655"Just a little more than a month after reaching an all-time high, Bitcoin has erased the more than 30% gain registered since the start of the year..." reports Bloomberg: The dominant cryptocurrency fell below US$93,714 on Sunday, pushing the price beneath the closing level reached at the end of last year, when financial markets were rallying following President Donald Trump's election victory. Bitcoin soared to a record US$126,251 on Oct 6, only to begin tumbling four days later after unexpected comments on tariffs by Trump sent markets into a tailspin worldwide. "The general market is risk-off," said Matthew Hougan, the San Francisco-based chief investment officer for Bitwise Asset Management. "Crypto was the canary in the coal mine for that, it was the first to flinch." Over the past month, many of the biggest buyers — from exchange-traded fund allocators to corporate treasuries — have quietly stepped back, depriving the market of the flow-driven support that helped propel the token to records earlier this year. For much of the year, institutions were the backbone of Bitcoin's legitimacy and its price. ETFs as a cohort took in more than US$25 billion, according to Bloomberg data, pushing assets as high as roughly US$169 billion. Their steady allocation flows helped reframe the asset as a portfolio diversifier — a hedge against inflation, monetary debasement and political disarray. But that narrative — always tenuous — is fraying afresh, leaving the market exposed to something quieter but no less destabilising: disengagement. "The selloff is a confluence of profit-taking by LTHs, institutional outflows, macro uncertainty, and leveraged longs getting wiped out," said Jake Kennis, senior research analyst at Nansen. "What is clear is that the market has temporarily chosen a downward direction after a long period of consolidation/ranging..." Boom and bust cycles have been a constant since Bitcoin burst into the mainstream consciousness with a more than 13,000% surge in 2017, only to be followed by a plunge of almost 75% the following year... Bitcoin has whipsawed investors through the year, dropping to as low as US$74,400 in April as Trump unveiled his tariffs, before rebounding to record highs ahead of the latest retreat... The market downturn has been even tougher on smaller, less liquid tokens that traders often gravitate toward because of their higher volatility and typical outperformance during rallies. A MarketVector index tracking the bottom half of the largest 100 digital assets is down around 60% this year.

Read more of this story at Slashdot.

Robert R picked up a bug in his company's event scheduling app. Sometimes, events were getting reported a day off from when they actually were.

It didn't take too long to find the culprit, and as is so often the case, the culprit was handling dates with strings.

const dateAsString = event.toISOString().substr(0,10); return new Date(dateAsString);

toISOString returns a "simplified" ISO8601 string, which looks like this: YYYY-MM-DDTHH:mm:ss.sssZ. The substr pops off the first ten characters, giving you YYYY-MM-DD.

The goal, as you can likely gather, is to truncate to just the date part of a date-time. And given that JavaScript doesn't have a convenient method to do that, it doesn't seem like a terrible way to solve that problem, if you don't think about what date-times contain too hard.

But there's an obvious issue here. toISOString always converts the date to UTC, converting from your local timezone to UTC. Which means when you pick off just the date portion of that, you may be off by an entire day, depending on the event's scheduled time and your local timezone.

This code doesn't simply truncate- it discards timezone information. But for an event scheduler used across the world, tracking timezones is important. You can't just throw that information away.

[Advertisement] Plan Your .NET 9 Migration with Confidence
Your journey to .NET 9 is more than just one decision.Avoid migration migraines with the advice in this free guide. Download Free Guide Now!

"To be clear, the current economics of space-based data centers don't make sense," writes the Wall Street Journal. "But they could in the future, perhaps as soon as a decade or so from now, according to an analysis by Phil Metzger, a research professor at the University of Central Florida and formerly of the National Aeronautics and Space Administration." "Space enthusiasts (comme moi) have long sought a business case to enable human migration beyond our home world," he posted on X amid the new hype. "I think AI servers in space is the first real business case that will lead to many more...." The argument essentially boils down to the belief that AI's needs are eventually going to grow so great that we need to move to outer space. There the sun's power can be more efficiently harvested. In space, the sun's rays can be direct and constant for solar panels to collect — no clouds, no rainstorms, no nighttime. Demands for cooling could also be cut because of the vacuum of space. Plus, there aren't those pesky regulations that executives like to complain about, slowing construction of new power plants to meet the data-center needs. In space, no one can hear the Nimbys scream. "We will be able to beat the cost of terrestrial data centers in space in the next couple of decades," Bezos said at a tech conference last month. "Space will end up being one of the places that keeps making Earth better." It's still early days. At Alphabet, Google's plans sound almost conservative. The search-engine company in recent days announced Project Suncatcher, which it describes as a moonshot project to scale machine learning in space. It plans to launch two prototype satellites by early 2027 to test its hardware in orbit. "Like any moonshot, it's going to require us to solve a lot of complex engineering challenges," Pichai posted on social media. Nvidia, too, has announced a partnership with startup Starcloud to work on space-based data centers. Not to be outdone, Elon Musk has been painting his own updated vision for the heavens... in recent weeks he has been talking more about how he can use his spaceships to deploy new versions of his solar-powered Starlink satellites equipped with high-speed lasers to build out in-space data centers. On Friday, Musk further reiterated how those AI satellites would be able to generate 100 gigawatts of annual solar power — or, what he said, would be roughly a quarter of what the U.S. consumes on average in a year. "We have a plan mapped out to do it," he told investor Ron Baron during an event. "It gets crazy." Previously, he has suggested he was four to five years away from that ability. He's also touted even wilder ideas, saying on X that 100 terawatts a year "is possible from a lunar base producing solar-powered AI satellites locally and accelerating them to escape velocity with a mass driver." Simply put, he's suggesting a moon base will crank out satellites and throw them into orbit with a catapult. And those satellites' solar panels would generate 100,000 gigawatts a year. "I think we'll see intelligence continue to scale all the way up to where...most of the power of the sun is harnessed for compute," Musk told a tech conference in September.

Read more of this story at Slashdot.

"Windows is evolving into an agentic OS," Microsoft's president of Windows Pavan Davuluri posted on X.com, "connecting devices, cloud, and AI to unlock intelligent productivity and secure work anywhere." But former Uber software engineer and engineering manager Gergely Orosz was unimpressed. "Can't see any reason for software engineers to choose Windows with this weird direction they are doubling down on. So odd because Microsoft has building dev tools in their DNA... their OS doesn't look like anything a builder who wants OS control could choose. Mac or Linux it is for devs." Davuluri "has since disabled replies on his original post..." notes the blog Windows Central, "which some people viewed as an attempt to shut out negative feedback." But he also replied to that comment... Davuluri says "we care deeply about developers. We know we have work to do on the experience, both on the everyday usability, from inconsistent dialogs to power user experiences. When we meet as a team, we discuss these pain points and others in detail, because we want developers to choose Windows..." The good news is Davuluri has confirmed that Microsoft is listening, and is aware of the backlash it's receiving over the company's obsession with AI in Windows 11. That doesn't mean the company is going to stop with adding AI to Windows, but it does mean we can also expect Microsoft to focus on the other things that matter too, such as stability and power user enhancements. Elsewhere on X.com, Microsoft CEO Satya Nadella shared his own thoughts on "the net benefit of the AI platform wave ." The Times of India reports: Nadella said tech companies should focus on building AI systems that create more value for the people and businesses using them, not just for the companies that make the technology. He cited Bill Gates to emphasize the same: "A platform is when the economic value of everybody that uses it exceeds the value of the company that creates it."Tesla CEO Elon Musk responded to Nadella's post with a facepalm emoji. Nadella said this idea matters even more during the current AI boom, where many firms risk giving away too much of their own value to big tech platforms. "The real question is how to empower every company out there to build their own AI-native capabilities," he wrote. Nadella says Microsoft's partnership with OpenAI is an example of zero-sum mindset industry... [He also cited Microsoft's "work to bring AMD into the fleet."] More from Satya Nadella's post: Thanks to AI, the [coding] category itself has expanded and may ultimately become one of the largest software categories. I don't ever recall any analyst ever asking me about how much revenue Visual Studio makes! But now everyone is excited about AI coding tools. This is another aspect of positive sum, when the category itself is redefined and the pie becomes 10x what it was! With GitHub Copilot we compete for our share and with GitHub and Agent HQ we also provide a platform for others. Of course, the real test of this era won't be when another tech company breaks a valuation record. It will be when the overall economy and society themselves reach new heights. When a pharma company uses AI in silico to bring a new therapy to market in one year instead of twelve. When a manufacturer uses AI to redesign a supply chain overnight. When a teacher personalizes lessons for every student. When a farmer predicts and prevents crop failure.That's when we'll know the system is working. Let us move beyond zero-sum thinking and the winner-take-all hype and focus instead on building broad capabilities that harness the power of this technology to achieve local success in each firm, which then leads to broad economic growth and societal benefits. And every firm needs to make sure they have control of their own destiny and sovereignty vs just a press release with a Tech/AI company or worse leak all their value through what may seem like a partnership, except it's extractive in terms of value exchange in the long run.

Read more of this story at Slashdot.

"Three Chinese astronauts returned from their nation's space station Friday," reports the Associated Press, "after more than a week's delay because the return capsule they had planned to use was damaged, likely from being hit by space debris." The team left their Shenzhou-20 spacecraft in orbit and came back using the recently arrived Shenzhou-21, which had ferried a three-person replacement crew to the station, China's Manned Space Agency said. The original return plan was scrapped because a window in the Shenzhou-20 capsule had tiny cracks, most likely caused by impact from space debris, the space agency said Friday... Their return was delayed for nine days, and their 204-day stay in space was the longest for any astronaut at China's space station... China developed the Tiangong space station after the country was excluded from the International Space Station over U.S. national security concerns. China's space program is controlled by its military.

Read more of this story at Slashdot.

Android's security team published a blog post this week about their experience using Rust. Its title? "Move fast and fix things." Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster. The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android's C and C++ code. But the biggest surprise was Rust's impact on software delivery. With Rust changes having a 4x lower rollback rate and spending 25% less time in code review, the safer path is now also the faster one... Data shows that Rust code requires fewer revisions. This trend has been consistent since 2023. Rust changes of a similar size need about 20% fewer revisions than their C++ counterparts... In a self-reported survey from 2022, Google software engineers reported that Rust is both easier to review and more likely to be correct. The hard data on rollback rates and review times validates those impressions. Historically, security improvements often came at a cost. More security meant more process, slower performance, or delayed features, forcing trade-offs between security and other product goals. The shift to Rust is different: we are significantly improving security and key development efficiency and product stability metrics. With Rust support now mature for building Android system services and libraries, we are focused on bringing its security and productivity advantages elsewhere. Android's 6.12 Linux kernel is our first kernel with Rust support enabled and our first production Rust driver. More exciting projects are underway, such as our ongoing collaboration with Arm and Collabora on a Rust-based kernel-mode GPU driver. [They've also been deploying Rust in firmware for years, and Rust "is ensuring memory safety from the ground up in several security-critical Google applications," including Chromium's parsers for PNG, JSON, and web fonts.] 2025 was the first year more lines of Rust code were added to Android than lines of C++ code...

Read more of this story at Slashdot.

An anonymous reader shared this report from CNBC: [T]he computing power of crypto mining generates a lot of heat, most which just ends up vented into the air. According to digital assets brokerage, K33, the bitcoin mining industry generates about 100 TWh of heat annually — enough to heat all of Finland.This energy waste within a very energy-intense industry is leading entrepreneurs to look for ways to repurpose the heat for homes, offices, or other locations, especially in colder weather months. During a frigid snap earlier this year, The New York Times reviewed HeatTrio, a $900 space heater that also doubles as a bitcoin mining rig. Others use the heat from their own in-home cryptocurrency mining to spread warmth throughout their house. "I've seen bitcoin rigs running quietly in attics, with the heat they generate rerouted through the home's ventilation system to offset heating costs. It's a clever use of what would otherwise be wasted energy," said Jill Ford, CEO of Bitford Digital, a sustainable bitcoin mining company based in Dallas... "Same price as heating the house, but the perk is that you are mining bitcoin," Ford said... The crypto-heated future may be unfolding in the town of Challis, Idaho, where Cade Peterson's company, Softwarm, is repurposing bitcoin heat to ward off the winter. Several shops and businesses in town are experimenting with Softwarm's rigs to mine and heat. At TC Car, Truck and RV Wash, Peterson says, the owner was spending $25 a day to heat his wash bays to melt snow and warm up the water. "Traditional heaters would consume energy with no returns. They installed bitcoin miners and it produces more money in bitcoin than it costs to run," Peterson said. Meanwhile, an industrial concrete company is offsetting its $1,000 a month bill to heat its 2,500-gallon water tank by heating it with bitcoin. Peterson has heated his own home for two-and-a-half years using bitcoin mining equipment and believes that heat will power almost everything in the future. "You will go to Home Depot in a few years and buy a water heater with a data port on it and your water will be heated with bitcoin," Peterson said. Derek Mohr, clinical associate professor at the University of Rochester Simon School of Business, remains skeptical. Bitcoin mining is so specialized now that a home computer, or even network of home computers, would have almost zero chance of being helpful in mining a block of bitcoin, according to Mohr, with mining farms use of specialized chips that are created to mine bitcoin much faster than a home computer... "The bitcoin heat devices I have seen appear to be simple space heaters that use your own electricity to heat the room..." CNBC also spoke to Andrew Sobko, founder of Argentum AI (which is building a marketplace for sharing computing power), who says the idea makes the most sense in larger settings. "We're working with partners who are already redirecting compute heat into building heating systems and even agricultural greenhouse warming. That's where the economics and environmental benefits make real sense. Instead of trying to move the heat physically, you move the compute closer to where that heat provides value."

Read more of this story at Slashdot.

From the Business Standard: Apple has accelerated its succession plans as the company prepares for Chief Executive Tim Cook to potentially step down as early as next year, Financial Times reported. Apple's board and senior leaders have recently increased their focus on a smooth leadership transition after Cook's more than 14 years at the helm of the $4 trillion tech giant, the news report said. John Ternus, senior Vice-President of hardware engineering, is seen by many inside Apple as the top contender to become the next CEO. However, no final decision has been made yet. The leadership shift has been in the works for years and is not connected to its present performance, the news report said. Apple expects a strong year-end sales season, especially for the iPhone... Cook, who turned 65 this month, became Apple's CEO in 2011 after the passing of co-founder Steve Jobs. Under his leadership, Apple's market value has grown from around $350 billion in 2011 to $4 trillion today. Apple's stock is near a record high following strong results last month. Apple "is unlikely to introduce a new CEO before its earnings report in late January, which covers the crucial holiday quarter," the article points out. "An early-year announcement would allow the next leadership team time to settle before Apple's major annual events — the Worldwide Developers Conference in June and the iPhone launch in September..." Slashdot reader BrianFagioli points out that top-contender Ternus "is deeply technical and has been central to Apple Silicon and the hardware comeback in the Mac line." If Apple elevates him, that would be an unmistakable signal that the board wants a return to stronger, more grounded hardware leadership. The company may finally realize that accessories aren't enough to keep Apple fans excited, and that expensive experiments are not a substitute for devices people can actually use and afford... Financial success can only hide hardware misfires for so long. Apple needs a leader who can reconnect the company with its reputation for creating devices people can't live without, not ones people return or ignore. Tech blogger John Gruber "absolutely loves" the idea of Cook's successor "being a product person like Ternus, and Ternus is young enoughâ — â50, the same age Cook was in 2011 when he took the reins from Steve Jobsâ — âto hold the job for a long stretch." Ternus took over iPhone hardware engineering in 2020, and was promoted to senior vice president of hardware engineering in January 2021, when Dan Riccio stepped aside. Apple's hardware, across all product lines and including silicon, has been exemplary under Ternus's leadership. And Ternus clearly loves and understands the Mac. I would also bet that Cook moves into the role of executive chairman, and will still play a significant, if not leading, role for the company. And Gruber makes another observation about that Financial Times article. "That 'several people' spoke to the FT about this says to me that those sources (members of the board?) did so with Cook's blessing, and they want this announcement to be no more than a little surprising."

Read more of this story at Slashdot.

An anonymous reader shared this report from the Guardian: The number of deaths linked to superbugs that do not respond to frontline antibiotics increased by 17% in England last year, according to official figures that raise concerns about the ongoing increase in antimicrobial resistance. The figures, released by the UK Health Security Agency, also revealed a large rise in private prescriptions for antibiotics, with 22% dispensed through the private sector in 2024. The increase in private prescribing is partly explained by the Pharmacy First scheme, a flagship policy of Rishi Sunak's government that allows patients to be prescribed antibiotics for common illnesses without seeing a GP, raising questions about whether the shift in prescribing patterns risks contributing to the rise in resistance. "Antibiotic resistance is one of the greatest health threats we face," said the UKHSA's chief executive, Prof Susan Hopkins. "More people than ever are acquiring infections that cannot be effectively treated by antibiotics. This puts them at greater risk of serious illness and even death, with our poorest communities hit the hardest... It's positive that we've seen antibiotic use fall in England within the NHS but we need to go further, faster," said Hopkins. "Please remember to only take antibiotics if you have been told to do so by a healthcare professional. Do not save some for later or share them with friends and family. If you have leftover antibiotics, please bring them to a pharmacy for appropriate disposal."

Read more of this story at Slashdot.

CNN profiled the non-profit Internet Archive today — and included this tidbit about how they archive parts of the internet that are now "tucked in conversations with AI chatbots." The rise of artificial intelligence and AI chatbots means the Internet Archive is changing how it records the history of the internet. In addition to web pages, the Internet Archive now captures AI-generated content, like ChatGPT answers and those summaries that appear at the top of Google search results. The Internet Archive team, which is made up of librarians and software engineers, are experimenting with ways to preserve how people get their news from chatbots by coming up with hundreds of questions and prompts each day based on the news, and recording both the queries and outputs, [says Wayback Machine Director Mark Graham]. It sounds like a fun place to work... Archivists use bespoke machines to digitize books page by page, livestreaming their work on YouTube for all to see (alongside some lo-fi music). Record players churn out vintage tunes from 1920s and 1940s, and the building houses every type of media console for any type of content imaginable, from microfilm, to CDs and satellite television. (The Internet Archive preserves music, television, books and video games, too)... "There are a lot of people that are just passionate about the cause. There's a cyberpunk atmosphere," Annie Rauwerda, a Wikipedia editor and social media influencer, said at a party thrown at the Internet Archive's headquarters to celebrate reaching a trillion pages "The internet (feels) quite corporate when I use it a lot these days, but you wouldn't know from the people here."

Read more of this story at Slashdot.

Tech entrepreneur/blogger Anil Dash has been critical of AI browsers like ChatGPT Atlas. (He's written that Atlas "substitutes its own AI-generated content for the web, but it looks like it's showing you the web," while its prompt-based/command-line interface resembles a clunky text adventure, and it's true purpose seems to be ingesting more training data.) And at the Mozilla Festival in Spain, "Virtually everyone shared some version of what I'd articulated as the majority view on AI, which is approximately that LLMs can be interesting as a technology, but that Big Tech, and especially Big AI, are decidedly awful and people are very motivated to stop them from committing their worst harms upon the vulnerable." But... Another reality that people were a little more quiet in acknowledging, and sometimes reluctant to engage with out loud, is the reality that hundreds of millions of people are using the major AI tools every day... I don't know why today's Firefox users, even if they're the most rabid anti-AI zealots in the world, don't say, "well, even if I hate AI, I want to make sure Firefox is good at protecting the privacy of AI users so I can recommend it to my friends and family who use AI"... My personal wishlist would be pretty simple: * Just give people the "shut off all AI features" button. It's a tiny percentage of people who want it, but they're never going to shut up about it, and they're convinced they're the whole world and they can't distinguish between being mad at big companies and being mad at a technology so give them a toggle switch and write up a blog post explaining how extraordinarily expensive it is to maintain a configuration option over the lifespan of a global product. * Market Firefox as "The best AI browser for people who hate Big AI". Regular users have no idea how creepy the Big AI companies are — they've just heard their local news talk about how AI is the inevitable future. If Mozilla can warn me how to protect my privacy from ChatGPT, then it can also mention that ChatGPT tells children how to self-harm, and should be aggressive in engaging with the community on how to build tools that help mitigate those kinds of harms — how do we catalyze that innovation? * Remind people that there isn't "a Firefox" — everyone is Firefox. Whether it's Zen, or your custom build of Firefox with your favorite extensions and skins, it's all part of the same story. Got a local LLM that runs entirely as a Firefox extension? Great! That should be one of the many Firefoxes, too. Right now, so much of the drama and heightened emotions and tension are coming from people's (well... dudes') egos about there being One True Firefox, and wanting to be the one who controls what's in that version, as an expression of one set of values. This isn't some blood-feud fork, there can just be a lot of different choices for different situations. Make it all work.

Read more of this story at Slashdot.

Residential utility bills in America "rose 6% on average nationwide in August compared with the same period in the previous year," reports CNBC, citing statistics from the U.S. Energy Information Administration: The reasons for price increases are often complex and vary by region. But in at least three states with high concentrations of data centers, electric bills climbed much faster than the national average during that period. Prices, for example, surged by 13% in Virginia, 16% in Illinois and 12% in Ohio. The tech companies and AI labs are building data centers that consume a gigawatt or more of electricity in some cases, equivalent to more than 800,000 homes, the size of a city essentially... "The techlash is real," said Abraham Silverman, who served as general counsel for New Jersey's public utility board from 2019 until 2023 under outgoing Democratic Gov. Phil Murphy. "Data centers aren't always great neighbors," said Silverman, now a researcher at Johns Hopkins University. "They tend to be loud, they can be dirty and there's a number of communities, particularly in places with really high concentrations of data centers, that just don't want more data centers..." [C]apacity prices get passed down to consumers in their utility bills, Silverman said. The data center load in PJM [America's largest grid, serving 13 states] is also impacting prices in states that are not industry leaders such as New Jersey, where prices jumped about 20% year over year... There are other reasons for rising electricity prices, Silverman said. The aging electric grid needs upgrades at a time of broad inflation and the cost of building new transmission lines has gone up by double digits, he said. The utilities also point to rising demand from the expansion of domestic manufacturing and the broader electrification of the economy, such as electric vehicles and the adoption of electric heat pumps in some regions... In other states, however, the relationship between rising electricity prices and data centers is less clear. Texas, for example, is second only to Virginia with more than 400 data centers. But prices in the Lone Star state increased about 4% year over year in August, lower than the national average. Texas operates its own grid, ERCOT, with a relatively fast process that can connect new electric supply to the grid in around three years, according to a February 2024 report from the Brattle Group. California, meanwhile, has the third most data centers in the nation and the second highest residential electricity prices, nearly 80% above the national average. But prices in the Golden State increased about 1% in August 2024 over the prior year period, far below the average hike nationwide. One of the reasons California's electricity rates are so much higher than most of the country is the costs associated with preventing wildfires.

Read more of this story at Slashdot.

An anonymous reader shared this report from The Register: Yet another supply chain attack has hit the npm registry in what Amazon describes as "one of the largest package flooding incidents in open source registry history" — but with a twist. Instead of injecting credential-stealing code or ransomware into the packages, this one is a token farming campaign. Amazon Inspector security researchers, using a new detection rule and AI assistance, originally spotted the suspicious npm packages in late October, and, by November 7, the team had flagged thousands. By November 12, they had uncovered more than 150,000 malicious packages across "multiple" developer accounts. These were all linked to a coordinated tea.xyz token farming campaign, we're told. This is a decentralized protocol designed to reward open-source developers for their contributions using the TEA token, a utility asset used within the tea ecosystem for incentives, staking, and governance. Unlike the spate of package poisoning incidents over recent months, this one didn't inject traditional malware into the open source code. Instead, the miscreants created a self-replicating attack, infecting the packages with code to automatically generate and publish, thus earning cryptocurrency rewards on the backs of legitimate open source developers. The code also included tea.yaml files that linked these packages to attacker-controlled blockchain wallet addresses. At the moment, Tea tokens have no value, points out CSO Online. "But it is suspected that the threat actors are positioning themselves to receive real cryptocurrency tokens when the Tea Protocol launches its Mainnet, where Tea tokens will have actual monetary value and can be traded..." In an interview on Friday, an executive at software supply chain management provider Sonatype, which wrote about the campaign in April 2024, told CSO that number has now grown to 153,000. "It's unfortunate that the worm isn't under control yet," said Sonatype CTO Brian Fox. And while this payload merely steals tokens, other threat actors are paying attention, he predicted. "I'm sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride that, not just to get the Tea tokens but to put some actual malware in there, because if it's replicating that fast, why wouldn't you?" When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person. With the swollen numbers reported this week, Amazon researchers wrote that it's "one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security...." For now, says Sonatype's Fox, the scheme wastes the time of npm administrators, who are trying to expel over 100,000 packages. But Fox and Amazon point out the scheme could inspire others to take advantage of other reward-based systems for financial gain, or to deliver malware. After deplooying a new detection rule "paired with AI", Amazon's security researchers' write, "within days, the system began flagging packages linked to the tea.xyz protocol... By November 7, the researchers flagged thousands of packages and began investigating what appeared to be a coordinated campaign. The next day, after validating the evaluation results and analyzing the patterns, they reached out to OpenSSF to share their findings and coordinate a response. Their blog post thanks the Open Source Security Foundation (OpenSSF) for rapid collaboration, while calling the incident "a defining moment in supply chain security..."

Read more of this story at Slashdot.

An anonymous reader shared this report from Electrek: Solar and wind are growing fast enough to meet all new electricity demand worldwide for the first three quarters of 2025, according to new data from energy think tank Ember. The group now expects fossil power to stay flat for the full year, marking the first time since the pandemic that fossil generation won't increase. Solar and wind aren't just expanding; they're outpacing global electricity demand itself. Solar generation jumped 498 TWh (+31%) compared to the same period last year, already topping all the solar power produced in 2024. Wind added another 137 TWh (+7.6%). Together, they supplied 635 TWh of new clean electricity, beating out the 603 TWh rise in global demand (+2.7%). That lifted solar and wind to 17.6% of global electricity in the first three quarters of the year, up from 15.2% year-over-year. That brought the total share of renewables in global electricity -solar, wind, hydro, bioenergy, and geothermal — to 43%. Fossil fuels slid to 57.1%, down from 58.7%. For the first time in 2025, renewables collectively generated more electricity than coal. And fossil generation as a whole has stalled. Fossil output slipped slightly by 0.1% (-17 TWh) through the end of Q3. Ember expects no fossil-fuel growth for the full year, driven by clean power growth outpacing demand.

Read more of this story at Slashdot.

An anonymous reader shared this report from PC World: It won't whip the llama's ass, but Opera has added a Spotify visualizer to its latest iteration of its free Opera One browser. Known as Sonic, the visualizer will be part of Opera's Dynamic Themes, which use the WebGPU standard to employ a dynamic theme that runs in the background of the browser. It's essentially a shader, which uses your PC's graphics engine to generate the moving background. The browser also comes with a music player, which is set to Spotify by default. Users will have an opportunity to upgrade to Spotify Premium as part of the browser upgrade, Opera said. Opera's Sonic theme... takes the Spotify input and transforms it into a dynamic background. "As any old tech head knows, the original visualizer was found in Winamp, which would sync visualizations to the beat and flow of music being played," the article points out. And 27 years later, WinAmp arrived as an app in Apple's App Store and Google Play and in April of 2024. (The latest version was apparently released this May — and you can also download it to your desktop...) Somewhere along the way, Winamp also announced "Winamp for Creators," which they're describing as a dedicated platform for music artists with monetization and promotion tools, music management services, and other essential resources "to help creators take control of their careers" (including "a powerful social media publishing tool that lets users write a single post and push it to all their social media channels simultaneously.")

Read more of this story at Slashdot.

It's been trying to measure the popularity of programming languages since 2000 using metrics like the number of engineers, courses, and third-party vendors. And "The November 2025 TIOBE Index brings another twist below Python's familiar lead," writes TechRepublic. "C solidifies its position as runner-up, C++ and Java lose some ground, and C# moves sharply upward, narrowing the gap with Java to less than a percentage point..." TIO CEO Paul Jansen said this month that "Instead of Python, programming language C# is now the fastest rising language," How did C# achieve this? Java and C# are battling for a long time in the same areas. Right now it seems like C# has removed every reason why not to use C# instead of Java: it is cross platform nowadays, it is open source and it contains all new language features a developer wants. While the financial world is still dominated by Java, all other terrains show equal shares between Java and C#. Besides this, Microsoft is going strong and C# is still their most backed programming language. Interesting note: C# has never been higher than Java in the TIOBE index. Currently the difference between the two rivals is less than 1%. There are exciting times ahead of us. Is C# going to surpass Java for the first time in the TIOBE index history? "The fact that C# has been in the news for the successive betas and pre-release candidates prior to the release of C# 14 may have bumped up its percentage share in the last few months," notes a post on the site i-Programmer. But they also point out that by TIOBE's reckoning, Java — having been overtaken by Python in 2021 — "has been in decline ever since." TechRepublic summarizes the rest of the Top Ten: JavaScript stays in sixth place at 3.42%, and Visual Basic edges up to seventh with 3.31%. Delphi/Object Pascal nudges upward to eighth at 2.06%, while Perl returns to the top 10 in ninth at 1.84% after a sharp year-over-year climb. SQL rounds out the list at tenth with 1.80%, maintaining a foothold that shows the enduring centrality of relational databases. Go, which held eighth place in October, slips out of the top 10 entirely. Here's how TIOBE's methodology ranks programming language popularity in November: Python C C++ Java C# JavaScript Visual Basic Delphi/Object Pascal Perl SQL

Read more of this story at Slashdot.

Slashdot reader spatwei writes: It is now more common for data to leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its Browser Security Report 2025. This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools. 'Traditional governance built for email, file-sharing, and sanctioned SaaS didn't anticipate that copy/paste into a browser prompt would become the dominant leak vector,' LayerX CEO Or Eshed wrote in a blog post summarizing the report. "GenAI now accounts for 11% of enterprise application usage," notes this article from SC World, "with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use..." "With the rise of AI-driven browsers such as OpenAI's Atlas and Perplexity's Comet, governance of AI tools' access to corporate data becomes even more urgent, the LayerX report notes."

Read more of this story at Slashdot.

"Google is going to court to help put an end to, or at least limit, the prevalence of phishing scams over text message," reports BGR: Google said it's bringing suit against Lighthouse, an impressively large operation that allegedly provides tools customers can buy to set up their own specialized phishing scams. All told, Google estimates that Lighthouse-affiliated scams in the U.S. have stolen anywhere between 12.7 million and 115 million credit cards. "Bad actors built Lighthouse as a phishing-as-a-service kit to generate and deploy massive SMS phishing attacks," Google notes. "These attacks exploit established brands like E-Z Pass to steal people's financial information." Google's legal action is comprehensive and is intent on completely dismantling Lighthouse's operations. The search giant is bringing claims under RICO, the Lanham Act, and the Computer Fraud and Abuse Act (CFAA). RICO, which often comes up in movies and television shows, allows authorities to treat Lighthouse's phishing operation as a broad criminal enterprise as opposed to isolated scams. By using RICO, Google also expands the list of individuals who can be found liable, whether it be the people who started Lighthouse, the people who run it, or even unaffiliated customers who used the company's services. The Lanham Act, for those unaware, targets malicious actors who misappropriate well-known company trademarks in order to confuse consumers. This Lanham Act comes into play because many phishing scams masquerade as legitimate messages from companies like Amazon and FedEx. The Computer Fraud and Abuse Act, meanwhile, is relevant because scammers typically use stolen credentials to gain unauthorized access to financial systems, something the CFAA is designed to target... The fact that Google is invoking all three of the acts above underscores how serious the company is about putting a stop to SMS-based scams. By using all three, Google's legal attack is more potent and also expands the range of available remedies to include civil damages and criminal penalties. In short, Google isn't merely trying to win a legal case; it's aiming to emphatically and permanently stop Lighthouse in its tracks. Getting even more aggressive, Google says it's also working with the U.S. Congress to pass new anti-scammer legislation, and endorsed these three new bipartisan bills: The Scam Compound Accountability and Mobilization (SCAM) Act "would develop a national strategy to counter scam compounds, enhance sanctions and support survivors of human trafficking within these compounds." The Foreign Robocall Elimination Act "would establish a taskforce focused on how to best block foreign-originated illegal robocalls before they ever reach American consumers." The Guarding Unprotected Aging Retirees from Deception (GUARD) Act "would empower state and local law enforcement by enabling them to utilize federal grant funding to investigate financial fraud and scams specifically targeting retirees. " Thanks to Slashdot reader anderzole for sharing the article.

Read more of this story at Slashdot.

The dream of quantum computers has been hampered by the challenge of error correction, writes the Harvard Gazette, since qubits "are inherently susceptible to slipping out of their quantum states and losing their encoded information." But in a newly-published paper, a research team "combined various methods to create complex circuits with dozens of error correction layers" that "suppresses errors below a critical threshold — the point where adding qubits further reduces errors rather than increasing them." "For the first time, we combined all essential elements for a scalable, error-corrected quantum computation in an integrated architecture," said Mikhail Lukin, co-director of the Quantum Science and Engineering Initiative, Joshua and Beth Friedman University Professor, and senior author of the new paper. "These experiments — by several measures the most advanced that have been done on any quantum platform to date — create the scientific foundation for practical large-scale quantum computation..." "There are still a lot of technical challenges remaining to get to very large-scale computer with millions of qubits, but this is the first time we have an architecture that is conceptually scalable," said lead author Dolev Bluvstein, Ph.D. '25, who did the research during his graduate studies at Harvard and is now an assistant professor at Caltech. "It's going to take a lot of effort and technical development, but it's becoming clear that we can build fault-tolerant quantum computers...." Hartmut Neven, vice president of engineering at the Google Quantum AI team, said the new paper came amid an "incredibly exciting" race between qubit platforms. "This work represents a significant advance toward our shared goal of building a large-scale, useful quantum computer," he said... With recent advances, Lukin believes the core elements for building quantum computers are falling into place. "This big dream that many of us had for several decades, for the first time, is really in direct sight," he said. "In theory, a system of 300 quantum bits can store more information than the number of particles in the known universe..." the article points out. "The new paper represents an important advance in a three-decade pursuit of quantum error correction." Thanks to long-time Slashdot reader schwit1 for sharing the article.

Read more of this story at Slashdot.

A new "cold war" between America and China is "pushing leaders to sideline concerns about the dangers of powerful AI models," reports the Wall Street Journal, "including the spread of disinformation and other harmful content, and the development of superintelligent AI systems misaligned with human values..." "Both countries are driven as much by fear as by hope of progress. " In Washington and Silicon Valley, warnings abound that China's "authoritarian AI," left unchecked, will erode American tech supremacy. Beijing is gripped by the conviction that a failure to keep pace in AI will make it easier for the U.S. to cut short China's resurgence as a global power. Both countries believe market share for their companies across the world is up for grabs — and with it, the potential to influence large swaths of the global population. The U.S. still has a clear lead, producing the most powerful AI models. China can't match it in advanced chips and has no answer for the financial firepower of private American investors, who funded AI startups to the tune of $104 billion in the first half of 2025, and are gearing up for more. But it has a massive population of capable engineers, lower costs and a state-led development model that often moves faster than the U.S., all of which Beijing is working to harness to tip the contest in its direction. A new "whole of society" campaign looks to accelerate the construction of computing clusters in areas like Inner Mongolia, where vast solar and wind farms provide plentiful cheap energy, and connect hundreds of data centers to create a shared compute pool — some describe it as a "national cloud" — by 2028. China is also funneling hundreds of billions of dollars into its power grid to support AI training and adoption... "Our lead is probably in the 'months but not years' realm," said Chris McGuire, who helped design U.S. export controls on AI chips while serving on the National Security Council under the Biden administration. Chinese AI models currently rank at or near the top in every task from coding to video generation, with the exception of search, according to Chatbot Arena, a popular crowdsourced ranking platform. China's manufacturing sector, meanwhile, is rocketing past the U.S. in bringing AI into the physical world through robotaxis, autonomous drones and humanoid robots. Given China's progress, McGuire said, the U.S. is "very lucky" to have its advantage in chips... If AI surpasses human intelligence and acquires the ability to improve itself, it could confer unshakable scientific, economic and military superiority on the country that controls it. Short of that, AI's ability to automate tedious tasks and process vast amounts of data quickly promises to supercharge everything from cancer diagnoses to missile defense. With so much at stake, hacking and cyber espionage are likely to get worse, as AI gives hackers more powerful tools, while increasing incentives for state-backed groups to try to steal AI-related intellectual property. As distrust grows, Washington and Beijing will also find it hard, if not impossible, to cooperate in areas like preventing extremist groups from using AI in destructive ways, such as building bioweapons. "The costs of the AI Cold War are already high and will go much higher," said Paul Triolo, a former U.S. government analyst and current technology policy lead at business consulting firm DGA-Albright Stonebridge Group. "A U.S.-China AI arms race becomes a self-fulfilling prophecy, with neither side able to trust that the other would observe any restrictions on advanced AI capability development...." The article includes an interesting observation from Helen Toner, director of strategy for Georgetown's Center for Security and Emerging Technology and a former OpenAI board member. Toner points out "We don't actually know" if boosting computing power with better chips will continue producing more-powerful AI models. So "If performance plateaus," the Journal writes, "despite all the spending by OpenAI and others — a growing concern in Silicon Valley — China has a chance to compete."

Read more of this story at Slashdot.