A NordPass analysis found that Gen Z is actually worse at password security than older generations, with "12345" topping their list while "123456" dominates among everyone else. The Register reports: And while there were a few more "skibidis" among the Zoomer dataset compared to those who came before them, the trends were largely similar. Variants on the "123456" were among the most common for all age groups, with that exact string proving to be the most common among all users -- the sixth time in seven years it holds the undesirable crown. Some of the more adventurous would stretch to "1234567," while budding cryptologists shored up their accounts by adding an 8 or even a 9 to the mix. However, according to Security.org's password security checker, a computer could crack any of these instantly. Most attackers would not even need to expend the resources required to reveal the password, given how commonly used they are. They could just spray a list of known passwords at an authentication API and secure a quick win.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: At KubeCon North America 2025 in Atlanta, the Cloud Native Computing Foundation (CNCF)'s leaders predicted an enormous surge in cloud-native computing, driven by the explosive growth of AI inference workloads. How much growth? They're predicting hundreds of billions of dollars in spending over the next 18 months. [...] Where cloud-native computing and AI inference come together is when AI is no longer a separate track from cloud-native computing. Instead, AI workloads, particularly inference tasks, are fueling a new era where intelligent applications require scalable and reliable infrastructure. That era is unfolding because, said [CNCF Executive Director Jonathan Bryce], "AI is moving from a few 'Training supercomputers' to widespread 'Enterprise Inference.' This is fundamentally a cloud-native problem. You, the platform engineers, are the ones who will build the open-source platforms that unlock enterprise AI." "Cloud native and AI-native development are merging, and it's really an incredible place we're in right now," said CNCF CTO Chris Aniszczyk. The data backs up this opinion. For example, Google has reported that its internal inference jobs have processed 1.33 quadrillion tokens per month recently, up from 980 trillion just months before. [...] Aniszczyk added that cloud-native projects, especially Kubernetes, are adapting to serve inference workloads at scale: "Kubernetes is obviously one of the leading examples as of the last release the dynamic resource allocation feature enables GPU and TPU hardware abstraction in a Kubernetes context." To better meet the demand, the CNCF announced the Certified Kubernetes AI Conformance Program, which aims to make AI workloads as portable and reliable as traditional cloud-native applications. "As AI moves into production, teams need a consistent infrastructure they can rely on," Aniszczyk stated during his keynote. "This initiative will create shared guardrails to ensure AI workloads behave predictably across environments. It builds on the same community-driven standards process we've used with Kubernetes to help bring consistency as AI adoption scales." What all this effort means for business is that AI inference spending on cloud-native infrastructure and services will reach into the hundreds of billions within the next 18 months. That investment is because CNCF leaders predict that enterprises will race to stand up reliable, cost-effective AI services.

Read more of this story at Slashdot.

Another highly influential Linux kernel engineer, David Hildenbrand, is leaving Red Hat after a decade of major contributions to memory management, virtualization, and VirtIO. His recent kernel patch updates his maintainer info to a kernel.org address, signaling his departure. He hasn't yet said where he's headed next. Phoronix reports: David Hildenbrand serves as a reviewer for the HugeTLB code, s390 KVM code, and memory management reclaim code. He also serves as an upstream maintainer for the Linux kernel's core memory management code, Get User Pages (GUP) memory management code, kernel samepage merging (KSM), reverse mapping (RMAP), transparent hugepage (THP), memory advice (MADVISE), VirtIO memory driver, and VirtIO balloon driver. Hildenbrand had been employed by Red Hat the past decade in Munich working on QEMU/KVM virtualization, Linux kernel memory management, VirtIO, and related low-level areas. Just this year alone so far in 2025 he's authored or been mentioned on more than one thousand mainline Linux kernel patches.

Read more of this story at Slashdot.

Blender 5.0 has been released with major upgrades including HDR and wide-gamut color support on Linux via Wayland/Vulkan, significant theme and UI improvements, new color-space tools, revamped curve and geometry features, and expanded hardware requirements. 9to5Linux reports: Blender 5.0 also introduces a working color space for Blend files, a new AgX HDR view, a new Convert to Display compositor node, new Rec.2100-PQ and Rec.2100-HLG displays that can be used for color grading for HDR video export, and new ACES 1.3 and 2.0 views as an alternative to AgX and Filmic. A new "Jump Time by Delta" operator for jumping forward/backward in time by a user-specified delta has been introduced as well, along with a revamped Curve drawing, which better supports the new Curves object type and all of their features, and a new Geometry Attribute constraint. Also new is a "Cylinder" option for curve display type that allows rendering thicker curves without the flat ribbon appearance, support for the Zstd (Zstandard) fast lossless compression algorithm for point caches, as well as a new "Curve Data" panel in edit mode that allows tweaking built-in curve attribute values. A full list of changes can be found here. You can download from the official website.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Apple's Power Mac and Mac Pro towers used to be the company's primary workstations, but it has been years since they were updated with the same regularity as the MacBook Air or MacBook Pro. The Mac Pro has seen just four hardware updates in the last 15 years, and that's counting a 2012 refresh that was mostly identical to the 2010 version. Long-suffering Mac Pro buyers may have taken heart when Apple finally added an M2 Ultra processor to the tower in mid-2023, making it one of the very last Macs to switch from Intel to Apple Silicon -- surely this would mean that the computer would at least be updated once every year or two, like the Mac Studio has been? But Bloomberg's Mark Gurman says that Mac Pro buyers shouldn't get their hopes up for new hardware in 2026. Gurman says that the tower is "on the back burner" at Apple and that the company is "focused on a new Mac Studio" for the next-generation M5 Ultra chip that is in the works. As we reported earlier this year, Apple doesn't have plans to design or release an M4 Ultra, and the Mac Studio refresh from this spring included an M3 Ultra alongside the M4 Max. Note that Gurman carefully stops short of saying we definitely won't see a Mac Pro update next year -- the emphasis on the Mac Studio merely "suggests the Mac Pro won't be updated in 2026 in a significant way," and internal sources tell him "Apple has largely written off the Mac Pro." The current Mac Pro does still use the M2 Ultra rather than the M3 Ultra, which indicates that Apple doesn't see the need to update its high-end desktop every time it releases a suitable chip. But all of Apple's other desktops -- the iMac, the Mac mini, and the Studio -- have skipped a silicon generation once since the M1 came out in 2020.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: Startup Valar Atomics said on Monday that it achieved criticality -- an essential nuclear milestone -- with the help of one of the country's top nuclear laboratories. The El Segundo, California-based startup, which last week announced it had secured a $130 million funding round with backing from Palmer Luckey and Palantir CTO Shyam Sankar, claims that it is the first nuclear startup to create a critical fission reaction. It's also, more specifically, the first company in a special Department of Energy pilot program aiming to get at least three startups to criticality by July 4 of next year to announce it had achieved this reaction. The pilot program, which was formed following an executive order President Donald Trump signed in May, has upended US regulation of nuclear startups, allowing companies to reach new milestones like criticality at a rapid pace. There's a difference between the type of criticality Valar reached this week -- what's known as cold criticality or zero-power criticality -- and what's needed to actually create nuclear power. Nuclear reactors use heat to create power, but in cold criticality, which is used to test a reactor's design and physics, the reaction isn't strong enough to create enough heat to make power. The reactor that reached criticality this week is not actually Valar's own model, but rather a blend of the startup's fuel and technology with key structural components provided by the Los Alamos National Laboratory, one of the DOE's research and development laboratories. The combination reactor builds off a separate fuel test performed last year at the laboratory, using fuel similar to what Valar's reactor will use. "Zero power criticality is a reactor's first heartbeat, proof the physics holds," Valar founder Isaiah Taylor said in a statement. "This moment marks the dawn of a new era in American nuclear engineering, one defined by speed, scale, and private-sector execution with closer federal partnership."

Read more of this story at Slashdot.

schwit1 shares a report from the New York Times: Pete Kayll, a musclebound veteran of Britain's Royal Marines, had an unusual instruction for the Bitcoin investors gathered in Switzerland in late October. "Just bite your way out," he told them. It was the final day of a weekend-long cryptocurrency convention on the shore of Lake Lugano, near the Italian border. A small group of investors had lined up in a conference room to have their hands bound with plastic zipties. Now they were learning how to get them off. "Your teeth will get through anything," Mr. Kayll advised. "But it will bloody well hurt." Most people don't go to an international crypto conference expecting to learn how to gnaw through plastic. But after hours of panels devoted to topics like Bitcoin-collateralized loans, these investors were looking for something more practical. They wanted to know what to do if they were grabbed on the street and thrown into the back of a van. Already paranoid about scams, hacks and market turmoil, wealthy crypto investors have lately become terrified about a much graver threat: torture and kidnapping. These threats are known as "wrench attacks," which is a reference to a popular XKCD cartoon where a thief skips the hacking and just uses a wrench to force out the password. According to the NYT, the best way to stay protected is staying low-profile, minimizing visible signs of wealth, using basic physical security tools, and preparing for self-defense. The report specifically recommends avoiding flashy displays of wealth like luxury watches and cars, watching for honey-traps, using hotel door stoppers, practicing escape techniques such as breaking zip-ties, hiring discreet bodyguards, and relying on panic-button apps like Glok to summon help quickly.

Read more of this story at Slashdot.

UC Berkeley researchers working with Project CETI discovered that sperm whales produce vowel-like sounds embedded in their click codas, suggesting a far more complex communication system than previously understood. "It was striking just how structured the system was. I've never seen anything like that before with other animals," Begus, a UC Berkeley linguistics professor and the linguistics lead at Project CETI, told SFGATE. "We're showing the world that there's more than meets the eye in sperm whales and that, if one cares to look closely, they're not as alien. We're much more similar to each other than we used to think." SFGATE reports: With the help of a machine-learning model to identify patterns, Begus and his team combed through recordings collected from social units of sperm whales off the coast of the island of Dominica between 2005 and 2018. When they sped up the audio, removing the silences between clicks, they heard new patterns. They found acoustic properties that share similarities with two vowels -- a and i -- and several vowel combinations. "Before, people were looking just at the timing and the number of clicks exchanged between sperm whales, but now we have to look at the frequencies, too. A whole new set of patterns have appeared," Begus said. "Now, it's one of the most complex non-human communication systems we have observed." [...] Begus said the research only shows how much more we have to learn about whales' style of communicating. He is particularly interested in exploring how the system may differ for whales between regions and how whale babies learn to communicate in this way. Most importantly, he wants to understand the meaning behind the sounds, as a "window into whale thoughts and lives." The research was published in the journal Open Mind.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: For the first time, scientists are tracking the migration of monarch butterflies across much of North America, actively monitoring individual insects on journeys from as far away as Ontario all the way to their overwintering colonies in central Mexico. This long-sought achievement could provide crucial insights into the poorly understood life cycles of hundreds of species of butterflies, bees and other flying insects at a time when many are in steep decline. The breakthrough is the result of a tiny solar-powered radio tag that weighs just 60 milligrams and sells for $200. Researchers have tagged more than 400 monarchs this year and are now following their journeys on a cellphone app created by the New Jersey-based company that makes the tags, Cellular Tracking Technologies. Most monarchs weigh 500 to 600 milligrams, so each tag-bearing migrator making the transcontinental journey is, by weight, equivalent to a half-raisin carrying three uncooked grains of rice. Researchers are tracking more than 400 tagged monarch butterflies as they fly toward winter colonies in central Mexico. The maps [in the article] follow six butterflies. [...] Tracking the world's most famous insect migration may also have a big social impact, with monarch lovers able to follow the progress of individual butterflies on the free app, called Project Monarch Science. Many of the butterflies are flying over cities and suburbs where pollinator gardens are increasingly popular. Some tracks could even lead to the discovery of new winter hideaways. "There's nothing that's not amazing about this," said Cheryl Schultz, a butterfly scientist at Washington State University and the senior author of a recent study documenting a 22 percent drop in butterfly abundance in North America over a recent 20-year period. "Now we will have answers that could help us turn the tide for these bugs."

Read more of this story at Slashdot.

alternative_right shares a report from ScienceAlert: A new study from researchers in Australia reveals that the people who never forget faces look "smarter, not harder." In other words, they naturally focus on a person's most distinguishing facial features. "Their skill isn't something you can learn like a trick," explains lead author James Dunn, a psychology researcher at the University of New South Wales (UNSW) Sydney. "It's an automatic, dynamic way of picking up what makes each face unique." To see what super-recognizers see, Dunn and his colleagues used eye-tracking technology to reconstruct how people surveyed new faces. They did this with 37 super-recognizers and 68 people with ordinary facial recognition skills, noting where and for how long participants looked at pictures of faces displayed on a computer screen. The researchers then fed the data into machine learning algorithms trained to recognize faces. The algorithms, a type known as deep neural networks, were tasked with deciding if two faces belonged to the same person. "These findings suggest that the perceptual foundations of individual differences in face recognition ability may originate at the earliest stages of visual processing -- at the level of retinal encoding," Dunn and colleagues write in their paper. The findings have been published in the journal Proceedings of the Royal Society B: Biological Sciences.

Read more of this story at Slashdot.

Chinese automakers are rapidly expanding across South America, boosted by the new Chinese-built Port of Chancay, aggressive pricing, local partnerships, and growing regional demand. Reuters reports: China has been ramping up sales since the opening last year of the Port of Chancay, north of Lima. The Chinese-built megaport has halved trans-Pacific shipping times just as Chinese manufacturers face rising barriers to entry in the United States and greater trade restrictions in Europe. BYD, which makes EVs, plug-in hybrids and combustion engine cars, plans to open a fourth dealership in Lima by the end of this year, while Chery and Geely have more than a dozen in total in Peru. Chinese carmakers face a profit-destroying price war at home and a growing surplus of new cars rolling out of Chinese factory lines. Much of this excess is being shipped overseas to the Middle East, Central Asia and Latin America, according to global automotive analyst Felipe Munoz at JATO Dynamics. The Chinese have "carved out space," across both electric and petrol-powered cars, said Martin Bresciani, president of Chile's automotive business chamber, CAVEM. "The Chinese have already demonstrated that they match global standards in quality." Chinese brands reached 29.6% of all new passenger car sales in Chile in the first quarter of this year. [...] Part of China's success has been partnering with trusted local importers to offer more affordable models tailored to regional tastes, according to seven dealerships Reuters spoke to in Peru, Chile, Uruguay and Argentina.

Read more of this story at Slashdot.

Even after disabling remote control and officially ending support for early Nest Learning Thermostats, Google is still receiving detailed sensor and activity data from these devices, including temperature changes, motion, and ambient light. The Verge reports: After digging into the backend, security researcher Cody Kociemba found that the first- and second-generation Nest Learning Thermostats are still sending Google information about manual temperature changes, whether a person is present in the room, if sunlight is hitting the device, and more. Kociemba made the discovery while participating in a bounty program created by FULU, a right-to-repair advocacy organization cofounded by electronics repair technician and YouTuber Louis Rossmann. FULU challenged developers to come up with a solution to restore smart functionality to Nest devices no longer supported by Google, and that's exactly what Kociemba did with his open-source No Longer Evil project. But after cloning Google's API to create this custom software, he started receiving a trove of logs from customer devices, which he turned off. "On these devices, while they [Google] turned off access to remotely control them, they did leave in the ability for the devices to upload logs. And the logs are pretty extensive," Kociemba tells The Verge. [...] "I was under the impression that the Google connection would be severed along with the remote functionality, however that connection is not severed, and instead is a one-way street," Kociemba says.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Security Affairs: On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a single Australian endpoint. Azure's global protection network filtered the traffic, keeping services online. The attack came from the Aisuru botnet, a Turbo Mirai-class IoT botnet using compromised home routers and cameras. The attack used massive UDP floods from more than 500,000 IPs hitting a single public address, with little spoofing and random source ports that made traceback easier. It highlights how attackers are scaling with the internet: faster home fiber and increasingly powerful IoT devices keep pushing DDoS attack sizes higher. "On October 24, 2025, Azure DDOS Protection automatically detected and mitigated a multi-vector DDoS attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps). This was the largest DDoS attack ever observed in the cloud and it targeted a single endpoint in Australia," reads a report published by Microsoft. "The attack originated from Aisuru botnet." "Attackers are scaling with the internet itself. As fiber-to-the-home speeds rise and IoT devices get more powerful, the baseline for attack size keeps climbing," concludes the post. "As we approach the upcoming holiday season, it is essential to confirm that all internet-facing applications and workloads are adequately protected against DDOS attacks."

Read more of this story at Slashdot.

fjo3 shares a report from TheWrap: There are already at least 175,000 AI-generated podcast episodes on platforms like Spotify and Apple. That's thanks to Inception Point AI, a startup with just eight employees cranking out 3,000 episodes a week covering everything from localized weather reports and pollen trackers to a detailed account of Charlie Kirk's assassination and its cultural impact, to a biography series on Anna Wintour. Its podcasting network Quiet Please has generated 12 million lifetime episode downloads and amassed 400,000 subscribers -- so, yes, people are really listening to AI podcasts. Inception Point CEO Jeanine Wright believes the tool is proof that automation can make podcasting scalable, profitable and accessible without human writers, editors or hosts. "The price is now so inexpensive that you can take a lot of risks,â Wright told TheWrap. âoeYou can make a lot of content and a lot of different genres that were never commercially viable before and serve huge audiences that have really never had content made for them." At a cost of $1 an episode, Wright takes a quantity-over-quality approach. "I think very quickly we get to a place where AI is a default way that content is made, not just across audio, but across television and film and commercials and imagery, and everything. And then we will disclose when things are not made with AI instead of that they were made with AI," Wright said. "But for now, we are perfectly happy leading the way."

Read more of this story at Slashdot.

NetChoice is suing Virginia to block a new law that limits kids under 16 to one hour of daily social media use unless parents approve more time, arguing the rule violates the First Amendment and introduces serious privacy risks through mandatory age-verification. The Verge reports: In addition to restricting access to legal speech, NetChoice alleges that Virginia's incoming law (SB 854) will require platforms to verify user ages in ways that would pose privacy and security risks. The law requires platforms to use "commercially reasonable methods," which it says include a screen that prompts the user to enter a birth date. However, NetChoice argues that Virginia could go beyond this requirement, citing a post from Governor Youngkin on X, stating "platforms must verify age," potentially referring to stricter methods, like having users submit a government ID or other personal information. NetChoice, which is backed by tech giants like Meta, Google, Amazon, Reddit, and Discord, alleges that the law puts a burden on minors' ability to engage or consume speech online. "The First Amendment prohibits the government from placing these types of restrictions on accessing lawful and valuable speech, just in the same way that the government can't tell you how long you could spend reading a book, watching a television program, or consuming a documentary," Paul Taske, the co-director of the Netchoice Litigation Center, tells The Verge. "Virginia must leave the parenting decisions where they belong: with parents," Taske says. "By asserting that authority for itself, Virginia not only violates its citizens' rights to free speech but also exposes them to increased risk of privacy and security breaches."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Bloomberg: Amazon Web Services, Microsoft's Azure, and Alphabet's Google Cloud risk being dragged into the scope of the European Union's crackdown on Big Tech as antitrust watchdogs prepare to study the platforms' market power. The European Commission wants to decide if any of the trio should face a raft of new restrictions under the bloc's Digital Markets Act (source paywalled; alternative source), according to people familiar with the matter who spoke on condition of anonymity. The plan for a market probe follows several major outages in the cloud industry that wrought havoc across global services, highlighting the risks of relying on a mere handful of players. To date, the world's largest cloud providers have avoided the DMA because a large part of their business comes via enterprise contracts, making it difficult to count the number of individual users, one of the EU's main benchmarks for earmarking Silicon Valley services for extra oversight. Under the investigation's remit, regulators will asses whether the top cloud operators -- regardless of the challenge of counting user numbers -- should be forced to contend with a raft of fresh obligations including increased interoperability with rival software and better data portability for users, as well as restrictions on tying and bundling.

Read more of this story at Slashdot.

schwit1 shares a report from the Business Times: General Motors (GM) has directed several thousand of its suppliers to scrub their supply chains of parts from China, four people familiar with the matter said, reflecting automakers' growing frustration over geopolitical disruptions to their operations. GM executives have been telling suppliers they should find alternatives to China for their raw materials and parts, with the goal of eventually moving their supply chains out of the country entirely, the people said. The automaker has set a 2027 deadline for some suppliers to dissolve their China sourcing ties, some of the sources said. GM approached some suppliers with the directive in late 2024, but the effort took on fresh urgency this past spring, during the early days of an escalating US-China trade battle, the sources said.

Read more of this story at Slashdot.

alternative_right shares a report from ScienceAlert: A thorough investigation published in May 2023 found that the inner core of the Moon is, in fact, a solid ball with a density similar to that of iron. To figure it out once and for all, [astronomer Arthur Briaud of the French National Centre for Scientific Research in France] and his colleagues collected data from space missions and lunar laser-ranging experiments to compile a profile of various lunar characteristics. These include the degree of its deformation by its gravitational interaction with Earth, the variation in its distance from Earth, and its density. ... they found that the lunar core is very similar to that of Earth â" with an outer fluid layer and a solid inner core. According to their modeling, the outer core has a radius of about 362 kilometers (225 miles), and the inner core has a radius of about 258 kilometers (160 miles). That's about 15 percent of the entire radius of the Moon. The inner core, the team found, also has a density of about 7,822 kilograms per cubic meter. That's very close to the density of iron. [...] The research has been published in Nature.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Washington Post: Winning the lottery isn't what brought Carrie Edwards her 15 minutes of fame. It was giving it all away. Standing alone in her kitchen one day in September, the Virginia woman was thunderstruck to discover she had won $150,000 in a Powerball drawing. As she was absorbing her windfall, she said, "I just heard as loud as you can hear God or whoever you believe in the universe just say, this is -- it's not your money." Then came a decision: She would donate it all to her three most cherished charities (source paywalled; alternative source). [...] Her journey to the lucky prize started when she walked into a 7-Eleven with a friend who wanted to buy two Powerball tickets. The jackpot for the Sept. 6 drawing was topping $1.7 billion, the second-largest amount ever. Edwards, 68, hardly ever played the lottery, but her friend was an active player who gave her two pieces of advice: Always buy a paper ticket, rather than getting them online. And the Powerball multiplier is a scam, don't do it. She ignored him on both accounts. She created a Virginia Lottery account on her phone. Then, instead of the typical strategies of using family birthdays and lucky numbers, she went to ChatGPT -- which she had only recently started using for research -- and asked, "Do you have any winning numbers for me?" "Luck is luck," replied the chatbot. Then it gave numbers that she plugged in -- paying the extra dollar for the Power Play to multiply anything she might win. She initially thought luck wasn't on her side when she didn't win the massive jackpot. But what she didn't realize is that she'd picked the "draw two" option, meaning her numbers were reentered for the next drawing. When she got a notification on her phone that she had won, she said, she thought it was a scam, or maybe she'd won something small, like $10. Just to satisfy her curiosity, she logged into her account and saw that she had matched four of the five numbers plus the Powerball in that second drawing. It would have been a $50,000 payout, but the multiplier tripled her winnings.

Read more of this story at Slashdot.

YouTube TV and Disney have ended their two-week carriage standoff, restoring ESPN, ABC, and other Disney networks under a new multiyear deal. Variety reports: Under the new agreement, ESPN's full lineup of sports -- including content from ESPN Unlimited -- will be made available on YouTube TV to base-plan subscribers at no additional cost by the end of 2026. In addition, access to a selection of live and on-demand programming from ESPN Unlimited will be available inside YouTube TV. The deal also lets YouTube include the Disney+ and Hulu bundle as part of "select YouTube offerings." According to Disney, "select networks" will be included in various genre-specific packages that YouTube TV expects to launch in the future. [...] The deal supersedes their prior distribution agreement, inked in December 2021 after a two-day blackout.

Read more of this story at Slashdot.