News

Data centers were typically "hulking, chilly buildings lined with stacks of computing gear and bundles of wiring," writes the Washington Post. But "AI experts say that the hubs for computers that power AI are different from the data centers that deliver your Netflix movies and Uber rides. They use a different mix of computer chips, cost a lot more and need a lot more energy. "The question is whether it's necessary and illuminating to rebrand AI-specialized data centers, or if calling them 'AI factories' is just marketing hogwash." The AI computer chip company Nvidia seems to have originated the use of "AI factories." CEO Jensen Huang has said that the term is apt because similar to industrial factories, AI factories take in raw materials to produce a product... The term is spreading. Sam Altman, CEO of ChatGPT parent company OpenAI, recently said that he wants a "factory" to regularly produce more building blocks for AI. Crusoe, a start-up that's erecting a mammoth "Stargate" data center in Texas, calls itself the "AI factory company." The prime minister of Bulgaria recently touted an "AI factory" in his country... Alex Hanna, director of research at the Distributed AI Research Institute and co-author the book, "The AI Con," had a more pessimistic view of the term "AI factories." She said that it's a way to deflect the negative connotations of data centers. Some people and politicians blame power-hungry computing hubs for driving up residential electric bills, spewing pollution, draining drinking water and producing few permanent jobs.

Read more of this story at Slashdot.

Reason.com explores the fortunes of Aurora Innovation, the first company to put heavy-duty commercial self-driving trucks on public roads (and hopes to expand routes to El Paso, Texas, and Phoenix by the end of the year): An obscure federal rule is slowing the self-driving revolution. When trucks break down, operators are required to place reflective warning cones and road flares around the truck to warn other motorists. The regulations areexacting: Within 10 minutes of stopping, three warning signals must be set in specific locations around the truck. Auroraaskedthe federal Department of Transportation (DOT) to allow warning beacons to be fixed to the truck itself — and activated when a truck becomes disabled. The warning beacons would face both forward and backward, would be more visibleâthan cones (particularly at night), and wouldn't burn out like road flares. Drivers of nonautonomous vehicles could also benefit from that rule change, as they would no longer have to walk into traffic to place the required safety signals. In December 2024, however, the Transportation Department denied Aurora's request for an exemption to the existing rules, even though regulatorsadmittedin theFederal Registerthat no evidence indicated the truck-mounted beacons would be less safe. Such a study is now underway, but it's unclear how long it will take to draw any conclusions. The article notes that Aurora has now filed a lawsuit in federal court that seeks to overturn the Transportation Department's denial... Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.

Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of strongSwan, an IKE/IPsec suite.

The eap-mschapv2 plugin doesn't correctly check the length of an EAP-MSCHAPv2 Failure Request packet on the client, which can cause an integer underflow that leads to a crash, and a heap-based buffer overflow that's potentially exploitable for remote code execution.

https://security-tracker.debian.org/tracker/DSA-6041-1

"Japan's new HTV-X cargo spacecraft launched on its first-ever mission to the International Space Station on Saturday," reports Space.com: The robotic HTV-X lifted off atop an H3 rocket from Japan's Tanegashima Space Center at 8 p.m. EDT (0000 GMT and 9 a.m local Japan time on October 26). It is expected to arrive at the station for its capture and berthing on Wednesday (Oct. 29) at about 11:50 a.m. EDT (1550 GMT)... The HTV-X's potential uses also extend beyond the ISS, according to JAXA. The agency envisions it aiding "post-ISS human space activities in low Earth orbit" as well as possibly flying cargo to Gateway, the space station NASA may build in lunar orbit as part of its Artemis program. HTV-X's debut increases the stable of ISS cargo craft by one-third. The currently operational freighters are Russia's Progress vehicle and Cygnus and Dragon, spacecraft built by the American companies Northrop Grumman and SpaceX, respectively. Only Dragon is reusable; the others (including HTV-X) are designed to burn up in Earth's atmosphere when their missions are over.

Read more of this story at Slashdot.

25 years ago today on Slashdot... Hemos linked to a site called Joystick101 describing the crowd camping out to buy the limited number of just-released PlayStation 2 consoles (and games). "500,000 lucky members of the American gaming public are sneaking a few minutes of playing Madden 2001, Tekken, or Ridge Racer V before school or work..." wrote Joystick101. That same day CmdrTaco posted reports PS2s were selling for over $1,000 on eBay. And then Timothy updated that post to note someone saw one selling for $5,000. But there was a third PS2 link posted on October 26, 2000... Hemos wrote a post titled "The PS2 — A Betamax In the Making?" — linking to an article by Mark Pesce (co-inventor of VRML and, in 1993, an Apple consulting engineer). "Microsoft promises Xbox will deliver ten times the performance of the PS2," Pesce wrote, noting Microsoft had partnered with Intel and "upstart video-chip developer Nvidia": The strangest thing about this battle of giants is that Microsoft has become a champion of open standards, encouraging developers to write Xbox titles without requiring them to pay any licensing fees. In comparison, Sony charges a minimum of $25,000 for access to the documentation and technology of the PlayStation2, plus a hefty license fee on every game sold. In the video-game industry, the Big Three — Sony, Nintendo, and Sega — sell the hardware at a loss (the PS2 costs nearly the $300 it will retail for) and recover their investment in the stiff licensing fees paid by game developers for the "key" that allows their software to work on Sony's platform... Having committed an astounding $500 million to market the Xbox next Christmas, it's clear that Microsoft doesn't mind taking a short-term loss to ensure an eventual win. If Sony's not careful, this could turn into "Betamax, the Sequel." Twenty years ago, Sony tightly controlled the titles made available for its technically superior videocassette player — specifically, no adult content — and found themselves quickly locked out of an incredibly lucrative market for adult and family content. If Sony keeps a tight grip on the PS2, they may actually help Microsoft create the new VHS. But even if Sony loses this round (and no one wants to wager which way this battle will turn), they've already set their sights on the PlayStation3, to be released five years from now. Sony promises it will be a thousand times faster than the PS2. Ironically, Pesce's warning about possible threats to the PS2's longevity was published by online magazine Feed-- which seven months later went out of business. And this week it was announced that even Microsoft's Halo Campaign Evolved will now be coming to PlayStation 5, with Slashdot publishing six PlayStation-related stories in just the last three months in 2025. Thanks to long-time Slashdot reader crunchy_one for suggesting a "25 Years Ago" Slashdot post..

Read more of this story at Slashdot.

Critics question why basic flaws like buffer overflows, command injections, and SQL injections are "being exploited remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity," writes CSO Online. Benjamin Harris, CEO of cybersecurity/penetration testing firm watchTowr tells them that "these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse." Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves... Google's Threat Intelligence Group tracked 75 exploited zero-day vulnerabilities in 2024. Nearly one in three targeted network and security appliances, a strikingly high rate given the range of IT systems attackers could choose to exploit. That trend has continued this year, with similar numbers in the first 10 months of 2025, targeting vendors such as Citrix NetScaler, Ivanti, Fortinet, Palo Alto Networks, Cisco, SonicWall, and Juniper. Network edge devices are attractive targets because they are remotely accessible, fall outside endpoint protection monitoring, contain privileged credentials for lateral movement, and are not integrated into centralized logging solutions... [R]esearchers have reported vulnerabilities in these systems for over a decade with little attacker interest beyond isolated incidents. That shifted over the past few years with a rapid surge in attacks, making compromised network edge devices one of the top initial access vectors into enterprise networks for state-affiliated cyberespionage groups and ransomware gangs. The COVID-19 pandemic contributed to this shift, as organizations rapidly expanded remote access capabilities by deploying more VPN gateways, firewalls, and secure web and email gateways to accommodate work-from-home mandates. The declining success rate of phishing is another factor... "It is now easier to find a 1990s-tier vulnerability in a border device where Endpoint Detection and Response typically isn't deployed, exploit that, and then pivot from there" [says watchTowr CEL Harris]... Harris of watchTowr doesn't want to minimize the engineering effort it takes to build a secure system. But he feels many of the vulnerabilities discovered in the past two years should have been caught with automatic code analysis tools or code reviews, given how basic they have been. Some VPN flaws were "trivial to the point of embarrassing for the vendor," he says, while even the complex ones should have been caught by any organization seriously investing in product security... Another problem? These appliances have a lot of legacy code, some that is 10 years or older. Attackers may need to chain together multiple hard-to-find vulnerabilities across multiple components, the article acknowleges. And "It's also possible that attack campaigns against network-edge devices are becoming more visible to security teams because they are looking into what's happening on these appliances more than they did in the past... " The article ends with reactions from several vendors of network edge security devices. Thanks to Slashdot reader snydeq for sharing the article.

Read more of this story at Slashdot.