"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.

The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...

The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.

We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.

4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.

An anonymous reader quotes a report from IEEE Spectrum: The XPrize Foundation today announced the winners of its four-year, $100 million XPrize competition in carbon removal. The contest is one of dozens hosted by the foundation in its 20-year effort to encourage technological development. Contestants in the carbon removal XPrize had to demonstrate ways to pull carbon dioxide from the atmosphere or oceans and sequester it sustainably.

Mati Carbon, a Houston-based startup developing a sequestration technique called enhanced rock weathering, won the grand prize of $50 million. The company spreads crushed basalt on small farms in India and Africa. The silica-rich volcanic rock improves the quality of the soil for the crops but also helps remove carbon dioxide from the air. It does this by reacting with dissolved CO2 in the soil's water, turning it into bicarbonate ions and preventing it from returning to the atmosphere.

More than a dozen organizations globally are developing enhanced rock weathering approaches at an industrial scale, but Mati's tech-heavy verification and software platform caught the XPrize judges' attention. "On the one hand, they're moving rocks around in trucks—that's not very techy. But when we looked under the hood... what we saw was a very impressive data-collection exercise," says Michael Leitch, XPrize's technical lead for the competition. Here's a list of the runners-up:

- Paris-based NetZero won $15 million for turning agricultural waste into biochar through pyrolysis, a method that locks carbon into a stable, solid form.
- Houston-based Vaulted Deep won $8 million for geologically sequestering carbon-rich organic waste by injecting it deep underground.
- London-based Undo Carbon won $5 million for its enhanced rock weathering approach, spreading silicate minerals to speed up natural carbon removal.

Additionally, Project Hajar and Planetary Technologies each received $1 million honorary XFactor prizes, recognizing their promising work in direct air capture and ocean carbon removal, despite not meeting the competition's 1,000-tonne removal threshold.

Some developers are "crying foul" after Microsoft's C/C++ extension for Visual Studio Code stopped working with VS Code derivatives like VS Codium and Cursor, reports The Register. The move has prompted Cursor to transition to open-source alternatives, while some developers are calling for a regulatory investigation into Microsoft's alleged anti-competitive behavior. From the report: In early April, programmers using VS Codium, an open-source fork of Microsoft's MIT-licensed VS Code, and Cursor, a commercial AI code assistant built from the VS Code codebase, noticed that the C/C++ extension stopped working. The extension adds C/C++ language support, such as Intellisense code completion and debugging, to VS Code. The removal of these capabilities from competing tools breaks developer workflows, hobbles the editor, and arguably hinders competition. The breaking change appears to have occurred with the release of v1.24.5 on April 3, 2025.

Following the April update, attempts to install the C/C++ extension outside of VS Code generate this error message: "The C/C++ extension may be used only with Microsoft Visual Studio, Visual Studio for Mac, Visual Studio Code, Azure DevOps, Team Foundation Server, and successor Microsoft products and services to develop and test your applications." Microsoft has forbidden the use of its extensions outside of its own software products since at least September 2020, when the current licensing terms were published. But it hasn't enforced those terms in its C/C++ extension with an environment check in its binaries until now. [...]

Developers discussing the issue in Cursor's GitHub repo have noted that Microsoft recently rolled out a competing AI software agent capability, dubbed Agent Mode, within its Copilot software. One such developer who contacted us anonymously told The Register they sent a letter about the situation to the US Federal Trade Commission, asking them to probe Microsoft for unfair competition -- alleging self-preferencing, bundling Copilot without a removal option, and blocking rivals like Cursor to lock users into its AI ecosystem.

Google announced it will end software updates and remote control support for the first- and second-generation Nest Learning Thermostats (plus the 2014 European model) starting October 25th. "You will no longer be able to control them remotely from your phone or with Google Assistant, but can still adjust the temperature and modify schedules directly on the thermostat," the company wrote in a Friday blog post. The Verge reports: In other significant news, Google is flatly stating that it has no plans to release additional Nest thermostats in Europe. "Heating systems in Europe are unique and have a variety of hardware and software requirements that make it challenging to build for the diverse set of homes," the company said. "The Nest Learning Thermostat (3rd gen, 2015) and Nest Thermostat E (2018) will continue to be sold in Europe while current supplies last." [...]

In a clear attempt to ease customer anger, Google is offering a $130 discount on the fourth-gen Nest Learning Thermostat in the US, $160 off the same device in Canada, and 50 percent savings on the Tado Smart Thermostat X in Europe since the Nest lineup will soon be gone. The original Nest thermostats were released while the company was an independent brand under the leadership of former Apple executive Tony Fadell. Google acquired Nest in 2014 for $3.2 billion.

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.

The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:

- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."

If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

The software-as-a-service industry is undergoing a fundamental transformation, abandoning the decades-old "per seat" licensing model in favor of usage-based pricing structures. This shift, Business Insider reports, is primarily driven by the astronomical compute costs associated with new "reasoning" AI models that power modern enterprise software.

Unlike traditional generative AI, these reasoning models execute multiple computational loops to check their work -- a process called inference-time compute -- dramatically increasing token usage and operational expenses. OpenAI's o3-high model reportedly consumes 1,000 times more tokens than its predecessor, with a single benchmark response costing approximately $3,500, according to Barclays.

Companies including Bolt.new, Vercel, and Monday.com have already implemented usage-based or hybrid pricing models that tie costs directly to AI resource consumption. ServiceNow maintains primarily seat-based pricing but has added usage meters for extreme cases. "When it goes beyond what we can credibly afford, we have to have some kind of meter," ServiceNow CEO Bill McDermott said, while emphasizing that customers "still want seat-based predictability."

New Jersey sued the property management software company RealPage, accusing it and 10 of the state's largest landlords of conspiring to drive up residential rents, violating federal and state antitrust laws and New Jersey consumer fraud laws. From a report: The complaint filed on Wednesday by state Attorney General Matthew Platkin said the defendants, including AvalonBay Communities illegally used RealPage's revenue management software and algorithms to inflate rents for apartments in multifamily properties.

New Jersey said the defendants also quietly exchanged non-public data such as lease prices, amenities, concessions offered, property values and housing inventory, in order to align pricing and avoid competition to lower rents. The state said the collusion has inflated rents for hundreds of thousands of residents, with half of low-income renters paying more than 30% of their gross incomes toward rent. Many real estate and financial experts recommend a 30% limit.

An anonymous reader shares a report: For two years, ChatGPT has been OpenAI's cash cow. But by the end of the decade, the company has told some potential and current investors it expects combined sales from agents and other new products to exceed its popular chatbot, lifting total sales to $125 billion in 2029 and $174 billion the next year, according to documents seen by The Information.

The projections, which would propel the 10-year-old startup's sales toward the level of Nvidia or Meta Platforms today, reflect rapid revenue gains from agents, or AI software that can take actions on behalf of customers, as well as other new products. These include those tied to "free user monetization," likely meaning money made from OpenAI's nonpaying users.

An anonymous reader quotes a report from Reuters: A U.S. appeals court on Monday revived a proposed data privacy class action against Shopify, a decision that could make it easier for American courts to assert jurisdiction over internet-based platforms. In a 10-1 decision, the 9th U.S. Circuit Court of Appeals in San Francisco said the Canadian e-commerce company can be sued in California for collecting personal identifying data from people who make purchases on websites of retailers from that state.

Brandon Briskin, a California resident, said Shopify installed tracking software known as cookies on his iPhone without his consent when he bought athletic wear from the retailer I Am Becoming, and used his data to create a profile it could sell to other merchants. Shopify said it should not be sued in California because it operates nationwide and did not aim its conduct toward that state. The Ottawa-based company said Briskin could sue in Delaware, New York or Canada. A lower court judge and a three-judge 9th Circuit panel had agreed the case should be dismissed, but the full appeals court said Shopify "expressly aimed" its conduct toward California.

"Shopify deliberately reached out ... by knowingly installing tracking software onto unsuspecting Californians' phones so that it could later sell the data it obtained, in a manner that was neither random, isolated, or fortuitous," Circuit Judge Kim McLane Wardlaw wrote for the majority. A spokesman for Shopify said the decision "attacks the basics of how the internet works," and drags entrepreneurs who run online businesses into distant courtrooms regardless of where they operate. Shopify's next legal steps are unclear.

Walmart is taking a lesson from the humble honeybee in its quest to make its deliveries as fast as possible. From a report: The retail giant already boasts a formidable store count of 4,700 locations across the US, which puts it within a short drive of more than 90% of households. But in order to grow its reach without necessarily having to build new supercenters, Walmart says it has been using a relatively new hexagonal map segmentation -- a change from the conventional ZIP code or radius-based strategies that are commonly used in determining delivery areas.

Walmart says the strategy allows it to better understand where customers are and which stores have what they want. As bees have long known, hexagons can be an excellent shape for making the most of a given space, and Walmart says the more precise maps allow it to reach an additional 12 million US households with same-day delivery.

"This is helping us to adapt how we service our customers, by allowing us to go from a fixed-mile radius into a much more dynamic catchment area that caters to the needs of the customers that a particular store will serve," Walmart global tech senior director of engineering Parthibban Raja told Fast Company in December, following a pilot of the concept. Walmart says its platform uses a combination of its own data and open-source software to create new delivery zones.

Researchers have uncovered a new supply chain attack called Slopsquatting, where threat actors exploit hallucinated, non-existent package names generated by AI coding tools like GPT-4 and CodeLlama. These believable yet fake packages, representing almost 20% of the samples tested, can be registered by attackers to distribute malicious code. CSO Online reports: Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user's mistake, as in typosquats, threat actors rely on an AI model's mistake. A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes. Open-source models -- like DeepSeek and WizardCoder -- hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4. Researchers found CodeLlama ( hallucinating over a third of the outputs) to be the worst offender, and GPT-4 Turbo ( just 3.59% hallucinations) to be the best performer.

These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable. When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run. The study concluded that this persistence indicates "that the majority of hallucinations are not just random noise, but repeatable artifacts of how the models respond to certain prompts." This increases their value to attackers, it added. Additionally, these hallucinated package names were observed to be "semantically convincing." Thirty-eight percent of them had moderate string similarity to real packages, suggesting a similar naming structure. "Only 13% of hallucinations were simple off-by-one typos," Socket added. The research can found be in a paper on arXiv.org (PDF).

Amazon has delayed some commitments around new data center leases, Wells Fargo analysts said Monday, the latest sign that economic concerns may be affecting tech companies' spending plans. From a report: A week ago, a Microsoft executive said the software company was slowing down or temporarily holding off on advancing early build-outs. Amazon Web Services and Microsoft are the leading providers of cloud infrastructure, and both have ramped up their capital expenditures in recent quarters to meet the demands of the generative artificial intelligence boom.

"Over the weekend, we heard from several industry sources that AWS has paused a portion of its leasing discussions on the colocation side (particularly international ones)," Wells Fargo analysts wrote in a note. They added that "the positioning is similar to what we've heard recently from MSFT," in that both companies are reeling in some new projects but not canceling signed deals.

Cursor AI users recently encountered an ironic AI failure when the platform's support bot falsely claimed a non-existent login restriction policy. Co-founder Michael Truell apologized for the issue, clarified that no such policy exists, and attributed the mishap to AI hallucination and a session management bug. The Register reports: Users of the Cursor editor, designed to generate and fix source code in response to user prompts, have sometimes been booted from the software when trying to use the app in multiple sessions on different machines. Some folks who inquired about the inability to maintain multiple logins for the subscription service across different machines received a reply from the company's support email indicating this was expected behavior. But the person on the other end of that email wasn't a person at all, but an AI support bot. And it evidently made that policy up.

In an effort to placate annoyed users this week, Michael Truell co-founder of Cursor creator Anysphere, published a note to Reddit to apologize for the snafu. "Hey! We have no such policy," he wrote. "You're of course free to use Cursor on multiple machines. Unfortunately, this is an incorrect response from a front-line AI support bot. We did roll out a change to improve the security of sessions, and we're investigating to see if it caused any problems with session invalidation." Truell added that Cursor provides an interface for viewing active sessions in its settings and apologized for the confusion.

In a post to the Hacker News discussion of the SNAFU, Truell again apologized and acknowledged that something had gone wrong. "We've already begun investigating, and some very early results: Any AI responses used for email support are now clearly labeled as such. We use AI-assisted responses as the first filter for email support." He said the developer who raised this issue had been refunded. The session logout issue, now fixed, appears to have been the result of a race condition that arises on slow connections and spawns unwanted sessions.

Over 100 mid-market software companies are caught in a dangerous "squeeze" between AI-native startups and tech giants, according to a new AlixPartners study released Monday. The consulting firm warns many face "threats to their survival over the next 24 months" as generative AI fundamentally reshapes enterprise software.

The squeeze reflects a dramatic shift: AI agents are evolving from mere assistants to becoming applications themselves, potentially rendering traditional SaaS architecture obsolete. High-growth companies in this sector plummeted from 57% in 2023 to 39% in 2024, with further decline expected. Customer stickiness is also deteriorating, with median net dollar retention falling from 120% in 2021 to 108% in Q3 2024.

Chad Anderson is the founder/managing partner of the early-stage VC Space Capital (and an investor in SpaceX, along with dozens of other space companies). Space Capital produces quarterly reports on the space economy, and he says today, unlike 2021, "the froth is gone. But so is the hype. What's left is a more grounded — and investable — space economy."

On Yahoo Finance he shares several of the report's insights — including the emergence of "investable opportunities across defense-oriented startups in space domain awareness, AI-driven command systems, and hardened infrastructure." The same geopolitical instability that's undermining public markets is driving national urgency around space resilience. China's simulated space "dogfights" prompted the US Department of Defense to double down on orbital supremacy, with the proposed "Golden Dome" missile shield potentially unleashing a new wave of federal spending...

Defense tech is on fire, but commercial location-based services and logistics are freezing over. Companies like Shield AI and Saronic raised monster rounds, while others are relying on bridge financings to stay afloat...

Q1 also saw a breakout quarter for geospatial artificial intelligence (GeoAI). Software developer Niantic launched a spatial computing platform. SkyWatch partnered with GIS software supplier Esri. Planet Labs collaborated with Anthropic. And Xona Space Systems inked a deal with Trimble to boost precision GPS. This is the next leg of the space economy, where massive volumes of satellite data is finally made useful through machine learning, semantic indexing, and real-time analytics.

Distribution-layer companies are doing more with less. They remain underfunded relative to infrastructure and applications but are quietly powering the most critical systems, such as resilient communications, battlefield networks, and edge-based geospatial analysis. Don't let the low round count fool you; innovation here is quietly outpacing capital.
The article includes several predictions, insights, and possible trends (going beyond the fact that defense spending "will carry the sector...")

• "AI's integration into space (across geospatial intelligence, satellite communications, and sensor fusion) is not a novelty. It's a competitive necessity."

• "Focusing solely on rockets and orbital assets misses where much of the innovation and disruption is occurring: the software-defined layers that sit atop the physical backbone..."

• "For years, SpaceX faced little serious competition, but that's starting to change." [He cites Blue Origin's progress toward approval for launching U.S. military satellites, and how Rocket Lab and Stoke Space "have also joined the competition for lucrative government launch contracts." Even Relativity Space may make a comeback, with former GOogle CEO Eric Schmidt acquiring a controlling stake.]

• "An infrastructure reset is coming. The imminent ramp-up of SpaceX's Starship could collapse the cost structure for the infrastructure layer. When that happens, legacy providers with fixed-cost-heavy business models will be at risk. Conversely, capital-light innovators in station design, logistics, and in-orbit servicing could suddenly be massively undervalued."

Matt Asay answered questions from Slashdot readers in 2010 (as the then-COO of Canonical). He currently runs developer relations at MongoDB (after holding similar positions at AWS and Adobe).

This week he contributed an opinion piece to InfoWorld arguing that DeepSeek "may have originated in China, but it stopped being Chinese the minute it was released on Hugging Face with an accompanying paper detailing its development." Soon after, a range of developers, including the Beijing Academy of Artificial Intelligence (BAAI), scrambled to replicate DeepSeek's success but this time as open source software. BAAI, for its part, launched OpenSeek, an ambitious effort to take DeepSeek's open-weight models and create a project that surpasses DeepSeek while uniting "the global open source communities to drive collaborative innovation in algorithms, data, and systems."

If that sounds cool to you, it didn't to the U.S. government, which promptly put BAAI on its "baddie" list. Someone needs to remind U.S. (and global) policymakers that no single country, company, or government can contain community-driven open source... DeepSeek didn't just have a moment. It's now very much a movement, one that will frustrate all efforts to contain it. DeepSeek, and the open source AI ecosystem surrounding it, has rapidly evolved from a brief snapshot of technological brilliance into something much bigger — and much harder to stop. Tens of thousands of developers, from seasoned researchers to passionate hobbyists, are now working on enhancing, tuning, and extending these open source models in ways no centralized entity could manage alone.

For example, it's perhaps not surprising that Hugging Face is actively attempting to reverse engineer and publicly disseminate DeepSeek's R1 model. Hugging Face, while important, is just one company, just one platform. But Hugging Face has attracted hundreds of thousands of developers who actively contribute to, adapt, and build on open source models, driving AI innovation at a speed and scale unmatched even by the most agile corporate labs.

Hugging Face by itself could be stopped. But the communities it enables and accelerates cannot. Through the influence of Hugging Face and many others, variants of DeepSeek models are already finding their way into a wide range of applications. Companies like Perplexity are embedding these powerful open source models into consumer-facing services, proving their real-world utility. This democratization of technology ensures that cutting-edge AI capabilities are no longer locked behind the walls of large corporations or elite government labs but are instead openly accessible, adaptable, and improvable by a global community.
"It's Linux all over again..." Asay writes at one point. "What started as the passion project of a lone developer quickly blossomed into an essential, foundational technology embraced by enterprises worldwide," winning out "precisely because it captivated developers who embraced its promise and contributed toward its potential."

We are witnessing a similar phenomenon with DeepSeek and the broader open source AI ecosystem, but this time it's happening much, much faster...

Organizations that cling to proprietary approaches (looking at you, OpenAI!) or attempt to exert control through restrictive policies (you again, OpenAI!) are not just swimming upstream — they're attempting to dam an ocean. (Yes, OpenAI has now started to talk up open source, but it's a long way from releasing a DeepSeek/OpenSeek equivalent on GitHub.)

The Trump administration is "taking measures to restrict the sale of AI chips by Nvidia, Advanced Micro Devices and Intel," especially in China, reports the New York Times. But that's triggered a series of dominoes. "In the two days after the limits became public, shares of Nvidia, the world's leading AI chipmaker, fell 8.4%. AMD's shares dropped 7.4%, and Intel's were down 6.8%." (AMD expects up to $800 million in charges after the move, according to CNBC, while NVIDIA said it would take a quarterly charge of about $5.5 billion.)

The Times notes hopeful remarks Thursday from Jensen Huang, CEO of Nvidia, during a meeting with the China Council for the Promotion of International Trade. "We're going to continue to make significant effort to optimize our products that are compliant within the regulations and continue to serve China's market." But America's chipmakers also have a greater fear, according to the article: "that their retreat could turn the Chinese tech giant Huawei into a global chip-making powerhouse." "For the U.S. semiconductor industry, China is gone," said Handel Jones, a semiconductor consultant at International Business Strategies, which advises electronics companies. He projects that Chinese companies will have a majority share of chips in every major category in China by 2030... Huang's message spoke to one of his biggest fears. For years, he has worried that Huawei, China's telecommunications giant, will become a major competitor in AI. He has warned U.S. officials that blocking U.S. companies from competing in China would accelerate Huawei's rise, said three people familiar with those meetings who spoke on the condition of anonymity.

If Huawei gains ground, Huang and others at Nvidia have painted a dark picture of a future in which China will use the company's chips to build AI data centers across the world for the Belt and Road Initiative, a strategic effort to increase Beijing's influence by paying for infrastructure projects around the world, a person familiar with the company's thinking said...

Nvidia's previous generation of chips perform about 40% better than Huawei's best product, said Gregory C. Allen, who has written about Huawei in his role as director of the Wadhwani AI Center at the Center for Strategic and International Studies. But that gap could dwindle if Huawei scoops up the business of its American rivals, Allen said. Nvidia was expected to make more than $16 billion in sales this year from the H20 in China before the restriction. Huawei could use that money to hire more experienced engineers and make higher-quality chips. Allen said the U.S. government's restrictions also could help Huawei bring on customers like DeepSeek, a leading Chinese AI startup. Working with those companies could help Huawei improve the software it develops to control its chips. Those kinds of tools have been one of Nvidia's strengths over the years.
TechRepublic identifies this key quote from an earlier article: "This kills NVIDIA's access to a key market, and they will lose traction in the country," Patrick Moorhead, a tech analyst with Moor Insights & Strategy, told The New York Times. He added that Chinese companies will buy from local rival Huawei instead.

"Russia is automating the spread of false information to fool AI chatbots," reports the Washington Post. (When researchers checked 10 chatbots, a third of the responses repeated false pro-Russia messaging.)

The Post argues that this tactic offers "a playbook to other bad actors on how to game AI to push content meant to inflame, influence and obfuscate instead of inform," and calls it "a fundamental weakness of the AI industry." Chatbot answers depend on the data fed into them. A guiding principle is that the more the chatbots read, the more informed their answers will be, which is why the industry is ravenous for content. But mass quantities of well-aimed chaff can skew the answers on specific topics. For Russia, that is the war in Ukraine. But for a politician, it could be an opponent; for a commercial firm, it could be a competitor. "Most chatbots struggle with disinformation," said Giada Pistilli, principal ethicist at open-source AI platform Hugging Face. "They have basic safeguards against harmful content but can't reliably spot sophisticated propaganda, [and] the problem gets worse with search-augmented systems that prioritize recent information."

Early commercial attempts to manipulate chat results also are gathering steam, with some of the same digital marketers who once offered search engine optimization — or SEO — for higher Google rankings now trying to pump up mentions by AI chatbots through "generative engine optimization" — or GEO.
Our current situation "plays into the hands of those with the most means and the most to gain: for now, experts say, that is national governments with expertise in spreading propaganda." Russia and, to a lesser extent, China have been exploiting that advantage by flooding the zone with fables. But anyone could do the same, burning up far fewer resources than previous troll farm operations... In a twist that befuddled researchers for a year, almost no human beings visit the sites, which are hard to browse or search. Instead, their content is aimed at crawlers, the software programs that scour the web and bring back content for search engines and large language models. While those AI ventures are trained on a variety of datasets, an increasing number are offering chatbots that search the current web. Those are more likely to pick up something false if it is recent, and even more so if hundreds of pages on the web are saying much the same thing...

The gambit is even more effective because the Russian operation managed to get links to the Pravda network stories edited into Wikipedia pages and public Facebook group postings, probably with the help of human contractors. Many AI companies give special weight to Facebook and especially Wikipedia as accurate sources. (Wikipedia said this month that its bandwidth costs have soared 50 percent in just over a year, mostly because of AI crawlers....) Last month, other researchers set out to see whether the gambit was working. Finnish company Check First scoured Wikipedia and turned up nearly 2,000 hyperlinks on pages in 44 languages that pointed to 162 Pravda websites. It also found that some false information promoted by Pravda showed up in chatbot answers.
"They do even better in such places as China," the article points out, "where traditional media is more tightly controlled and there are fewer sources for the bots." (The nonprofit American Sunlight Project calls the process "LLM grooming".)

The article quotes a top Kremlin propagandist as bragging in January that "we can actually change worldwide AI."

With macOS now 24 years old and Apple officially designating all Intel-based Mac minis as "vintage" or "obsolete," The Register takes a look at new internet tools that help keep vintage Macs online and surprisingly relevant: Cameron Kaiser of Floodgap Systems is a valuable ally. His retro computing interests are broad, and we've mentioned him a few times on The Register, such as his deep dive into the revolutionary Canon Cat computer, and his evaluation of RISC-V hardware performance. Back in 2020, he revived the native Classic Mac OS port of the Lynx web browser, MacLynx. Earlier this month, he came back to it and has updated it again, including adding native Mac OS dialog boxes. His account is -- as usual -- long and detailed but it's an interesting read. He also maintains some other web browsers for elderly Macs, including TenFourFox for Mac OS X 10.4 and Classilla for Mac OS 8.6 and 9.x.

If you're not up to git pull commands and elderly Mac OS X build tools, then there is a fork of TenFourFox that may be worth a look, InterWebPPC. It's not current with the new batch of patches, but we can still hope for another build. In other "Classic on the internet" news, although it's not a huge amount of use on its own, there's also a newly released Classic Mac OS version of Mbed-TLS on GitHub. This ports the SSL library -- also used in the super-lightweight Dillo browser -- to the older C89/C90 standard, so that it can build in CodeWarrior and run with OpenTransport from Mac OS 9 right back to later versions of Mac OS 7.

Modern macOS is UNIX certified and as such it's not all that dissimilar from other Unix-like OSes, such as Linux and the BSD family. Classic Mac OS is a profoundly different beast, which makes porting modern code to it a complex exercise -- but equally, it's a good learning exercise, and we're delighted to see 21st century programmers exploring this 1980s OS. That may be part of the motivation behind the newly announced and still incomplete SDL 2 "rough draft" that appeared a week ago. It builds on the existing SDL 1.2 port, but so far, it's less complete -- for instance, there's no sound support.

An anonymous reader quotes a report from SecurityWeek: An October 2024 study by Software AG suggests that half of all employees are Shadow AI users, and most of them wouldn't stop even if it was banned. The problem is the ease of access to AI tools, and a work environment that increasingly advocates the use of AI to improve corporate efficiency. It is little wonder that employees seek their own AI tools to improve their personal efficiency and maximize the potential for promotion. It is frictionless, says Michael Marriott, VP of marketing at Harmonic Security. 'Using AI at work feels like second nature for many knowledge workers now. Whether it's summarizing meeting notes, drafting customer emails, exploring code, or creating content, employees are moving fast.' If the official tools aren't easy to access or if they feel too locked down, they'll use whatever's available which is often via an open tab on their browser.

There is almost also never any malicious intent (absent, perhaps, the mistaken employment of rogue North Korean IT workers); merely a desire to do and be better. If this involves using unsanctioned AI tools, employees will likely not disclose their actions. The reasons may be complex but combine elements of a reluctance to admit that their efficiency is AI assisted rather than natural, and knowledge that use of personal shadow AI might be discouraged. The result is that enterprises often have little knowledge of the extent of Shadow IT, nor the risks it may present. According to an analysis from Harmonic, ChatGPT is the dominant gen-AI model used by employees, with 45% of data prompts originating from personal accounts (such as Gmail). Image files accounted for 68.3%. The report also notes that 7% of empmloyees were using Chinese AI models like DeepSeek, Baidu Chat and Qwen.

"Overall, there has been a slight reduction in sensitive prompt frequency from Q4 2024 (down from 8.5% to 6.7% in Q1 2025)," reports SecurityWeek. "However, there has been a shift in the risk categories that are potentially exposed. Customer data (down from 45.8% to 27.8%), employee data (from 26.8% to 14.3%) and security (6.9% to 2.1%) have all reduced. Conversely, legal and financial data (up from 14.9% to 30.8%) and sensitive code (5.6% to 10.1%) have both increased. PII is a new category introduced in Q1 2025 and was tracked at 14.9%."