"A raft of articles have been retracted from publications including Business Insider and Wired in recent month," reports the Washington Post, "with links between them suggesting a possible broader scheme to pass off fake stories that these outlets now suspect were written using artificial intelligence." A Washington Post probe into the retractions found a connection between Onyeka Nwelue, the purported author of one of 38 essays removed this week by Business Insider, and someone using the name Margaux Blanchard, two of whose stories were previously removed by the same outlet. In recent months SFGate, Index on Censorship and Wired also retracted articles under the Blanchard byline, after it was identified as bogus by the British publication Press Gazette...

Business Insider Editor in Chief Jamie Heller explained to staff Tuesday in an email, obtained by The Post, that the report of a phony writer spurred a fuller investigation that turned up dozens of suspicious articles under various bylines. "We recently learned that a freelance contributor misrepresented their identity in two first-person essays written for Business Insider. As soon as this came to light, we took down the essays and began an investigation," Heller said. "As part of this process, we've removed additional first-person essays from the site due to concerns about the authors' identity or veracity. No news articles or videos were found to have this issue." On Tuesday Business Insider removed 38 pieces that had been published under bylines other than Blanchard. Business Insider deleted the author pages of 19 individuals, including Blanchard and Nwelue, and replaced their essays with editor's notes.

The website's investigation involved reviewing "tens of thousands of records," Business Insider spokesperson Ari Isaacman D'Angelo said in a statement to The Post. But it hadn't determined whether artificial intelligence was used to produce the yanked essays, she said, noting that AI-detection tools are often unreliable... Essays under [Nate] Giovanni's byline feature contradictory information. One piece, published in December 2024, refers to the author having two teenage daughters and a two-and-a-half-year-old son. Another, published three months later mentions two sons, aged eight and nine. Pieces that ran in May and July — about house-sitting around the world and applying to PhD programs — make no mention of a family at all...

On Aug. 21, Wired wrote a longer mea culpa about the article it published under Blanchard's name, with the headline "How WIRED Got Rolled by an AI Freelancer." "If anyone should be able to catch an AI scammer, it's WIRED," the publication wrote. ["In fact we do, all the time. Our editors receive transparently AI-generated pitches on a regular basis, and we reject them accordingly..."] "Unfortunately, one got through," referring to a story that ran under Blanchard's byline in May about two people who were married in the video game Minecraft.
The site Index on Censorship also published an article under the Blanchard byline about threats to journalists in Guatemala. "In the age of very intelligent AI it's clear we will have to look at things differently," the site's editor told the Washington Post.

The Post's article notes that one sign the pitches were AI-generated "is that while they sounded interesting, they featured details that were erroneous — including fictitious locales." Reached for a comment, one of the authors told the Post "Don't mention my name in your stupid article," claiming their acocunt was recently "compromised" (though their X.com account had also recently tweeted one of their articles.) But another author emailed the Post from their actual academic email address, saying they had no connection to the Gmail account The Post had been corresponding with. And here's how the person at that Gmail account responded to a follow-up query from the Post.

"What is one to do? With a few savvy prompts, AI could probably generate a 'long-lost' novel by Proust."

An anonymous reader quotes a report from The Register: Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings. Operational technology security firm Armis found and reported the 10 bugs to Copeland, which has since issued firmware updates that fix the flaws in both the E3 and the E2 controllers. The E2s reached their official end-of-life in October, and affected customers are encouraged to move to the newer E3 platform. Upgrading to Copeland firmware version 2.31F01 mitigates all the security issues detailed here, and the vendor recommends patching promptly.

In addition to the Copeland updates, the US Cybersecurity and Infrastructure Security Agency (CISA) is also scheduled to release advisories today, urging any organization that uses vulnerable controllers to patch immediately. Prior to these publications, Copeland and Armis execs spoke exclusively to The Register about Frostbyte10, and allowed us to preview an Armis report about the security issues. "When combined and exploited, these vulnerabilities can result in unauthenticated remote code execution with root privileges," it noted. [...] To be clear: there is no indication that any of these vulnerabilities were found and exploited in the wild before Copeland issued fixes. However, the manufacturer's ubiquitous reach across retail and cold storage makes it a prime target for all manner of miscreants, from nation-state attackers looking to disrupt the food supply chain to ransomware gangs looking for victims who will quickly pay extortion demands to avoid operational downtime and food spoilage.

"AI web crawlers are strip-mining the web in their perpetual hunt for ever more content to feed into their Large Language Model mills," argues Steven J. Vaughan-Nichols at the Register.

And "when AI searchbots, with Meta (52% of AI searchbot traffic), Google (23%), and OpenAI (20%) leading the way, clobber websites with as much as 30 Terabits in a single surge, they're damaging even the largest companies' site performance..." How much traffic do they account for? According to Cloudflare, a major content delivery network (CDN) force, 30% of global web traffic now comes from bots. Leading the way and growing fast? AI bots... Anyone who runs a website, though, knows there's a huge, honking difference between the old-style crawlers and today's AI crawlers. The new ones are site killers. Fastly warns that they're causing "performance degradation, service disruption, and increased operational costs." Why? Because they're hammering websites with traffic spikes that can reach up to ten or even twenty times normal levels within minutes.

Moreover, AI crawlers are much more aggressive than standard crawlers. As the InMotionhosting web hosting company notes, they also tend to disregard crawl delays or bandwidth-saving guidelines and extract full page text, and sometimes attempt to follow dynamic links or scripts. The result? If you're using a shared server for your website, as many small businesses do, even if your site isn't being shaken down for content, other sites on the same hardware with the same Internet pipe may be getting hit. This means your site's performance drops through the floor even if an AI crawler isn't raiding your website...

AI crawlers don't direct users back to the original sources. They kick our sites around, return nothing, and we're left trying to decide how we're to make a living in the AI-driven web world. Yes, of course, we can try to fend them off with logins, paywalls, CAPTCHA challenges, and sophisticated anti-bot technologies. You know one thing AI is good at? It's getting around those walls. As for robots.txt files, the old-school way of blocking crawlers? Many — most? — AI crawlers simply ignore them... There are efforts afoot to supplement robots.txt with llms.txt files. This is a proposed standard to provide LLM-friendly content that LLMs can access without compromising the site's performance. Not everyone is thrilled with this approach, though, and it may yet come to nothing.

In the meantime, to combat excessive crawling, some infrastructure providers, such as Cloudflare, now offer default bot-blocking services to block AI crawlers and provide mechanisms to deter AI companies from accessing their data.

"Some joyless ne'er-do-well has loosed a botnet on the community-driven Arch Linux distro," reports the Register, with a distributed denial of service (DDoS) attack that apparently started a week ago.

Arch maintainer Cristian Heusel announced Thursday on the project's web site that the attack "primarily impacts our main webpage, the Arch User Repository (AUR), and the Forums." We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards... As a volunteer-driven project, we appreciate the community's patience as our DevOps team works to resolve these issues.
A status update Friday acknowledged "we are suffering from partial outages." The Register reports: The attack comes as the project has been enjoying a boost in mainstream success. The distro was picked by Valve to underpin the SteamOS software running on its Steam Deck handheld gaming gadget, with the company providing the project with funding for further development. Late last year, a new version of the archinstall tool was released, with a view to making the system more friendly to newcomers...

For now, the Arch team is working to mitigate the attack's impact, which highlights a bootstrapping issue. Tools designed to shift traffic to mirrors in the event the main infrastructure is unavailable rely on a mirror list obtained from that same main infrastructure, with Heusel advising that users should "default to the mirrors listed in the pacman-mirrorlist package" if tools like reflector fail. Installation media can be downloaded from a range of mirrors, too, but should be checked against the project's official signing key before being trusted.

British telecommunications service provider Colt Telecom "has offices in over 30 countries across North America, Europe, and Asia, reports CPO magazine. "It manages nearly 1,000 data centers and roughly 75,000 km of fiber infrastructure."

But now "a cyber attack has caused widespread multi-day service disruption..." On August 14, 2025, the telecom giant said it had detected a cyber attack that began two days earlier, on August 12. Upon learning of the cyber intrusion, the telecommunications service provider responded by proactively taking some systems offline to contain the cyber attack. Although Colt Telecom's cyber incident response team was working around the clock to mitigate the impacts of the cyber attack, service disruption has persisted for days. However, the service disruption did not affect the company's core network infrastructure, suggesting that Colt customers could still access its network services... The company also did not provide a clear timeline for resolving the service disruption. A week after the apparent ransomware attack, Colt Online and the Voice API platform remained unavailable.
And now Colt Technology Services "confirms that customer documentation was stolen," reports the tech news site BleepingComputer: "A criminal group has accessed certain files from our systems that may contain information related to our customers and posted the document titles on the dark web," reads an updated security incident advisory on Colt's site.

"We understand that this is concerning for you."

"Customers are able to request a list of filenames posted on the dark web from the dedicated call centre."

As first spotted by cybersecurity expert Kevin Beaumont, Colt added the no-index HTML meta tag to the web page, making it so it won't be indexed by search engines.

This statement comes after the Warlock Group began selling on the Ramp cybercrime forum what they claim is 1 million documents stolen from Colt. The documents are being sold for $200,000 and allegedly contain financial information, network architecture data, and customer information... The Warlock Group (aka Storm-2603) is a ransomware gang attributed to Chinese threat actors who utilize the leaked LockBit Windows and Babuk VMware ESXi encryptors in attacks... Last month, Microsoft reported that the threat actors were exploiting a SharePoint vulnerability to breach corporate networks and deploy ransomware.
"Colt is not the only telecom firm that has been named by WarLock on its leak website in recent days," SecurityWeek points out. "The cybercriminals claim to have also stolen data from France-based Orange."

Thanks to long-time Slashdot reader Z00L00K for sharing the news.

spatwei shares a report from SC Media: Just as it had at BSides Las Vegas earlier in the week, the risks of artificial intelligence dominated the Black Hat USA 2025 security conference on Aug. 6 and 7. We couldn't see all the AI-related talks, but we did catch three of the most promising ones, plus an off-site panel discussion about AI presented by 1Password. The upshot: Large language models and AI agents are far too easy to successfully attack, and many of the security lessons of the past 25 years have been forgotten in the current rush to develop, use and profit from AI.

We -- not just the cybersecurity industry, but any organization bringing AI into its processes -- need to understand the risks of AI and develop ways to mitigate them before we fall victim to the same sorts of vulnerabilities we faced when Bill Clinton was president. "AI agents are like a toddler. You have to follow them around and make sure they don't do dumb things," said Wendy Nather, senior research initiatives director at 1Password and a well-respected cybersecurity veteran. "We're also getting a whole new crop of people coming in and making the same dumb mistakes we made years ago." Her fellow panelist Joseph Carson, chief security evangelist and advisory CISO at Segura, had an appropriately retro analogy for the benefits of using AI. "It's like getting the mushroom in Super Mario Kart," he said. "It makes you go faster, but it doesn't make you a better driver." Many of the AI security flaws resemble early web-era SQL injection risks. "Why are all these old vulnerabilities surfacing again? Because the GenAI space is full of security bad practices," said Nathan Hamiel, senior director of research and lead prototyping engineer at Kudelski Security. "When you deploy these tools, you increase your attack surface. You're creating vulnerabilities where there weren't any."

"Generative AI is over-scoped. The same AI that answers questions about Shakespeare is helping you develop code. This over-generalization leads you to an increased attack surface." He added: "Don't treat AI agents as highly sophisticated, super-intelligent systems. Treat them like drunk robots."

"Benchmarking firm Artificial Analysis found that only five of the top 15 AI models are open source," reports the Washington Post, "and all were developed by Chinese AI companies...."

"Now some American executives, investors and academics are endorsing a plan to make U.S. open-source AI more competitive." A new campaign called the ATOM Project, for American Truly Open Models, aims to create a U.S.-based AI lab dedicated to creating software that developers can freely access and modify. Its blueprint calls for access to serious computing power, with upward of 10,000 of the cutting-edge GPU chips used to power corporate AI development. The initiative, which launched Monday, has gathered signatures of support from more than a dozen industry figures. They include veteran tech investor Bill Gurley; Clement Delangue, CEO of Hugging Face, a repository for open-source AI models and datasets; Stanford professor and AI investor Chris Manning; chipmaker Nvidia's director of applied research, Oleksii Kuchaiev; Jason Kwon, chief strategy officer for OpenAI; and Dylan Patel, CEO and founder of research firm SemiAnalysis...

The lack of progress in open-source AI underscores the case for initiatives like ATOM: The U.S. has not produced a major new open-source AI release since Meta's launch of its Llama 4 model in April, which disappointed some AI experts... "A lot of it is a coordination problem," said ATOM's creator, Nathan Lambert, a senior research scientist at the nonprofit Allen Institute for AI who is launching the project in a personal capacity... Lambert said the idea was to develop much more powerful open-source AI models than existing U.S. efforts such as Bloom, an AI language model from Hugging Face, Pythia from EleutherAI, and others. Those groups were willing to take on more legal risk in the name of scientific progress but suffered from underfunding, said Lambert, who has worked at Google's DeepMind AI lab, Facebook AI Research and Hugging Face.

The other problem? The hefty cost of top-performing AI. Lambert estimates that getting access to 10,000 state-of-the-art GPUs will cost at least $100 million. But the funding must be found if American efforts are to stay competitive, he said.
The initiative's web page is seeking signatures, but also asks visitors to the site to "consider how your expertise or resources might contribute to building the infrastructure America needs."

It's a cultural milestone. Fiverr just released an ad mocking vibe coding.

The video features what its description calls a "clueless entrepreneur" building an app to tell if an avocado is ripe — who soon ends up blissfully singing with an avocado to the tune of the cheesy 1987 song "Nothing's Gonna Stop Us Now." The avocado sings joyously of "a new app on the rise in a no-code world that's too good to be true" (rhyming that with "So close. Just not tested through...")

"Let them say we're crazy. I don't care about bugs!" the entrepreneur sings back. "Built you in a minute, now I'm so high off this buzz..."

But despite her singing to the overripe avocado that "I don't need a backend if I've got the spark!" and that they can "build this app together, vibe-coding forever. Nothing's going to stop us now!" — the build suddenly fails. (And it turns out that avocado really was overripe...) Fiverr then suggests viewers instead hire one of their experts for building their apps...

The art/design site Creative Bloq acknowledges Fiverr "flip-flopping between scepticism and pro-AI marketing." (They point out a Fiverr ad last November had ended with the tagline "Nobody cares that you use AI! They care about the results — for the best ones higher Fiverr experts who've mastered every digital skill including AI.") But the site calls this new ad "a step in the right direction towards mindful AI usage." Just like an avocado that looks perfect on the outside, once you inspect the insides, AI-generated code can be deceptively unripe.
Fiverr might be feeling the impact of vibecoding themselves. The freelancing web site saw the company's share price fall over 14% this week, with one Yahoo! Finance site saying this week's quarterly results revealed Fiverr's active buyers dropped 10.9% compared to last year — a decrease of 3.4 million buyers which "overshadowed a 9.8% increase in spending per buyer."

Even when issuing a buy recommendation, Seeking Alpha called it "a short-term rebound play, as the company faces longer-term risks from AI and active buyer churn."

An anonymous reader quotes a report from Wired: An airline leaving all of its passengers' travel records vulnerable to hackers would make an attractive target for espionage. Less obvious, but perhaps even more useful for those spies, would be access to a premium travel service that spans 10 different airlines, left its own detailed flight information accessible to data thieves, and seems to be favored by international diplomats. That's what one team of cybersecurity researchers found in the form of Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr's website allowed them to access virtually all of those users' personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US.

Airportr's CEO Randel Darby confirmed CyberX9's findings in a written statement provided to WIRED but noted that Airportr had disabled the vulnerable part of its site's backend very shortly after the researchers made the company aware of the issues last April and fixed the problems within a few day. "The data was accessed solely by the ethical hackers for the purpose of recommending improvements to Airportr's security, and our prompt response and mitigation ensured no further risk," Darby wrote in a statement. "We take our responsibilities to protect customer data very seriously." CyberX9's researchers, for their part, counter that the simplicity of the vulnerabilities they found mean that there's no guarantee other hackers didn't access Airportr's data first. They found that a relatively basic web vulnerability allowed them to change the password of any user to gain access to their account if they had just the user's email address -- and they were also able to brute-force guess email addresses with no rate limitations on the site. As a result, they could access data including all customers' names, phone numbers, home addresses, detailed travel plans and history, airline tickets, boarding passes and flight details, passport images, and signatures.

By gaining access to an administrator account, CyberX9's researchers say, a hacker could also have used the vulnerabilities it found to redirect luggage, steal luggage, or even cancel flights on airline websites by using Airportr's data to gain access to customer accounts on those sites. The researchers say they could also have used their access to send emails and text messages as Airportr, a potential phishing risk. Airportr tells WIRED that it has 92,000 users and claims on its website that it has handled more than 800,000 bags for customers. [...] The researchers found that they could monitor their browser's communications as they signed up for Airportr and created a new password, and then reuse an API key intercepted from those communications to instead change another user's password to anything they chose. The site also lacked a "rate limiting" security measure that would prevent automated guesses of email addresses to rapidly change the password of every user's account. And the researchers were also able to find email addresses of Airportr administrators that allowed them to take over their accounts and gain their privileges over the company's data and operations. "Anyone would have been able to gain or might have gained absolute super-admin access to all the operations and data of this company," says Himanshu Pathak, CyberX9's founder and CEO. "The vulnerabilities resulted in complete confidential private information exposure of all airline customers in all countries who used the service of this company, including full control over all the bookings and baggage. Because once you are the super-admin of their most sensitive systems, you have have the ability to do anything."

A Brussels court has issued an unusually broad site-blocking order targeting Internet Archive's Open Library alongside shadow libraries including Anna's Archive, Libgen, and Z-Library. The order, requested by publishing and author organizations, directs an unprecedented range of intermediaries to take action beyond traditional ISP blocks.

Search engines, DNS resolvers, advertisers, domain name services, CDNs, hosting companies, and payment processors -- including Google, Microsoft, Cloudflare, Amazon Web Services, PayPal, and Starlink -- must restrict access to the targeted sites. The court found "clear and significant infringement" in the ex parte proceeding.

Since 2010 Stack Exchange has run all its sites on physical hardware in New Jersey — about 50 different servers. (When Ryan Donovan joined in 2019, "I saw the original server mounted on a wall with a laudatory plaque like a beloved pet.") But this month everything moved to the cloud, a new blog post explains. "Our servers are now cattle, not pets. Nobody is going to have to drive to our New Jersey data center and replace or reboot hardware..." Over the years, we've shared glamor shots of our server racks and info about updating them. For almost our entire 16-year existence, the SRE team has managed all datacenter operations, including the physical servers, cabling, racking, replacing failed disks and everything else in between. This work required someone to physically show up at the datacenter and poke the machines... [O]n July 2nd, in anticipation of the datacenter's closure, we unracked all the servers, unplugged all the cables, and gave these once mighty machines their final curtain call...

We moved Stack Overflow for Teams to Azure in 2023 and proved we could do it. Now we just had to tackle the public sites (Stack Overflow and the Stack Exchange network), which is hosted on Google Cloud. Early last year, our datacenter vendor in New Jersey decided to shut down that location, and we needed to be out by July 2025. Our other datacenter — in Colorado — was decommissioned in June. It was primarily for disaster recovery, which we didn't need any more. Stack Overflow no longer has any physical datacenters or offices; we are fully in the cloud and remote...!

[O]ur Staff Site Reliability Engineer, got a little wistful. "I installed the new web tier servers a few years ago as part of planned upgrades," he said. "It's bittersweet that I'm the one deracking them also." It's the IT version of Old Yeller.
There's photos of the 50 servers, as well as the 400+ cables connecting them, all of which wound up in a junk pile. "For security reasons (and to protect the PII of all our users and customers), everything was being shredded and/or destroyed. Nothing was being kept... Ever have difficulty disconnecting an RJ45 cable? Well, here was our opportunity to just cut the damn things off instead of figuring out why the little tab wouldn't release the plug."

ABC News reports: Dialogue heard on a cockpit voice recording indicates that the captain of the Air India flight that crashed in June, killing 260 people, may have turned off the fuel just after takeoff, prompting the first officer to panic, according to The Wall Street Journal, which cited sources familiar with U.S. official's early assessment... The president of the Federation of Indian Pilots condemned the Wall Street Journal report, saying, "The preliminary report nowhere states that the pilots have moved the fuel control switches, and this has been corroborated by the CVR [cockpit voice recorder] recording."
But meanwhile "India on Monday ordered its airlines to examine fuel switches on several Boeing aircraft models," reports Reuters, "while South Korea ordered a similar measure on Tuesday, as scrutiny intensified of fuel switch locks at the centre of an investigation into a deadly Air India crash." The precautionary moves by the two countries and airlines in several others came despite the planemaker and the U.S. Federal Aviation Administration assuring airlines and regulators in recent days that the fuel switch locks on Boeing jets are safe... [The preliminary report] noted a 2018 advisory from the FAA, which recommended, but did not mandate, operators of several Boeing models, including the 787, to inspect the locking feature of fuel cutoff switches to ensure they could not be moved accidentally... Some airlines around the world told Reuters they had been checking relevant switches since 2018 in accordance with the FAA advisory, including Australia's Qantas Airways. Others said they had made additional or new checks since the release of the preliminary report into the Air India crash.
The web site of India's Financial Express newspaper spoke to Mary Schiavo, who was Inspector General of America's Transportation Department from 1990 to 1996 (and is also a long-time critic of the FAA). The site notes Schiavo "rejected the claims of human error that a pilot downed the Ahmedabad to London flight by cutting off the fuel supply." Schiavo exclusively told FinancialExpress.com that this is not the first time fuel switch transitioned from "Run" to "Cutoff" on its own. It happened five years ago, too. "There was an All Nippon Airways (ANA) flight in 2019 in which the 787 aircraft did this itself, while the flight was on final approach. No pilot input cutting off the fuel whatsoever," Schiavo told FinancialExpress.com... "The investigation revealed the plane software made the 787 think it was on the ground and the Thrust Control Malfunction Accommodation System cut the fuel to the engines," she told FinancialExpress.com, before adding, "The pilots never touched the fuel cutoff..." Both engines flamed out immediately after the pilot deployed the thrust reversers for landing. The aircraft, which was also a Boeing 787 Dreamliner, was towed away from the runway by the authorities, and no injuries were reported.

UK Civil Aviation Authority, four weeks before the crash, had warned about similar fuel system issues on Boeing aircraft [on May 15, 2025]. "The FAA has issued an Airworthiness Directive addressing a potential unsafe condition affecting fuel shutoff valves installed on Boeing aircraft," the UK regulator's notice read, listing the B737, B757, B767, B777 and B787...

Thrust Control Malfunction Accommodation informs FADEC [a digital computer] about whether the aircraft is on the ground or in the air, and if it believes the aircraft is on the ground, it may automatically throttle back the engines, without the pilot's input.
Reuters notes that the Air India crash preliminary report "said maintenance records showed that the throttle control module, which includes the fuel switches, was replaced in 2019 and 2023 on the plane involved in the crash."

Thanks to long-time Slashdot reader wired_parrot for sharing the news.

"Commodore has returned from a parallel timeline where tech stayed optimistic, inviting, and human," explains the official web site for "the first real Commodore computer in over 30 years..." You can check out an ad for it here. "Not an emulator. Not a PC... Powered by a FPGA recreation of the original motherboard, wrapped in glowing game-reactive LEDs (or classic beige of course)."

Fast Company calls it "a $299 device that its makers claim is compatible with over 10,000 retro games, cartridges, and peripherals." In a YouTube video posted last month, "Peri Fractic" said he'd purchased the company for "a low seven-figure sum," and said he'd recruited several former Commodore employees to help relaunch the brand. The new C64s are expected to begin shipping as early as October, though that date could slip... There are three models to choose from, all with the same internal components. If you were expecting a vastly outdated machine, however, you're in for a surprise. The Commodore 64 Ultimate will include 128 megabytes of RAM and 16 megabytes of flash memory. It connects to modern monitors via HDMI in high-definition 1080p resolution and features three USB-A ports and one USB-C port. Beyond the computer itself, the power source, and HDMI cable, your $299 also gets you a spiral-bound user guide, a 64-gigabyte USB drive featuring over 50 licensed games, a quick-start guide, and stickers.

Aesthetically, the Commodore 64 Ultimate is available in the original beige or in premium variants: the Starlight Edition, with a clear case and LED lights ($249), or the Founder's Edition, which includes 24-karat gold-plated badges, satin gold keys, and a translucent amber case ($499). Just 6,400 units of the Founder's Edition will be produced, according to the company. The preorder setup resembles a Kickstarter campaign, though it doesn't use that platform. Commodore says all preorders come with a money-back guarantee, but it chose to skip the service's fees. Buyers should be aware that accounts are charged at the time of preorder...

The product will come with a one-year limited warranty, and Commodore says most parts are already in production, including the updated motherboard, the case, and the keycaps that recreate the blocky keys that early users remember.

The Verge's Emma Roth reports: The News/Media Alliance, a trade association behind major news publishers, announced that it has "successfully secured" the removal of 12ft.io, a website that helped users bypass paywalls online. The trade association says 12ft.io's webhost took down the site on July 14th "following the News/Media Alliance's efforts." 12ft.io -- or 12 Foot Ladder -- also allowed users to view webpages without ads, trackers, or pop-ups by disguising a user's browser as a web crawler, giving them unfettered access to a webpage's contents. Software engineer Thomas Millar says he created the site when he realized "8 of the top 10 links on Google were paywalled" when doing research during the pandemic. [...]

In its announcement, News/Media Alliance says 12ft.io "offered illegal circumvention technology" that allowed users to access copyrighted content without paying for it. The organization adds that it will take "similar actions" against other sites that let users get around paywalls. The News Media Alliance recently called Google's AI Mode "theft." (Like many chatbots, Google's AI Mode eliminates the need to visit a website, starving publishers of the pageviews they need to be compensated for their work.) "Publishers commit significant resources to creating the best and most informative content for consumers, and illegal tools like 12ft.io undermine their ability to financially support that work through subscriptions and ad revenue," News/Media Alliance president and CEO Danielle Coffey said in the press release. "Taking down paywall bypassers is an essential part of ensuring we have a healthy and sustainable information ecosystem."

HGP Storage is a (real) Texas company providing distributed battery-based, utility-scale energy storage systems. Founded in 2013, it has "successfully developed over 20+ sites and closed over 200 MW of distributed energy projects," according to its web site.

And they just teamed up with Enron, reports the Houston Chronicle: The company that took over the defunct Enron brand, led by a "Birds Aren't Real" cofounder [28-year-old Connor Gaydos], held a mostly satirical quarterly earnings call Thursday afternoon but gave updates to an application to become a legitimate Texas energy provider... DJ Withee, chief operating officer and legal counsel at HGP Storage, a company developing utility-scale battery storage farms, was introduced as Enron's vice president of energy service. Withee said he was brought on by Gaydos to set up the customer-facing energy services business.

Enron Energy Texas LLC, a subsidiary of Enron, filed to become a Texas retail electric provider in January. Gaining this designation would allow Enron to sell electricity plans to Texas consumers. "Our business model is actually going to be very simple," Withee said. "We buy wholesale electricity, just like everybody else, but because of our efficiency, because of our use of technology, we are going to have lower costs than our competitors. Lower costs means greater savings that we can pass back to our customers...." According to Withee, Enron's goal is to provide energy at a competitive lower cost that will not only make energy more accessible but also push other Texas retail companies to drop their own prices...

Enron's filing in January included sworn and notarized affidavits from a man named Gregory Forero, who was identified in the documents as vice president of Enron Texas Energy LLC. Forero is the founder and CEO of HGP Storage.
"Forero, who signed his name to three sworn affidavits attesting to the accuracy of the application, could risk perjury charges if the statements of intention to start a legitimate retail electric company are found to be false, according to the Texas Penal Code..."

But does this replace Enron's plan to sell egg-shaped home nuclear reactors?

"Firefox is dead to me," wrote Steven J. Vaughan-Nichols last month for The Register, complaining about everything from layoffs at Mozilla to Firefox's discontinuation of Pocket and Fakespot, its small market share, and some user complaints that the browser might be becoming slower. But a new rebuttal (also published by The Register) argues instead that Mozilla just has "a management layer that doesn't appear to understand what works for its product nor which parts of it matter most to users..."

"Steven's core point is correct. Firefox is in a bit of a mess — but, seriously, not such a bad mess. You're still better off with it — or one of its forks, because this is FOSS — than pretty much any of the alternatives." Like many things, unfortunately, much of computing is run on feelings, tradition, and group loyalties, when it should use facts, evidence, and hard numbers. Don't bother saying Firefox is getting slower. It's not. It's faster than it has been in years. Phoronix, the go-to site for benchmarks on FOSS stuff, just benchmarked 21 versions, and from late 2023 to now, Firefox has steadily got faster and faster...

Ever since Firefox 1.0 in 2004, Firefox has never had to compete. It's been attached like a mosquito to an artery to the Google cash firehose... Mozilla's leadership is directionless and flailing because it's never had to do, or be, anything else. It's never needed to know how to make a profit, because it never had to make a profit. It's no wonder it has no real direction or vision or clue: it never needed them. It's role-playing being a business. Like we said, don't blame the app. You're still better off with Firefox or a fork such as Waterfox. Chrome even snoops on you when in incognito mode...

One observer has been spectating and commentating on Mozilla since before it was a foundation — one of its original co-developers, Jamie Zawinksi... Zawinski has repeatedly said: "Now hear me out, but What If...? browser development was in the hands of some kind of nonprofit organization?"

"In my humble but correct opinion, Mozilla should be doing two things and two things only:

— Building THE reference implementation web browser, and
— Being a jugular-snapping attack dog on standards committees.
— There is no 3."


Perhaps this is the only viable resolution. Mozilla, for all its many failings, has invented a lot of amazing tech, from Rust to Servo to the leading budget phone OS. It shouldn't be trying to capitalize on this stuff. Maybe encourage it to have semi-independent spinoffs, such as Thunderbird, and as KaiOS ought to be, and as Rust could have been. But Zawinski has the only clear vision and solution we've seen yet. Perhaps he's right, and Mozilla should be a nonprofit, working to fund the one independent, non-vendor-driven, standards-compliant browser engine.

The advocacy group Free Press on Friday blasted America's Federal Communications Commission chief "for an order that rips net neutrality rules off the books, without any time for public comment, following an unfavorable court ruling," reports the nonprofit progressive news site Common Dreams: A panel from the U.S. Court of Appeals for the 6th Circuit ruled in January that broadband is an "information service" instead of a "telecommunications service" under federal law, and the FCC did not have the authority to prohibit internet service providers (ISPs) from creating online "fast lanes" and blocking or throttling web content... FCC Chair Brendan Carr said in a Friday statement that as part of his "Delete, Delete, Delete" initiative, "we're continuing to clean house at the FCC, working to identify and eliminate rules that no longer serve a purpose, have been on our books for decades, and have no place in the current Code of Federal Regulations...."

Responding in a lengthy statement, Free Press vice president of policy and general counsel Matt Wood said that "the FCC's so-called deletion today is little more than political grandstanding. It's true that the rules in question were first stayed by the 6th Circuit and then struck down by that appellate court — in a poorly reasoned opinion. So today's bookkeeping maneuver changes very little in reality... There's no need to delete currently inoperative rules, much less to announce it in a summer Friday order. The only reason to do that is to score points with broadband monopolies and their lobbyists, who've fought against essential and popular safeguards for the past two decades straight...."

Wood noted that "the appeals process for this case has not even concluded yet, as Free Press and allies sought and got more time to consider our options at the Supreme Court. Today's FCC order doesn't impact either our ability to press the case there or our strategic considerations about whether to do so," he added. "It's little more than a premature housekeeping step..."

An anonymous reader quotes a report from 404 Media: For someone who says she is fighting AI bot scrapers just in her free time, Xe Iaso seems to be putting up an impressive fight. Since she launched it in January, Anubis, a "program is designed to help protect the small internet from the endless storm of requests that flood in from AI companies," has been downloaded nearly 200,000 times, and is being used by notable organizations including GNOME, the popular open-source desktop environment for Linux, FFmpeg, the open-source software project for handling video and other media, and UNESCO, the United Nations organization for educations, science, and culture. [...]

"Anubis is an uncaptcha," Iaso explains on her site. "It uses features of your browser to automate a lot of the work that a CAPTCHA would, and right now the main implementation is by having it run a bunch of cryptographic math with JavaScript to prove that you can run JavaScript in a way that can be validated on the server." Essentially, Anubis verifies that any visitor to a site is a human using a browser as opposed to a bot. One of the ways it does this is by making the browser do a type of cryptographic math with JavaScript or other subtle checks that browsers do by default but bots have to be explicitly programmed to do. This check is invisible to the user, and most browsers since 2022 are able to complete this test. In theory, bot scrapers could pretend to be users with browsers as well, but the additional computational cost of doing so on the scale of scraping the entire internet would be huge. This way, Anubis creates a computational cost that is prohibitively expensive for AI scrapers that are hitting millions and millions of sites, but marginal for an individual user who is just using the internet like a human.

Anubis is free, open source, lightweight, can be self-hosted, and can be implemented almost anywhere. It also appears to be a pretty good solution for what we've repeatedly reported is a widespread problem across the internet, which helps explain its popularity. But Iaso is still putting a lot of work into improving it and adding features. She told me she's working on a non cryptographic challenge so it taxes users' CPUs less, and also thinking about a version that doesn't require JavaScript, which some privacy-minded disable in their browsers. The biggest challenge in developing Anubis, Iaso said, is finding the balance. "The balance between figuring out how to block things without people being blocked, without affecting too many people with false positives," she said. "And also making sure that the people running the bots can't figure out what pattern they're hitting, while also letting people that are caught in the web be able to figure out what pattern they're hitting, so that they can contact the organization and get help. So that's like, you know, the standard, impossible scenario."

The Free Software Foundation's services face "ongoing (and increasing) distributed denial of service (DDoS) attacks," senior systems administrator Ian Kelling wrote Wednesday. But "Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins."

"We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue." Our infrastructure has been under attack since August 2024. Large Language Model (LLM) web crawlers have been a significant source of the attacks, and as for the rest, we don't expect to ever know what kind of entity is targeting our sites or why.

- In the fall Bulletin, we wrote about the August attack on gnu.org. That attack continues, but we have mitigated it. Judging from the pattern and scope, the goal was likely to take the site down and it was not an LLM crawler. We do not know who or what is behind the attack, but since then, we have had more attacks with even higher severity.

- To begin with, GNU Savannah, the FSF's collaborative software development system, was hit by a massive botnet controlling about five million IPs starting in January. As of this writing, the attack is still ongoing, but the botnet's current iteration is mitigated. The goal is likely to build an LLM training dataset. We do not know who or what is behind this.

- Furthermore, gnu.org and ftp.gnu.org were targets in a new DDoS attack starting on May 27, 2025. Its goal seems to be to take the site down. It is currently mitigated. It has had several iterations, and each has caused some hours of downtime while we figured out how to defend ourselves against it. Here again, the goal was likely to take our sites down and we do not know who or what is behind this.

- In addition, directory.fsf.org, the server behind the Free Software Directory, has been under attack since June 18. This likely is an LLM scraper designed to specifically target Media Wiki sites with a botnet. This attack is very active and now partially mitigated...

Even though we are under active attack, gnu.org, ftp.gnu.org, and savannah.gnu.org are up with normal response times at the moment, and have been for the majority of this week, largely thanks to hard work from the Savannah hackers Bob, Corwin, and Luke who've helped us, your sysadmins. We've shielded these sites for almost a full year of intense attacks now, and we'll keep on fighting these attacks for as long as they continue.
The full-time FSF tech staff is just two systems administrators, "and we currently lack the funds to hire more tech staff any time soon," Kelling points out. Kelling titled his post "our small team vs millions of bots," suggesting that supporters purchase FSF memberships "to improve our staffing situation... Can you join us in our crucial work to guard user freedom and defy dystopia?"

Kelling also points out they're also facing "run-of-the-mill standard crawlers, SEO crawlers, crawlers pretending to be normal users, crawlers pretending to be other crawlers, uptime systems, vulnerability scanners, carrier-grade network address translation, VPNs, and normal browsers hitting our sites..."

"Some of the abuse is not unique to us, and it seems that the health of the web has some serious problems right now."

Interesting Engineering reports: Astral Systems, a UK-based private commercial fusion company, has claimed to have become the first firm to successfully breed tritium, a vital fusion fuel, using its own operational fusion reactor. This achievement, made with the University of Bristol, addresses a significant hurdle in the development of fusion energy....

Scientists from Astral Systems and the University of Bristol produced and detected tritium in real-time from an experimental lithium breeder blanket within Astral's multi-state fusion reactors. "There's a global race to find new ways to develop more tritium than what exists in today's world — a huge barrier is bringing fusion energy to reality," said Talmon Firestone, CEO and co-founder of Astral Systems. "This collaboration with the University of Bristol marks a leap forward in the search for viable, greater-than-replacement tritium breeding technologies. Using our multi-state fusion technology, we are the first private fusion company to use our reactors as a neutron source to produce fusion fuel."

Astral Systems' approach uses its Multi-State Fusion (MSF) technology. The company states this will commercialize fusion power with better performance, efficiency, and lower costs than traditional reactors. Their reactor design, the result of 25 years of engineering and over 15 years of runtime, incorporates recent understandings of stellar physics. A core innovation is lattice confinement fusion (LCF), a concept first discovered by NASA in 2020. This allows Astral's reactor to achieve solid-state fuel densities 400 million times higher than those in plasma. The company's reactors are designed to induce two distinct fusion reactions simultaneously from a single power input, with fusion occurring in both plasma and a solid-state lattice.
The article includes this quote from professor Tom Scott, who led the University of Bristol's team, supported by the Royal Academy of Engineering and UK Atomic Energy Authority. "This landmark moment clearly demonstrates a potential path to scalable tritium production in the future and the capability of Multi-State Fusion to produce isotopes in general."

And there's also this prediction from the company's web site: "As we progress the fusion rate of our technology, aiming to exceed 10 trillion DT fusions per second per system, we unlock a wide range of applications and capabilities, such as large-scale medical isotope production, fusion neutron materials damage testing, transmutation of existing nuclear waste stores, space applications, hybrid fusion-fission power systems, and beyond."
"Scientists everywhere are racing to develop this practically limitless form of energy," write a climate news site called The Cooldown. (Since in theory nuclear fusion "has an energy output four times higher than that of fission, according to the International Atomic Energy Agency.")

Thanks to long-time Slashdot reader fahrbot-bot for sharing the news.