An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly."

The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."

The Washington Post's top standards editor Thursday decried "frustrating" errors in its new AI-generated personalized podcasts, whose launch has been met with distress by its journalists. From a report: Earlier this week, the Post announced that it was rolling out personalized AI-generated podcasts for users of the paper's mobile app. In a release, the paper said users will be able to choose preferred topics and AI hosts, and could "shape their own briefing, select their topics, set their lengths, pick their hosts and soon even ask questions using our Ask The Post AI technology."

But less than 48 hours since the product was released, people within the Post have flagged what four sources described as multiple mistakes in personalized podcasts. The errors have ranged from relatively minor pronunciation gaffes to significant changes to story content, like misattributing or inventing quotes and inserting commentary, such as interpreting a source's quotes as the paper's position on an issue.

According to four people familiar with the situation, the errors have alarmed senior newsroom leaders who have acknowledged in an internal Slack channel that the product's output is not living up to the paper's standards. In a message to other WaPo staff shared with Semafor, head of standards Karen Pensiero wrote that the errors have been "frustrating for all of us."

An anonymous reader quotes a report from Ars Technica: On Monday, research analyst MoffettNathanson released its "Cord-Cutting Monitor Q3 2025: Signs of Life?" report. It found that the pay TV operators, including cable companies, satellite companies, and virtual multichannel video programming distributors (vMVPDs) like YouTube TV and Fubo, added 303,000 net subscribers in Q3 2025. According to the report, "There are more linear video subscribers now than there were three months ago. That's the first time we've been able to say that since 2017."

In Q3 2017, MoffettNathanson reported that pay TV gained 318,000 net new subscribers. But since then, the industry's subscriber count has been declining, with 1,045,000 customers in Q2 2025, as depicted in the graph [here]. The world's largest vMVPD by subscriber count, YouTube TV, claimed 8 million subscribers in February 2024; some analysts estimate that number is now at 9.4 million. In its report, MoffettNathanson estimated that YouTube TV added 750,000 subscribers in Q3 2025, compared to 1 million in Q3 2024.

Traditional pay TV companies also contributed to the industry's unexpected growth by bundling its services with streaming subscriptions. Charter Communications offers bundles with nine streaming services, including Disney+, Hulu, and HBO Max. In Q3 2024, it saw net attrition of 294,000 customers, compared to about 70,000 in Q3 2025. Other cable companies have made similar moves. Comcast, for example, launched a streaming bundle with Netflix, Peacock, and Apple TV in May 2024. For Q3 2025, Comcast reported its best pay TV subscriber count in almost five years, which was a net loss of 257,000 customers. "Traditional pay TV -- i.e. cable and satellite -- still declined quarter over quarter in Q3, but again, by less," noted SteamTV Insider. "The [year-over-year] rate of attrition dropped from -12.4 percent to -10.2 percent over 12 months."

MoffettNathanson added: "Yes, Q3 saw a positive net add number for [pay TV for] the first time in eight years, but that positive result came in the year's seasonally strongest quarter. We're not yet close to seeing the category actually grow again..."

HBO Max's 4K debut of Mad Men was botched after Lionsgate reportedly supplied the wrong file, leading to visible crew members where someone is seen pumping a vomit hose. Ars Technica reports: Mad Men ran on the AMC channel for seven seasons from 2007 to 2015. The show had a vintage aesthetic, depicting the 1960s advertising industry in New York City. Last month, HBO Max announced it would modernize the show by debuting a 4K version. The show originally aired in SD and HD resolutions and had not been previously made available in 4K through other means, such as Blu-ray.

However, viewers were quick to spot problems with HBO Max's 4K Mad Men stream, the most egregious being visible crew members in the background of a scene. The episode was "Red in the Face" (Season 1, Episode 7), which was reportedly mislabeled. In it, Roger Sterling (John Slattery) throws up oysters. In the 4K version that was streaming on HBO Max, viewers could see someone pumping a vomit hose to make the fake puke flow.

The Hollywood Reporter, citing an anonymous source, said that the error happened because Mad Men production company Lionsgate gave HBO Max the wrong file. The publication reported that Lionsgate "was working on getting HBO Max the correct file(s)" and was readying to provide them at approximately 10 a.m. PT today. The blunder is likely to be fixed for all viewers soon. There were no problems with the HD versions of HBO Max's Mad Men stream.

An anonymous reader quotes a report from BleepingComputer: The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. The compromise became known when multiple users reported that Play Protect, Android's built-in antivirus module, blocked SmartTube on their devices and warned them of a risk.

The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app. Yuliskov revoked the old signature and said he would soon publish a new version with a separate app ID, urging users to move to that one instead. [...] A user who reverse-engineered the compromised SmartTube version number 30.51 found that it includes a hidden native library named libalphasdk.so [VirusTotal]. This library does not exist in the public source code, so it is being injected into release builds.

[...] The library runs silently in the background without user interaction, fingerprints the host device, registers it with a remote backend, and periodically sends metrics and retrieves configuration via an encrypted communications channel. All this happens without any visible indication to the user. While there's no evidence of malicious activity such as account theft or participation in DDoS botnets, the risk of enabling such activities at any time is high.

Microsoft has acknowledged that a recent Windows preview update, KB5064081, contains a bug that renders the password icon invisible on the lock screen, leaving users to click on what appears to be empty space to enter their credentials.

The issue affects Windows Insider channel users who installed the non-security preview update. The company's suggested workaround is straightforward if somewhat absurd: click where the button should be, and the password field will appear. Microsoft said it is working to resolve the issue.

Curiosity Stream, the decade-old science documentary streaming service founded by Discovery Channel's John Hendricks, expects its AI licensing business to generate more revenue than its 23 million subscribers by 2027 -- possibly earlier. The company's Q3 2025 earnings revealed a 41% year-over-year revenue increase, driven largely by deals licensing its content to train large language models. Year-to-date AI licensing brought in $23.4 million through September, already exceeding half of what the subscription business generated for all of 2024.

The streaming service's library contains 2 million hours of content, but the "overwhelming majority" is earmarked for AI licensing rather than subscriber viewing, CEO Clint Stinchcomb said during the earnings call. Curiosity Stream is licensing 300,000 hours of its own programming and 1.7 million hours of third-party content to hyperscalers and AI developers. The company has completed 18 AI-related deals across video, audio, and code assets.

In October cryptologist/CS professor Daniel J. Bernstein alleged that America's National Security Agency (and its UK counterpart GCHQ) were attempting to influence NIST to adopt weaker post-quantum cryptography standards without a "hybrid" approach that would've also included pre-quantum ECC.

Bernstein is of the opinion that "Given how many post-quantum proposals have been broken and the continuing flood of side-channel attacks, any competent engineering evaluation will conclude that the best way to deploy post-quantum [PQ] encryption for TLS, and for the Internet more broadly, is as double encryption: post-quantum cryptography on top of ECC." But he says he's seen it playing out differently: By 2013, NSA had a quarter-billion-dollar-a-year budget to "covertly influence and/or overtly leverage" systems to "make the systems in question exploitable"; in particular, to "influence policies, standards and specification for commercial public key technologies". NSA is quietly using stronger cryptography for the data it cares about, but meanwhile is spending money to promote a market for weakened cryptography, the same way that it successfully created decades of security failures by building up the market for, e.g., 40-bit RC4 and 512-bit RSA and Dual EC. I looked concretely at what was happening in IETF's TLS working group, compared to the consensus requirements for standards-development organizations. I reviewed how a call for "adoption" of an NSA-driven specification produced a variety of objections that weren't handled properly. ("Adoption" is a preliminary step before IETF standardization....) On 5 November 2025, the chairs issued "last call" for objections to publication of the document. The deadline for input is "2025-11-26", this coming Wednesday.
Bernstein also shares concerns about how the Internet Engineering Task Force is handling the discussion, and argues that the document is even "out of scope" for the IETF TLS working group This document doesn't serve any of the official goals in the TLS working group charter. Most importantly, this document is directly contrary to the "improve security" goal, so it would violate the charter even if it contributed to another goal... Half of the PQ proposals submitted to NIST in 2017 have been broken already... often with attacks having sufficiently low cost to demonstrate on readily available computer equipment. Further PQ software has been broken by implementation issues such as side-channel attacks.
He's also concerned about how that discussion is being handled: On 17 October 2025, they posted a "Notice of Moderation for Postings by D. J. Bernstein" saying that they would "moderate the postings of D. J. Bernstein for 30 days due to disruptive behavior effective immediately" and specifically that my postings "will be held for moderation and after confirmation by the TLS Chairs of being on topic and not disruptive, will be released to the list"...

I didn't send anything to the IETF TLS mailing list for 30 days after that. Yesterday [November 22nd] I finished writing up my new objection and sent that in. And, gee, after more than 24 hours it still hasn't appeared... Presumably the chairs "forgot" to flip the censorship button off after 30 days.
Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

Google confirmed in a statement Friday that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack. TechCrunch reports: On Thursday, Salesforce disclosed a breach of "certain customers' Salesforce data" -- without naming affected companies -- that was stolen via apps published by Gainsight, which provides a customer support platform to other companies.

In a statement, Austin Larsen, the principal threat analyst of Google Threat Intelligence Group, said that the company "is aware of more than 200 potentially affected Salesforce instances." After Salesforce announced the breach, the notorious and somewhat-nebulous hacking group known as Scattered Lapsus$ Hunters, which includes the ShinyHunters gang, claimed responsibility for the hacks in a Telegram channel, which TechCrunch has seen.

A federal judge in New York denied Disney's request to block Sling TV's short-term passes, which give viewers the ability to stream live content for as little as one day. From a report: In a ruling on Tuesday, US District Judge Arun Subramanian ruled that Disney didn't prove that Sling TV's passes caused "irreparable harm" to the entertainment giant, as reported earlier by Cord Cutters.

Disney sued Sling shortly after the live TV streaming service started allowing viewers to purchase temporary access to its library of channels, starting at a single payment of $4.99 for a one-day pass. Several channels included in the package are owned by Disney, including ESPN, ESPN2, ESPN3, and Disney Channel. In its lawsuit, Disney argued that the passes violate an agreement with Sling TV that says the service must give subscribers access to its content through monthly subscriptions.

However, Judge Subramanian argues that this claim isn't likely to succeed, as the contract doesn't stipulate a "minimum subscription length," adding that the agreement's "broad definition" of a subscriber "clearly covers users of the Passes."

Microsoft has rolled out a new preview build for Windows 11 Insiders in the Dev and Beta Channel this week that introduces a new toggle called 'experimental agentic features' that can be enabled or disabled in the Windows Settings app. From a report: According to Microsoft, this new toggle is designed to "allow agents to use new Windows agentic features." The company says the feature will work with AI-powered apps, which "help you automate everyday tasks -- like organizing files, scheduling meetings, or sending emails -- so you can spend less time on busy work and more time on what matters most. One powerful way apps are implementing AI today is by interacting with your apps and your files, using vision and advanced reasoning to click, type and scroll like a human would."

The setting in the Windows Setting says "When this setting is on, agents can use Windows agentic features." Features such as the recently announced Copilot Actions for Windows feature are going to take advantage of this new experimental agentic feature capability.

The PDF Association is adding JPEG XL (JXL) support to the PDF specification, giving the advanced image format a new path to relevance despite Google's decision to declare it obsolete and remove it from Chromium. The Register reports: Peter Wyatt, CTO of the PDF Association, said: "We need to adopt a new image [format] that can support HDR [High Dynamic Range] content ... we have picked JPEG XL as our preferred solution." Wyatt also praised other benefits of JXL including wide gamut images, ultra-high resolution support for images with more than 1 billion pixels, and up to 4099 channels with up to 32 bits per channel.

The association is responsible for developing PDF specifications and standards and manages the ISO committee for PDF. JPEG XL is an advanced image format that was designed to be both more efficient and richer in features than JPEG. It was based on a combination of the Free Lossless Image Format (FLIF) from Cloudinary and a Google project called PIK, first released in late 2020, and fully standardized in October 2021 as ISO/IEC 18181. There is a reference implementation called libjxl. A second edition of the ISO standard was published in 2024.

JXL appeared to have wide industry support, including experimental implementation in Chrome and Chromium, until it was killed by Google in October 2022 and removed from its web browser engine. The company stated that "there is not enough interest from the entire ecosystem to continue experimenting with JPEG XL." Many in the community disagreed with the decision, including FLIF inventor Jon Sneyers, who perceived it as the outcome of an internal battle between proponents of JXL and a rival format, AVIF. "AVIF proponents within Chrome are essentially being prosecutor, judge and executioner at the same time," he said.

DRAM contract prices surged 171.8% year-over-year as of the third quarter of 2025. The increase now exceeds the rate at which gold prices have climbed. ADATA chairman Chen Libai stated that the fourth quarter of 2025 will mark the beginning of a major DRAM bull market. He expects severe shortages to materialize in 2026.

Memory manufacturers have shifted production priorities toward datacenter-focused memory types like RDIMM and HBM. Consumer DDR5 production has declined as a result. A Corsair Vengeance RGB dual-channel DDR5 kit that sold for $91 dollars in July now costs a $183 dollars on Newegg. The pricing trend extends to NAND flash and hard drives. Analysts project the increases will persist for at least four years, matching the duration of supply contracts that some companies have signed with Samsung and SK Hynix.

An anonymous reader quotes a report from Variety: A news special on Britain's Channel 4 titled "Will AI Take My Job?" investigated how automation is reshaping the workplace and pitting humans against machines. At the end of the hour-long program, a major twist was revealed: the anchor, who narrates and appears throughout the telecast reporting from different locations, was entirely AI-generated.

In the final moments of the special, the host says: "AI is going to touch everybody's lives in the next few years. And for some, it will take their jobs. Call center workers? Customer service agents? Maybe even TV presenters like me. Because I'm not real. In a British TV first, I'm an AI presenter. Some of you might have guessed: I don't exist, I wasn't on location reporting this story. My image and voice were generated using AI."

The hour aired Monday at 8 p.m. as part of the "Dispatches" documentary program, which Channel 4 says is now the first British television show to feature an AI presenter. The "anchor" was produced by AI fashion brand Seraphinne Vallora for Kalel Productions and was guided by prompts to create a realistic on-camera performance. "The use of an AI presenter is not something we will be making a habit of at Channel 4 -- instead our focus in news and current affairs is on premium, fact checked, duly impartial and trusted journalism -- something AI is not capable of doing," said Louisa Compton, Channel 4's head of news and current affairs. "But this stunt does serve as a useful reminder of just how disruptive AI has the potential to be -- and how easy it is to hoodwink audiences with content they have no way of verifying."

An anonymous reader quotes a report from Wired: As you're hunting through real estate listings for a new home in Franklin, Tennessee, you come across a vertical video showing off expansive rooms featuring a four-poster bed, a fully stocked wine cellar, and a soaking tub. In the corner of the video, a smiling real estate agent narrates the walk-through of your dream home in a soothing tone. It looks perfect -- maybe a little too perfect. The catch? Everything in the video isAI-generated. The real property is completely empty, and the luxury furniture is a product of virtual staging. The realtor's voice-over and expressions were born from text prompts. Even the camera's slow pan over each room is orchestrated by AI, because there was no actual video camera involved.

Any real estate agent can create "exactly that, at home, in minutes," says Alok Gupta, a former product manager at Facebook and software engineer at Snapchat who cofounded AutoReel, an app that allows realtors to turn images from their property listings into videos. He said that between 500 and 1,000 new listing videos are being created with AutoReel every day, with realtors across the US and even in New Zealand and India using the technology to market thousands of properties. This is one of many AI tools, including more familiar ones like OpenAI's ChatGPT and Google's Gemini, that are quickly reshaping the real estate industry into something that isn't necessarily, well, real. "People that want to buy a house, they're going to make the largest investment of their lifetime," said Nathan Cool, a real estate photographer who runs an educational YouTube channel. "They don't want to be fooled before they ever arrive."

Hackers have been spreading malware through more than 3,000 YouTube videos advertising cracked software and game hacks, cybersecurity firm Check Point warned this week. The campaign, active since at least 2021, tripled its video production in 2025. The videos promoted free versions of Adobe Photoshop, FL Studio, Microsoft Office, and game cheats for titles like Roblox. Fake comments created the appearance of legitimacy, the researchers found.

Users who downloaded archives from Dropbox, Google Drive, or MediaFire were instructed to disable Windows Defender before opening files. The downloads contained malware including Lumma and Rhadamanthys, which steal passwords and cryptocurrency wallet information. The hackers hijacked existing accounts and created new ones. One compromised channel with 129,000 subscribers posted a cracked Photoshop video that reached 291,000 views. Another video for FL Studio received over 147,000 views.

An anonymous reader quotes a report from Ars Technica: AI content has proliferated across the Internet over the past few years, but those early confabulations with mutated hands have evolved into synthetic images and videos that can be hard to differentiate from reality. Having helped to create this problem, Google has some responsibility to keep AI video in check on YouTube. To that end, the company has started rolling out its promised likeness detection system for creators. [...] The likeness detection tool, which is similar to the site's copyright detection system, has now expanded beyond the initial small group of testers. YouTube says the first batch of eligible creators have been notified that they can use likeness detection, but interested parties will need to hand Google even more personal information to get protection from AI fakes.

Currently, likeness detection is a beta feature in limited testing, so not all creators will see it as an option in YouTube Studio. When it does appear, it will be tucked into the existing "Content detection" menu. In YouTube's demo video, the setup flow appears to assume the channel has only a single host whose likeness needs protection. That person must verify their identity, which requires a photo of a government ID and a video of their face. It's unclear why YouTube needs this data in addition to the videos people have already posted with their oh-so stealable faces, but rules are rules.

After signing up, YouTube will flag videos from other channels that appear to have the user's face. YouTube's algorithm can't know for sure what is and is not an AI video. So some of the face match results may be false positives from channels that have used a short clip under fair use guidelines. If creators do spot an AI fake, they can add some details and submit a report in a few minutes. If the video includes content copied from the creator's channel that does not adhere to fair use guidelines, YouTube suggests also submitting a copyright removal request. However, just because a person's likeness appears in an AI video does not necessarily mean YouTube will remove it.