Netflix's film division faces a fundamental mismatch between its subscription model and filmmakers' artistic ambitions, according to new data analysis examining a decade of original productions. The streamer's movies cost two to three times more than A24 films but consistently score lower across review aggregators. Netflix attracts established actors like Eddie Murphy and Cameron Diaz but struggles to retain acclaimed directors.

The typical Netflix director has less critical acclaim and shorter filmographies than theatrical counterparts despite handling larger budgets. Directors recently turned down Netflix's $150 million for Wuthering Heights and $50 million for Weapons, accepting lower offers from Warner Bros. that guaranteed theatrical releases. The Electric State cost Netflix $320 million in February 2025 and received a 30 Metacritic score and 14% on Rotten Tomatoes. Netflix's business model requires filling hours to justify $9.99 monthly subscriptions. Directors seek theatrical releases where audiences watch films in one sitting without checking phones.

University of Luxembourg mathematicians tested whether GPT-5 could extend a qualitative fourth-moment theorem to include explicit convergence rates, a previously unaddressed problem in the Malliavin-Stein framework. The September 2025 experiment, prompted by claims GPT-5 solved a convex optimization problem, revealed the AI made critical errors requiring constant human correction.

GPT-5 overlooked an essential covariance property easily deducible from provided documents. The researchers compared the experience to working with a junior assistant needing careful verification. They warned AI reliance during doctoral training risks students losing opportunities to develop fundamental mathematical skills through mistakes and exploration.

Slashdot reader Charlotte Web shared this report from the Register: Among the software developers who use Microsoft's GitHub, the most popular community discussion in the past 12 months has been a request for a way to block Copilot, the company's AI service, from generating issues and pull requests in code repositories. The second most popular discussion — where popularity is measured in upvotes — is a bug report that seeks a fix for the inability of users to disable Copilot code reviews. Both of these questions, the first opened in May and the second opened a month ago, remain unanswered, despite an abundance of comments critical of generative AI and Copilot...

The author of the first, developer Andi McClure, published a similar request to Microsoft's Visual Studio Code repository in January, objecting to the reappearance of a Copilot icon in VS Code after she had uninstalled the Copilot extension... "I've been for a while now filing issues in the GitHub Community feedback area when Copilot intrudes on my GitHub usage," McClure told The Register in an email. "I deeply resent that on top of Copilot seemingly training itself on my GitHub-posted code in violation of my licenses, GitHub wants me to look at (effectively) ads for this project I will never touch. If something's bothering me, I don't see a reason to stay quiet about it. I think part of how we get pushed into things we collectively don't want is because we stay quiet about it."

It's not just the burden of responding to AI slop, an ongoing issue for Curl maintainer Daniel Stenberg. It's the permissionless copying and regurgitation of speculation as fact, mitigated only by small print disclaimers that generative AI may produce inaccurate results. It's also GitHub's disavowal of liability if Copilot code suggestions happen to have reproduced source code that requires attribution. It's what the Servo project characterizes in its ban on AI code contributions as the lack of code correctness guarantees, copyright issues, and ethical concerns. Similar objections have been used to justify AI code bans in GNOME's Loupe project, FreeBSD, Gentoo, NetBSD, and QEMU... Calls to shun Microsoft and GitHub go back a long way in the open source community, but moved beyond simmering dissatisfaction in 2022 when the Software Freedom Conservancy (SFC) urged free software supporters to give up GitHub, a position SFC policy fellow Bradley M. Kuhn recently reiterated.
McClure says In the last six months their posts have drawn more community support — and tells the Register there's been a second change in how people see GitHub within the last month. After GitHub moved from a distinct subsidiary to part of Microsoft's CoreAI group, "it seems to have galvanized the open source community from just complaining about Copilot to now actively moving away from GitHub."

Announced this week at RustConf 2025 in Seattle, the new Rust Innovation Lab will offer open source projects "the opportunity to receive fiscal sponsorship from the Rust Foundation, including governance, legal, networking, marketing, and administrative support."

And their first project will be the TLS library Rustls (for cryptographic security), which they say "demonstrates Rust's ability to deliver both security and performance in one of the most sensitive areas of modern software infrastructure." Choosing Rustls "underscores the lab's focus on infrastructure-critical tools, where reliability is paramount," argues explains WebProNews. But "Looking ahead, the foundation plans to expand the lab's portfolio, inviting applications from promising Rust initiatives. This could catalyze innovations in areas like embedded systems and blockchain, where Rust's efficiency shines."

Their article notes that the Rust Foundation "sees the lab as a way to accelerate innovation while mitigating the operational burdens that often hinder open-source development." [T]he Foundation aims to provide a stable, neutral environment for select Rust endeavors, complete with governance oversight, legal and administrative backing, and fiscal sponsorship... At its core, the Rust Innovation Lab addresses a growing need within the developer community for structured support amid Rust's rising adoption in sectors like systems programming and web infrastructure. By offering a "home" for projects that might otherwise struggle with sustainability, the lab ensures continuity and scalability. This comes at a time when Rust's memory safety features are drawing attention from major tech firms, including those in cloud computing and cybersecurity, as a counter to vulnerabilities plaguing languages like C++...

Industry observers note that such fiscal sponsorship could prove transformative, enabling projects to secure funding from diverse sources while maintaining independence. The Rust Foundation's involvement ensures compliance with best practices, potentially attracting more corporate backers wary of fragmented open-source efforts... By providing a neutral venue, the foundation aims to prevent the pitfalls seen in other ecosystems, such as project abandonment due to maintainer burnout or legal entanglements... For industry insiders, the Rust Innovation Lab represents a strategic evolution, potentially accelerating Rust's integration into mission-critical systems.

An anonymous reader quotes a report from the Associated Press: LSD reduced symptoms of anxiety in a midstage study published Thursday, paving the way for additional testing and possible medical approval of a psychedelic drug that has been banned in the U.S. for more than a half century. The results from drugmaker Mindmed tested several doses of LSD in patients with moderate-to-severe generalized anxiety disorder, with the benefits lasting as long as three months. The company plans to conduct follow-up studies to confirm the results and then apply for Food and Drug Administration approval. [...]

For the study, researchers measured anxiety symptoms in nearly 200 patients who randomly received one of four doses of LSD or a placebo. The main aim was to find the optimal dose of the drug, which can cause intense visual hallucinations and occasionally feelings of panic or paranoia. At four weeks, patients receiving the two highest doses had significantly lower anxiety scores than those who received placebo or lower doses. After 12 weeks, 65% of patients taking the most effective LSD dose -- 100 micrograms -- continued to show benefits and nearly 50% were deemed to be in remission. The most common side effects included hallucinations, nausea and headaches.

Patients who got dummy pills also improved -- a common phenomenon in psychedelic and psychiatric studies -- but their changes were less than half the size those getting the real drug. The research was not immune to problems seen in similar studies. Most patients were able to correctly guess whether they'd received LSD or a dummy pill, undercutting the "blinded" approach that's considered critical to objectively establishing the benefits of a new medicine. In addition, a significant portion of patients in both the placebo and treatment groups dropped out early, narrowing the final data set. It also wasn't clear how long patients might continue to benefit. If the two trials are successful, Mindmed will submit them for FDA approval.

"It's possible that some people may need retreatment," said Dr. Maurizio Fava of Mass General Brigham Hospital, the study's lead author and an adviser to Mindmed. "How many retreatments, we don't know yet, but the long-lasting effect is quite significant."

The study has been published in the Journal of the American Medical Association.

Longtime Slashdot reader sinij shares a report from CBC News: Prime Minister Mark Carney is delaying a plan to force automakers to hit minimum sales levels for electric vehicles. The move is part of a series of measures the government announced Friday to help the sectors most affected by U.S. President Donald Trump's tariffs. The EV mandate will be paused as the government conducts a 60-day review of the policy, and will be waived for 2026 models. Sources told CBC News that the review will look at the entire mandate and next steps.

"We have an auto sector which, because of the massive change in U.S. policy, is under extreme pressure. We recognize that," Carney said at a news conference in Mississauga, Ont. "They've got enough on their plate right now. So we're taking that off." The government is using the review as part of broader look at all the government's climate measures, he added. [...]

Brian Kingston, president of the Canadian Vehicle Manufacturers' Association, called it "an important first step." "The EV mandate imposes unsustainable costs on auto manufacturers, putting at risk Canadian jobs and investment in this critical sector of the economy," he said in a statement. "A full repeal of the regulation is the most effective way to provide immediate relief to the industry and keep it competitive."

The SAT is billed as "a great way to find out how prepared students are for college." If that's true, recent changes to its format offer an unflattering assessment of the country's aspiring scholars, Bloomberg's editorial board wrote Wednesday. From the piece: [...] Then the pandemic hit. As in-person exams became impractical, hundreds of schools dropped their testing requirements. The SAT and its main competitor, the ACT, lost millions of dollars in revenue. Although both recently started offering digital options, schools have been slow to reinstate their requirements. Today, more than 80% of schools remain test-optional.

"If students are deciding to take a test," as one College Board executive put it, "how do we make the SAT the one they want to take?" To anyone familiar with American teenagers, the company's answer should come as no surprise: Make the test easier. The newly digitized format allows a calculator for the entire math section and drastically cuts reading comprehension. Gone are the 500- to 750-word passages about which students would answer a series of questions. Instead, test takers read 25- to 150-word excerpts -- about the length of a social media post -- and answer a single question about each.

[...] An effort by the College Board to reemphasize the benefits of deep reading -- for critical thinking, for self-reflection, for learning of all kinds -- might go a long way toward restoring some balance. It should build on efforts to incorporate college prep into school curricula, work with districts to develop coursework that builds reading stamina for all test takers, and consider reducing the cost of its subject-specific Advanced Placement exams that continue to test these skills (now $99), in line with the SAT ($68). Schools, for their part, should recommit to teaching books in their entirety.

An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly.

In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted. [...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.

An anonymous reader shares a report: Amazon doubled its Prime Day discount sales to four days this year and touted blowout numbers days after the event. But by one critical metric, it missed the mark. Sign-ups in the U.S. failed to meet last year's total and even the company's own target, according to internal company data reviewed by Reuters.

The world's largest online retailer registered 5.4 million U.S. sign-ups over the 21-day run-up to Prime Day and its four-day sales event from July 8 to July 11. That was around 116,000 fewer than for the same period a year earlier and 106,000 below the company's own goal, a roughly 2% decline in both metrics.

Remember those Harvard dropouts who built smart glasses for covert facial recognition — and then raised $1 million to develop AI-powered glasses to continuously listen to conversations and display its insights?

"People Are REALLY Mad," writes Futurism, noting that some social media users "have responded with horror and outrage." One of its selling points is that the specs don't come with a visual indicator that lights up to let people know when they're being recorded, which is a feature that Meta's smart glasses do currently have. "People don't want this," wrote Whitney Merill, a privacy lawyer. "Wanting this is not normal. It's weird...."

[S]ome mocked the deleterious effects this could have on our already smartphone-addicted, brainrotted cerebrums. "I look forward to professional conversations with people who just read robot fever dream hallucinations at me in response to my technical and policy questions," one user mused.
The co-founder of the company told TechCrunch their glasses would be the "first real step towards vibe thinking."

But there's already millions of other smart glasses out in the world, and they're now drawing a backlash, reports the Washington Post, citing the millions of people viewing "a stream of other critical videos" about Meta's smart glasses.

The article argues that Generation Z, "who grew up in an internet era defined by poor personal privacy, are at the forefront of a new backlash against smart glasses' intrusion into everyday life..." Opal Nelson, a 22-year-old in New York, said the more she learns about smart glasses, the angrier she becomes. Meta Ray-Bans have a light that turns on when the gadget is recording video, but she said it doesn't seem to protect people from being recorded without consent... "And now there's more and more tutorials showing people how to cover up the [warning light] and still allow you to record," Nelson said. In one such tutorial with more than 900,000 views, a man claims to explain how to cover the warning light on Meta Ray-Bans without triggering the sensor that prevents the device from secretly recording.
One 26-year-old attracted 10 million views to their video on TikTok about the spread of Meta's photography-capable smart glasses. "People specifically in my generation are pretty concerned about the future of technology," the told the Post, "and what that means for all of us and our privacy."

The article cites figures from a devices analyst at IDC who estimates U.S. sales for Meta Ray-Bans will hit 4 million units by the end of 2025, compared to 1.2 million in 2024.

An anonymous reader quotes a report from The Guardian: The collapse of a critical Atlantic current can no longer be considered a low-likelihood event, a study has concluded, making deep cuts to fossil fuel emissions even more urgent to avoid the catastrophic impact. The Atlantic meridional overturning circulation (Amoc) is a major part of the global climate system. It brings sun-warmed tropical water to Europe and the Arctic, where it cools and sinks to form a deep return current. The Amoc was already known to be at its weakest in 1,600 years as a result of the climate crisis.

Climate models recently indicated that a collapse before 2100 was unlikely but the new analysis examined models that were run for longer, to 2300 and 2500. These show the tipping point that makes an Amoc shutdown inevitable is likely to be passed within a few decades, but that the collapse itself may not happen until 50 to 100 years later. The research found that if carbon emissions continued to rise, 70% of the model runs led to collapse, while an intermediate level of emissions resulted in collapse in 37% of the models. Even in the case of low future emissions, an Amoc shutdown happened in 25% of the models.

Scientists have warned previously that Amoc collapse must be avoided "at all costs." It would shift the tropical rainfall belt on which many millions of people rely to grow their food, plunge western Europe into extreme cold winters and summer droughts, and add 50cm to already rising sea levels. The new results are "quite shocking, because I used to say that the chance of Amoc collapsing as a result of global warming was less than 10%," said Prof Stefan Rahmstorf, at the Potsdam Institute for Climate Impact Research in Germany, who was part of the study team. "Now even in a low-emission scenario, sticking to the Paris agreement, it looks like it may be more like 25%. "These numbers are not very certain, but we are talking about a matter of risk assessment where even a 10% chance of an Amoc collapse would be far too high," added Rahmstorf. "We found that the tipping point where the shutdown becomes inevitable is probably in the next 10 to 20 years or so. That is quite a shocking finding as well and why we have to act really fast in cutting down emissions."

"Observations in the deep [far North Atlantic] already show a downward trend over the past five to 10 years, consistent with the models' projections," said Prof Sybren Drijfhout, at the Royal Netherlands Meteorological Institute, who was also part of the team. "Even in some intermediate and low-emission scenarios, the Amoc slows drastically by 2100 and completely shuts off thereafter. That shows the shutdown risk is more serious than many people realize."

The findings have been published in the journal Environmental Research Letters.

An anonymous reader quotes a report from TechCrunch: SpaceX has long marketed Starship as a fully and rapidly reusable rocket that's designed to deliver thousands of pounds of cargo to Mars and make life multiplanetary. But reusability at scale means a space vehicle that can tolerate mishaps and faults, so that a single failure doesn't spell a mission-ending catastrophe. The 10th test flight on Tuesday evening demonstrated SpaceX's focus on fault tolerance. In a post-flight update, SpaceX said the test stressed "the limits of vehicle capabilities." Understanding these edges will be critical for the company's plans to eventually use Starship to launch Starlink satellites, commercial payloads, and eventually astronauts.

When the massive Starship rocket lifted off on its 10th test flight Tuesday evening, SpaceX did more than achieve new milestones. It purposefully introduced several faults to test the heat shield, propulsion redundancy, and the relighting of its Raptor engine. The heat shield is among the toughest engineering challenges facing SpaceX. As Elon Musk acknowledged on X in May 2024, a reusable orbital return heat shield is the "biggest remaining problem" to 100% rocket reusability. The belly of the upper stage, also called Starship, is covered in thousands of hexagonal ceramic and metallic tiles, which make up the heat shield. Flight 10 was all about learning how much damage the ship can accept and survive when it goes through atmospheric heating. During the tenth test, engineers intentionally removed tiles from some sections of the ship, and experimented with a new type of actively cooled tile, to gather real-world data and refine designs. [...]

Propulsion redundancy was also put to the test. The Super Heavy booster's landing burn configuration appeared to be a rehearsal for engine failure. Engineers intentionally disabled one of the three center Raptor engines during the final phase of the burn and used a backup engine in its place. That was a successful rehearsal for an engine-out event. Finally, SpaceX reported the in-space relight of a Raptor engine, described on the launch broadcast as the second time SpaceX has pulled this off. Reliable engine restarts will be necessary for deep-space missions, propellant transfers, and possibly some payload deployment missions. [...] The next step is translating Flight 10 data into future hardware upgrades to move closer to routine operations and days when, as Musk envisioned, "Starship launches more than 24 times in 24 hours."

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.

Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.

While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]

Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

An anonymous reader shares a report: Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple. You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

The paper also offers a "logit-gap" analysis approach as a potential benchmark for protecting models against such attacks. "Our research introduces a critical concept: the refusal-affirmation logit gap," researchers Tung-Ling "Tony" Li and Hongliang Liu explained in a Unit 42 blog post. "This refers to the idea that the training process isn't actually eliminating the potential for a harmful response -- it's just making it less likely. There remains potential for an attacker to 'close the gap,' and uncover a harmful response after all."

An anonymous reader quotes a report from ScienceAlert: A genetically modified pig lung transplanted into a brain-dead human patient functioned for nine days in a new achievement that reveals both the promise and significant challenges of xenotransplantation. Over the course of the experiment, the patient showed increasing signs of organ rejection before scientists at the First Affiliated Hospital of Guangzhou Medical University in China terminated the experiment, allowing the recipient to pass away. It's the first time a pig lung has been transplanted into a human patient, demonstrating a significant step forward, and giving scientists new problems to solve as they develop this emerging medical technique further. [...]

The goal of the experiment was not to achieve a successful transplantation on the first try -- that would have been pretty incredible, but not a realistic expectation. Rather, the researchers wanted to observe how the patient's immune system responded to the transplanted organ. The patient was a 39-year-old man who was declared brain-dead by four separate clinical assessments after undergoing a brain hemorrhage. His family provided written informed consent for the experiment. The donor pig is what is known as a six-gene-edited pig, a Bama miniature pig with six CRISPR gene edits, housed in an isolated facility with rigorous disinfection protocols. These edits are all focused on minimizing the immune and inflammatory responses of the patient.

In a careful surgical procedure, the pig's left lung was placed into the patient's chest cavity, and connected to their airways, arteries, and veins. The paper does not explain the fate of the pig, but donor pigs do not typically survive the removal of a major organ. The patient was also treated with a number of immunosuppressants that the researchers adjusted according to changes observed in the patient's body over time. Initially, all seemed well, with none of the immediate signs of hyperacute rejection in the critical few hours following the procedure. However, by 24 hours after the transplant had taken place, severe swelling (edema) was observed, possibly as a result of blood flow being restored to the area of the transplant. Antibody-mediated rejection damaged the tissue further on days three and six of the experiment. The result of the damage was primary graft dysfunction, a type of severe lung injury occurring within 72 hours of a transplant, and the leading cause of death in lung transplant patients. Some recovery was taking place by day nine, but the experiment had run its course. The research has been published in Nature Medicine.

Security researchers have uncovered critical vulnerabilities in Perplexity's Comet browser that enable attackers to hijack user accounts and execute malicious code through the browser's AI summarization features. The flaws, discovered independently by Brave and Guardio Labs, exploit indirect prompt injection attacks that bypass traditional web security mechanisms when users request webpage summaries.

Brave demonstrated account takeover through a malicious Reddit post that compromised Perplexity accounts when summarized. The vulnerability allows attackers to embed commands in webpage content that the browser's large language model executes with full user privileges across authenticated sessions.

Guardio's testing found the browser would complete phishing transactions and prompt users for banking credentials without warning indicators. The paid browser, available to Perplexity Pro and Enterprise Pro subscribers since July, processes untrusted webpage content without distinguishing between legitimate instructions and attacker payloads.

The Hill reports: Russian state-sponsored hackers have targeted thousands of networking devices associated with U.S. critical infrastructure sectors over the past year, the FBI warned Wednesday. The cyber actors are associated with the Russian Federal Security Service's (FSB) Center 16 and have taken aim at a vulnerability in certain Cisco devices, according to an agency public service announcement.

In some cases, hackers have been able to modify configuration files to enable unauthorized access, which they have used to conduct reconnaissance on networks. This has "revealed their interest in protocols and applications commonly associated with industrial control systems," the FBI said.

Cisco's threat intelligence research arm, Talos, explained in a separate advisory that a subcluster of this group, which it has named "Static Tundra," is targeting a seven-year-old vulnerability in the company's Smart Install feature. The firm has offered a patch for the vulnerability, but it remains a problem in unpatched and end-of-life network devices, it warned.
"Once they establish initial access to a network device, Static Tundra will pivot further into the target environment, compromising additional network devices and establishing channels for long-term persistence and information gathering," warns the Talos blog. "This is demonstrated by the group's ability to maintain access in target environments for multiple years without being detected."

In a statement emailed to The Register, a Cisco spokesperson "said the company is aware of ongoing exploitation targeting this flaw." "We strongly urge customers to immediately upgrade to fixed software versions as outlined in the security advisory and follow our published security best practices," the spokesperson said, directing customers to the FBI's announcement and Cisco Talos blog for additional details.

The ongoing campaign targets telecommunications, higher education, and manufacturing organizations across North America, Asia, Africa, and Europe, "with victims selected based on their strategic interest to the Russian government," according to Talos researchers Sara McBroom and Brandon White. "We assess that the purpose of this campaign is to compromise and extract device configuration information en masse, which can later be leveraged as needed based on then-current strategic goals and interests of the Russian government," McBroom and White wrote.

And while both security alerts focus on the FSB's latest round of network intrusions, "many other state-sponsored actors also covet the access these devices afford," the Talos team warned. "Organizations should be aware that other advanced persistent threats (APTs) are likely prioritizing carrying out similar operations as well."
Some context from Hot Hardware: Cisco indicated in its advisory that "Only Smart Install client switches are affected by the vulnerability". The list of affected devices is in Table A-1 here. For a successful attack, hackers exploit a vulnerability tracked as CVE-2018-0171. This was a vulnerability that was patched way back in 2018.

The U.S. government's 10% stake in Intel "is a mistake," writes the Washington Post's editorial board, calling Intel "an aging also-ran in critical markets" that "has spent recent years stumbling on execution and missing one strategic opportunity after another."

But TechCrunch points out that the U.S. government "does not appear to be committing new funds. Instead, it's simply making good on what Intel described as 'grants previously awarded, but not yet paid, to Intel.'" Specifically, the $8.9 billion is supposed to come from $5.7 billion awarded-but-not-paid to Intel under the Biden administration's CHIPS Act, as well as $3.2 billion also awarded by the Biden administration through the Secure Enclave program. In a post on his social network Truth Social, Trump wrote, "The United States paid nothing for these shares..." Trump has been critical of the CHIPS Act, calling it a "horrible, horrible thing" and calling on House Speaker Mike Johnson to "get rid" of it...

According to The New York Times, some bankers and lawyers believe the CHIPS Act may not allow the government to convert its grants to equity, opening this deal to potential legal challenges.
Reuters writes that the money "will not be enough for its contract-chipmaking business to flourish, analysts said. Intel still needs external customers for its cutting-edge 14A manufacturing process to go to production, says Summit Insights analyst Kinngai Chan, "to make its foundry arm economically viable." "We don't think any government investment will change the fate of its foundry arm if they cannot secure enough customers..."

Reuters has reported that Intel's current 18A process — less advanced than 14A — is facing problems with yield, the measure of how many chips printed are good enough to make available to customers. Large chip factories including TSMC swallow the cost of poor yields during the first iterations of the process when working with customers like Apple. For Intel, which reported net losses for six straight quarters, that's hard to do and still turn a profit. "If the yield is bad then new customers won't use Intel Foundry, so it really won't fix the technical aspect of the company," said Ryuta Makino, analyst at Gabelli Funds, which holds Intel stock.

Makino, who believes that Intel can ultimately produce chips at optimal yields, views the deal as a net negative for Intel compared with just receiving the funding under the CHIPS Act as originally promised under the Biden Administration. "This isn't free money," he said. The federal government will not take a seat on Intel's board and has agreed to vote with the company's board on matters that need shareholder approval, Intel said. But this voting agreement comes with "limited exceptions" and the government is getting Intel's shares at a 17.5% discount to their closing price on Friday. The stake will make the U.S. government Intel's biggest shareholder, though neither Trump nor Intel disclosed when the transaction would happen...

Some analysts say Intel could benefit from the government's support, including in building out factories. Intel has said it is investing more than $100 billion to expand its U.S. factories and expects to begin high-volume chip production later this year at its Arizona plant. "To have access to capital and a new partial owner that wants to see you succeed are both important," said Peter Tuz, president of Chase Investment Counsel.

alternative_right shares a report from Phys.org: All the critical minerals the U.S. needs annually for energy, defense and technology applications are already being mined at existing U.S. facilities, according to a new analysis published in the journal Science. The catch? These minerals, such as cobalt, lithium, gallium and rare earth elements like neodymium and yttrium, are currently being discarded as tailings of other mineral streams like gold and zinc, said Elizabeth Holley, associate professor of mining engineering at Colorado School of Mines and lead author of the new paper.

To conduct the analysis, Holley and her team built a database of annual production from federally permitted metal mines in the U.S. They used a statistical resampling technique to pair these data with the geochemical concentrations of critical minerals in ores, recently compiled by the U.S. Geological Survey, Geoscience Australia and the Geologic Survey of Canada. Using this approach, Holley's team was able to estimate the quantities of critical minerals being mined and processed every year at U.S. metal mines but not being recovered. Instead, these valuable minerals are ending up as discarded tailings that must be stored and monitored to prevent environmental contamination.

The analysis looks at a total of 70 elements used in applications ranging from consumer electronics like cell phones to medical devices to satellites to renewable energy to fighter jets and shows that unrecovered byproducts from other U.S. mines could meet the demand for all but two -- platinum and palladium. Among the elements included in the analysis are:
- Cobalt (Co): The lustrous bluish-gray metal, a key component in electric car batteries, is a byproduct of nickel and copper mining. Recovering less than 10% of the cobalt currently being mined and processed but not recovered would be more than enough to fuel the entire U.S. battery market.
- Germanium (Ge): The brittle silvery-white semi-metal used for electronics and infrared optics, including sensors on missiles and defense satellites, is present in zinc and molybdenum mines. If the U.S. recovered less than 1% of the germanium currently mined and processed but not recovered from U.S. mines, it would not have to import any germanium to meet industry needs.

Google has released (PDF) a new analysis of its AI's environmental impact, showing that it has cut the energy use of AI text queries by a factor of 33 over the past year. Each prompt now consumes about 0.24 watt-hours -- the equivalent of watching nine seconds of TV. An anonymous reader shares an excerpt from an Ars Technica article: "We estimate the median Gemini Apps text prompt uses 0.24 watt-hours of energy, emits 0.03 grams of carbon dioxide equivalent (gCO2e), and consumes 0.26 milliliters (or about five drops) of water," they conclude. To put that in context, they estimate that the energy use is similar to about nine seconds of TV viewing. The bad news is that the volume of requests is undoubtedly very high. The company has chosen to execute an AI operation with every single search request, a compute demand that simply didn't exist a couple of years ago. So, while the individual impact is small, the cumulative cost is likely to be considerable.

The good news? Just a year ago, it would have been far, far worse. Some of this is just down to circumstances. With the boom in solar power in the US and elsewhere, it has gotten easier for Google to arrange for renewable power. As a result, the carbon emissions per unit of energy consumed saw a 1.4x reduction over the past year. But the biggest wins have been on the software side, where different approaches have led to a 33x reduction in energy consumed per prompt.

The Google team describes a number of optimizations the company has made that contribute to this. One is an approach termed Mixture-of-Experts, which involves figuring out how to only activate the portion of an AI model needed to handle specific requests, which can drop computational needs by a factor of 10 to 100. They've developed a number of compact versions of their main model, which also reduce the computational load. Data center management also plays a role, as the company can make sure that any active hardware is fully utilized, while allowing the rest to stay in a low-power state.

The other thing is that Google designs its own custom AI accelerators, and it architects the software that runs on them, allowing it to optimize both sides of the hardware/software divide to operate well with each other. That's especially critical given that activity on the AI accelerators accounts for over half of the total energy use of a query. Google also has lots of experience running efficient data centers that carries over to the experience with AI. The result of all this is that it estimates that the energy consumption of a typical text query has gone down by 33x in the last year alone.