News

Pixelfed has launched its mobile app for iOS and Android, solidifying its position as a viable alternative to Instagram. The move also comes at a pivotal moment, as a potential Supreme Court ban on TikTok could drive users to explore other social media platforms. Pixelfed is ad-free, open source, decentralized, defaults to chronological feeds and doesn't share user data with third parties. Engadget reports: The platform launched in 2018, but was only available on the web or through third-party app clients. The Android app debuted on January 9 and the iOS app released today. Creator Daniel Supernault posted on Mastodon Monday evening that the platform had 11,000 users join over the preceding 24 hours and that more than 78,000 posts have been shared to Pixelfed to date. The platform runs on ActivityPub, the same protocol that powers several other decentralized social networks in the fediverse, such as Mastodon and Flipboard. The iOS and Android apps are available at their respective links. Further reading: Meta Is Blocking Links to Decentralized Instagram Competitor Pixelfed

Read more of this story at Slashdot.

OpenAI's "reasoning" AI model, o1, has exhibited a puzzling behavior of "thinking" in Chinese, Persian, or some other language -- "even when asked a question in English," reports TechCrunch. While the exact cause remains unclear, as OpenAI has yet to provide an explanation, AI experts have proposed a few theories. From the report: Several on X, including Hugging Face CEO Clement Delangue, alluded to the fact that reasoning models like o1 are trained on datasets containing a lot of Chinese characters. Ted Xiao, a researcher at Google DeepMind, claimed that companies including OpenAI use third-party Chinese data labeling services, and that o1 switching to Chinese is an example of "Chinese linguistic influence on reasoning." "[Labs like] OpenAI and Anthropic utilize [third-party] data labeling services for PhD-level reasoning data for science, math, and coding," Xiao wrote in a post on X. "[F]or expert labor availability and cost reasons, many of these data providers are based in China." [...] Other experts don't buy the o1 Chinese data labeling hypothesis, however. They point out that o1 is just as likely to switch to Hindi, Thai, or a language other than Chinese while teasing out a solution. Other experts don't buy the o1 Chinese data labeling hypothesis, however. They point out that o1 is just as likely to switch to Hindi, Thai, or a language other than Chinese while teasing out a solution. Rather, these experts say, o1 and other reasoning models might simply be using languages they find most efficient to achieve an objective (or hallucinating). "The model doesn't know what language is, or that languages are different," Matthew Guzdial, an AI researcher and assistant professor at the University of Alberta, told TechCrunch. "It's all just text to it." Tiezhen Wang, a software engineer at AI startup Hugging Face, agrees with Guzdial that reasoning models' language inconsistencies may be explained by associations the models made during training. "By embracing every linguistic nuance, we expand the model's worldview and allow it to learn from the full spectrum of human knowledge," Wang wrote in a post on X. "For example, I prefer doing math in Chinese because each digit is just one syllable, which makes calculations crisp and efficient. But when it comes to topics like unconscious bias, I automatically switch to English, mainly because that's where I first learned and absorbed those ideas." [...] Luca Soldaini, a research scientist at the nonprofit Allen Institute for AI, cautioned that we can't know for certain. "This type of observation on a deployed AI system is impossible to back up due to how opaque these models are," they told TechCrunch. "It's one of the many cases for why transparency in how AI systems are built is fundamental."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Verge: The Biden administration finalized a new rule that would effectively ban all Chinese vehicles from the US under the auspices of blocking the "sale or import" of connected vehicle software from "countries of concern." The rule could have wide-ranging effects on big automakers, like Ford and GM, as well as smaller manufacturers like Polestar -- and even companies that don't produce cars, like Waymo. The rule covers everything that connects a vehicle to the outside world, such as Bluetooth, Wi-Fi, cellular, and satellite components. It also addresses concerns that technology like cameras, sensors, and onboard computers could be exploited by foreign adversaries to collect sensitive data about US citizens and infrastructure. And it would ban China from testing its self-driving cars on US soil. "Cars today have cameras, microphones, GPS tracking, and other technologies connected to the internet," US Secretary of Commerce Gina Raimondo said in a statement. "It doesn't take much imagination to understand how a foreign adversary with access to this information could pose a serious risk to both our national security and the privacy of U.S. citizens. To address these national security concerns, the Commerce Department is taking targeted, proactive steps to keep [People's Republic of China] and Russian-manufactured technologies off American roads." The rules for prohibited software go into effect for model year 2027 vehicles, while the ban on hardware from China waits until model year 2030 vehicles. According to Reuters, the rules were updated from the original proposal to exempt vehicles weighing over 10,000 pounds, which would allow companies like BYD to continue to assemble electric buses in California. The Biden administration published a fact sheet with more information about this rule. "[F]oreign adversary involvement in the supply chains of connected vehicles poses a significant threat in most cars on the road today, granting malign actors unfettered access to these connected systems and the data they collect," the White House said. "As PRC automakers aggressively seek to increase their presence in American and global automotive markets, through this final rule, President Biden is delivering on his commitment to secure critical American supply chains and protect our national security."

Read more of this story at Slashdot.

A week after announcing performance-based job cuts similar to those at Meta, Microsoft said it also plans to pause hiring in part of its consulting unit. CNBC reports: The changes by the U.S. consulting division are meant to align with a policy by the Microsoft Customer and Partner Solutions organization, which has about 60,000 employees, according to a page on Microsoft's website. The changes are in place through the remainder of the 2025 fiscal year ending in June. To reduce costs, Microsoft's consulting division will hold off on hiring new employees and back-filling roles, consulting executive Derek Danois told employees in the memo. Careful management of costs is of utmost importance, Danois wrote. The memo also instructs employees to not expense travel for any internal meetings and use remote sessions instead. Additionally, executives will have to authorize trips to customers' sites to ensure spending is being used on the right customers, Danois wrote. Additionally, the group will cut its marketing and non-billable external resource spend by 35%, the memo says. Further reading: Companies Deploy AI To Curb Hiring as 'Cost Avoidance' Gains Ground

Read more of this story at Slashdot.

ChatGPT can now schedule reminders and recurring tasks -- but only if you're a ChatGPT Plus, Team, or Pro subscriber. TechCrunch reports: With tasks, users can set simple reminders with ChatGPT such as, "Remind me when my passport expires in six months," and the AI assistant will follow up with a push notification on whatever platform you have tasks enabled. Users can also now set recurring requests to ChatGPT, such as, "Every Friday, give me a weekend plan based on my location and the weather forecast," or "Give me a news briefing every day at 7 a.m." [...] Users can access tasks by selecting "4o with scheduled tasks" from a dropdown menu in ChatGPT. From there, they can send ChatGPT a message telling the AI assistant what reminder or action they want to create. At times, OpenAI says ChatGPT may suggest certain tasks based on chats. Users can set and manage tasks by chatting with the AI assistant on any platform, or through a dedicated tasks manager tab that's only available on the web app. Through the tasks feature, ChatGPT can now browse the web on a set schedule, but it will not run continuous searches in the background or make purchases. For example, you could instruct ChatGPT to check once a month for concert tickets to see your favorite artist in your area, but you can neither tell the AI assistant to alert you the moment the tickets go live, nor can ChatGPT buy tickets for you. That said, it's a step toward those [agentic] systems.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Gizmodo: Texas has sued (PDF) one of the nation's largest car insurance providers alleging that it violated the state's privacy laws by surreptitiously collecting detailed location data on millions of drivers and using that information to justify raising insurance premiums. The state's attorney general, Ken Paxton, said the lawsuit against Allstate and its subsidiary Arity is the first enforcement action ever filed by a state attorney general to enforce a data privacy law. It also follows a deceptive business practice lawsuit he filed against General Motors accusing the car manufacturer of misleading customers by collecting and selling driver data. In 2015, Allstate developed the Arity Driving Engine software development kit (SDK), a package of code that the company allegedly paid mobile app developers to install in their products in order to collect a variety of sensitive data from consumers' phones. The SDK gathered phone geolocation data, accelerometer, and gyroscopic data, details about where phone owners started and ended their trips, and information about "driving behavior," such as whether phone owners appeared to be speeding or driving while distracted, according to the lawsuit. The apps that installed the SDK included GasBuddy, Fuel Rewards, and Life360, a popular family monitoring app, according to the lawsuit. Paxton's complaint said that Allstate and Arity used the data collected by its SDK to develop and sell products to other insurers like Drivesight, an algorithmic model that assigned a driving risk score to individuals, and ArityIQ, which allowed other insurers to "[a]ccess actual driving behavior collected from mobile phones and connected vehicles to use at time of quote to more precisely price nearly any driver." Allstate and Arity marketed the products as providing "driver behavior" data but because the information was collected via mobile phones the companies had no way of determining whether the owner was actually driving, according to the lawsuit. "For example, if a person was a passenger in a bus, a taxi, or in a friend's car, and that vehicle's driver sped, hard braked, or made a sharp turn, Defendants would conclude that the passenger, not the actual driver, engaged in 'bad' driving behavior," the suit states. Neither Allstate and Arity nor the app developers properly informed customers in their privacy policies about what data the SDK was collecting or how it would be used, according to the lawsuit. The lawsuit violates Texas' Data Privacy and Security Act (DPSA) and insurance code by failing to address violations within the required 30-day cure period. "In its complaint, filed in federal court, Texas requested that Allstate be ordered to pay a penalty of $7,500 per violation of the state's data privacy law and $10,000 per violation of the state's insurance code, which would likely amount to millions of dollars given the number of consumers allegedly affected," adds the report. "The lawsuit also asks the court to make Allstate delete all the data it obtained through actions that allegedly violated the privacy law and to make full restitution to customers harmed by the companies' actions."

Read more of this story at Slashdot.

An anonymous reader shares a report: Academia is in a credibility crisis. A record-breaking 10,000 scientific papers were retracted in 2023 because of scientific misconduct, and academic journals are overwhelmed by AI-generated images, data, and texts. To understand the roots of this problem, we must look at the role of metrics in evaluating the academic performance of individuals and institutions. To gauge research quality, we count papers, citations, and calculate impact factors. The higher the scores, the better. Academic performance is often expressed in numbers. Why? Quantification reduces complexity, makes academia manageable, allows easy comparisons among scholars and institutions, and provides administrators with a feeling of grip on reality. Besides, numbers seem objective and fair, which is why we use them to allocate status, tenure, attention, and funding to those who score well on these indicators. The result of this? Quantity is often valued over quality. In The Quantified Society I coin the term "indicatorism": a blind focus on enhancing indicators in spreadsheets, while losing sight of what really matters. It seems we're sometimes busier with "scoring" and "producing" than with "understanding." As a result, some started gaming the system. The rector of one of the world's oldest universities, for one, set up citation cartels to boost his citation scores, while others reportedly buy(!) bogus citations. Even top-ranked institutions seem to play the indicator game by submitting false data to improve their position on university rankings!

Read more of this story at Slashdot.

The U.S. Justice Department said on Tuesday that it has deleted malware planted on more than 4,200 computers by a group of criminal hackers who were backed by the People's Republic of China. From a report: The malware, known as "PlugX," affected thousands of computers around the globe and was used to infect and steal information, the department said. Investigators said the malware was installed by a band of hackers who are known by the names "Mustang Panda" and "Twill Typhoon."

Read more of this story at Slashdot.

A Google engineer has warned that a major shift in web browser caching is upending long-standing performance optimization practices. Browsers have overhauled their caching systems that forces websites to maintain separate copies of shared resources instead of reusing them across domains. The new "double-keyed caching" system, implemented to enhance privacy, is ending the era of shared public content delivery networks, writes Google engineer Addy Osmani. According to Chrome's data, the change has led to a 3.6% increase in cache misses and 4% rise in network bandwidth usage.

Read more of this story at Slashdot.

Nearly three-quarters of all known bacterial species have never been studied in scientific literature, while just 10 species account for half of all published research, according to a new analysis published on bioRxiv. The study of over 43,000 bacterial species found that E. coli dominates with 21% of all publications, followed by human pathogens like Staphylococcus aureus. Microbes crucial for human health and Earth's ecosystems remain largely unexplored, University of Michigan biologist Paul Jensen reported. A new $1-million project by non-profit Align to Innovate aims to help close this gap by studying 1,000 microbes under varying conditions.

Read more of this story at Slashdot.

More than 150 Nobel and World Food prize laureates have signed an open letter calling for "moonshot" efforts to ramp up food production before an impending world hunger catastrophe. From a report: The coalition of some of the world's greatest living thinkers called for urgent action to prioritise research and technology to solve the "tragic mismatch of global food supply and demand." Big bang physicist Robert Woodrow Wilson; Nobel laureate chemist Jennifer Doudna; the Dalai Lama; economist Joseph E Stiglitz; Nasa scientist Cynthia Rosenzweig; Ethiopian-American geneticist Gebisa Ejeta; Akinwumi Adesina, president of the African Development Bank; Wole Soyinka, Nobel prize for literature winner; and black holes Nobel physicist Sir Roger Penrose were among the signatories in the appeal coordinated by Cary Fowler, joint 2024 World Food prize laureate and US special envoy for global food security. Citing challenges including the climate crisis, war and market pressures, the coalition called for "planet-friendly" efforts leading to substantial leaps in food production to feed 9.7 billion people by 2050. The plea was for financial and political backing, said agricultural scientist Geoffrey Hawtin, the British co-recipient of last year's World Food prize. [...] The world was "not even close" to meeting future needs, the letter said, predicting humanity faced an "even more food insecure, unstable world" by mid-century unless support for innovation was ramped up internationally.

Read more of this story at Slashdot.

Programmers have found ways to run the 1993 first-person shooter Doom on an array of unexpected platforms, and now a PDF file joins that list. Developer ading2210's DoomPDF project shows the game operating within a document format primarily designed for static content display. The creator says he drew inspiration from pdftris, another PDF-based game port by Thomas Rinsma.

Read more of this story at Slashdot.

Five wildfires in Los Angeles have already burned more than 10,000 structures, threatening to upend California's fragile balance between climate risk and home insurance. The Palisades Fire has damaged or destroyed more than 5,000 buildings in an area that liability experts had previously identified as one of three particularly vulnerable regions in the state. JPMorgan Chase estimates insured damages could reach $20 billion, positioning this as likely the costliest wildfire in U.S. history. The crisis comes as California's insurance market struggles, with seven of the 12 biggest home insurers having limited their coverage in the state over the past two years. The state-backed insurer of last resort, the California FAIR Plan, now faces exposure of up to $458 billion, while holding only $200 million in surplus cash reserves and $2.5 billion in reinsurance. Gusts of up to 100 miles per hour have fanned the flames, with more than 57,000 structures in severe danger and more than 150,000 people under evacuation.

Read more of this story at Slashdot.

Meta is cutting roughly 5% of its staff through performance-based eliminations and plans to hire new people to fill their roles this year, according to a company memo. From a report: As of September, Meta employed about 72,000 people, so a 5% reduction could affect roughly 3,600 jobs. "I've decided to raise the bar on performance management and move out low-performers faster," Chief Executive Officer Mark Zuckerberg said in the note posted to an internal message board and reviewed by Bloomberg News. "We typically manage out people who aren't meeting expectations over the course of a year," he said, "but now we're going to do more extensive performance-based cuts during this cycle."

Read more of this story at Slashdot.

U.K. public sector and critical infrastructure organizations could be banned from making ransom payments under new proposals from the U.K. government. From a report: The U.K.'s Home Office launched a consultation on Tuesday that proposes a "targeted ban" on ransomware payments. Under the proposal, public sector bodies -- including local councils, schools, and NHS trusts -- would be banned from making payments to ransomware hackers, which the government says would "strike at the heart of the cybercriminal business model." This government proposal comes after a wave of cyberattacks targeting the U.K. public sector. The NHS last year declared a "critical" incident following a cyberattack on pathology lab provider Synnovis, which led to a massive data breach of sensitive patient data and months of disruption, including canceled operations and the diversion of emergency patients. According to new data seen by Bloomberg, the cyberattack on Synnovis resulted in harm to dozens of patients, leading to long-term or permanent damage to their health in at least two cases.

Read more of this story at Slashdot.

Tech workers at major U.S. companies are earning thousands of dollars by referring job candidates they've never met, creating an underground marketplace for employment referrals at firms like Microsoft and Nvidia, according to Bloomberg. One tech worker cited in the report earned $30,000 in referral bonuses after recommending over 1,000 strangers to his employer over 18 months, resulting in more than six successful hires. While platforms like ReferralHub charge up to $50 per referral, Goldman Sachs and Google said such practices violate their policies. Google requires referrals to be based on personal knowledge of candidates.

Read more of this story at Slashdot.

Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

https://security-tracker.debian.org/tracker/DSA-5844-1

An anonymous reader quotes a report from Ars Technica, written by Benj Edwards: While worrying about AI takeover might seem like a modern idea that sprung from War Games or The Terminator, it turns out that a similar concern about machine dominance dates back to the time of the American Civil War, albeit from an English sheep farmer living in New Zealand. Theoretically, Abraham Lincoln could have read about AI takeover during his lifetime. On June 13, 1863, a letter published (PDF) in The Press newspaper of Christchurch warned about the potential dangers of mechanical evolution and called for the destruction of machines, foreshadowing the development of what we now call artificial intelligence—and the backlash against it from people who fear it may threaten humanity with extinction. It presented what may be the first published argument for stopping technological progress to prevent machines from dominating humanity. Titled "Darwin among the Machines," the letter recently popped up again on social media thanks to Peter Wildeford of the Institute for AI Policy and Strategy. The author of the letter, Samuel Butler, submitted it under the pseudonym Cellarius, but later came to publicly embrace his position. The letter drew direct parallels between Charles Darwin's theory of evolution and the rapid development of machinery, suggesting that machines could evolve consciousness and eventually supplant humans as Earth's dominant species. "We are ourselves creating our own successors," he wrote. "We are daily adding to the beauty and delicacy of their physical organisation; we are daily giving them greater power and supplying by all sorts of ingenious contrivances that self-regulating, self-acting power which will be to them what intellect has been to the human race. In the course of ages we shall find ourselves the inferior race." In the letter, he also portrayed humans becoming subservient to machines, but first serving as caretakers who would maintain and help reproduce mechanical life—a relationship Butler compared to that between humans and their domestic animals, before it later inverts and machines take over. "We take it that when the state of things shall have arrived which we have been above attempting to describe, man will have become to the machine what the horse and the dog are to man... we give them whatever experience teaches us to be best for them... in like manner it is reasonable to suppose that the machines will treat us kindly, for their existence is as dependent upon ours as ours is upon the lower animals," he wrote. The text anticipated several modern AI safety concerns, including the possibility of machine consciousness, self-replication, and humans losing control of their technological creations. These themes later appeared in works like Isaac Asimov's The Evitable Conflict, Frank Herbert's Dune novels (Butler possibly served as the inspiration for the term "Butlerian Jihad"), and the Matrix films. "Butler's letter dug deep into the taxonomy of machine evolution, discussing mechanical 'genera and sub-genera' and pointing to examples like how watches had evolved from 'cumbrous clocks of the thirteenth century' -- suggesting that, like some early vertebrates, mechanical species might get smaller as they became more sophisticated," adds Ars. "He expanded these ideas in his 1872 novel Erewhon, which depicted a society that had banned most mechanical inventions. In his fictional society, citizens destroyed all machines invented within the previous 300 years."

Read more of this story at Slashdot.

A new ransomware group called Codefinger targets AWS S3 buckets by exploiting compromised or publicly exposed AWS keys to encrypt victims' data using AWS's own SSE-C encryption, rendering it inaccessible without the attacker-generated AES-256 keys. While other security researchers have documented techniques for encrypting S3 buckets, "this is the first instance we know of leveraging AWS's native secure encryption infrastructure via SSE-C in the wild," Tim West, VP of services with the Halcyon RISE Team, told The Register. "Historically AWS Identity IAM keys are leaked and used for data theft but if this approach gains widespread adoption, it could represent a significant systemic risk to organizations relying on AWS S3 for the storage of critical data," he warned. From the report: ... in addition to encrypting the data, Codefinder marks the compromised files for deletion within seven days using the S3 Object Lifecycle Management API â" the criminals themselves do not threaten to leak or sell the data, we're told. "This is unique in that most ransomware operators and affiliate attackers do not engage in straight up data destruction as part of a double extortion scheme or to otherwise put pressure on the victim to pay the ransom demand," West said. "Data destruction represents an additional risk to targeted organizations." Codefinger also leaves a ransom note in each affected directory that includes the attacker's Bitcoin address and a client ID associated with the encrypted data. "The note warns that changes to account permissions or files will end negotiations," the Halcyon researchers said in a report about S3 bucket attacks shared with The Register. While West declined to name or provide any additional details about the two Codefinger victims -- including if they paid the ransom demands -- he suggests that AWS customers restrict the use of SSE-C. "This can be achieved by leveraging the Condition element in IAM policies to prevent unauthorized applications of SSE-C on S3 buckets, ensuring that only approved data and users can utilize this feature," he explained. Plus, it's important to monitor and regularly audit AWS keys, as these make very attractive targets for all types of criminals looking to break into companies' cloud environments and steal data. "Permissions should be reviewed frequently to confirm they align with the principle of least privilege, while unused keys should be disabled, and active ones rotated regularly to minimize exposure," West said. An AWS spokesperson said it notifies affected customers of exposed keys and "quickly takes any necessary actions, such as applying quarantine policies to minimize risks for customers without disrupting their IT environment." They also directed users to this post about what to do upon noticing unauthorized activity.

Read more of this story at Slashdot.

A Snyk security researcher has published malicious NPM packages targeting Cursor, an AI coding startup, in what appears to be a dependency confusion attack. The packages, which collect and transmit system data to an attacker-controlled server, were published under a verified Snyk email address, according to security researcher Paul McCarty. The OpenSSF package analysis scanner flagged three packages as malicious, generating advisories MAL-2025-27, MAL-2025-28 and MAL-2025-29. The researcher deployed the packages "cursor-retrieval," "cursor-always-local" and "cursor-shadow-workspace," likely attempting to exploit Cursor's private NPM packages of the same names.

Read more of this story at Slashdot.