Daniel Stenberg, creator of the curl utility, is considering ending its bug bounty program due to a surge in low-quality, AI-generated reports that are overwhelming the small volunteer team. Despite attempts to discourage AI-assisted submissions, these reports now make up about 20% of all entries in 2025, while genuine vulnerabilities have dropped to just 5%. The Register reports: "The general trend so far in 2025 has been way more AI slop than ever before (about 20 percent of all submissions) as we have averaged about two security report submissions per week," he wrote in a blog post on Monday. "In early July, about 5 percent of the submissions in 2025 had turned out to be genuine vulnerabilities. The valid-rate has decreased significantly compared to previous years." The situation has prompted Stenberg to reevaluate whether to continue curl's bug bounty program, which he says has paid out more than $90,000 for 81 awards since its inception in 2019. He said he expects to spend the rest of the year mulling possible responses to the rising tide of AI refuse. Presently, the curl bug bounty program -- outsourced to HackerOne - requires the bug reporter to disclose the use of generative AI. It does not entirely ban AI-assisted submissions, but does discourage them. "You should check and double-check all facts and claims any AI told you before you pass on such reports to us," the program's policy explains. "You are normally much better off avoiding AI." Two bug submissions per week on average may not seem like a lot, but the curl security team consists of only seven members. As Stenberg explains, three or four reviewers review each submission, a process that takes anywhere from 30 minutes to three hours. "I personally spend an insane amount of time on curl already, wasting three hours still leaves time for other things," Stenberg lamented. "My fellows however are not full time on curl. They might only have three hours per week for curl. Not to mention the emotional toll it takes to deal with these mind-numbing stupidities." [...] Stenberg says it's not clear what HackerOne should do to reduce reckless use of AI, but insists something needs to be done. His post ponders charging a fee to submit a report or dropping the bug bounty award, while also expressing reservations about both potential remedies. "As a lot of these reporters seem to genuinely think they help out, apparently blatantly tricked by the marketing of the AI hype-machines, it is not certain that removing the money from the table is going to completely stop the flood," he concludes.

Read more of this story at Slashdot.

America's largest corporations are increasingly listing AI among the major risks they must disclose in formal financial filings, despite bullish statements in public about the potential business opportunities it offers. The Register: According to a report from research firm The Autonomy Institute, three-quarters of companies listed in the S&P 500 stock market index have updated their official risk disclosures to detail or expand upon mentions of AI-related risk factors during the past year. The organization drew its findings from an analysis of Form 10-K filings that the top 500 companies submitted to the US Securities and Exchange Commission (SEC), in which they are required to outline any material risks that could negatively affect their business and its financial health.

Read more of this story at Slashdot.

Carlos and Claire found themselves supporting a 3rd party logistics package, called IniFreight. Like most "enterprise" software, it was expensive, unreliable, and incredibly complicated. It had also been owned by four different companies during the time Carlos had supported it, as its various owners underwent a series of acquisitions. It kept them busy, which is better than being bored.

One day, Claire asked Carlos, "In SQL, what does an exclamation point mean?"

"Like, as a negation? I don't think most SQL dialects support that."

"No, like-" and Claire showed him the query.

select * from valuation where origin_country < '!'

"IniFreight, I presume?" Carlos asked.

"Yeah. I assume this means, 'where origin country isn't blank?' But why not just check for NOT NULL?"

The why was easy to answer: origin_country had a constraint which prohibited nulls. But the input field didn't do a trim, so the field did allow whitespace only strings. The ! is the first printable, non-whitespace character in ASCII (which is what their database was using, because it was built before "support wide character sets" was a common desire).

Unfortunately, this means that my micronation, which is simply spelled with the ASCII character 0x07 will never show up in their database. You might not think you're familiar with my country, but trust me- it'll ring a bell.

[Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Bruce66423 shares a report from The Guardian: They went viral, amassing more than 1m streams on Spotify in a matter of weeks, but it later emerged that hot new band the Velvet Sundown were AI-generated -- right down to their music, promotional images and backstory. The episode has triggered a debate about authenticity, with music industry insiders saying streaming sites should be legally obliged to tag music created by AI-generated acts so consumers can make informed decisions about what they are listening to. [...] Several figures told the Guardian that the present situation, where streaming sites, including Spotify, are under no legal obligation to identify AI-generated music, left consumers unaware of the origins of the songs they're listening to. Roberto Neri, the chief executive of the Ivors Academy, said: "AI-generated bands like Velvet Sundown that are reaching big audiences without involving human creators raise serious concerns around transparency, authorship and consent." Neri added that if "used ethically," AI has the potential to enhance songwriting, but said at present his organization was concerned with what he called "deeply troubling issues" with the use of AI in music. Sophie Jones, the chief strategy officer at the music trade body the British Phonographic Industry (BPI), backed calls for clear labelling. "We believe that AI should be used to serve human creativity, not supplant it," said Jones. "That's why we're calling on the UK government to protect copyright and introduce new transparency obligations for AI companies so that music rights can be licensed and enforced, as well as calling for the clear labelling of content solely generated by AI." Liz Pelly, the author of Mood Machine: The Rise of Spotify and the Costs of the Perfect Playlist, said independent artists could be exploited by people behind AI bands who might create tracks that are trained using their music. She referred to the 2023 case of a song that was uploaded to TikTok, Spotify and YouTube, which used AI-generated vocals claiming to be the Weeknd and Drake. Universal Music Group said the song was "infringing content created with generative AI" and it was removed shortly after it was uploaded. Aurelien Herault, the chief innovation officer at the music streaming service Deezer, said the company uses detection software that identifies AI-generated tracks and tags them. He said: "For the moment, I think platforms need to be transparent and try to inform users. For a period of time, what I call the "naturalization of AI', we need to inform users when it's used or not." Herault did not rule out removing tagging in future if AI-generated music becomes more popular and musicians begin to use it like an "instrument." At present, Spotify does not label music as AI-generated and has previously been criticized for populating some playlists with music by "ghost artists" -- fake acts that create stock music. Bruce66423 comments: "Artists demand 'a warning' on such material. Why? If it is what the people want..."

Read more of this story at Slashdot.

The UK secretly relocated thousands of Afghans to the UK after their personal details were disclosed in one of the country's worst ever data breaches, putting them at risk of Taliban retaliation. The operation cost around $2.7 billion and remained under a court-imposed superinjunction until recently lifted. Reuters reports: The leak by the Ministry of Defence in early 2022, which led to data being published on Facebook the following year, and the secret relocation program, were subject to a so-called superinjunction preventing the media reporting what happened, which was lifted on Tuesday by a court. British defence minister John Healey apologised for the leak, which included details about members of parliament and senior military officers who supported applications to help Afghan soldiers who worked with the British military and their families relocate to the UK. "This serious data incident should never have happened," Healey told lawmakers in the House of Commons. It may have occurred three years ago under the previous government, but to all whose data was compromised I offer a sincere apology." The incident ranks among the worst security breaches in modern British history because of the cost and risk posed to the lives of thousands of Afghans, some of whom fought alongside British forces until their chaotic withdrawal in 2021. Healey said about 4,500 Afghans and their family members have been relocated or were on their way to Britain under the previously secret scheme. But he added that no-one else from Afghanistan would be offered asylum because of the data leak, citing a government review which found little evidence of intent from the Taliban to seek retribution against former officials.

Read more of this story at Slashdot.

Anthropic has launched a specialized version of its Claude AI tools for the financial services sector, designed to assist professionals with investment decisions, market analysis, and research. The Financial Analysis Solution "includes Claude 4 models, Claude Code and Claude for Enterprise with expanded usage limits, implementation support and other features," reports CNBC. From the report: As part of its new Financial Analysis Solution, Claude will get real-time access to financial information through data providers like Box, PitchBook, Databricks, S&P Global and Snowflake. Anthropic said many of these integrations are available on Tuesday, with more to come. Anthropic's Financial Analysis Solution and Claude for Enterprise are available on AWS Marketplace. The company said Google Cloud Marketplace availability is coming soon. "What this is is a tailored version of Claude for Enterprise," Kate Jensen, Anthropic's head of revenue said at an event in New York City on Tuesday. "It's specifically built for financial analysts, and it's equipped for the nuance, accuracy and reasoning that you need to handle the complexity of your work."

Read more of this story at Slashdot.

Reddit has begun verifying users' ages in the UK to restrict access to "certain mature content" for minors, complying with the UK's Online Safety Act. The BBC reports: Reddit, known for its online communities and discussions, said that while it does not want to know who its audience is: "It would be helpful for our safety efforts to be able to confirm whether you are a child or an adult." Ofcom, the UK regulator, said: "We expect other companies to follow suit, or face enforcement if they fail to act." Reddit said that from 14 July, an outside firm called Persona will perform age verification for the social media platform either through an uploaded selfie or "a photo of your government ID," such as a passport. It said Reddit will not have access to the photo and will only retain a user's verification status and date of birth so people do not have to re-enter it each time they try to access restricted content. Reddit added that Persona "promises not to retain the picture for longer than seven days" and will not have access to a user's data on the site. The new rules in the UK come into force on 25 July. [...] Companies that fail to meet the rules face fines of up to 18 million pounds or 10% of worldwide revenue, "whichever is greater." [Ofcom] added that in the most serious cases, it can seek a court order for "business disruption measures," such as requiring payment providers or advertisers to withdraw their services from a platform, or requiring Internet Service Providers to block access to a site in the UK."

Read more of this story at Slashdot.

Plasma Bigscreen, KDE's TV-focused interface, is being revived after years of inactivity thanks to contributor Devin, who overhauled the UI, redesigned the Settings app, improved app launching, and updated key modules. While still in progress -- with features like HDMI-CEC remote support and a virtual keyboard pending -- the project aims to rejoin KDE's official Plasma release schedule, potentially in version 6.5. Neowin reports: If you have not heard of it, Plasma Bigscreen is a Plasma shell for televisions, with original support for the now-defunct Mycroft AI assistant. It used to provide a simple launcher for apps and custom "Mycroft Skills" before development stalled, causing most distributions to drop it. The project was left behind during the big transition to Plasma 6 last year because no one had ported it in time for the megarelease. After a friend of his started poking at the code, Devin stepped in to tackle the much-needed work. [...] For anyone who wants to test this out, you can do as Devin did by installing Plasma Bigscreen on a Raspberry Pi using postmarketOS, though you would have to compile it yourself or pull from the nightly repos to get the latest changes. Applications like Kodi and VacuumTube (smart TV version of YouTube) work well with remote navigation, and some games like SuperTuxKart are playable. Controller support exists, but getting TV remotes to work over HDMI CEC is still untested. The project is far from finished; it still needs an arrow-navigable virtual keyboard and a clearer long-term direction now that Mycroft is gone. Still, the goal is to get it back into the official Plasma release schedule, possibly for version 6.5.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Phoronix: Merged yesterday to the latest development code for the LibreOffice open-source office suite is now recognizing Bitcoin "BTC" as a supported currency for use within the Calc spreadsheet program and elsewhere within this cross-platform free software office suite. Stemming from a recent bug report requesting Bitcoin as an official currency option within LibreOffice Calc, the necessary additions are now in place so it's a built-in preset like USD and EUR. Thus easier managing of Bitcoin transactions and the like from within LibreOffice Calc.

Read more of this story at Slashdot.

U.S. prosecutors and the Commodity Futures Trading Commission (CFTC) have officially closed their investigations into Polymarket, the decentralized, blockchain-powered prediction market platform where users bet with real cryptocurrency on the outcomes of future events. "The DOJ was investigating Polymarket last year, reportedly for allowing U.S. users to place bets on the site despite Polymarket being required to block U.S. traders," reports CoinDesk. The FBI raided Polymarket CEO Shayne Coplan's Manhattan apartment last November, seizing his phone and electronic devices. A source close to the matter told The New York Post it was politically motivated due to Polymarket's successful prediction of Trump's election win. It's "grand political theater at its worst," the source said. "They could have asked his lawyer for any of these things. Instead, they staged a so-called raid so they can leak it to the media and use it for obvious political reasons."

Read more of this story at Slashdot.

BrianFagioli shares a report from NERDS.xyz: Blender 4.5 has arrived and it's a long-term support release. That means users get two full years of updates and bug fixes, making it a smart choice for anyone looking for stability in serious projects. Whether you're a solo artist or part of a studio pipeline, this version is built to last. Here's a list of key features and changes in this release: - Vulkan backend replaces OpenGL (faster, smoother UI) - Adaptive subdivision up to 14x faster with multithreading - New Geometry Nodes: Camera Info, Instance Bounds - GPU-accelerated compositor nodes with standardized inputs - New Boolean solver: Manifold (cleaner, faster mesh operations) - UV maps visible in Object Mode + improved selection behavior - Grease Pencil render pass and Geometry Nodes integration - Improved file import support: PLY, OBJ, STL, CSV, VDB - Deprecations: Collada, Big Endian, legacy .blend, Intel Mac support - Cycles OptiX now requires NVIDIA driver v535+ - New shader variants for add-on developers (POLYLINES_*, POINT_*) ~500 bug fixes across all major systems

Read more of this story at Slashdot.

An anonymous reader quotes a report from TorrentFreak: Internet service providers BT, Virgin Media, Sky, TalkTalk, EE, and Plusnet account for the majority of the UK's residential internet market and as a result, blocking injunctions previously obtained at the High Court often list these companies as respondents. These so-called "no fault' injunctions stopped being adversarial a long time ago; ISPs indicate in advance they won't contest a blocking order against various pirate sites, and typically that's good enough for the Court to issue an order with which they subsequently comply. For more than 15 years, this has led to blocking being carried out as close to users as possible, with ISPs' individual blocking measures doing the heavy lifting. A new wave of blocking targeting around 200 pirate site domains came into force yesterday but with the unexpected involvement of a significant new player. In the latest wave of blocking that seems to have come into force yesterday, close to 200 pirate domains requested by the Motion Picture Association were added to one of the longest pirate site blocking lists in the world. The big change is the unexpected involvement of Cloudflare, which for some users attempting to access the domains added yesterday, displays the [Error 451 -- Unavailable for Legal Reasons] notice ... As stated in the notice, Error 451 is returned when a domain is blocked for legal reasons, in this case reasons specific to the UK. [...] In this case there's no indication of who requested the blocking order, or the authority that issued it. However, from experience we know that the request was made by the studios of the Motion Picture Association and for the same reason the High Court in London was the issuing authority. [...] The issue lies with dynamic injunctions; while a list of domains will appear in the original order (which may or may not be made available), when the MPA concludes that other domains that appear subsequently are linked to the same order, those can be blocked too, but the details are only rarely made public. From information obtained independently, one candidate is an original order obtained in December 2022 which requested blocking of domains with well known pirate brands including 123movies, fmovies, soap2day, hurawatch, sflix, and onionplay. This leads directly to another unusual issue. The notice linked from Cloudflare doesn't directly concern Cloudflare. The studios sent the notice to Google after Google agreed to voluntarily remove those domains from its search indexes, if it was provided with a copy of relevant court orders. Notices like these were supplied and the domains were deindexed, and the practice has continued ever since. That raises questions about the nature of Cloudflare's involvement here and why it links to the order sent to Google; notices sent to Cloudflare are usually submitted to Lumen by Cloudflare itself. That doesn't appear to be the case here. "Domains blocked by Sky, BPI and others, don't appear to be affected," notes TorrentFreak. "All relate to sites targeted by the MPA, and the majority if not all trigger malware warnings of a very serious kind, either immediately upon visiting the sites, or shortly after." "At least in the short term, if Cloudflare is blocking a domain in the UK, moving on is strongly advised."

Read more of this story at Slashdot.

Many trains in the U.S. are vulnerable to a hack that can remotely lock a train's brakes, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the researcher who discovered the vulnerability. From a report:The railroad industry has known about the vulnerability for more than a decade but only recently began to fix it. Independent researcher Neil Smith first discovered the vulnerability, which can be exploited over radio frequencies, in 2012. "All of the knowledge to generate the exploit already exists on the internet. AI could even build it for you," Smith told 404 Media. "The physical aspect really only means that you could not exploit this over the internet from another country, you would need to be some physical distance from the train [so] that your signal is still received."

Read more of this story at Slashdot.

Perplexity CEO Aravind Srinivas warned young entrepreneurs that tech giants will "copy anything that's good" during a talk at Y Combinator's AI Startup School, telling founders they must "live with that fear." Srinivas said that companies raising tens of billions need to justify capital expenditures and search for new revenue streams. Perplexity pioneered web-crawling chatbots when it launched its answer engine in December 2022, but Google's Bard added internet-crawling three months later, followed by ChatGPT in May 2023 and Anthropic's Claude in March 2025. The competition has extended to browsers, with Perplexity launching its Comet browser on July 9 and Reuters reporting that OpenAI is developing a web browser to challenge Google Chrome. Perplexity's communications head Jesse Dwyer said larger companies will "drown your voice."

Read more of this story at Slashdot.

NIST: There's a new record holder for the most accurate clock in the world. Researchers at the National Institute of Standards and Technology (NIST) have improved their atomic clock based on a trapped aluminum ion. Part of the latest wave of optical atomic clocks, it can perform timekeeping with 19 decimal places of accuracy. Optical clocks are typically evaluated on two levels -- accuracy (how close a clock comes to measuring the ideal "true" time, also known as systematic uncertainty) and stability (how efficiently a clock can measure time, related to statistical uncertainty). This new record in accuracy comes out of 20 years of continuous improvement of the aluminum ion clock. Beyond its world-best accuracy, 41% greater than the previous record, this new clock is also 2.6 times more stable than any other ion clock. Reaching these levels has meant carefully improving every aspect of the clock, from the laser to the trap and the vacuum chamber. The team published its results in Physical Review Letters. "It's exciting to work on the most accurate clock ever," said Mason Marshall, NIST researcher and first author on the paper. "At NIST we get to carry out these long-term plans in precision measurement that can push the field of physics and our understanding of the world around us."

Read more of this story at Slashdot.

A survey of 500 IT asset managers in organizations that use Oracle Java has found that 73% have been audited in the last three years. From a report: At the same time, nearly eight out of 10 Oracle Java users said they had migrated, or planned to shift, to open source Java to try to avoid the risk and high costs of the dominant vendor's development and runtime environments. Oracle introduced a paid subscription for Java in September 2018, and in January 2023, it decided to switch its pricing model to per employee rather than per user, creating a steep price hike for many users. In July 2023, Gartner recorded users experiencing price increases of between two and five times when they switched to the new licensing model. Two years later, the survey conducted by market research firm Dimensional Research showed only 14% of Oracle Java users intended to stick with the vendor's subscription model.

Read more of this story at Slashdot.

Nearly half of young Americans feel unprepared for future jobs as AI reshapes the workforce faster than career guidance can adapt, according to a new study from the Schultz Family Foundation and HarrisX. The survey of thousands of workers aged 16-24, along with parents, counselors and employers, revealed differences between generations about job availability and requirements. While 71% of employers say sufficient opportunities exist, only 43% of young people agree. Parents rely on outdated personal experiences when advising children, with 79% drawing from their own career paths despite 66% believing their children should pursue different directions. Employers require at least one year of experience for 77% of entry-level positions while offering internships for just 38% of roles.

Read more of this story at Slashdot.

An anonymous reader shares a report: Hugging Face, a company with a multi-billion dollar valuation and one of the most commonly used platforms for sharing AI tools and resources, is hosting over 5,000 AI image generation models that are designed to recreate the likeness of real people. These models were all previously hosted on Civitai, an AI model sharing platform 404 Media reporting has shown was used for creating nonconsensual pornography, until Civitai banned them due to pressure from payment processors. Users downloaded the models from Civitai and reuploaded them to Hugging Face as part of a concerted community effort to archive the models after Civitai announced in May it will ban them. In that announcement, Civitai said it will give the people who originally uploaded them "a short period of time" before they were removed. Civitai users began organizing an archiving effort on Discord earlier in May after Civitai indicated it had to make content policy changes due to pressure from payment processors, and the effort kicked into high gear when Civitai announced the new "real people" model policy.

Read more of this story at Slashdot.

Candy Crush-maker King is cutting approximately 200 employees, with many positions filled by AI tools the departing workers helped develop, according to multiple sources who spoke anonymously to industry publication MobileGamer.biz. The layoffs heavily target level designers, user research staff, and UX and narrative writers across King's London, Barcelona, Stockholm, and Berlin studios. The London-based Farm Heroes Saga team faces cuts of roughly 50 people, including key leadership positions. "Most of level design has been wiped, which is crazy since they've spent months building tools to craft levels quicker," one staffer said. "Now those AI tools are basically replacing the teams."

Read more of this story at Slashdot.

Microsoft employs engineers in China to help maintain Defense Department computer systems, with U.S. citizens serving as "digital escorts" to oversee the foreign workers, according to a ProPublica investigation. The escorts often lack advanced technical expertise to police engineers with far more sophisticated skills, and some are former military personnel paid barely above minimum wage. "We're trusting that what they're doing isn't malicious, but we really can't tell," one current escort told the publication. The arrangement, critical to Microsoft winning federal cloud computing contracts a decade ago, handles sensitive but unclassified government data including materials that directly support military operations. Former CIA and NSA executive Harry Coker called the system a natural opportunity for spies, saying "If I were an operative, I would look at that as an avenue for extremely valuable access."

Read more of this story at Slashdot.