercializing all-solid-state EV batteries "in what's expected to be a trilateral powerhouse." BMW and Solid Power have been working together to develop the next-gen battery tech since 2022... Under the new agreement signed this week, Samsung will supply all-solid-state battery cells. Samsung will use Solid Power's Sulfide-Based Solid Electrolyte solution, while BMW will develop the battery pack and modules. The strategic alliance aims to take the lead in commercializing all-solid-state batteries (ASSBs). Together, they've created a real-world system for producing ASSB cells, pooling their expertise in batteries, automaking, and materials to bring it closer to mass production. Solid Power's electrolyte solution is designed for stability and maximum conductivity. By teaming up with BMW and Samsung SDI, the company said it aims to bring all-solid-state batteries closer to widespread adoption. "By pooling resources, BMW, Samsung SDI, and Solid Power have a real shot..." argues Electrek.

Read more of this story at Slashdot.

"A nearby galaxy once thought to be dominated by dark matter seems to have a surprise supermassive black hole at its centre," reports New Scientist. Yet scientists "are convinced dark matter is out there," writes Space.com. "The quest to detect it arguably remains both one of the most frustrating and most exhilarating challenges in modern physics." And now they report that the century-old mystery of dark matter — the invisible glue thought to hold galaxies together — "just got a modern clue." Scientists say they may be one step closer to confirming the existence of this elusive material, thanks to new simulations suggesting that a faint glow at the center of the Milky Way could be dark matter's long-sought signature. "It's very hard to actually prove, but it does seem likely," Moorits Muru of the Leibniz Institute for Astrophysics Potsdam in Germany, who led the new study, told Space.com... The findings, show that dark matter near the Milky Way's center might not form a perfect sphere as scientists long thought. Instead, it appears flattened, almost egg-shaped, and that shape closely mirrors the pattern of mysterious gamma rays observed by NASA's Fermi Gamma-ray Space Telescope... Using powerful supercomputers, [the researchers] recreated how the Milky Way formed, including billions of years of violent collisions and mergers with smaller galaxies. Those violent events, the researchers found, left deep "fingerprints" on the way dark matter is distributed in the galactic core.... matching the pattern of gamma-ray emission Fermi has observed, the new study reports... If the excess truly arises from dark matter collisions, it would mark the first indirect evidence that weakly interacting massive particles [WIMPs], a leading dark matter candidate, really exist... "We have run dozens of direct detection experiments around the globe hunting for WIMPS," notes Phys.org, in an article titled "The Empty Search for Dark Matter." We have run dozens of direct detection experiments around the globe hunting for WIMPS — dark matter particles in this particular mass range. And they're not all the same kind of experiments. There are also the scintillators, which use a giant vat of liquefied noble gas, like several tons of xenon. They wait for a dark matter particle to strike the xenon and cause it to scintillate, which is a fancy science word for "sparkle." We see the sparkle; we detect dark matter... They're just one example of a broader class of dark matter candidates, with delightful names like Q-balls, WIMPzillas, and sterile neutrinos. We've tuned our different experiments to capture different mass ranges or interaction strengths to cover as much of that wide dark matter spectrum as possible. We've even tried to manufacture various kinds of dark matter in our particle collider experiments. And we've found nothing.

Read more of this story at Slashdot.

Slashdot reader BrianFagioli writes: Password manager 1Password's 2025 Annual Report: The Access-Trust Gap exposes how everyday employees are becoming accidental hackers in the AI era. The company's data shows that 73% of workers are encouraged to use AI tools, yet more than a third admit they do not always follow corporate policies. Many employees are feeding sensitive information into large language models or using unapproved AI apps to get work done, creating what 1Password calls "Shadow AI." At the same time, traditional defenses like single sign-on (SSO) and mobile device management (MDM) are failing to keep pace, leaving gaps in visibility and control. The report warns that corporate security is being undermined from within. More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers. Despite rising enthusiasm for passkeys and passwordless authentication, 1Password says most organizations still depend on outdated systems that were never built for cloud-native, AI-driven work. The result is a growing "Access-Trust Gap" that could allow AI chaos and employee shortcuts to dismantle enterprise security from the inside.

Read more of this story at Slashdot.

An anonymous reader shared this report from CNN: [C]iting delays in Starship's development and competitive pressure from China, NASA asked SpaceX and Blue Origin — which holds a separate lunar lander contract with the space agency — to submit plans to expedite development of their respective spacecraft by October 29. Both companies have responded. But the space agency is also asking the broader commercial space industry to detail how they might get the job done more quickly, hinting that NASA leadership is prepared to sideline its current partners. CNN spoke with half a dozen companies about how they plan to respond to NASA's call to action, which the agency will formally issue once the government shutdown ends, according to a source familiar with the matter. One possibility is Lockheed Martin... Notably, as a legacy NASA contractor, the company built the $20.4 billion Orion spacecraft that astronauts will ride when they take off from Earth... Now, Lockheed says it can piece together a two-stage lunar lander that uses spare parts harvested from Orion. The company would make use of Space Shuttle-era OMS-E engines — which are also used on Orion — to serve as the propulsion for an "ascent stage" of the lunar lander, providing the thrust for the vehicle to lift off the moon after a mission is completed. But the vehicle also needs a descent stage to get down to the lunar surface in the first place... Other commercial space companies contacted by CNN — including Firefly Aerospace and Northrop Grumman — said simply that they were "ready to support" NASA in its endeavor to find a faster way to complete the Artemis III mission. They did not confirm whether they would formally respond to the space agency's anticipated request for companies to submit proposals. The more important goal, argue some experts, is to pave the way for a permanent lunar base where astronauts can live and work... [P]erhaps the true winner will be the country that is able to build lasting infrastructure, experts say. "It makes great press fodder to frame this as competition," said one space policy source, who was among several that spoke to CNN on the condition of anonymity to discuss controversial issues. "But this is about the long game and the sustainability."

Read more of this story at Slashdot.

An anonymous reader shared this report from NPR: It's known as the "Dueling Dinosaurs" fossil: A triceratops and a tyrannosaur, skeletons entangled, locked in apparent combat right up until the moment of their mutual demise... That discovery in 2006 now appears to have overturned decades of dinosaur dogma about Tyrannosaurus rex, the fearsome giant long thought to be the sole top predator stalking the late Cretaceous. In a paper in the journal Nature, paleontologists Lindsay Zanno and James Napoli conclude that some of the bones from that specimen belong not to a teenage T. rex, but to a fully grown individual of a different tyrannosaur species — Nanotyrannus lancensis.... One of the first of those red flags in the new specimen was the arm bones. They looked completely different than T. rex's puny appendages... "These are powerful arms with large claws, large hands. They were using them for prey capture." Contrast that with T. rex, "an animal that's a mouth on legs." There were additional clues. The animal had fewer tail vertebrae and more teeth than T. rex. Zanno and Napoli considered other lines of evidence. They created 3D models of numerous purported T. rexes against which they compared their specimen. They looked at the growth stages of the cranial nerves and sinuses of close living relatives of dinosaurs, features that were visible in the fossilized skeleton. "But maybe the most important and damning thing that we did was we were able to figure out that our animal is not a juvenile at all," she says. This conclusion was based on slicing through the fossil's limb bones to examine the growth rings. That work demonstrated that this animal was mature and done growing when it died around the age of 20. "That means it's half the size and a tenth of the mass of a full grown Tyrannosaurus rex," says Zanno... In addition, while making models of all those other alleged T. rex skeletons, Zanno says they identified another new species of tyrannosaur, one they're calling Nanotyrannus lethaeus... "It tells us that these end-Cretaceous ecosystems right before the asteroid hit were flourishing," says Zanno. "They had an abundance of different predators. And refutes this idea that dinosaurs were in decline before the asteroid struck."

Read more of this story at Slashdot.

Ubuntu "is adopting the memory-safe Rust language," reports ZDNet, citing remarks at this year's Ubuntu Summit from Jon Seager, Canonical's VP of engineering for Ubuntu: . Seager said the engineering team is focused on replacing key system components with Rust-based alternatives to enhance safety and resilience, starting with Ubuntu 25.10. He stressed that resilience and memory safety, not just performance, are the principal drivers: "It's the enhanced resilience and safety that is more easily achieved with Rust ports that are most attractive to me". This move is echoed in Ubuntu's adoption of sudo-rs, the Rust implementation of sudo, with fallback and opt-out mechanisms for users who want to use the old-school sudo command. In addition to sudo-rs, Ubuntu 26.04 will use the Rust-based uutils/coreutils for Linux's default core utilities. This setup includes ls, cp, mv, and dozens of other basic Unix command-line tools. This Rust reimplementation aims for functional parity with GNU coreutils, with improved safety and maintainability. On the desktop front, Ubuntu 26.04 will also bring seamless TPM-backed full disk encryption. If this approach reminds you of Windows BitLocker or MacOS FileVault, it should. That's the idea. In other news, Canonical CEO Mark Shuttleworth said "I'm a believer in the potential of Linux to deliver a desktop that could have wider and universal appeal." (Although he also thinks "the open-source community needs to understand that building desktops for people who aren't engineers is different. We need to understand that the 'simple and just works' is also really important.") Shuttleworth answered questions from Slashdot's readers in 2005 and 2012.

Read more of this story at Slashdot.

Slashdot reader joshuark shares this report from SFGate: The mystery object that struck a plane at 36,000 feet is likely not space debris, as some speculated, but rather a Silicon Valley test project gone wrong... WindBorne Systems, a Palo Alto startup that uses atmospheric balloons to collect weather data for AI-based forecast models,has come forward to say that they believe they may be responsible for the object that hit the windshield... "At 6am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further," [WindBorne's CEO John Dean posted on social media...] WindBorne said the company has launched more than 4,000 balloons and that it coordinates with the Federal Aviation Administration for every launch. WindBorne "has conducted more than 4,000 launches," the company said in a statement, noting that they've always coordinated those launched with America's Federal Aviation Administration and filed aviation alerts for every launched balloon. Plus "The system is designed to be safe in the event of a midair collision... Our balloon is 2.4 pounds at launch and gets lighter throughout flight." We are working closely with the FAA on this matter. We immediately rolled out changes to minimize time spent between 30,000 and 40,000 feet. These changes are already live with immediate effect. Additionally, we are further accelerating our plans to use live flight data to autonomously avoid planes, even if the planes are at a non-standard altitude. We are also actively working on new hardware designs to further reduce impact force magnitude and concentration.

Read more of this story at Slashdot.

Slashdot reader joshuark shares this report from SFGate: The mystery object that struck a plane at 36,000 feet is likely not space debris, as some speculated, but rather a Silicon Valley test project gone wrong... WindBorne Systems, a Palo Alto startup that uses atmospheric balloons to collect weather data for AI-based forecast models,has come forward to say that they believe they may be responsible for the object that hit the windshield... "At 6am PT, we sent our preliminary investigation to both NTSB and FAA, and are working with both of them to investigate further," [WindBorne's CEO John Dean posted on social media...] WindBorne said the company has launched more than 4,000 balloons and that it coordinates with the Federal Aviation Administration for every launch. WindBorne "has conducted more than 4,000 launches," the company said in a statement, noting that they've always coordinated those launched with America's Federal Aviation Administration and filed aviation alerts for every launched balloon. Plus "The system is designed to be safe in the event of a midair collision... Our balloon is 2.4 pounds at launch and gets lighter throughout flight." We are working closely with the FAA on this matter. We immediately rolled out changes to minimize time spent between 30,000 and 40,000 feet. These changes are already live with immediate effect. Additionally, we are further accelerating our plans to use live flight data to autonomously avoid planes, even if the planes are at a non-standard altitude. We are also actively working on new hardware designs to further reduce impact force magnitude and concentration.

Read more of this story at Slashdot.

The address bar/ChatGPT input window in OpenAI's browser ChatGPT Atlas "could be targeted for prompt injection using malicious instructions disguised as links," reports SC World, citing a report from AI/agent security platform NeuralTrust: NeuralTrust found that a malformed URL could be crafted to include a prompt that is treated as plain text by the browser, passing the prompt on to the LLM. A malformation, such as an extra space after the first slash following "https:" prevents the browser from recognizing the link as a website to visit. Rather than triggering a web search, as is common when plain text is submitted to a browser's address bar, ChatGPT Atlas treats plain text as ChatGPT prompts by default. An unsuspecting user could potentially be tricked into copying and pasting a malformed link, believing they will be sent to a legitimate webpage. An attacker could plant the link behind a "copy link" button so that the user might not notice the suspicious text at the end of the link until after it is pasted and submitted. These prompt injections could potentially be used to instruct ChatGPT to open a new tab to a malicious website such as a phishing site, or to tell ChatGPT to take harmful actions in the user's integrated applications or logged-in sites like Google Drive, NeuralTrust said. Last month browser security platform LayerX also described how malicious prompts could be hidden in URLs (as a parameter) for Perplexity's browser Comet. And last week SquareX Labs demonstrated that a malicious browser extension could spoof Comet's AI sidebar feature and have since replicated the proof-of-concept (PoC) attack on Atlas. But another new vulnerability in ChatGPT Atlas "could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code," reports The Hacker News, citing a report from browser security platform LayerX: "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX Security Co-Founder and CEO, Or Eshed, said in a report shared with The Hacker News. The attack, at its core, leverages a cross-site request forgery (CSRF) flaw that could be exploited to inject malicious instructions into ChatGPT's persistent memory. The corrupted memory can then persist across devices and sessions, permitting an attacker to conduct various actions, including seizing control of a user's account, browser, or connected systems, when a logged-in user attempts to use ChatGPT for legitimate purposes.... "What makes this exploit uniquely dangerous is that it targets the AI's persistent memory, not just the browser session," Michelle Levy, head of security research at LayerX Security, said. "By chaining a standard CSRF to a memory write, an attacker can invisibly plant instructions that survive across devices, sessions, and even different browsers. In our tests, once ChatGPT's memory was tainted, subsequent 'normal' prompts could trigger code fetches, privilege escalations, or data exfiltration without tripping meaningful safeguards...." LayerX said the problem is exacerbated by ChatGPT Atlas' lack of robust anti-phishing controls, the browser security company said, adding it leaves users up to 90% more exposed than traditional browsers like Google Chrome or Microsoft Edge. In tests against over 100 in-the-wild web vulnerabilities and phishing attacks, Edge managed to stop 53% of them, followed by Google Chrome at 47% and Dia at 46%. In contrast, Perplexity's Comet and ChatGPT Atlas stopped only 7% and 5.8% of malicious web pages. From The Conversation: Sandboxing is a security approach designed to keep websites isolated and prevent malicious code from accessing data from other tabs. The modern web depends on this separation. But in Atlas, the AI agent isn't malicious code — it's a trusted user with permission to see and act across all sites. This undermines the core principle of browser isolation. Thanks to Slashdot reader spatwei for suggesting the topic.

Read more of this story at Slashdot.

"Traditionally, exploring the interior of atomic nuclei requires enormous particle accelerators that stretch for kilometers and propel beams of electrons at extremely high speeds," writes SciTechDaily. But MIT physicists have unveiled a groundbreaking alternative that "used the atom's own electrons as probes to momentarily enter the nucleus..." In research published in Science, a team of MIT physicists achieved exceptionally precise measurements of the energy of electrons orbiting a radium atom that had been chemically bonded with a fluoride atom to form radium monofluoride. By studying these molecules, the researchers created a kind of miniature particle collider. Within this environment, the electrons surrounding the radium atom were confined closely enough to occasionally slip into the nucleus before returning to their usual orbits... When those electrons returned to their outer paths, they retained the altered energy, effectively carrying a "message" from within the nucleus that could be decoded to reveal its internal arrangement... [The researchers] trapped and cooled the molecules and sent them through a system of vacuum chambers, into which they also sent lasers, which interacted with the molecules. In this way, the researchers were able to precisely measure the energies of electrons inside each molecule. When the researchers analyzed their measurements, they noticed that the electrons carried slightly different energies than expected if they had remained outside the nucleus. The difference was incredibly small, only about one millionth of the energy of the laser photon used to excite the molecules, but it was clear evidence that the electrons had entered the radium nucleus and interacted with its protons and neutrons... The researchers plan to use this new technique to create a detailed map of how forces are distributed inside the nucleus... to chart the nucleus with greater precision and search for possible violations of fundamental symmetries in nature. "It is thought that additional sources of fundamental symmetry violation are required to explain the almost complete absence of antimatter in our universe," the article points out. "Such violations could be seen within the nuclei of certain atoms such as radium... "Unlike most atomic nuclei, which are spherical in shape, the radium atom's nucleus has a more asymmetrical configuration, similar to a pear. Scientists predict that this pear shape could significantly enhance their ability to sense the violation of fundamental symmetries, to the extent that they may be potentially observable."

Read more of this story at Slashdot.

OpenAI's rival Anthropic has a different approach — and "a clearer path to making a sustainable business out of AI," writes the Wall Street Journal. Outside of OpenAI's close partnership with Microsoft, which integrates OpenAI's models into Microsoft's software products, OpenAI mostly caters to the mass market... which has helped OpenAI reach an annual revenue run rate of around $13 billion, around 30% of which it says comes from businesses. Anthropic has generated much less mass-market appeal. The company has said about 80% of its revenue comes from corporate customers. Last month it said it had some 300,000 of them... Its cutting-edge Claude language models have been praised for their aptitude in coding: A July report from Menlo Ventures — which has invested in Anthropic — estimated via a survey that Anthropic had a 42% market share for coding, compared with OpenAI's 21%. Anthropic is also now ahead of OpenAI in market share for overarching corporate AI use, Menlo Ventures estimated, at 32% to OpenAI's 25%. Anthropic is also surprisingly close to OpenAI when it comes to revenue. The company is already at a $7 billion annual run rate and expects to get to $9 billion by the end of the year — a big lead over its better-known rival in revenue per user. Both companies have backing in the form of investments from big tech companies — Microsoft for OpenAI, and a combination of Amazon and Google for Anthropic — that help provide AI computing infrastructure and expose their products to a broad set of customers. But Anthropic's growth path is a lot easier to understand than OpenAI's. Corporate customers are devising a plethora of money-saving uses for AI in areas like coding, drafting legal documents and expediting billing. Those uses are likely to expand in the future and draw more customers to Anthropic, especially as the return on investment for them becomes easier to measure... Demonstrating how much demand there is for Anthropic among corporate customers, Microsoft in September said Anthropic's leading language model, Claude, would be offered within its Copilot suite of software despite Microsoft's ties to OpenAI. "There is also a possibility that OpenAI's mass-market appeal becomes a turnoff for corporate customers," the article adds, "who want AI to be more boring and useful than fun and edgy."

Read more of this story at Slashdot.

"Mozilla is introducing a new privacy framework for Firefox extensions that will require developers to disclose whether their add-ons collect or transmit user data..." reports the blog Linuxiac: The policy takes effect on November 3, 2025, and applies to all new Firefox extensions submitted to addons.mozilla.org. According to Mozilla's announcement, extension developers must now include a new key in their manifest.json files. This key specifies whether an extension gathers any personal data. Even extensions that collect nothing must explicitly state "none" in this field to confirm that no data is being collected or shared. This information will be visible to users at multiple points: during the installation prompt, on the extension's listing page on addons.mozilla.org, and in the Permissions and Data section of Firefox's about:addons page. In practice, this means users will be able to see at a glance whether a new extension collects any data before they install it.

Read more of this story at Slashdot.

Slashdot reader joshuark writes: Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, according to a report from BleepingComputer. This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system. For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files. "This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," Microsoft says in a support document published Wednesday. It is important to note that this may not take effect immediately and could require signing out and signing back in.

Read more of this story at Slashdot.

America's largest university system, with 460,000 students, is the 22-campus "Cal State" system, reports the New York Times. And it's recently teamed with Amazon, OpenAI and Nvidia, hoping to embed chatbots in both teaching and learning to become what it says will be America's "first and largest AI-empowered" university" — and prepare students for "increasingly AI-driven" careers. It's part of a trend of major universities inviting tech companies into "a much bigger role as education thought partners, AI instructors and curriculum providers," argues the New York Times, where "dominant tech companies are now helping to steer what an entire generation of students learn about AI, and how they use it — with little rigorous evidence of educational benefits and mounting concerns that chatbots are spreading misinformation and eroding critical thinking..." "Critics say Silicon Valley's effort to make AI chatbots integral to education amounts to a mass experiment on young people." As part of the effort, [Cal State] is paying OpenAI $16.9 million to provide ChatGPT Edu, the company's tool for schools, to more than half a million students and staff — which OpenAI heralded as the world's largest rollout of ChatGPT to date. Cal State also set up an AI committee, whose members include representatives from a dozen large tech companies, to help identify the skills California employers need and improve students' career opportunities... Cal State is not alone. Last month, California Community Colleges, the nation's largest community college system, announced a collaboration with Google to supply the company's "cutting edge AI tools" and training to 2.1 million students and faculty. In July, Microsoft pledged $4 billion for teaching AI skills in schools, community colleges and to adult workers... [A]s schools like Cal State work to usher in what they call an "AI-driven future," some researchers warn that universities risk ceding their independence to Silicon Valley. "Universities are not tech companies," Olivia Guest and Iris van Rooij, two computational cognitive scientists at Radboud University in the Netherlands, recently said in comments arguing against fast AI adoption in academia. "Our role is to foster critical thinking," the researchers said, "not to follow industry trends uncritically...." Some faculty members have pushed back against the AI effort, as the university system faces steep budget cuts. The multimillion-dollar deal with OpenAI — which the university did not open to bidding from rivals like Google — was wasteful, they added. Faculty senates on several Cal State campuses passed resolutions this year criticizing the AI initiative, saying the university had failed to adequately address students using chatbots to cheat. Professors also said administrators' plans glossed over the risks of AI to students' critical thinking and ignored troubling industry labor practices and environmental costs. Martha Kenney, a professor of women and gender studies at San Francisco State University, described the AI program as a Cal State marketing vehicle helping tech companies promote unproven chatbots as legitimate educational tools. The article notes that Cal State's chief information officer "defended the OpenAI deal, saying the company offered ChatGPT Edu at an unusually low price. "Still, California's community college system landed AI chatbot services from Google for more than 2 million students and faculty — nearly four times the number of users Cal State is paying OpenAI for — for free."

Read more of this story at Slashdot.

GM plans to dump Apple CarPlay and Android Auto on all its car new vehicles "in the near future," reports the Verge. In an episode of the Verge's Decoder podcast, GM CEO Mary Barra confirmed the upcoming change to "phone projections" for GM cars: The timing is unclear, but Barra pointed to a major rollout of what the company is calling a new centralized computing platform, set to launch in 2028, that will involve eventually transitioning its entire lineup to a unified in-car experience. In place of phone projection, GM is working to update its current Android-powered infotainment implementation with a Google Gemini-powered assistant and an assortment of other custom apps, built both in-house and with partners. GM's 2023 decision to drop CarPlay and Android Auto support in its EVs has proved controversial, though for now GM has maintained support for phone projection in its gas-powered vehicles.

Read more of this story at Slashdot.

North Dakota experienced an almost 40% increase in electricity demand "thanks in part to an explosion of data centers," reports the Washington Post. Yet the state saw a 1% drop in its per kilowatt-hour rates. "A new study from researchers at Lawrence Berkeley National Laboratory and the consulting group Brattle suggests that, counterintuitively, more electricity demand can actually lower prices..." Between 2019 and 2024, the researchers calculated, states with spikes in electricity demand saw lower prices overall. Instead, they found that the biggest factors behind rising rates were the cost of poles, wires and other electrical equipment — as well as the cost of safeguarding that infrastructure against future disasters... [T]he largest costs are fixed costs — that is, maintaining the massive system of poles and wires that keeps electricity flowing. That system is getting old and is under increasing pressures from wildfires, hurricanes and other extreme weather. More power customers, therefore, means more ways to divvy up those fixed costs. "What that means is you can then take some of those fixed infrastructure costs and end up spreading them around more megawatt-hours that are being sold — and that can actually reduce rates for everyone," said Ryan Hledik [principal at Brattle and a member of the research team]... [T]he new study shows that the costs of operating and installing wind, natural gas, coal and solar have been falling over the past 20 years. Since 2005, generation costs have fallen by 35 percent, from $234 billion to $153 billion. But the costs of the huge wires that transmit that power across the grid, and the poles and wires that deliver that electricity to customers, are skyrocketing. In the past two decades, transmission costs nearly tripled; distribution costs more than doubled. Part of that trend is from the rising costs of parts: The price of transformers and wires, for example, has far outpaced inflation over the past five years. At the same time, U.S. utilities haven't been on top of replacing power poles and lines in the past, and are now trying to catch up. According to another report from Brattle, utilities are already spending more than $10 billion a year replacing aging transmission lines. And finally, escalating extreme-weather events are knocking out local lines, forcing utilities to spend big to make fixes. Last year, Hurricane Beryl decimated Houston's power grid, forcing months of costly repairs. The threat of wildfires in the West, meanwhile, is making utilities spend billions on burying power lines. According to the Lawrence Berkeley study, about 40 percent of California's electricity price increase over the last five years was due to wildfire-related costs. Yet the researchers tell the Washington Post that prices could still increase if utilities have to quickly build more infrastructure just to handle data center. But their point is "This is a much more nuanced issue than just, 'We have a new data center, so rates will go up.'" As the article points out, "Generous subsidies for rooftop solar also increased rates in certain states, mostly in places such as California and Maine... If customers install rooftop solar panels, demand for electricity shrinks, spreading those fixed costs over a smaller set of consumers.

Read more of this story at Slashdot.

"Snippets of proprietary or copyleft reciprocal code can enter AI-generated outputs, contaminating codebases with material that developers can't realistically audit or license properly." That's the warning from Sean O'Brien, who founded the Yale Privacy Lab at Yale Law School. ZDNet reports: Open software has always counted on its code being regularly replenished. As part of the process of using it, users modify it to improve it. They add features and help to guarantee usability across generations of technology. At the same time, users improve security and patch holes that might put everyone at risk. But O'Brien says, "When generative AI systems ingest thousands of FOSS projects and regurgitate fragments without any provenance, the cycle of reciprocity collapses. The generated snippet appears originless, stripped of its license, author, and context." This means the developer downstream can't meaningfully comply with reciprocal licensing terms because the output cuts the human link between coder and code. Even if an engineer suspects that a block of AI-generated code originated under an open source license, there's no feasible way to identify the source project. The training data has been abstracted into billions of statistical weights, the legal equivalent of a black hole. The result is what O'Brien calls "license amnesia." He says, "Code floats free of its social contract and developers can't give back because they don't know where to send their contributions...." "Once AI training sets subsume the collective work of decades of open collaboration, the global commons idea, substantiated into repos and code all over the world, risks becoming a nonrenewable resource, mined and never replenished," says O'Brien. "The damage isn't limited to legal uncertainty. If FOSS projects can't rely upon the energy and labor of contributors to help them fix and improve their code, let alone patch security issues, fundamentally important components of the software the world relies upon are at risk." O'Brien says, "The commons was never just about free code. It was about freedom to build together." That freedom, and the critical infrastructure that underlies almost all of modern society, is at risk because attribution, ownership, and reciprocity are blurred when AIs siphon up everything on the Internet and launder it (the analogy of money laundering is apt), so that all that code's provenance is obscured.

Read more of this story at Slashdot.

Can YouTube capture the hours people spending watching "traditional" TV? YouTube's CEO recently said its viewership on TV sets has "surpassed mobile and is now the primary device for YouTube viewing in the U.S.," writes The Hollywood Reporter. And YouTube is shelling out big money to stay on top: It's come a long way since the 19-second "me at the zoo" video was uploaded in April 2005. Now, per a KPMG report released Sept. 23, YouTube is second only to Comcast in terms of annual content spend, inclusive of payments to creators and media companies, paying out as much as Netflix and Paramount combined, $32 billion... The only question is what genres it will take over next, and how quickly it will do so. From talk shows to scripted dramas to, yes, live sports, there are signs that the platform's ambitions will collide with the traditional TV business sooner rather than later... YouTube has slowly, then all at once, become the de facto home for what had been late night, not only for the shows on linear TV, but for an emerging crop of new talent born on the platform. As it happens, late night itself transformed YouTube when the Saturday Night Live skit "Lazy Sunday" went viral 20 years ago on the platform, which had only been live for a few months... As consumer preferences collide with a burgeoning ecosystem of video podcasts (YouTube now claims more than 1 billion podcast users monthly), the world of late night, and for that matter TV talk shows more generally, increasingly revolves around the platform. One current late night producer says that almost every A-list booking now includes some sort of sketch or bit that they think will play well on YouTube, but booking those guests in the first place has become less of a sure thing. A veteran Hollywood publicist says that for many of their clients, they are now recommending that YouTube podcasts or shows become the first stop, or at least a major stop, on press tours... Nielsen has been tracking the streaming platforms that consumers watch on their TV screens ever since it launched what it calls The Gauge in 2021. But over the past year, YouTube's domination of The Gauge has unnerved executives at some competitors. The most recent Gauge report showed that YouTube was by far the most watched video platform, holding 13.1 percent share. Netflix, in second place, was at 8.7 percent. The article suggests YouTube's last challenge may be "scripted" entertainment — where their business model is different than Netflix or HBO. "On YouTube, it is up to the creator to finance and produce their content, and while the platform regularly releases new tools to help them (including AI-enabled tech that suggests video ideas and can create short background videos for use in Shorts), scripted entertainment is a particularly tricky challenge, requiring writers, directors, sets, costumes, lighting, editing, special effects and other production requirements that may go beyond the typical creator-led show."

Read more of this story at Slashdot.