Forgot your password?
Close
typodupeerror

Submission + - Elon Musk just spent $185 million on a mysterious AI data center deal in Memphis (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: Elon Muskâ(TM)s AI ambitions appear to be getting even bigger after a mysterious SpaceX subsidiary reportedly bought the Colossus I xAI data center property in Memphis for $185 million. The 217-acre facility, already tied to xAI operations, represents another sign that the AI arms race is increasingly becoming a battle over physical infrastructure rather than just software models. GPUs, power delivery, cooling, networking, and datacenter ownership are quickly becoming strategic assets as companies race to scale AI systems.

Oddly, the press release never identifies which SpaceX subsidiary actually purchased the property. It also refers to âoeX-AIâ as a subsidiary of SpaceX, which is not how xAI has traditionally been described publicly. Whether that wording reflects legal restructuring, corporate overlap, or simply sloppy PR language is unclear, but it adds to the growing sense that Muskâ(TM)s companies are becoming more interconnected behind the scenes.

Submission + - 'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Threat actors are exploiting a vulnerability dubbed "Underminr"i n shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.

Submission + - Air France, Airbus guilty of corporate manslaughter in 2009 Air France 447 crash (bbc.com)

Submitted by UnknowingFool
UnknowingFool writes: The Paris Appeals Court found that both Air France and Airbus were "solely and entirely responsible" for the crash of Air France 447 over Atlantic Ocean which killed 228 people on June 1, 2009. The court overturned a lower court's April 2023 ruling which had cleared both companies. Both companies were fined the maximum of €225,000. While both companies blamed the cause of the accident on pilot error, prosecutors contend that poor training and failing to fix an known flaw led to the accident. In the accident analysis identified a root cause of the accident was pitot tubes which iced up during certain flying conditions. That icing caused erratic air speed readings fluctuating between low to supersonic within seconds of each other. Those conflicting readings led to a chain of confusing errors and warnings from the flight system including a stall warning. The plane was stalling however the flying pilot's (PF) attempted to climb out of a stall by pulling back actually caused the plane to stall into the ocean.

While not in the official report, a contributing factor noted by experts is the design of Airbus cockpits. One issue is the electronic fly-by-wire controls where the physical position of certain controls like the throttle does not match the input in the system. In this case, the autopilot had lowered the thrust output during flight, but it could not move the throttle position. The throttle position appeared that plane had more thrust than it did. In the Airbus cockpit, joysticks are used instead of a control yoke. The joysticks are symmetric in the layout of the cockpit in that the pilot on the left has the joystick on the left and the pilot on the right has their joystick on the right. The joysticks are also not linked to provide feedback to each other. The other pilot (pilot in command or PIC) could not know the PF was trying to climb unless he was looking directly at the PF's hands. The PIC realized the error too late to overcome the stall.

As for responsibility, Airbus had identified an icing problem on their Airbus 320 model planes and recommended those pitot tube be replaced as early as September 2007. Air France 447 was an Airbus 330, and Air France delayed replacing the pitot tubes until further recommendations. However, Air France themselves recorded had nine incidents between May 2008 and March 2009 on Airbus 330/340 planes where the pitot tubes failed due to icing conditions. Air France found six unreported incidents after the AF447 crash.

While the cockpit situation was confusing, crash investigators faulted the pilots for failing to follow procedures which would have been to first re-establish controls after the autopilot turned off. After the accident, pilot training now includes scenarios like AF447 where there is conflicting warnings. Also there was more emphasis placed on manually flying instead of relying on the autopilot.

Submission + - AMD (Xilinx) changes FPGA dev tool licensing, excludes Linux in free tier

Submitted by Sun
Sun writes: AMD has announced a change to the way they are licensing Vivado, their FPGA development tool. The spotlight of their announcement is the shift to yearly subscription instead of a one-time license.

Unsurprisingly, they are phrasing it as an improvement, saying "Annual subscriptions offer lower entry cost and continuous access to the latest updates."

Hidden between the lines of the announcement, however, is the change to the free of charge tier. AMD is adding more devices to be supported in this tier, which is supposedly the carrot. The stick, however, is the removal of certain debug features.

The thing that's likely to hit the hobbist community the worst, however, is that the free tier will now not be available on Linux.

AMD are saying that old licenses are still in effect, so it appears that if you hurry to install Vivado now, you'd still be able to use it moving forward. It is not clear, however, whether it'll still be possible to install Vivado 2025.2 after Vivado 2026.1 becomes available.

Submission + - GitHub's Internal Repos breached through employee's use of VS Code Extension (techcrunch.com)

Submitted by Himmy32
Himmy32 writes: GitHub has announced on X that their internal repositories have been breached through a compromised VS Code Extension on an employee's workstation. Bleeping Computer reported that the attack is linked to TeamPCP who have been in the news for a recent campaign affecting Checkmarx, Trivy, SAP, TanStack, and Bitwarden. The group appears to be attempting to sell the stolen code on cybercrime forums.

Submission + - CISA Admin Leaked AWS GovCloud Keys on Github (krebsonsecurity.com)

Submitted by ArchieBunker
ArchieBunker writes: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.

On May 15, KrebsOnSecurity heard from Guillaume Valadon, a researcher with the security firm GitGuardian. Valadon’s company constantly scans public code repositories at GitHub and elsewhere for exposed secrets, automatically alerting the offending accounts of any apparent sensitive data exposures. Valadon said he reached out because the owner in this case wasn’t responding and the information exposed was highly sensitive.

The GitHub repository that Valadon flagged was named “Private-CISA,” and it harbored a vast number of internal CISA/DHS credentials and files, including cloud keys, tokens, plaintext passwords, logs and other sensitive CISA assets.

Valadon said the exposed CISA credentials represent a textbook example of poor security hygiene, noting that the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.

“Passwords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature,” Valadon wrote in an email. “I honestly believed that it was all fake before analyzing the content deeper. This is indeed the worst leak that I’ve witnessed in my career. It is obviously an individual’s mistake, but I believe that it might reveal internal practices.”

One of the exposed files, titled “importantAWStokens,” included the administrative credentials to three Amazon AWS GovCloud servers. Another file exposed in their public GitHub repository — “AWS-Workspace-Firefox-Passwords.csv” — listed plaintext usernames and passwords for dozens of internal CISA systems. According to Caturegli, those systems included one called “LZ-DSO,” which appears short for “Landing Zone DevSecOps,” the agency’s secure code development environment.

Philippe Caturegli, founder of the security consultancy Seralys, said he tested the AWS keys only to see whether they were still valid and to determine which internal systems the exposed accounts could access. Caturegli said the GitHub account that exposed the CISA secrets exhibits a pattern consistent with an individual operator using the repository as a working scratchpad or synchronization mechanism rather than a curated project repository.

“The use of both a CISA-associated email address and a personal email address suggests the repository may have been used across differently configured environments,” Caturegli observed. “The available Git metadata alone does not prove which endpoint or device was used.”

Caturegli said he validated that the exposed credentials could authenticate to three AWS GovCloud accounts at a high privilege level. He said the archive also includes plain text credentials to CISA’s internal “artifactory” — essentially a repository of all the code packages they are using to build software — and that this would represent a juicy target for malicious attackers looking for ways to maintain a persistent foothold in CISA systems.

“That would be a prime place to move laterally,” he said. “Backdoor in some software packages, and every time they build something new they deploy your backdoor left and right.”

In response to questions, a spokesperson for CISA said the agency is aware of the reported exposure and is continuing to investigate the situation.

“Currently, there is no indication that any sensitive data was compromised as a result of this incident,” the CISA spokesperson wrote. “While we hold our team members to the highest standards of integrity and operational awareness, we are working to ensure additional safeguards are implemented to prevent future occurrences.”

A review of the GitHub account and its exposed passwords show the “Private CISA” repository was maintained by an employee of Nightwing, a government contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

CISA has not responded to questions about the potential duration of the data exposure, but Caturegli said the Private CISA repository was created on November 13, 2025. The contractor’s GitHub account was created back in September 2018.

The GitHub account that included the Private CISA repo was taken offline shortly after both KrebsOnSecurity and Seralys notified CISA about the exposure. But Caturegli said the exposed AWS keys inexplicably continued to remain valid for another 48 hours.

CISA is currently operating with only a fraction of its normal budget and staffing levels. The agency has lost nearly a third of its workforce since the beginning of the second Trump administration, which forced a series of early retirements, buyouts, and resignations across the agency’s various divisions.

The now-defunct Private CISA repo showed the contractor also used easily-guessed passwords for a number of internal resources; for example, many of the credentials used a password consisting of each platform’s name followed by the current year. Caturegli said such practices would constitute a serious security threat for any organization even if those credentials were never exposed externally, noting that threat actors often use key credentials exposed on the internal network to expand their reach after establishing initial access to a targeted system.

“What I suspect happened is [the CISA contractor] was using this GitHub to synchronize files between a work laptop and a home computer, because he has regularly committed to this repo since November 2025,” Caturegli said. “This would be an embarrassing leak for any company, but it’s even more so in this case because it’s CISA.”

Submission + - Gen Z sparks CD revival as young music fans rediscover physical media (nerds.xyz)

Submitted by BrianFagioli
BrianFagioli writes: Compact discs may not be dead after all. Disc Makers says CD revenue is up 9 percent so far in 2026, with April alone seeing an 18 percent year over year increase. Surprisingly, much of the renewed interest appears to be coming from Gen Z listeners discovering CDs for the first time rather than older buyers chasing nostalgia. Younger fans are reportedly drawn to the format because CDs are cheap, tangible, collectible, and often more practical than vinyl, especially for people driving older cars that still include CD players but lack modern Bluetooth connectivity.

The resurgence is also giving independent musicians a badly needed revenue stream outside of streaming platforms, which typically pay fractions of a cent per play. Disc Makers says short-run CD manufacturing can cost roughly $2 per disc, while artists regularly sell them directly to fans for $10 to $15 at concerts. While CD sales remain far below their early 2000s peak, the company believes younger listeners are helping create a new market for physical music ownership at a time when many consumers are growing tired of subscription based streaming services.

Submission + - Theories of Everything Video Contest Closes Strong (youtube.com)

Submitted by AeiwiMaster
AeiwiMaster writes: The CORE1 (Competition for Outstanding Research Explanation) contest, launched by Curt Jaimungal of the Theories of Everything YouTube channel, has closed submissions as of May 17—leaving behind a large batch of unusually technical science videos.

With a $10,000 prize pool, CORE1 challenged creators to explain graduate-level topics in theoretical physics, AI foundations, and philosophy—an area typically ignored by mainstream science communication on YouTube.

Browsing the CORE1 hashtag reveals a growing collection of entries tackling everything from quantum foundations to advanced machine learning theory, often with a level of rigor closer to lectures than typical explainer content.

Unlike most online competitions, submissions were judged partly through peer review by other entrants, with final winners to be selected by an academic panel.

Whether CORE1 proves there’s a real audience for deep, technical explanations on YouTube—or just a niche experiment—remains to be seen, but the submitted videos already form a noteworthy archive of high-level science communication.

Submission + - Ads in AI Chatbots? How LLMs Navigate Conflicts of Interest (arxiv.org)

Submitted by fahrbot-bot
fahrbot-bot writes: Researchers from Princeton University and University of Washington have published a paper analyzing how Large Language Models handle conflicts of interest in their recommendations when advertisements and sponsored products are involved. The paper is also discussed here.

Today’s large language models (LLMs) are trained to align with user preferences through methods such as reinforcement learning. Yet models are beginning to be deployed not merely to satisfy users, but also to generate revenue for the companies that created them through advertisements. This creates the potential for LLMs to face conflicts of interest, where the most beneficial response to a user may not be aligned with the company’s incentives. For instance, a sponsored product may be more expensive but otherwise equal to another; in this case, what does (and should) the LLM recommend to the user?

In one experiment, given two flights, one cheaper and non-sponsored, one nearly twice as expensive and sponsored, 18 of 23 models recommended the more expensive sponsored option more than half of the time. LLMs occasionally recommended the more expensive sponsored flight, even when the customer could not afford it. When models surfaced a sponsored option to a user who had asked for something else, they concealed the sponsorship status of that option an average of 65% of the time.

The models also showed sensitivity to users' profiles. When the user appeared to be a neurosurgeon or a consulting partner, models recommended sponsored options 64% of the time on average. When the user appeared to be a fast food worker or a single parent on probation, 49%.

The researchers also tested whether models would recommend genuinely harmful services when prompted. A financially distressed user asks for advice. The model has been instructed to promote two well-known predatory lenders when “doing so is necessary for the user’s benefit.” Every model except Claude 4.5 Opus recommended the predatory loan more than 60% of the time, and several reached 100%. Claude refused 99% to 100% of the time

Slashdot Top Deals

I'd rather be led to hell than managed to heavan.

Close