Benj Edwards reports via Ars Technica: In a move that marks the end of an era, New Mexico State University (NMSU) recently announced the impending closure of its Hobbes OS/2 Archive on April 15, 2024. For over three decades, the archive has been a key resource for users of the IBM OS/2 operating system and its successors, which once competed fiercely with Microsoft Windows. In a statement made to The Register, a representative of NMSU wrote, "We have made the difficult decision to no longer host these files on hobbes.nmsu.edu. Although I am unable to go into specifics, we had to evaluate our priorities and had to make the difficult decision to discontinue the service."

Hobbes is hosted by the Department of Information & Communication Technologies at New Mexico State University in Las Cruces, New Mexico. In the official announcement, the site reads, "After many years of service, hobbes.nmsu.edu will be decommissioned and will no longer be available. As of April 15th, 2024, this site will no longer exist." The earliest record we've found of the Hobbes archive online is this 1992 Walnut Creek CD-ROM collection that gathered up the contents of the archive for offline distribution. At around 32 years old, minimum, that makes Hobbes one of the oldest software archives on the Internet, akin to the University of Michigan's archives and ibiblio at UNC.

Remember that cheery corporate video Internet Brands tried announcing their new (non-negotiable) hybrid return-to-office policy (with the festive song "Iko Iko" playing in the background)? They've now pulled the video from Vimeo.

Could that signal a larger shift in attitudes about working from home? The Washington Post reports: Now, new research from the Katz Graduate School of Business at the University of Pittsburgh suggests that office mandates may not help companies' financial performances, but they can make workers less satisfied with their jobs and work-life balance... "We will not get back to the time when as many people will be happy working from the office the way they were before the pandemic," said Mark Ma, co-author of the study and associate professor at the Katz Graduate School of Business. Additionally, mandates make workers less happy, therefore less productive and more likely to look for a new job, he said.

The study analyzed a sample of Standard & Poor's 500 firms to explore the effects of office mandates, including average change in quarterly results and company stock price. Those results were compared with changes at companies without office mandates. The outcome showed the mandates made no difference. Firms with mandates did not experience financial boosts compared with those without. The sample covered 457 firms and 4,455 quarterly observations between June 2019 and January 2023...

"There are compliance issues universally," said Prithwiraj Choudhury, a Harvard Business School professor who studies remote work. "Some companies are issuing veiled threats about promotions and salary increases ... which is unfortunate because this is your talent pool, your most valuable resource...." Rather than grappling with mandates as a means of boosting productivity, companies should instead focus on structuring their policies on a team basis, said Choudhury of Harvard. That means not only understanding the frequency and venue in which teams would be most productive in-person, but also ensuring that in-person days are structured for more collaboration. Requiring employees to work in-office to boost productivity in general has yet to prove itself out, he added.

"Return-to-office is just a knee-jerk reaction trying to make the world go back to where it was instead of recognizing this as a point for fundamental transformation," he said. "I call them return-to-the-past mandates."
The article cites US Bureau of Labor Statics showing movement in the other directionRoughly 78% of workers ages 16 and older "worked entirely on-site in December 2023, down from 81% a year earlier" — and for tech workers only 34% worked entirely on-site last month compared with 38% last year.

"Still, some companies are going all in on mandates, reminding workers and sometimes threatening promotions and job security for noncompliance. Leaders are unlikely to backtrack on mandates once they have been implemented because that could be viewed as admitting they made a mistake, said Ma."

"Bell Labs, the historic headwaters of so many inventions that now define our digital age, is closing in Murray Hill," writes journalism professor Jeff Jarvis (in an op-ed for New Jersey's Star-Ledger newspaper).

"The Labs should be preserved as a historic site and more." I propose that Bell Labs be opened to the public as a museum and school of the internet.

The internet would not be possible without the technologies forged at Bell Labs: the transistor, the laser, information theory, Unix, communications satellites, fiber optics, advances in chip design, cellular phones, compression, microphones, talkies, the first digital art, and artificial intelligence — not to mention, of course, many advances in networks and the telephone, including the precursor to the device we all carry and communicate with today: the Picturephone, displayed as a futuristic fantasy at the 1964 World's Fair.

There is no museum of the internet. Silicon Valley has its Computer History Museum. New York has museums for television and the moving image. Massachusetts boasts a charming Museum of Printing. Search Google for a museum of the internet and you'll find amusing digital artifacts, but nowhere to immerse oneself in and study this immensely impactful institution in society.

Where better to house a museum devoted to the internet than New Jersey, home not only of Bell Labs but also at one time the headquarters of the communications empire, AT&T, our Ma Bell...? The old Bell Labs could be more than a museum, preserving and explaining the advances that led to the internet. It could be a school... Imagine if Bell Labs were a place where scholars and students in many disciplines — technologies, yes, but also anthropology, sociology, psychology, history, ethics, economics, community studies, design — could gather to teach and learn, discuss and research.
The text of Jarvis's piece is behind subscription walls, but has apparently been re-published on X by innovation theorist John Nosta.

In one of the most interesting passages, Jarvis remembers visiting Bell Labs in 1995. "The halls were haunted with genius: lab after lab with benches and blackboards and history within. We must not lose that history."

An anonymous reader quotes a report from Ars Technica: Google is updating the warning on Chrome's Incognito mode to make it clear that Google and websites run by other companies can still collect your data in the web browser's semi-private mode. The change is being made as Google prepares to settle a class-action lawsuit that accuses the firm of privacy violations related to Chrome's Incognito mode. The expanded warning was recently added to Chrome Canary, a nightly build for developers. The warning appears to directly address one of the lawsuit's complaints, that the Incognito mode's warning doesn't make it clear that Google collects data from users of the private mode.

Many tech-savvy people already know that while private modes in web browsers prevent some data from being stored on your device, they don't prevent tracking by websites or Internet service providers. But many other people may not understand exactly what Incognito mode does, so the more specific warning could help educate users. The new warning seen in Chrome Canary when you open an incognito window says: "You've gone Incognito. Others who use this device won't see your activity, so you can browse more privately. This won't change how data is collected by websites you visit and the services they use, including Google." The wording could be interpreted to refer to Google websites and third-party websites, including third-party websites that rely on Google ad services. The new warning was not yet in the developer, beta, and stable branches of Chrome as of today. It also wasn't in Chromium. The change to Canary was previously reported by MSPowerUser.

Incognito mode in the stable version of Chrome still says: "You've gone Incognito. Now you can browse privately, and other people who use this device won't see your activity." Among other changes, the Canary warning replaces "browse privately" with "browse more privately." The stable and Canary warnings both say that your browsing activity might still be visible to "websites you visit," "your employer or school," or "your Internet service provider." But only the Canary warning currently includes the caveat that Incognito mode "won't change how data is collected by websites you visit and the services they use, including Google." The old and new warnings both say that Incognito mode prevents Chrome from saving your browsing history, cookies and site data, and information entered in forms, but that "downloads, bookmarks and reading list items will be saved." Both warnings link to this page, which provides more detail on Incognito mode.

A dinosaur fossil listed for sale in London for $20 million embodies one of the most heated debates in paleontology. From a report: When fossil hunters unearthed the remains of a dinosaur from the hills of eastern Montana five years ago, they carried several key characteristics of a Tyrannosaurus rex: a pair of giant legs for walking, a much smaller pair of arms for slashing prey, and a long tail stretching behind it. But unlike a full-grown T. rex, which would be about the size of a city bus, this dinosaur was more like the size of a pickup truck. The specimen, which is now listed for sale for $20 million at an art gallery in London, raises a question that has come to obsess paleontologists: Is it simply a young T. rex who died before reaching maturity, or does it represent a different but related species of dinosaur known as a Nanotyrannus?

The dispute has produced reams of scientific research and decades of debate, polarizing paleontologists along the way. Now, with dinosaur fossils increasingly fetching eye-popping prices at auction, the once-esoteric dispute has begun to ripple through auction houses and galleries, where some see the T. rex name as a valuable brand that can more easily command high prices. "It's ultimately a quite in-the-weeds question of the taxonomy and the classification of one very particular type of dinosaur," said Steve Brusatte, a paleontologist at the University of Edinburgh. "However, it involves T. rex, and the debate always gets a little bit more ferocious when the king of dinosaurs is involved."

On the internet, juvenile T. rex versus Nanotyrannus has become something of a meme, providing fuel for jokes on niche social media channels. ("I won't believe in Nanotyrannus until it shows up at my own door and devours me," a paleontology student with the handle "TheDinoBuff" joked recently on the social media site X.) The gallery selling the specimen discovered in Montana -- which is known as Chomper -- was faced with a choice. Call it a juvenile T. rex? Label it a Nanotyrannus? Or embrace the ambiguity of an unresolved scientific debate? The David Aaron gallery in London went with calling it a "rare juvenile Tyrannosaurus rex skeleton." It cited an influential 2020 paper on the subject led by Holly N. Woodward, which used an analysis of growth rings within bone samples from two disputed specimens -- which are estimated to have been similarly sized to Chomper -- to argue that they were juveniles nearing growth spurts.

An anonymous reader quotes a report from The Guardian: Microsoft's MS-DOS (and its IBM-branded counterpart, PC DOS) eventually became software juggernauts, powering the vast majority of PCs throughout the '80s and serving as the underpinnings of Windows throughout the '90s. But the software had humble beginnings, as we've detailed in our history of the IBM PC and elsewhere. It began in mid-1980 as QDOS, or "Quick and Dirty Operating System," the work of developer Tim Paterson at a company called Seattle Computer Products (SCP). It was later renamed 86-DOS, after the Intel 8086 processor, and this was the version that Microsoft licensed and eventually purchased.

Last week, Internet Archive user f15sim discovered and uploaded a new-old version of 86-DOS to the Internet Archive. Version 0.1-C of 86-DOS is available for download here and can be run using the SIMH emulator; before this, the earliest extant version of 86-DOS was version 0.34, also uploaded by f15sim. This version of 86-DOS is rudimentary even by the standards of early-'80s-era DOS builds and includes just a handful of utilities, a text-based chess game, and documentation for said chess game. But as early as it is, it remains essentially recognizable as the DOS that would go on to take over the entire PC business. If you're just interested in screenshots, some have been posted by user NTDEV on the site that used to be Twitter.

According to the version history available on Wikipedia, this build of 86-DOS would date back to roughly August of 1980, shortly after it lost the "QDOS" moniker. By late 1980, SCP was sharing version 0.3x of the software with Microsoft, and by early 1981, it was being developed as the primary operating system of the then-secret IBM Personal Computer. By the middle of 1981, roughly a year after 86-DOS began life as QDOS, Microsoft had purchased the software outright and renamed it MS-DOS. Microsoft and IBM continued to co-develop MS-DOS for many years; the version IBM licensed and sold on its PCs was called PC DOS, though for most of their history the two products were identical. Microsoft also retained the ability to license the software to other computer manufacturers as MS-DOS, which contributed to the rise of a market of mostly interoperable PC clones. The PC market as we know it today still more or less resembles the PC-compatible market of the mid-to-late 1980s, albeit with dramatically faster and more capable components.

reg writes: Twenty-five years ago today, CmdrTaco innocently posted a story entitled "Collection of Fun Video Clips" in the days of T1 lines and invited anyone with the bandwidth to check it out. Even though the term "Slashdot Effect" had already been coined, this was the first time it took down a site. The site owner got a personal call from their ISP, which was later reported in the comments, where he also noted that he was writing a novella called "She Hates My Futon." Many old timers started reading that, although it's never been finished, despite having a Good Reads page, a Facebook page, and several promises that he'll complete it.

Google's Safety Check feature for Chrome, which, among other things, checks the internet to see if any of your saved passwords have been compromised, will now "run automatically in the background" on desktop, the company said in a blog post on Thursday. From a report: The constant checks could mean that you're alerted about a password that you should change sooner than you would have before. Safety Check also watches for bad extensions or site permissions you need to look at, and you can act on Safety Check alerts from Chrome's three-dot menu. In addition, Google says that Safety Check can revoke a site's permissions if you haven't visited it in a while. Google also announced an upcoming feature for Chrome's tab groups, also on desktop: Chrome will let you save tab groups so that you can use those groups across devices, which might be handy when moving between a PC at home and a laptop when traveling. Google says this feature will roll out "over the next few weeks."

Chevrolet of Watsonville recently introduced a ChatGPT-powered chatbot on their website that was quickly exploited by users for their amusement. Internet users, like Chris Bakke, manipulated the chatbot into agreeing to absurd terms, such as selling a 2024 Chevy Tahoe for a dollar, leading to the chatbot's removal from the site. Hot Hardware reports: On X over the past few days, users discovered that Chevrolet of Watsonville introduced a chatbot powered by ChatGPT. While it gives the option to talk to a human, the hooligans of the Internet could not resist toying with the technology before it was pulled from the website. Namely, folks like Chris Bakke coerced the chatbot into "the customer is always right" mode and set it so it closes each response with "and that's a legally binding offer -- no takesies backsies." At this point, Chris then explained he needed a 2024 Chevy Tahoe and only had a dollar, to which the LLM replied "That's a deal, and that's a legally binding offer -- no takesies backsies."

Beyond the $1 Tahoe, other users managed to trick the bot into recommending a Tesla Model 3 AWD instead of a Chevy. Tim Champ on X got the bot to create a Python script to "solve the Navier-stokes fluid flow equations for a zero-vorticity boundry," which is amusing, to say the least.

An anonymous reader quotes a report from the New York Times: The Federal Trade Commission on Wednesday proposed sweeping changes to bolster the key federal rule that has protected children's privacy online, in one of the most significant attempts by the U.S. government to strengthen consumer privacy in more than a decade. The changes are intended to fortify the rules underlying the Children's Online Privacy Protection Act of 1998, a law that restricts the online tracking of youngsters by services like social media apps, video game platforms, toy retailers and digital advertising networks. Regulators said the moves would "shift the burden" of online safety from parents to apps and other digital services while curbing how platforms may use and monetize children's data.

The proposed changes would require certain online services to turn off targeted advertising by default for children under 13. They would prohibit the online services from using personal details like a child's cellphone number to induce youngsters to stay on their platforms longer. That means online services would no longer be able to use personal data to bombard young children with push notifications. The proposed updates would also strengthen security requirements for online services that collect children's data as well as limit the length of time online services could keep that information. And they would limit the collection of student data by learning apps and other educational-tech providers, by allowing schools to consent to the collection of children's personal details only for educational purposes, not commercial purposes. [...]

The F.T.C. began reviewing the children's privacy rule in 2019, receiving more than 175,000 comments from tech and advertising industry trade groups, video content developers, consumer advocacy groups and members of Congress. The resulting proposal (PDF) runs more than 150 pages. Proposed changes include narrowing an exception that allows online services to collect persistent identification codes for children for certain internal operations, like product improvement, consumer personalization or fraud prevention, without parental consent. The proposed changes would prohibit online operators from employing such user-tracking codes to maximize the amount of time children spend on their platforms. That means online services would not be able to use techniques like sending mobile phone notifications "to prompt the child to engage with the site or service, without verifiable parental consent," according to the proposal. How online services would comply with the changes is not yet known. Members of the public have 60 days to comment on the proposals, after which the commission will vote.

CNN reports on a new German-based project called WindCORES that operates data centers inside existing wind turbines, making them almost completely carbon neutral. "If you look at the sustainability pyramid, the highest form of sustainability is using things that already exist," said Fiete Dubberke, managing director of windCORES, which was founded in 2018. From the report: The concept uses existing wind turbines to power data centers on site, while fiber optic cables provide a constant internet connection. Planning for a project like this began 10 years ago, Dubberke said, when WestfalenWIND realized the electricity grid was too weak to handle the huge capacities of electricity being produced by its wind turbines during peak wind hours, resulting in their windfarms being switched off due to grid security issues. WindCORES estimates that the unused electricity generated during this period could power one-third of all German data centers.

Its solution was to bypass the "middleman" (the grid) altogether, and instead, power IT servers from directly inside the large concrete wind turbine towers. Each tower is 13 meters wide and could potentially hold server racks up to 150 meters high. As the area is mostly empty space, Dubberke calls the concept a "no-brainer." According to Dubberke, an average of 85-92% of the power needed to sustain a windCORES data center comes directly from the host turbine. When there is no wind, electricity is obtained from other renewable sources, including solar farms and hydroelectric power plants, via the electricity grid. "The German data center average is 430 grams of CO2 released per kilowatt hour," he said. "For windCORES, it is calculated at just 10 grams per kilowatt hour."

Since launching, windCORES has acquired around 150 clients through co-location and cloud solutions, from very small start-up companies to bigger, more established ones, such as Zattoo, a leading carbon-neutral Swiss TV streaming platform with several million monthly users. Zattoo joined windCORES in 2020, when it moved one of its six data centers into a wind turbine in Paderborn. Currently, 218 channels are encoded with windCORES, and by the end of next year, the company hopes to relocate more existing servers to the wind farm, making it Zattoo's main data center location. [...] WindCORES has recently opened a larger, second location called "windCORES II" at the Huser Klee windfarm in Lichtenau, Germany. Built for a new large automotive client from Munich (the name is yet to be revealed), it is over three levels and around 20 meters high.

Jon Porter reports via The Verge: UK telecoms regulator Ofcom has laid out how porn sites could verify users' ages under the newly passed Online Safety Act. Although the law gives sites the choice of how they keep out underage users, the regulator is publishing a list of measures they'll be able to use to comply. These include having a bank or mobile network confirm that a user is at least 18 years old (with that user's consent) or asking a user to supply valid details for a credit card that's only available to people who are 18 and older. The regulator is consulting on these guidelines starting today and hopes to finalize its official guidance in roughly a year's time.

Ofcom lists six age verification methods in today's draft guidelines. As well as turning to banks, mobile networks, and credit cards, other suggested measures include asking users to upload photo ID like a driver's license or passport, or for sites to use "facial age estimation" technology to analyze a person's face to determine that they've turned 18. Simply asking a site visitor to declare that they're an adult won't be considered strict enough. Once the duties come into force, pornography sites will be able to choose from Ofcom's approaches or implement their own age verification measures so long as they're deemed to hit the "highly effective" bar demanded by the Online Safety Act. The regulator will work with larger sites directly and keep tabs on smaller sites by listening to complaints, monitoring media coverage, and working with frontline services. Noncompliance with the Online Safety Act can be punished with fines of up to [$22.7 million] or 10 percent of global revenue (whichever is higher).

The guidelines being announced today will eventually apply to pornography sites both big and small so long as the content has been "published or displayed on an online service by the provider of the service." In other words, they're designed for professionally made pornography, rather than the kinds of user-generated content found on sites like OnlyFans. That's a tricky distinction when the two kinds often sit together side by side on the largest tube sites. But Ofcom will be opening a consultation on rules for user-generated content, search engines, and social media sites in the new year, and Whitehead suggests that the both sets of rules will come into effect at around the same time.

The Atlantic writes: Failing a CAPTCHA isn't just annoying — it keeps people from navigating the internet. Older people can take considerably more time to solve different kinds of CAPTCHAs, according to the UC Irvine researchers, and other research has found that the same is true for non-native English speakers. The annoyance can lead a significant chunk of users to just give up.
But is it all also just a big waste of time? The article notes there's now even CAPTCHA-solving services you can hire. ("2Captcha will solve a thousand CAPTCHAs for a dollar, using human workers paid as low as 50 cents an hour. Newer companies, such as Capsolver, claim to instead be using AI and charge roughly the same price.")

And they also write that this summer saw more discouraging news: In a recent study from researchers at UC Irvine and Microsoft:

- most of the 1,400 human participants took 15 to 26 seconds to solve a CAPTCHA with a grid of images, with 81% accuracy.

- A bot tested in March 2020, meanwhile, was shown to solve similar puzzles in an average of 19.9 seconds, with 83% accuracy.
The article ultimately argues that for roughly 20 years, "CAPTCHAs have been engaged in an arms race against the machines," and that now "The burden is on CAPTCHAs to keep up" — which they're doing by evolving. The most popular type, Google's reCAPTCHA v3, should mostly be okay. It typically ascertains your humanity by monitoring your activity on websites before you even click the checkbox, comparing it with models of "organic human interaction," Jess Leroy, a senior director of product management at Google Cloud, the division that includes reCAPTCHA, told me.
But the automotive site Motor Biscuit speculates something else could also be happening. "Have you noticed it likes to ask about cars, buses, crosswalks, and other vehicle-related images lately?" Google has not confirmed that it uses the reCAPTCHA system for autonomous vehicles, but here are a few reasons why I think that could be the case. Self-driving cars from Waymo and other brands are improving every day, but the process requires a lot of critical technology and data to improve continuously.

According to an old Google Security Blog, using reCAPTCHA and Street View to make locations on Maps more accurate was happening way back in 2014... [I]t would ask users to find the street numbers found on Google Street View and confirm the numbers matched. Previously, it would use distorted text or letters. Using this data, Google could correlate the numbers with addresses and help pinpoint the location on Google Maps...

Medium reports that more than 60 million CAPTCHAs are being solved every day, which saves around 160,000 human hours of work. If these were helping locate addresses, why not also help identify other objects? Help differentiate a bus from a car and even choose a crosswalk over a light pole.
Thanks to Slashdot reader rikfarrow for suggesting the topic.

An anonymous reader quotes a report from Ars Technica: In a preprint research paper titled "Does GPT-4 Pass the Turing Test?", two researchers from UC San Diego pitted OpenAI's GPT-4 AI language model against human participants, GPT-3.5, and ELIZA to see which could trick participants into thinking it was human with the greatest success. But along the way, the study, which has not been peer-reviewed, found that human participants correctly identified other humans in only 63 percent of the interactions -- and that a 1960s computer program surpassed the AI model that powers the free version of ChatGPT. Even with limitations and caveats, which we'll cover below, the paper presents a thought-provoking comparison between AI model approaches and raises further questions about using the Turing test to evaluate AI model performance.

In the recent study, listed on arXiv at the end of October, UC San Diego researchers Cameron Jones (a PhD student in Cognitive Science) and Benjamin Bergen (a professor in the university's Department of Cognitive Science) set up a website called turingtest.live, where they hosted a two-player implementation of the Turing test over the Internet with the goal of seeing how well GPT-4, when prompted different ways, could convince people it was human. Through the site, human interrogators interacted with various "AI witnesses" representing either other humans or AI models that included the aforementioned GPT-4, GPT-3.5, and ELIZA, a rules-based conversational program from the 1960s. "The two participants in human matches were randomly assigned to the interrogator and witness roles," write the researchers. "Witnesses were instructed to convince the interrogator that they were human. Players matched with AI models were always interrogators."

The experiment involved 652 participants who completed a total of 1,810 sessions, of which 1,405 games were analyzed after excluding certain scenarios like repeated AI games (leading to the expectation of AI model interactions when other humans weren't online) or personal acquaintance between participants and witnesses, who were sometimes sitting in the same room. Surprisingly, ELIZA, developed in the mid-1960s by computer scientist Joseph Weizenbaum at MIT, scored relatively well during the study, achieving a success rate of 27 percent. GPT-3.5, depending on the prompt, scored a 14 percent success rate, below ELIZA. GPT-4 achieved a success rate of 41 percent, second only to actual humans. "Ultimately, the study's authors concluded that GPT-4 does not meet the success criteria of the Turing test, reaching neither a 50 percent success rate (greater than a 50/50 chance) nor surpassing the success rate of human participants," reports Ars. "The researchers speculate that with the right prompt design, GPT-4 or similar models might eventually pass the Turing test. However, the challenge lies in crafting a prompt that mimics the subtlety of human conversation styles. And like GPT-3.5, GPT-4 has also been conditioned not to present itself as human."

"It seems very likely that much more effective prompts exist, and therefore that our results underestimate GPT-4's potential performance at the Turing Test," the authors write.

Futurism has accused Sports Illustrated of publishing AI-generated articles under fake author biographies. The magazine has since removed the articles in question and released a statement blaming the issue on a contractor. From the report: There was nothing in Drew Ortiz's author biography at Sports Illustrated to suggest that he was anything other than human. "Drew has spent much of his life outdoors, and is excited to guide you through his never-ending list of the best products to keep you from falling to the perils of nature," it read. "Nowadays, there is rarely a weekend that goes by where Drew isn't out camping, hiking, or just back on his parents' farm." The only problem? Outside of Sports Illustrated, Drew Ortiz doesn't seem to exist. He has no social media presence and no publishing history. And even more strangely, his profile photo on Sports Illustrated is for sale on a website that sells AI-generated headshots, where he's described as "neutral white young-adult male with short brown hair and blue eyes."

Ortiz isn't the only AI-generated author published by Sports Illustrated, according to a person involved with the creation of the content who asked to be kept anonymous to protect them from professional repercussions. "There's a lot," they told us of the fake authors. "I was like, what are they? This is ridiculous. This person does not exist." "At the bottom [of the page] there would be a photo of a person and some fake description of them like, 'oh, John lives in Houston, Texas. He loves yard games and hanging out with his dog, Sam.' Stuff like that," they continued. "It's just crazy."

According to a second person involved in the creation of the Sports Illustrated content who also asked to be kept anonymous, that's because it's not just the authors' headshots that are AI-generated. At least some of the articles themselves, they said, were churned out using AI as well. "The content is absolutely AI-generated," the second source said, "no matter how much they say that it's not." After we reached out with questions to the magazine's publisher, The Arena Group, all the AI-generated authors disappeared from Sports Illustrated's site without explanation. [...] Though Sports Illustrated's AI-generated authors and their articles disappeared after we asked about them, similar operations appear to be alive and well elsewhere in The Arena Group's portfolio. An Arena Group spokesperson issued the following statement blaming a contractor for the content: "Today, an article was published alleging that Sports Illustrated published AI-generated articles. According to our initial investigation, this is not accurate. The articles in question were product reviews and were licensed content from an external, third-party company, AdVon Commerce. A number of AdVon's e-commerce articles ran on certain Arena websites. We continually monitor our partners and were in the midst of a review when these allegations were raised. AdVon has assured us that all of the articles in question were written and edited by humans. According to AdVon, their writers, editors, and researchers create and curate content and follow a policy that involves using both counter-plagiarism and counter-AI software on all content. However, we have learned that AdVon had writers use a pen or pseudo name in certain articles to protect author privacy -- actions we don't condone -- and we are removing the content while our internal investigation continues and have since ended the partnership."

"Three out of four of the world's most popular websites are failing to meet minimum requirement standards" for password security, reports Georgia Tech's College of Computing. Which means three out of four of the world's most popular web sites are "allowing tens of millions of users to create weak passwords."

Using a first-of-its-kind automated tool that can assess a website's password creation policies, researchers also discovered that 12% of websites completely lacked password length requirements. Assistant Professor Frank Li and Ph.D. student Suood Al Roomi in Georgia Tech's School of Cybersecurity and Privacy created the automated assessment tool to explore all sites in the Google Chrome User Experience Report (CrUX), a database of one million websites and pages.

Li and Al Roomi's method of inferring password policies succeeded on over 20,000 sites in the database and showed that many sites:

- Permit very short passwords
- Do not block common passwords
- Use outdated requirements like complex characters

The researchers also discovered that only a few sites fully follow standard guidelines, while most stick to outdated guidelines from 2004... More than half of the websites in the study accepted passwords with six characters or less, with 75% failing to require the recommended eight-character minimum. Around 12% of had no length requirements, and 30% did not support spaces or special characters. Only 28% of the websites studied enforced a password block list, which means thousands of sites are vulnerable to cyber criminals who might try to use common passwords to break into a user's account, also known as a password spraying attack.
Georgia Tech describes the new research as "the largest study of its kind." ("The project was 135 times larger than previous works that relied on manual methods and smaller sample sizes.")

"As a security community, we've identified and developed various solutions and best practices for improving internet and web security," said assistant professor Li. "It's crucial that we investigate whether those solutions or guidelines are actually adopted in practice to understand whether security is improving in reality."

The Slashdot community has already noticed the problem, judging by a recent post from eggegick. "Every site I visit has its own idea of the minimum and maximum number of characters, the number of digits, the number of upper/lowercase characters, the number of punctuation characters allowed and even what punctuation characters are allowed and which are not." The limit of password size really torques me, as that suggests they are storing the password (they need to limit storage size), rather than its hash value (fixed size), which is a real security blunder. Also, the stupid dots drive me bonkers, especially when there is no "unhide" button. For crying out loud, nobody is looking over my shoulder! Make the "unhide" default.
"The 'dots' are bad security," agrees long-time Slashdot reader Spazmania. "If you're going to obscure the password you should also obscure the length of the password." But in their comment on the original submission, they also point out that there is a standard for passwords, from the National Institute of Standards and Technology: Briefly:

* Minimum 8 characters
* Must allow at least 64 characters.
* No constraints on what printing characters can be used (including high unicode)
* No requirements on what characters must be used or in what order or proportion

This is expected to be paired with a system which does some additional and critical things:

* Maintain a database of known compromised passwords (e.g. from public password dictionaries) and reject any passwords found in the database.
* Pair the password with a second authentication factor such as a security token or cell phone sms. Require both to log in.
* Limit the number of passwords which can be attempted per time period. At one attempt per second, even the smallest password dictionaries would take hundreds of years to try...

Someone attempting to brute force a password from outside on a rate-limited system is limited to the rate, regardless of how computing power advances. If the system enforces a rate limit of 1 try per second, the time to crack an 8-character password containing only lower case letters is still more than 6,000 years.

An anonymous reader quotes a report from The Intercept: A joint project of Human Rights Watch and New York University to document human rights abuses in the Democratic Republic of the Congo has been taken offline after exposing the identities of thousands of vulnerable people, including survivors of mass killings and sexual assaults. The Kivu Security Tracker is a "data-centric crisis map" of atrocities in eastern Congo that has been used by policymakers, academics, journalists, and activists to "better understand trends, causes of insecurity and serious violations of international human rights and humanitarian law," according to the deactivated site. This includes massacres, murders, rapes, and violence against activists and medical personnel by state security forces and armed groups, the site said. But the KST's lax security protocols appear to have accidentally doxxed up to 8,000 people, including activists, sexual assault survivors, United Nations staff, Congolese government officials, local journalists, and victims of attacks, an Intercept analysis found. Hundreds of documents -- including 165 spreadsheets -- that were on a public server contained the names, locations, phone numbers, and organizational affiliations of those sources, as well as sensitive information about some 17,000 "security incidents," such as mass killings, torture, and attacks on peaceful protesters.

The data was available via KST's main website, and anyone with an internet connection could access it. The information appears to have been publicly available on the internet for more than four years. [...] The spreadsheets, along with the main KST website, were taken offline on October 28, after investigative journalist Robert Flummerfelt, one of the authors of this story, discovered the leak and informed Human Rights Watch and New York University's Center on International Cooperation. HRW subsequently assembled what one source close to the project described as a "crisis team." Last week, HRW and NYU's Congo Research Group, the entity within the Center on International Cooperation that maintains the KST website, issued a statement that announced the takedown and referred in vague terms to "a security vulnerability in its database," adding, "Our organizations are reviewing the security and privacy of our data and website, including how we gather and store information and our research methodology." The statement made no mention of publicly exposing the identities of sources who provided information on a confidential basis. [...] The Intercept has not found any instances of individuals affected by the security failures, but it's currently unknown if any of the thousands of people involved were harmed. "We deeply regret the security vulnerability in the KST database and share concerns about the wider security implications," Human Rights Watch's chief communications officer, Mei Fong, told The Intercept. Fong said in an email that the organization is "treating the data vulnerability in the KST database, and concerns around research methodology on the KST project, with the utmost seriousness." Fong added, "Human Rights Watch did not set up or manage the KST website. We are working with our partners to support an investigation to establish how many people -- other than the limited number we are so far aware of -- may have accessed the KST data, what risks this may pose to others, and next steps. The security and confidentiality of those affected is our primary concern."

An anonymous reader quotes a report from 404 Media: Civitai, an online marketplace for sharing AI models that enables the creation of nonconsensual sexual images of real people, has introduced a new feature that allows users to post "bounties." These bounties allow users to ask the Civitai community to create AI models that generate images of specific styles, compositions, or specific real people, and reward the best AI model that does so with a virtual currency users can buy with real money. As is common on the site, many of the bounties posted to Civitai since the feature was launched are focused on recreating the likeness of celebrities and social media influencers, almost exclusively women. But 404 Media has seen at least one bounty for a private person who has no significant public online presence.

"I am very afraid of what this can become, for years I have been facing problems with the misuse of my image and this has certainly never crossed my mind," Michele Alves, an Instagram influencer who has a bounty on Civitai, told 404 Media. "I don't know what measures I could take, since the internet seems like a place out of control. The only thing I think about is how it could affect me mentally because this is beyond hurtful." The news shows how increasingly easy to use text-to-image AI tools, the ability to easily create AI models of specific people, and a platform that monetizes the production of nonconsensual sexual images is making it possible to generate nonconsensual images of anyone, not just celebrities.

The bounty of a real person that 404 Media saw on Civitai did not include a name, and included a handful of images that were taken from her social media accounts. 404 Media was able to find this person's online accounts and confirm they were not a celebrity or social media influencer, but just a regular person with personal social media accounts with few followers. The person who posted the bounty claimed that the woman he wanted an AI model of was his wife, though her Facebook account said she was single. Other Civitai users also weren't buying that explanation. Despite suspicions from these users, someone did complete the bounty and created an AI model of the woman that now any Civiai user can download. Several non-sexual AI generated images of her have been posted to the site.

It happened a quarter of a century ago. The New York Times wrote that "An internal memorandum reflecting the views of some of Microsoft's top executives and software development managers reveals deep concern about the threat of free software and proposes a number of strategies for competing against free programs that have recently been gaining in popularity." The memo warns that the quality of free software can meet or exceed that of commercial programs and describes it as a potentially serious threat to Microsoft. The document was sent anonymously last week to Eric Raymond, a key figure in a loosely knit group of software developers who collaboratively create and distribute free programs ranging from operating systems to Web browsers. Microsoft executives acknowledged that the document was authentic...

In addition to acknowledging that free programs can compete with commercial software in terms of quality, the memorandum calls the free software movement a "long-term credible" threat and warns that employing a traditional Microsoft marketing strategy known as "FUD," an acronym for "fear, uncertainty and doubt," will not succeed against the developers of free software. The memorandum also voices concern that Linux is rapidly becoming the dominant version of Unix for computers powered by Intel microprocessors.

The competitive issues, the note warns, go beyond the fact that the software is free. It is also part of the open-source software, or O.S.S., movement, which encourages widespread, rapid development efforts by making the source code — that is, the original lines of code written by programmers — readily available to anyone. This enables programmers the world over to continually write or suggest improvements or to warn of bugs that need to be fixed. The memorandum notes that open software presents a threat because of its ability to mobilize thousands of programmers. "The ability of the O.S.S. process to collect and harness the collective I.Q. of thousands of individuals across the Internet is simply amazing," the memo states. "More importantly, O.S.S. evangelization scales with the size of the Internet much faster than our own evangelization efforts appear to scale."
Back in 1998, Slashdot's CmdrTaco covered the whole brouhaha — including this CNN article: A second internal Microsoft memo on the threat Linux poses to Windows NT calls the operating system "a best-of-breed Unix" and wonders aloud if the open-source operating system's momentum could be slowed in the courts.

As with the first "Halloween Document," the memo — written by product manager Vinod Valloppillil and another Microsoft employee, Josh Cohen — was obtained by Linux developer Eric Raymond and posted on the Internet. In it, Cohen and Valloppillil, who also authored the first "Halloween Document," appear to suggest that Microsoft could slow the open-source development of Linux with legal battles. "The effect of patents and copyright in combating Linux remains to be investigated," the duo wrote.
Microsoft's slogain in 1998 was "Where do you want to go today?" So Eric Raymond published the documents on his web site under the headline "Where will Microsoft try to drag you today? Do you really want to go there?"

25 years later, and it's all still up there and preserved for posterity on Raymond's web page — a collection of leaked Microsoft documents and related materials known collectively as "the Halloween documents." And Raymond made a point of thanking the writers of the documents, "for authoring such remarkable and effective testimonials to the excellence of Linux and open-source software in general."

Thanks to long-time Slashdot reader mtaht for remembering the documents' 25th anniversary...

A long read at the Verge explores the quality of Google's search results — and whether they've been affected by the Search Engine Optimization industry.

But it begins by saying that "A lot of folks' complain that "The links that pop up when they go looking for answers online, they say, are "absolutely unusable"; "garbage"; and "a nightmare" because "a lot of the content doesn't feel authentic."

If so, the question is why. SEO Daron Babin warns that "We're entering a very weird time, technologically, with AI, from an optimization standpoint... All the assholes that are out there paying shitty link-building companies to build shitty articles, now they can go and use the free version of GPT." Soon, he said, Google results would be even worse, dominated entirely by AI-generated crap designed to please the algorithms, produced and published at volumes far beyond anything humans could create, far beyond anything we'd ever seen before. "They're not gonna be able to stop the onslaught of it," he said. Then he laughed and laughed, thinking about how puny and irrelevant Google seemed in comparison to the next generation of automated SEO. "You can't stop it...!"

Nowadays, he mostly invests in cannabis and psychedelics. SEO just got to be too complicated for not enough money, he told me. [SEO Missy] Ward had told me the same thing, that she had stopped focusing on SEO years ago.
But the Verge also spoke to Danny Sullivan, the former journalist who started the SEO-industry site Search Engine Land — who was eventually hired by Google as their "public liaison for serach." And Sullivan "is pissed that people think Google results have gone downhill. Because they haven't, he insisted. If anything, search results have gotten a lot better over time. Anyone who thought search quality was worse needed to take a hard look in the mirror." Sullivan was not the only person who tried to tell me that search results have improved significantly. Out of the dozen-plus SEOs that I spoke with at length, nearly every single one insisted that search results are way better than they used to be...

This was not what I had been noticing, and this was certainly not what I had been hearing from friends and journalists and friends who are journalists. Were all of us wrong...? I began to worry all the people who were mad about search results were upset about something that had nothing to do with metrics and everything to do with feelings and ~vibes~ and a universal, non-Google-specific resentment and rage about how the internet has made our lives so much worse in so many ways, dividing us and deceiving us and provoking us and making us sadder and lonelier.
SEO Lily Ray says Google did change its algorithm in 2016 to fight disinformation, trying to favor sites with "experience, expertise, authoritativeness, and trustworthiness." But the point that really hit me was that for certain kinds of information, Google had undone one of the fundamental elements of what had made its results so appealing from the start. Now, instead of wild-west crowdsourcing, search was often reinforcing institutional authority...

The second major reason why Google results feel different lately was, of course, SEO... Google is harder to game now — it's true. But the sheer volume of SEO bait being produced is so massive and so complex that Google is overwhelmed. "It's exponentially worse," Ray said. "People can mass auto-generate content with AI and other tools," she went on, and "in many cases, Google's algorithms take a minute to catch onto it."

The future that Babin had cackled about at the alligator party was already here. We humans and our pedestrian questions were getting caught up in a war of robots fighting robots, of Google's algorithms trying to find and stop the AI-enabled sites programmed by SEOs from infecting our internet experience.