Bruce Schneier and Nathan E. Sanders, writing in a post: Someone who makes calculus mistakes is also likely to respond "I don't know" to calculus-related questions. To the extent that AI systems make these human-like mistakes, we can bring all of our mistake-correcting systems to bear on their output. But the current crop of AI models -- particularly LLMs -- make mistakes differently.

AI errors come at seemingly random times, without any clustering around particular topics. LLM mistakes tend to be more evenly distributed through the knowledge space. A model might be equally likely to make a mistake on a calculus question as it is to propose that cabbages eat goats. And AI mistakes aren't accompanied by ignorance. A LLM will be just as confident when saying something completely wrong -- and obviously so, to a human -- as it will be when saying something true. The seemingly random inconsistency of LLMs makes it hard to trust their reasoning in complex, multi-step problems. If you want to use an AI model to help with a business problem, it's not enough to see that it understands what factors make a product profitable; you need to be sure it won't forget what money is.

[...] Humans may occasionally make seemingly random, incomprehensible, and inconsistent mistakes, but such occurrences are rare and often indicative of more serious problems. We also tend not to put people exhibiting these behaviors in decision-making positions. Likewise, we should confine AI decision-making systems to applications that suit their actual abilities -- while keeping the potential ramifications of their mistakes firmly in mind.

Meta announced a new video editing app called Edits to fill the gap left by ByteDance's CapCut editor, which was temporarily removed from the App Store and Google Play Store as part of the TikTok ban. While the ban was lifted, the new app serves to capitalize on the uncertainty of TikTok's future. TechCrunch reports: Instagram head Adam Mosseri (pictured above) said on Threads that the app will launch next month on iOS, with an Android version following later. He added that the company is working with select creators to gather feedback about the app. "Today we're announcing a new app called 'Edits,' for those of you who are passionate about making videos on your phone. There's a lot going on right now, but no matter what happens, it's our job to provide the best possible tools for creators," he wrote.

Mosseri said the app will have a suite of creative tools, including a dedicated tab for inspiration, a tab for keeping track of ideas, and a high-quality camera. Plus, it will have the ability to share draft versions of creations with friends or collaborators. He added that creators would be able to see insights on how videos made through Edits are performing on Instagram after publishing. In a separate post, he emphasized that the app is "more for creators than casual video makers," which is hard to quantify in measurable terms.

One in five online job postings may be "ghost jobs" that companies never intend to fill, according to new data from hiring platform Greenhouse examining its clients' recruitment patterns in 2024. The analysis found that 18-22% of advertised positions across technology, finance, and healthcare sectors went unfilled, while nearly 70% of companies posted at least one ghost job in the second quarter of 2024.

Construction, arts, food and beverage, and legal industries showed the highest rates of ghost listings. In response, Greenhouse and LinkedIn have introduced verification systems for job postings. LinkedIn reports more than half its listings are now tagged as "verified," indicating confirmed open positions. Companies maintain ghost listings for various reasons, including projecting growth, keeping options open for exceptional candidates, or meeting federal posting requirements, said Jon Stross, Greenhouse's president and co-founder.

In a potential U.S.-China conflict, cyberattackers are military weapons. That's the thrust of a new article from the Wall Street Journal: The message from President Biden's national security adviser was startling. Chinese hackers had gained the ability to shut down dozens of U.S. ports, power grids and other infrastructure targets at will, Jake Sullivan told telecommunications and technology executives at a secret meeting at the White House in the fall of 2023, according to people familiar with it. The attack could threaten lives, and the government needed the companies' help to root out the intruders.

What no one at the briefing knew, including Sullivan: China's hackers were already working their way deep inside U.S. telecom networks, too. The two massive hacking operations have upended the West's understanding of what Beijing wants, while revealing the astonishing skill level and stealth of its keyboard warriors — once seen as the cyber equivalent of noisy, drunken burglars. China's hackers were once thought to be interested chiefly in business secrets and huge sets of private consumer data. But the latest hacks make clear they are now soldiers on the front lines of potential geopolitical conflict between the U.S. and China, in which cyberwarfare tools are expected to be powerful weapons. U.S. computer networks are a "key battlefield in any future conflict" with China, said Brandon Wales, a former top U.S. cybersecurity official at the Department of Homeland Security, who closely tracked China's hacking operations against American infrastructure. He said prepositioning and intelligence collection by the hackers "are designed to ensure they prevail by keeping the U.S. from projecting power, and inducing chaos at home."

As China increasingly threatens Taiwan, working toward what Western intelligence officials see as a target of being ready to invade by 2027, the U.S. could be pulled into the fray as the island's most important backer... Top U.S. officials in both parties have warned that China is the greatest danger to American security.

In the infrastructure attacks, which began at least as early as 2019 and are still taking place, hackers connected to China's military embedded themselves in arenas that spies usually ignored, including a water utility in Hawaii, a port in Houston and an oil-and-gas processing facility. Investigators, both at the Federal Bureau of Investigation and in the private sector, found the hackers lurked, sometimes for years, periodically testing access. At a regional airport, investigators found the hackers had secured access, and then returned every six months to make sure they could still get in. Hackers spent at least nine months in the network of a water-treatment system, moving into an adjacent server to study the operations of the plant. At a utility in Los Angeles, the hackers searched for material about how the utility would respond in the event of an emergency or crisis. The precise location and other details of the infrastructure victims are closely guarded secrets, and couldn't be fully determined.

American security officials said they believe the infrastructure intrusions — carried out by a group dubbed Volt Typhoon — are at least in part aimed at disrupting Pacific military supply lines and otherwise impeding America's ability to respond to a future conflict with China, including over a potential invasion of Taiwan... The focus on Guam and West Coast targets suggested to many senior national-security officials across several Biden administration agencies that the hackers were focused on Taiwan, and doing everything they could to slow a U.S. response in a potential Chinese invasion, buying Beijing precious days to complete a takeover even before U.S. support could arrive.
The telecom breachers "were also able to swipe from Verizon and AT&T a list of individuals the U.S. government was surveilling in recent months under court order, which included suspected Chinese agents. The intruders used known software flaws that had been publicly warned about but hadn't been patched."

And ultimately nine U.S. telecoms were breached, according to America's deputy national security adviser for cybersecurity — including what appears to have been a preventable breach at AT&T (according to "one personal familiar with the matter"): [T]hey took control of a high-level network management account that wasn't protected by multifactor authentication, a basic safeguard. That granted them access to more than 100,000 routers from which they could further their attack — a serious lapse that may have allowed the hackers to copy traffic back to China and delete their own digital tracks.
The details of the various breaches are stunning: Chinese hackers gained a foothold in the digital underpinnings of one of America's largest ports in just 31 seconds. At the Port of Houston, an intruder acting like an engineer from one of the port's software vendors entered a server designed to let employees reset their passwords from home. The hackers managed to download an encrypted set of passwords from all the port's staff before the port recognized the threat and cut off the password server from its network...

"We're going straight to Mars. The Moon is a distraction," Elon Musk posted Thursday on X.com.

Ars Technica's senior space editor points out that "These are definitive statements that directly contradict NASA's plans to send a series of human missions to the lunar south pole later this decade and establish a sustainable base of operations there with the Artemis Program." And "It would be one thing if Musk was just expressing his opinion as a private citizen..." but Musk "has assumed an important advisory role for the incoming administration. He was also partly responsible for the expected nomination of private astronaut [and former SpaceX flight commander] Jared Isaacman to become the next administrator of NASA. Although Musk is not directing US space policy, he certainly has a meaningful say in what happens." So what does this mean for Artemis? The fate of Artemis is an important question not just for NASA but for the US commercial space industry, the European Space Agency, and other international partners who have aligned with the return of humans to the Moon. With Artemis, the United States is in competition with China to establish a meaningful presence on the surface of the Moon. Based upon conversations with people involved in developing space policy for the Trump administration, I can make some educated guesses about how to interpret Musk's comments. None of these people, for example, would disagree with Musk's assertion that "the Artemis architecture is extremely inefficient" and that some changes are warranted.

With that said, the Artemis Program is probably not going away. After all, it was the first Trump administration that created the program about five years ago. However, it may be less well-remembered that the first Trump White House pushed for more significant changes, including a "major course correction" at NASA... To a large extent, NASA resisted this change during the remainder of the Trump administration, keeping its core group of major contractors, such as Boeing and Lockheed Martin, in place. It had help from key US Senators, including Richard Shelby, the now-retired Republican from Alabama. But this time, the push for change is likely to be more concerted, especially with key elements of NASA's architecture, including the Space Launch System rocket, being bypassed by privately developed rockets such as SpaceX's Starship vehicle and Blue Origin's New Glenn rocket.

In all likelihood, NASA will adopt a new "Artemis" plan that involves initiatives to both the Moon and Mars. When Musk said "we're going straight to Mars," he may have meant that this will be the thrust of SpaceX, with support from NASA. That does not preclude a separate initiative, possibly led by Blue Origin with help from NASA, to develop lunar return plans.
One month ago in a post on X.com, incoming NASA administrator Isaacman described himself as "passionate about America leading the most incredible adventure in human history..."

And he also added that Americans "will walk on the Moon and Mars and in doing so, we will make life better here on Earth."

Windows 11 24H2 continues to experience issues with multifunction devices using the eSCL scan protocol, despite Microsoft marking the problem as resolved. According to a Register reader, "It works on a Windows 10 machine, but not on Windows 11, unless both the computer and the scanner are on wired Ethernet." From the report: Microsoft issued a compatibility safeguard hold on USB-connected devices using the Scanner Communication Language (eSCL) protocol in November after users who installed the Windows update experienced glitches with device discovery. The issue was reported resolved by Microsoft in December. However, it seems that KB5048667 might not have fixed all the problems for Canon owners. According to our reader: "Canon support tells me that the 24H2 eSCL issue still is not fixed." We asked Microsoft about the situation, but despite telling us it was looking into the problem on Friday, December 20, the company has yet to provide any further details. Canon was more forthcoming. A spokesperson told The Register it was aware of a problem impacting devices using ScanGear MF.

ScanGear MF is a scanner driver provided by Canon and allows customers to configure advanced settings for scanning. Canon does not appear to be changing its code to rectify whatever problems had been brought on by the Windows 11 update. The spokesperson said: "Microsoft is currently working on an OS amendment to resolve this and we are keeping in close contact with them. The timing for resolving this is yet to be confirmed by Microsoft, however we expect to receive the plan to fix in January 2025." Customers affected by the issue, which manifests itself with a communications error message, according to Canon's support forum, are advised to use either native Microsoft software solutions or go fully wired via USB.

Long-time Slashdot AmiMoJo quotes this report from EcoWatch: Record wind-generated electricity across Northern Ireland and Scotland Tuesday night pushed Britain's power prices below zero.

Wind output peaked at a record high 22.4 gigawatts (GW), breaking the previous high set [last] Sunday evening, the national system operator said, as Bloomberg reported. The record output provided more than 68 percent of the country's power.

From 5:30 to 6:30 a.m. on Wednesday, the half-hourly price fell to 6.57 pounds per megawatt-hour, according to data from European power exchange Epex Spot.

"Setting another clean electricity generation record just four days after the previous high shows the pivotal role wind is playing in keeping the country powered up during the festive season," said Dan McGrail, chief executive of RenewableUK, as . "This is also demonstrated by today's official figures which reveal that renewables have generated more than half our electricity for four quarters in a row."
The article adds that energy prices with negative numbers "have been recorded for 131 hours in the UK this year, an increase of 45 hours over 2023...

"Wind power was the largest source of energy in the UK from January to September of 2024."

The rise of AI has rendered traditional CAPTCHA tests increasingly ineffective, as bots can now "[solve] these puzzles in milliseconds using artificial intelligence (AI)," reports The Conversation. "How ironic. The tools designed to prove we're human are now obstructing us more than the machines they're supposed to be keeping at bay." The report warns that the imminent arrival of AI agents -- software programs designed to autonomously interact with websites on our behalf -- will further complicate matters. From the report: Developers are continually coming up with new ways to verify humans. Some systems, like Google's ReCaptcha v3 (introduced in 2018), don't ask you to solve puzzles anymore. Instead, they watch how you interact with a website. Do you move your cursor naturally? Do you type like a person? Humans have subtle, imperfect behaviors that bots still struggle to mimic. Not everyone likes ReCaptcha v3 because it raises privacy issues -- plus the web company needs to assess user scores to determine who is a bot, and the bots can beat the system anyway. There are alternatives that use similar logic, such as "slider" puzzles that ask users to move jigsaw pieces around, but these too can be overcome.

Some websites are now turning to biometrics to verify humans, such as fingerprint scans or voice recognition, while face ID is also a possibility. Biometrics are harder for bots to fake, but they come with their own problems -- privacy concerns, expensive tech and limited access for some users, say because they can't afford the relevant smartphone or can't speak because of a disability. The imminent arrival of AI agents will add another layer of complexity. It will mean we increasingly want bots to visit sites and do things on our behalf, so web companies will need to start distinguishing between "good" bots and "bad" bots. This area still needs a lot more consideration, but digital authentication certificates are proposed as one possible solution.

In sum, Captcha is no longer the simple, reliable tool it once was. AI has forced us to rethink how we verify people online, and it's only going to get more challenging as these systems get smarter. Whatever becomes the next technological standard, it's going to have to be easy to use for humans, but one step ahead of the bad actors. So the next time you find yourself clicking on blurry traffic lights and getting infuriated, remember you're part of a bigger fight. The future of proving humanity is still being written, and the bots won't be giving up any time soon.

OpenAI has unveiled a new AI model that it says takes longer to solve problems but gets better results, following Google's similar announcement a day earlier. The model, called o3, replaces o1 from September and spends extra time working through questions that need step-by-step reasoning.

It scores three times higher than o1 on ARC-AGI, a test measuring how well AI handles complex math and logic problems it hasn't seen before. "This is the beginning of the next phase of AI," CEO Sam Altman said during a livestream Friday.

The Microsoft-backed startup is keeping o3 under wraps for now but plans to let outside researchers test it.

China-linked spies are still lurking inside U.S. telecommunications networks roughly six months after American officials started investigating the intrusions, senior officials told reporters Tuesday. From a report: This is the first time U.S. officials have confirmed reports that Salt Typhoon hackers still have access to critical infrastructure -- and they're proving difficult to kick out. Officials added that they don't yet know the full scope of the intrusions, despite starting the investigation in late spring.

The Cybersecurity and Infrastructure Security Agency and FBI released guidance Tuesday for the communications sector to harden their networks against Chinese state-sponsored hackers. The guide includes basic steps like maintaining logs of activity on the network, keeping an inventory of all devices in the telecom's environment and changing any default equipment passwords. The hack has given Salt Typhoon unprecedented access to records from U.S. telecommunications networks about who Americans are communicating with, a senior FBI official told reporters during a briefing.

Nature: Millions of research articles are absent from major digital archives. This worrying finding, which Nature reported on earlier this year, was laid bare in a study by Martin Eve, who studies technology and publishing at Birkbeck, University of London. Eve sampled more than seven million articles with unique digital object identifiers (DOIs), a string of characters used to identify and link to specific publications, such as scholarly articles and official reports. Of these, he found that more than two million were 'missing' from archives -- that is, they were not preserved in major archives that ensure literature can be found in the future.

Eve, who is also a research developer at Crossref, an organization that registers DOIs, carried out the study in an effort to better understand a problem librarians and archivists already knew about -- that although researchers are generating knowledge at an unprecedented rate, it is not necessarily being stored safely for the future. One contributing factor is that not all journals or scholarly societies survive in perpetuity. For example, a 2021 study found that a lack of comprehensive and open archiving meant that 174 open-access journals, covering all major research topics and geographical regions, vanished from the web in the first two decades of this millennium.

A lack of long-term archiving particularly affects institutions in low- and middle-income countries, less-affluent institutions in rich countries and smaller, under-resourced journals worldwide. Yet it's not clear whether researchers, institutions and governments have fully taken the problem on board. [...] At the heart of the problem is a lack of money, infrastructure and expertise to archive digital resources. [...] For institutions that can afford it, one solution is to pay a preservation archive to safeguard content. Examples include Portico, based in New York City, and CLOCKSS, based in Stanford, California, both of which count a raft of publishers and libraries as customers.

British telecom Virgin Media O2 has deployed an AI tool to combat phone scammers by wasting their time with fake conversations, the company said. The AI system, named Daisy, uses voice synthesis to mimic an elderly woman and engages fraudsters in lengthy discussions about fictitious family members or provides false bank details, keeping them occupied for up to 40 minutes per call.

Virgin Media O2 embedded phone numbers connected to Daisy within scammer call lists targeting vulnerable individuals. The system, developed with help from anti-scam YouTuber Jim Browning, automatically transcribes incoming calls and generates responses without human intervention.

Further reading: Google Rolls Out Call Screening AI To Thwart Phone Fraudsters.

ZDNet's Steven Vaughan-Nichols reports: [...] At KubeCon North America 2024 this week, CNCF executive director Priyanka Sharma said in her keynote, "Patent trolls are not contributors or even adopters in our ecosystem. Instead, they prey on cloud-native adopters by abusing the legal system. We are here to tell the world that these patent trolls don't stand a chance because CNCF is uniting the ecosystem to deter them. Like a herd of musk oxen, we will run them off our pasture." CNCF CTO Chris Aniszczyk added: "The reason trolls can make money is that many companies find it too expensive to fight back, so they pay trolls a settlement fee to avoid the even higher cost of litigation. Now, when a whole herd of companies band together like musk oxen to drive a troll off, it changes the cost structure of fighting back. It disrupts their economic model."

How? Jim Zemlin, the Linux Foundation's executive director, said, "We don't negotiate with trolls. Instead, with United Patents, we go to the PTO and crush those patents. We strive to invalidate them by working with developers who have prior art, bringing this to the attention of the USPTO, and killing patents. No negotiation, no settlement. We destroy the very asset that made patent trolls' business work. Together, since we've started this effort, 90% of the time, we've been able to go in there and destroy these patents." "It's time for us to band together," said Joanna Lee, CNCF's VP of strategic programs and legal. "We encourage all organizations in our ecosystem to get involved. Join the fight, enhance your own company's protection, protect your customers, enhance our community defense, and save money on legal expenses."

While getting your company and its legal department involved in the effort to fend off patent trolls is important, developers can also help. CNCF announced the Cloud Native Heroes Challenge, a patent troll bounty program in which cloud-native developers and technologists can earn swag and win prizes. They're asking you to find evidence of preexisting technology -- referred to by patent lawyers as "prior art" -- that can kill off bad patents. This could be open-source documentation (including release notes), published standards or specifications, product manuals, articles, blogs, books, or any publicly available information. All entrants who submit an entry that conforms to the contest rules will receive a free "Cloud Native Hero" t-shirt that can be picked up at any future KubeCon+CloudNativeCon. The winner will also receive a $3,000 cash prize.

In the inaugural contest, the CNCF is seeking information that can be used to invalidate Claim 1 from US Patent US-11695823-B1. This is the major patent asserted by Edge Networking Systems against Kubernetes users. As is often the case with such patents, it's much too broad. This patent describes a network architecture that facilitates secure and flexible programmability between a user device and across a network with full lifecycle management of services and infrastructure applications. That describes pretty much any modern cloud system. If you can find prior art that describes such a system before June 13, 2013, you could be a winner. Some such materials have already been found. This is already listed in the "known references" tab of the contest information page and doesn't qualify. If you care about keeping open-source software easy and cheap to use -- or you believe trolls shouldn't be allowed to take advantage of companies that make or use programs -- you can help. I'll be doing some digging myself.

An anonymous reader quotes a report from Ars Technica: The classic PC games market is "in a sorry state," according to DRM-free and classic-minded storefront GOG. Small games that aren't currently selling get abandoned, and compatibility issues arise as technology moves forward or as one-off development ideas age like milk. Classic games are only 20 percent of GOG's catalog, and the firm hasn't actually called itself "Good Old Games" in 12 years. And yet, today, GOG announces that it is making "a significant commitment of resources" toward a new GOG Preservation Program. It starts with 100 games for which GOG's own developers are working to create current and future compatibility, keeping them DRM-free and giving them ongoing tech support, along with granting them a "Good Old Game: Preserved by GOG" stamp.

GOG is not shifting its mission of providing a DRM-free alternative to Steam, Epic, and other PC storefronts, at least not entirely. But it is demonstrably excited about a new focus that ties back to its original name, inspired in some part by its work on Alpha Protocol. "We think we can significantly impact the classics industry by focusing our resources on it and creating superior products," writes Arthur Dejardin, head of sales and marketing at GOG. "If we wanted to spread the DRM-free gospel by focusing on getting new AAA games on GOG instead, we would make little progress with the same amount of effort and money (we've been trying various versions of that for the last 5 years)."

What kind of games? Scanning the list of Good Old Games, most of them are, by all accounts, both good and old. Personally, I'm glad to see the Jagged Alliance games, System Shock 2, Warcraft I & II, Dungeon Keeper Gold and Theme Park, SimCity 3000 Unlimited, and the Wing Commander series (particularly, personally, Privateer). Most of them are, understandably, Windows-only, though Mac support extends to 34 titles so far, and Linux may pick up many more through Proton compatibility, beyond the 19 native titles to date. [...] [I]f you see the shiny foil-ish GOG badge on a game, it's an assurance that GOG has done all it can to bring forward a classic title. It's important work, too. "Preserving" games doesn't just mean locking a stable media in a vault, but keeping games accessible, and playable.

"The Rust trademark policy has been updated and a new draft is available to view," announced the Rust Foundation this week.

The last proposed trademark policy (in April of 2023) was criticized by open source advocate Bruce Perens in The Register as "far awry of fair use which is legally permitted." The Rust Foundation says this new version has "incorporated a number of suggestions from the Rust community," in a blog post that summarizes the feedback and enumerates specific ways it's been addressed: 1. We primarily plan to lean on community reports for enforcement and have no intention of spending our limited resources policing the work of small creators.

2. We have removed the non-legal language summary and instead have clarified wording throughout as best we can while keeping the policy valid.

3. The Rust trademark does not cover use of the word "Rust" in general and instead pertains to its use in relevant technical settings.

4. We have updated the logo usage policy. Color modifications are allowed.

5. The non-endorsement rule is about managing perception of official affiliation with the Foundation and Rust Project, and is thus subjective.

6. We removed restrictions on the use of "Rust" and "Cargo" in package names. The crates prefixes "rust-" and "cargo-" are no longer reserved to the Rust Project.

7. We will usually allow the community to use the marks on limited merchandise (more details in the updated draft)....

[T]he central purpose of these updates is to empower all Rustaceans to engage with the Rust language ecosystem more confidently. As a final step in this process, we invite you to review the updated policy and share any blocking concerns you might have... Thank you to everyone who weighed in with helpful suggestions on the initial trademark policy draft we shared. The level of engagement and passion within the Rust community is inspiring to all of us at the Rust Foundation.
The tech news site Heise Online writes "It is noticeable that the language is much clearer and dispenses with a lot of legal jargon," in a piece which argues the new draft "should calm the waves and create clarity." The new draft is not only formulated more simply, but is also significantly shorter. Some restrictions have been softened in the new rules or have disappeared completely...

Meanwhile, the Foundation has also adapted its logo so that it is clear which logo stands for the programming language and which for the Foundation. The use of the name Rust is explicitly permitted to identify projects that are either written in the programming language or are compatible with it...

Before the new trademark rules come into force, the Rust Foundation is collecting feedback on the current draft. The web form is open until November 20, 2024.

Friday "would have been his 38th birthday," writes the EFF, remembering Aaron Swartz as "a digital rights champion who believed deeply in keeping the internet open..." And they add that today the official web site for Aaron Swartz Day honored his memory with a special podcast "featuring those carrying on the work around issues close to his heart," including an appearance by Brewster Kahle, founder of the Internet Archive.

The first speaker is Ryan Shapiro, FOIA expert and co-founder of the national security transparency non-profit Property of the People. The Aaron Swartz Day site calls him "the researcher who discovered why the FBI had such an interest in Aaron in the years right before the JSTOR fiasco." (That web page calls it an "Al Qaeda phishing expedition that left Aaron with an 'International Terrorism Investigation' code in his FBI database file forever," as reported by Gizmodo.)

Other speakers on the podcast include:

• Nathan Dyer of SecureDrop, Newsroom Support Engineer for the Freedom of the Press Foundation with an update on SecureDrop

• Tracey Jaquith, Founding Coder and TV Architect at the Internet Archive, discussing "Microservices, Monoliths, and Operational Security — The Internet Archive in 2024."

• Tracy Rosenberg, co-founder of the Aaron Swartz Day Police Surveillance Project and Oakland Privacy, with "an update on the latest crop of surveillance battles."

• Ryan Sternlicht, VR developer, educator, researcher, advisor, and maker, on "The Next Layer of Reality: Social Identity and the New Creator Economy."

• Grant Smith Ellis, Chairperson of the Board, MassCann and Legal Intern at the Parabola Center, on "Jury Trials in the Age of Social Media."

• Michael "Mek" Karpeles, Open Library, Internet Archive, on "When it Rains at the Archive, Build an Ark — Book bans, Lawsuits, & Breaches."

The site also seeks to showcase SecureDrop and Open Library, projects started by Aaron before his death, as well as new projects "directly inspired by Aaron and his work."

With October's initial temperature data in, 2024 will rank as the first calendar year in modern record-keeping in which global average surface temperatures exceed the Paris Agreement's aspirational 1.5C guardrail. From a report:Holding long-term warming to the 1.5-degree target compared to the preindustrial era is crucial for lowering the risk of triggering climate change tipping points, beyond which potentially catastrophic impacts have a higher likelihood of occurring, studies show. Holding warming to that target is viewed as necessary for small island states and other extremely vulnerable nations to avoid being wiped out by sea level rise, drought and other threats.

The data -- and proxy records such as tree rings and ice cores -- shows this year is likely to be the hottest in at least 125,000 years. Right now, the world is on track for as much as 3.1C (5.58F) of warming based on already pledged emissions cuts, assuming they are fulfilled. Copernicus Climate Change Service reported early Thursday that the year is headed for a temperature anomaly of more than 1.55C (2.79F) above preindustrial levels. Last year fell just shy of the 1.5C threshold relative to the 1850-1900 average.

An anonymous reader shares a report: Tucked inside a 32-page earnings report, oil and gas giant BP revealed it was killing 18 early-stage hydrogen projects, a move that could have a chilling effect on the nascent hydrogen industry. The decision, along with the sale of the company's U.S. on-shore wind power operations, will save BP $200 million annually and help boost its bottom line. The hydrogen industry, which has relied on oil and gas companies both financially and through lobbying efforts, is preparing for a grimmer outcome.

BP has been a supporter of hydrogen. The company's venture capital arm has invested in several green hydrogen startups, including Electric Hydrogen and Advanced Ionics. Earlier this year, BP said it would develop "more than 10" hydrogen projects in the U.S., Europe, and Australia. Now, BP is scaling back those plans, saying it'll develop between five and ten projects. The company is keeping quiet about which ones will receive the green light.

NASA will rely on SpaceX's Crew Dragon for two crewed missions to the ISS in 2025 while evaluating whether Boeing's Starliner requires another test flight for certification. SpaceNews reports: In an Oct. 15 statement, NASA said it will use Crew Dragon for both the Crew-10 mission to the ISS, scheduled for no earlier than February 2025, and the Crew-11 mission scheduled for no earlier than July. Crew-10 will fly NASA astronauts Anne McClain and Nichole Ayers along with astronaut Takuya Onishi from the Japanese space agency JAXA and Roscosmos cosmonaut Kirill Peskov. NASA has not yet announced the crew for the Crew-11 mission.

Earlier this year, NASA had hoped that Boeing's CST-100 Starliner would be certified in time to fly the early 2025 mission. Problems with the Crew Flight Test mission, which launched in June with NASA astronauts Butch Wilmore and Suni Williams on board, led NASA to conclude in July that the spacecraft would not be certified in time. It delayed that Starliner-1 mission from February to August 2025, moving up Crew-10 to February. NASA also announced then that it would prepare Crew-11 in parallel with Starliner-1 for launch in that August 2025 slot. "The timing and configuration of Starliner's next flight will be determined once a better understanding of Boeing's path to system certification is established," NASA said in its statement about the 2025 missions. "NASA is keeping options on the table for how best to achieve system certification, including windows of opportunity for a potential Starliner flight in 2025."

An anonymous reader shared this report from Forbes: Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications.

However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. "Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company. While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete. "This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate — it's potentially damaging to the field's credibility...."

In fact, the Chinese paper in question, titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage, does not mention military-grade encryption, which typically involves algorithms like the Advanced Encryption Standard (AES). Instead, the paper is about attacking RSA encryption (RSA stands for Rivest-Shamir-Adleman, named after its creators)... While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large.

Moreover, the methods used involve a hybrid approach that combines quantum annealing with classical computation. This means that the quantum annealer handles part of the problem, but significant processing is still performed by classical algorithms. The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today.
Duncan Jones, Head of Cybersecurity at Quantinuum, tells Forbes that if China had actually broken AES — they'd be keeping it secret (rather than publicizing it in newspapers).