On Dec. 2, QuickTime turned 34, and despite its origins in Apple's chaotic 1990s (1991 to be exact), "it's still the backbone of video on our devices," writes Macworld's Jason Snell. That includes MP4 and Apple's immersive video formats for Vision Pro. From the report: By the late '80s and early '90s, digital audio had been thoroughly integrated into Macs. (PCs needed add-on cards to do much more than issue beeps.) The next frontier was video, and even better, synchronized video and audio. There were a whole lot of challenges: the Macs of the day were not really powerful to decode and display more than a few frames per second, which was more of a slideshow than a proper video. Also, the software written to decode and encode such video (called codecs) was complex and expensive, and there were lots of different formats, making file exchange unreliable.

Apple's solution wasn't to invent entirely new software to cover every contingency, but to build a framework for multimedia creation and playback that could use different codecs as needed. At its heart was a file that was a container for other streams of audio and video in various formats: the QuickTime Movie, or MOV.

[...] QuickTime's legacy lives on. At a recent event I attended at Apple Park, Apple's experts in immersive video for the Vision Pro pointed out that the standard format for immersive videos is, at its heart, a QuickTime container. And perhaps the most ubiquitous video container format on the internet, the MP4 file? That standard file format is actually a container format that can encompass different kinds of audio, video, and other information, all in one place. If that sounds familiar, that's because MPEG-4 is based on the QuickTime format.

Thirty-four years later, QuickTime may seem like a quaint product of a long-lost era of Apple. But the truth is, it's become an integral part of the computing world, so pervasive that it's almost invisible. I'd like to forget most of what happened at Apple in the early 1990s, but QuickTime definitely deserves our appreciation.

An anonymous reader quotes a report from TechCrunch: Earlier this year, home goods maker Kohler launched a smart camera called the Dekoda that attaches to your toilet bowl, takes pictures of it, and analyzes the images to advise you on your gut health. Anticipating privacy fears, Kohler said on its website that the Dekoda's sensors only see down into the toilet, and claimed that all data is secured with "end-to-end encryption." The company's use of the expression "end-to-end encryption" is, however, wrong, as security researcher Simon Fondrie-Teitler pointed out in a blog post on Tuesday. By reading Kohler's privacy policy, it's clear that the company is referring to the type of encryption that secures data as it travels over the internet, known as TLS encryption -- the same that powers HTTPS websites. [...] The security researcher also pointed out that given Kohler can access customers' data on its servers, it's possible Kohler is using customers' bowl pictures to train AI. Citing another response from the company representative, the researcher was told that Kohler's "algorithms are trained on de-identified data only." A "privacy contact" from Kohler said that user data is "encrypted at rest, when it's stored on the user's mobile phone, toilet attachment, and on our systems." The company also said that, "data in transit is also encrypted end-to-end, as it travels between the user's devices and our systems, where it is decrypted and processed to provide our service."

India has withdrawn its order requiring Apple and other smartphone makers to preinstall the government's Sanchar Saathi app after public backlash and privacy concerns. AppleInsider reports: On November 28, the India Ministry of Communication issued a secret directive to Apple and other smartphone manufacturers, requiring the preinstallation of a government-backed app. Less than a week later, the order has been rescinded. The withdrawal on Wednesday means Apple doesn't have to preload the Sanchar Saathi app onto iPhones sold in the country, in a way that couldn't be "disabled or restricted." [...]

In pulling back from the demand, the government insisted that the app had an "increasing acceptance" among citizens. There was a tenfold spike of new user registrations on Tuesday alone, with over 600,000 new users made aware of the app from the public debacle. India Minister of Communications Jyotiraditya Scindia took a moment to insist that concerns the app could be used for increased surveillance were unfounded. "Snooping is neither possible nor will it happen" with the app, Scindia claimed.

"This is a welcome development, but we are still awaiting the full text of the legal order that should accompany this announcement, including any revised directions under the Cyber Security Rules, 2024," said the Internet Freedom Foundation. It is treating the news with "cautious optimism, not closure," until formalities conclude. However, while promising, the backdown doesn't stop India from retrying something similar or another tactic in the future.

The Supreme Court appears inclined to side with Cox Communications in a major copyright case, suggesting that ISPs shouldn't be held liable for users' music piracy based solely on "mere knowledge," given the risk of forcing outages for universities, hospitals, and other large customers. The New York Times reports: Leading music labels and publishers who represent artists ranging from Bob Dylan to Beyonce sued Cox Communications in 2018, saying it had failed to terminate the internet connections of subscribers who had been repeatedly flagged for illegally downloading and distributing copyrighted music. At issue is whether providers like Cox can be held legally responsible and be required to pay steep damages -- a billion dollars or more -- if they know that customers are pirating the music but do not take sufficient steps to terminate their internet access.

Justices from across the ideological spectrum on Monday raised concerns about whether finding for the music industry could result in internet providers being forced to cut off access to large account holders such as hospitals and universities because of the illegal acts of individual users. "What is the university supposed to do in your view?" asked Justice Samuel A. Alito Jr., a conservative, suggesting it would be difficult to track down bad actors without the risk of losing service campuswide. "I just don't see how it's workable at all."

"The internet is so amorphous," added Justice Sonia Sotomayor, a liberal, saying that a single "customer" could represent tens of thousands of users, particularly in rural areas where an entire region might be considered a "customer." After nearly two hours of argument, a majority of justices seemed likely to side with Cox and to send the case back to the U.S. Court of Appeals for the Fourth Circuit for review under a stricter standard. Several justices suggested the company's "mere knowledge" of the illegal downloads was not sufficient to hold Cox liable.

An anonymous reader quotes a report from the Conversation, written by authors Adrian R. Bell, Anne Curry, and Jason Sadler: When you picture medieval warfare, you might think of epic battles and famous monarchs. But what about the everyday soldiers who actually filled the ranks? Until recently, their stories were scattered across handwritten manuscripts in Latin or French and difficult to decipher. Now, our online database makes it possible for anyone to discover who they were and how they lived, fought and travelled. To shed light on the foundations of our armed services -- one of England's oldest professions -- we launched the Medieval Soldier Database in 2009. Today, it's the largest searchable online database of medieval nominal data in the world. It contains military service records giving names of soldiers paid by the English Crown. It covers the period from 1369 to 1453 and many different war zones.

We created the database to challenge assumptions about the lack of professionalism of soldiers during the hundred years war and to show what their careers were really like. In response to the high interest from historians and the public (the database has 75,000 visitors per month), the resource has recently been updated. It is now sustainably hosted by GeoData, a University of Southampton research institute. We have recently added new records, taking the dataset back to the late 1350s, meaning it now contains almost 290,000 entries. [...] We hope the database will continue to grow and go on providing answers to questions about our shared military heritage. We are sure that it will unlock many previously untold stories of soldier ancestors.

Their announcement calls it "more than a multicloud solution," saying it's "a step toward a more open cloud environment. The API specifications developed for this product are open for other providers and partners to adopt, as we aim to simplify global connectivity for everyone."

Amazon and Google are introducing "a jointly developed multicloud networking service," reports Reuters. "The initiative will enable customers to establish private, high-speed links between the two companies' computing platforms in minutes instead of weeks." The new service is being unveiled a little over a month after an Amazon Web Services outage on October 20 disrupted thousands of websites worldwide, knocking offline some of the internet's most popular apps, including Snapchat and Reddit. That outage will cost U.S. companies between $500 million and $650 million in losses, according to analytics firm Parametrix.
Google and Amazon are promising "high resiliency" through "quad-redundancy across physically redundant interconnect facilities and routers," with both Amazon and Google continuously watching for issues. (And they're using MACsec encryption between the Google Cloud and AWS edge routers, according to Sunday's announcement: As organizations increasingly adopt multicloud architectures, the need for interoperability between cloud service providers has never been greater. Historically, however, connecting these environments has been a challenge, forcing customers to take a complex "do-it-yourself" approach to managing global multi-layered networks at scale.... Previously, to connect cloud service providers, customers had to manually set up complex networking components including physical connections and equipment; this approach required lengthy lead times and coordinating with multiple internal and external teams. This could take weeks or even months. AWS had a vision for developing this capability as a unified specification that could be adopted by any cloud service provider, and collaborated with Google Cloud to bring it to market.

Now, this new solution reimagines multicloud connectivity by moving away from physical infrastructure management toward a managed, cloud-native experience.
Reuters points out that Salesforce "is among the early users of the new approach, Google Cloud said in a statement."

It's "a complex mix of internet access and physical execution," says the chief informance security officer at Cequence Security.

Long-time Slashdot reader schwit1 summarizes this article from The Wall Street Journal: By breaking into carriers' online systems, cyber-powered criminals are making off with truckloads of electronics, beverages and other goods

In the most recent tactics identified by cybersecurity firm Proofpoint, hackers posed as freight middlemen, posting fake loads to the boards. They slipped links with malicious software into email exchanges with bidders such as trucking companies. By clicking on the links, trucking companies unwittingly downloaded remote-access software that lets the hackers take control of their online systems.

Once inside, the hackers used the truckers' accounts to bid on real shipments, such as electronics and energy drinks, said Selena Larson, a threat researcher at Proofpoint. "They know the business," she said. "It's a very convincing full-scale identity takeover."
"The goods are likely sold to retailers or to consumers in online marketplaces," the article explains. (Though according to Proofpoint "In some cases, products are shipped overseas and sold in local markets, where proceeds are used to fund paramilitaries and global terrorists.")

"The average value of cargo thefts is increasing as organized crime groups become more discerning, preferring high-value targets such as enterprise servers and cryptocurrency mining hardware, according to risk-assessment firm Verisk CargoNet."

"The internet is being increasingly polluted by AI generated text, images and video," argues the site for a new browser extension called Slop Evader. It promises to use Google's search API "to only return content published before Nov 30th, 2022" — the day ChatGPT launched — "so you can be sure that it was written or produced by the human hand."

404 Media calls it "a scorched earth approach that virtually guarantees your searches will be slop-free." Slop Evader was created by artist and researcher Tega Brain, who says she was motivated by the growing dismay over the tech industry's unrelenting, aggressive rollout of so-called "generative AI" — despite widespread criticism and the wider public's distaste for it. "This sowing of mistrust in our relationship with media is a huge thing, a huge effect of this synthetic media moment we're in," Brain told 404 Media, describing how tools like Sora 2 have short-circuited our ability to determine reality within a sea of artificial online junk. "I've been thinking about ways to refuse it, and the simplest, dumbest way to do that is to only search before 2022...."

Currently, Slop Evader can be used to search pre-GPT archives of seven different sites where slop has become commonplace, including YouTube, Reddit, Stack Exchange, and the parenting site MumsNet. The obvious downside to this, from a user perspective, is that you won't be able to find anything time-sensitive or current — including this very website, which did not exist in 2022. The experience is simultaneously refreshing and harrowing, allowing you to browse freely without having to constantly question reality, but always knowing that this freedom will be forever locked in time — nostalgia for a human-centric world wide web that no longer exists.

Of course, the tool's limitations are part of its provocation. Brain says she has plans to add support for more sites, and release a new version that uses DuckDuckGo's search indexing instead of Google's. But the real goal, she says, is prompting people to question how they can collectively refuse the dystopian, inhuman version of the internet that Silicon Valley's AI-pushers have forced on us... With enough cultural pushback, Brain suggests, we could start to see alternative search engines like DuckDuckGo adding options to filter out search results suspected of having synthetic content (DuckDuckGo added the ability to filter out AI images in search earlier this year)... But no matter what form AI slop-refusal takes, it will need to be a group effort.

In his mid-20s, Lu Heng "got an idea that has made him a lot richer," writes the Wall Street Journal.

He scooped up 10 million unused IP addresses, mostly form Africa, and then leases them to companies, mostly outside Africa, "that need them badly." [A]round half of internet traffic continues to use IPv4, because changing to IPv6 can be expensive and complex and many older devices still need IPv4. Companies including Amazon, Microsoft and Google still want IPv4 addresses because their cloud-hosting businesses need them as bridges between the IPv4 and IPv6 worlds... Africa, which has been slower to develop internet infrastructure than the rest of the world, is the only region that still has some of the older addresses to dole out... He searches for IPv4 addresses that aren't being used — by ISPs or anyone else that holds them — and uses his Hong Kong-based company, Larus, to lease them out to others.

In 2013, Lu registered a new company in the Seychelles, an African archipelago in the Indian Ocean, to apply for IP addresses from Africa's internet registry, called the African Network Information Centre, or Afrinic. Between 2013 and 2016, Afrinic granted that company, Cloud Innovation, 6.2 million IPv4 addresses. That's more addresses than are assigned to Nigeria, Africa's most populous nation. A single IPv4 address can be worth about $50 on its transfer to a company like Larus, which leases it onward for around 5% to 10% of that value annually. Larus and its affiliate companies, Lu said, control just over 10 million IPv4 addresses. The architects of the internet don't appear to have contemplated the possibility that anyone would seek to monetize IP addresses...

Lu's activities triggered a showdown with Africa's internet registry. In 2020, after what it said was an internal review, Afrinic sent letters to Lu and others seeking to reclaim the IP addresses they held. In Lu's case, Afrinic said he shouldn't be using the addresses outside Africa. Lu responded that he wasn't violating rules in place when he got the addresses... After some back-and-forth, Lu sued Afrinic in Mauritius to keep his allocated addresses, eventually filing dozens of lawsuits... One of the lawsuits that Lu filed in Mauritius prompted a court there to freeze Afrinic's bank accounts in July 2021, effectively paralyzing the organization and eventually sending it into receivership. The receivership choked off distributions of new IPv4 addresses, leaving the continent's service providers struggling to expand capacity...

In September, Afrinic elected a new board. Since then, some internet-service providers have been granted IPv4 addresses.

ChatGPT can browse the web, write code and analyze images, but ask it what time it is and you might get the correct answer, a confident wrong answer, or a polite refusal -- sometimes all three within minutes of each other.

The problem stems from how large language models work. These systems predict answers based on training data and don't receive constant real-time updates about things like time unless they specifically search the internet. AI robotics expert Yervant Kulbashian told The Verge that a language model "is only referencing things that have entered this space," comparing it to a castaway on an island stocked with books but no watch.

OpenAI can give ChatGPT access to system clocks, and does so through features like Search. But there are tradeoffs: every clock check consumes space in the model's context window, the finite portion of information it can hold at any given moment. Pasquale Minervini, a natural language processing researcher at the University of Edinburgh, said the leading models also struggle to read analog clock faces and have trouble with calendars.

Amazon's drone-delivery program is under federal scrutiny after an MK30 aircraft clipped an internet cable in Texas. CNBC reports: The incident occurred on Nov. 18 around 12:45 p.m. Central in Waco, Texas. After dropping off a package, one of Amazon's MK30 drones was ascending out of a customer's yard when one of its six propellers got tangled in a nearby internet cable, according to a video of the incident viewed and verified by CNBC. The video shows the Amazon drone shearing the wire line. The drone's motor then appeared to shut off and the aircraft landed itself, with its propellers windmilling slightly on the way down, the video shows. The drone appeared to remain in tact beyond some damage to one of its propellers.

The Federal Aviation Administration is investigating the incident, a spokesperson confirmed. The National Transportation Safety Board said the agency is aware of the incident but has not opened a probe into the matter. Amazon confirmed the incident to CNBC, saying that after clipping the internet cable, the drone performed a "safe contingent landing," referring to the process that allows its drones to land safely in unexpected conditions. "There were no injuries or widespread internet service outages. We've paid for the cable line's repair for the customer and have apologized for the inconvenience this caused them," an Amazon spokesperson told CNBC, noting that the drone had completed its package delivery.

An anonymous reader quotes a report from the Conversation: The line between human and machine authorship is blurring, particularly as it's become increasingly difficult to tell whether something was written by a person or AI. Now, in what may seem like a tipping point, the digital marketing firm Graphite recently published a study showing that more than 50% of articles on the web are being generated by artificial intelligence. [...]

It's important to clarify what's meant by "online content," the phrase used in the Graphite study, which analyzed over 65,000 randomly selected articles of at least 100 words on the web. These can include anything from peer-reviewed research to promotional copy for miracle supplements. A closer reading of the Graphite study shows that the AI-generated articles consist largely of general-interest writing: news updates, how-to guides, lifestyle posts, reviews and product explainers.

The primary economic purpose of this content is to persuade or inform, not to express originality or creativity. Put differently, AI appears to be most useful when the writing in question is low-stakes and formulaic: the weekend-in-Rome listicle, the standard cover letter, the text produced to market a business. A whole industry of writers -- mostly freelance, including many translators -- has relied on precisely this kind of work, producing blog posts, how-to material, search engine optimization text and social media copy. The rapid adoption of large language models has already displaced many of the gigs that once sustained them.

The dramatic loss of this work points toward another issue raised by the Graphite study: the question of authenticity, not only in identifying who or what produced a text, but also in understanding the value that humans attach to creative activity. How can you distinguish a human-written article from a machine-generated one? And does that ability even matter? Over time, that distinction is likely to grow less significant, particularly as more writing emerges from interactions between humans and AI... "If you set aside the more apocalyptic scenarios and assume that AI will continue to advance -- perhaps at a slower pace than in the recent past -- it's quite possible that thoughtful, original, human-generated writing will become even more valuable," writes author Francesco Agnellini, in closing.

"Put another way: The work of writers, journalists and intellectuals will not become superfluous simply because much of the web is no longer written by humans."

The roughly 500 fiber-optic cables lying on the ocean floor carry more than 95% of all internet data -- not satellites, as many might assume -- and they face growing threats from natural disasters, terrorists and nation-states capable of disrupting global communications by dragging anchors or deploying submarines against the infrastructure.

The cables are protected by layers of copper, steel, and plastics, but they remain vulnerable at multiple points: earthquakes can disturb them on the seafloor, and the connections where cables meet land-based infrastructure present targets for bad actors. National actors including Russia, China and the US possess the capability to attack these cables.

A bipartisan Senate bill co-sponsored by Democrat Jeanne Shaheen and Republican John Barrasso is under consideration. The legislation would require a report to Congress within six months on Chinese and Russian sabotage efforts, mandate sanctions against foreign parties responsible for attacks, and direct the US to provide more resources for cable protection and repair.

In an essay published in The Verge, Benjamin Riley argues that today's AI boom is built on a fundamental misunderstanding: language modeling is not the same as intelligence. "The problem is that according to current neuroscience, human thinking is largely independent of human language -- and we have little reason to believe ever more sophisticated modeling of language will create a form of intelligence that meets or surpasses our own," writes Riley. A user shares: The article goes on to point out that we use language to communicate. We use it to create metaphors to describe our reasoning. That people who have lost their language ability can still show reasoning. That human beings create knowledge when they become dissatisfied with the current metaphor. Einstein's theory of relativity was not based on scientific research. He developed it as thought experiment because he was dissatisfied with the existing metaphor. It quotes someone who said, "common sense is a collection of dead metaphors." And that AI, at best, can rearrange those dead metaphors in interesting ways. But it will never be dissatisfied with the data it has or an existing metaphor.

A different critique (PDF) has pointed out that even as a language model AI is flawed by its reliance on the internet. The languages used on the internet are unrepresentative of the languages in the world. And other languages contain unique descriptions/metaphors that are not found on the internet. My metaphor for what was discussed was the descriptions of the kinds of snow that exist in Inuit languages that describe qualities nowhere found in European languages. If those metaphors aren't found on the internet, AI will never be able create them.

This does not mean that AI isn't useful. But it is not remotely human intelligence. That is just a poor metaphor. We need a better one. Benjamin Riley is the founder of Cognitive Resonance, a new venture to improve understanding of human cognition and generative AI.

An anonymous reader quotes a report from Wired: Hacker conferences -- like all conventions -- are notorious for giving attendees a parting gift of mystery illness. To combat "con crud," New Zealand's premier hacker conference, Kawaiicon, quietly launched a real-time, room-by-room carbon dioxide monitoring system for attendees. To get the system up and running, event organizers installed DIY CO2 monitors throughout the Michael Fowler Centre venue before conference doors opened on November 6. Attendees were able to check a public online dashboard for clean air readings for session rooms, kids' areas, the front desk, and more, all before even showing up. "It's ALMOST like we are all nerds in a risk-based industry," the organizers wrote on the convention's website. "What they did is fantastic," Jeff Moss, founder of the Defcon and Black Hat security conferences, told WIRED. "CO2 is being used as an approximation for so many things, but there are no easy, inexpensive network monitoring solutions available. Kawaiicon building something to do this is the true spirit of hacking." [...]

Kawaiicon's work began one month before the conference. In early October, organizers deployed a small fleet of 13 RGB Matrix Portal Room CO2 Monitors, an ambient carbon dioxide monitor DIY project adapted from US electronics and kit company Adafruit Industries. The monitors were connected to an Internet-accessible dashboard with live readings, daily highs and lows, and data history that showed attendees in-room CO2 trends. Kawaiicon tested its CO2 monitors in collaboration with researchers from the University of Otago's public health department. The Michael Fowler Centre is a spectacular blend of Scandinavian brutalism and interior woodwork designed to enhance sound and air, including two grand pou -- carved Mori totems -- next to the main entrance that rise through to the upper foyers. Its cathedral-like acoustics posed a challenge to Kawaiicon's air-hacking crew, which they solved by placing the RGB monitors in stereo. There were two on each level of the Main Auditorium (four total), two in the Renouf session space on level 1, plus monitors in the daycare and Kuracon (kids' hacker conference) areas. To top it off, monitors were placed in the Quiet Room, at the Registration Desk, and in the Green Room.

Kawaiicon's attendees could quickly check the conditions before they arrived and decide how to protect themselves accordingly. At the event, WIRED observed attendees checking CO2 levels on their phones, masking and unmasking in different conference areas, and watching a display of all room readings on a dashboard at the registration desk. In each conference session room, small wall-mounted monitors displayed stoplight colors showing immediate conditions: green for safe, orange for risky, and red to show the room had high CO2 levels, the top level for risk. Colorful custom-made Kawaiicon posters by New Zealand artist Pepper Raccoon placed throughout the Michael Fowler Centre displayed a QR code, making the CO2 dashboard a tap away, no matter where they were at the conference. Resources, parts lists, and assembly guides can be found here.

Pew Research surveyed 5,022 Americans this year (between February 5 and June 18), asking them "do you ever use" YouTube, Facebook, and nine of the other top social media platforms. The results?

YouTube	84%
Facebook	71%
Instagram	50%
TikTok	37%
WhatsApp	32%
Reddit	26%
Snapchat	25%
X.com (formerly Twitter)	21%
Threads	8%
Bluesky	4%
Truth Social	3%

An announcement from Pew Research adds some trends and demographics: The Center has long tracked use of many of these platforms. Over the past few years, four of them have grown in overall use among U.S. adults — TikTok, Instagram, WhatsApp and Reddit. 37% of U.S. adults report using TikTok, which is slightly up from last year and up from 21% in 2021. Half of U.S. adults now report using Instagram, which is on par with last year but up from 40% in 2021. About a third say they use WhatsApp, up from 23% in 2021. And 26% today report using Reddit, compared with 18% four years ago.

While YouTube and Facebook continue to sit at the top, the shares of Americans who report using them have remained relatively stable in recent years... YouTube and Facebook are the only sites asked about that a majority in all age groups use, though for YouTube, the youngest adults are still the most likely to do so. This differs from Facebook, where 30- to 49-year-olds most commonly say they use it (80%).
Other interesting statistics:

• "More than half of women report using Instagram (55%), compared with under half of men (44%). Alternatively, men are more likely to report using platforms such as X and Reddit."

• "Democrats and Democratic-leaning independents are more likely to report using WhatsApp, Reddit, TikTok, Bluesky and Threads."

In October cryptologist/CS professor Daniel J. Bernstein alleged that America's National Security Agency (and its UK counterpart GCHQ) were attempting to influence NIST to adopt weaker post-quantum cryptography standards without a "hybrid" approach that would've also included pre-quantum ECC.

Bernstein is of the opinion that "Given how many post-quantum proposals have been broken and the continuing flood of side-channel attacks, any competent engineering evaluation will conclude that the best way to deploy post-quantum [PQ] encryption for TLS, and for the Internet more broadly, is as double encryption: post-quantum cryptography on top of ECC." But he says he's seen it playing out differently: By 2013, NSA had a quarter-billion-dollar-a-year budget to "covertly influence and/or overtly leverage" systems to "make the systems in question exploitable"; in particular, to "influence policies, standards and specification for commercial public key technologies". NSA is quietly using stronger cryptography for the data it cares about, but meanwhile is spending money to promote a market for weakened cryptography, the same way that it successfully created decades of security failures by building up the market for, e.g., 40-bit RC4 and 512-bit RSA and Dual EC. I looked concretely at what was happening in IETF's TLS working group, compared to the consensus requirements for standards-development organizations. I reviewed how a call for "adoption" of an NSA-driven specification produced a variety of objections that weren't handled properly. ("Adoption" is a preliminary step before IETF standardization....) On 5 November 2025, the chairs issued "last call" for objections to publication of the document. The deadline for input is "2025-11-26", this coming Wednesday.
Bernstein also shares concerns about how the Internet Engineering Task Force is handling the discussion, and argues that the document is even "out of scope" for the IETF TLS working group This document doesn't serve any of the official goals in the TLS working group charter. Most importantly, this document is directly contrary to the "improve security" goal, so it would violate the charter even if it contributed to another goal... Half of the PQ proposals submitted to NIST in 2017 have been broken already... often with attacks having sufficiently low cost to demonstrate on readily available computer equipment. Further PQ software has been broken by implementation issues such as side-channel attacks.
He's also concerned about how that discussion is being handled: On 17 October 2025, they posted a "Notice of Moderation for Postings by D. J. Bernstein" saying that they would "moderate the postings of D. J. Bernstein for 30 days due to disruptive behavior effective immediately" and specifically that my postings "will be held for moderation and after confirmation by the TLS Chairs of being on topic and not disruptive, will be released to the list"...

I didn't send anything to the IETF TLS mailing list for 30 days after that. Yesterday [November 22nd] I finished writing up my new objection and sent that in. And, gee, after more than 24 hours it still hasn't appeared... Presumably the chairs "forgot" to flip the censorship button off after 30 days.
Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

"Security, development, and AI now move as one," says Microsoft's director of cloud/AI security product marketing.

Microsoft and GitHub "have launched a native integration between Microsoft Defender for Cloud and GitHub Advanced Security that aims to address what one executive calls decades of accumulated security debt in enterprise codebases..." according to The New Stack: The integration, announced this week in San Francisco at the Microsoft Ignite 2025 conference and now available in public preview, connects runtime intelligence from production environments directly into developer workflows. The goal is to help organizations prioritize which vulnerabilities actually matter and use AI to fix them faster. "Throughout my career, I've seen vulnerability trends going up into the right. It didn't matter how good of a detection engine and how accurate our detection engine was, people just couldn't fix things fast enough," said Marcelo Oliveira, VP of product management at GitHub, who has spent nearly a decade in application security. "That basically resulted in decades of accumulation of security debt into enterprise code bases." According to industry data, critical and high-severity vulnerabilities constitute 17.4% of security backlogs, with a mean time to remediation of 116 days, said Andrew Flick, senior director of developer services, languages and tools at Microsoft, in a blog post. Meanwhile, applications face attacks as frequently as once every three minutes, Oliveira said.

The integration represents the first native link between runtime intelligence and developer workflows, said Elif Algedik, director of product marketing for cloud and AI security at Microsoft, in a blog post... The problem, according to Flick, comes down to three challenges: security teams drowning in alert fatigue while AI rapidly introduces new threat vectors that they have little time to understand; developers lacking clear prioritization while remediation takes too long; and both teams relying on separate, nonintegrated tools that make collaboration slow and frustrating... The new integration works bidirectionally. When Defender for Cloud detects a vulnerability in a running workload, that runtime context flows into GitHub, showing developers whether the vulnerability is internet-facing, handling sensitive data or actually exposed in production. This is powered by what GitHub calls the Virtual Registry, which creates code-to-runtime mapping, Flick said...

In the past, this alert would age in a dashboard while developers worked on unrelated fixes because they didn't know this was the critical one, he said. Now, a security campaign can be created in GitHub, filtering for runtime risk like internet exposure or sensitive data, notifying the developer to prioritize this issue.
GitHub Copilot "now automatically checks dependencies, scans for first-party code vulnerabilities and catches hardcoded secrets before code reaches developers," the article points out — but GitHub's VP of product management says this takes things even further.

"We're not only helping you fix existing vulnerabilities, we're also reducing the number of vulnerabilities that come into the system when the level of throughput of new code being created is increasing dramatically with all these agentic coding agent platforms."

"The internet did transform work — but not the way 1998 thought..." argues the Wall Street Journal. "The internet slipped inside almost every job and rewired how work got done."

So while the number of single-task jobs like travel agent dropped, most jobs "are bundles of judgment, coordination and hands-on work," and instead the internet brought "the quiet transformation of nearly every job in the economy... Today, just 10% of workers make minimal use of the internet on the job — roles like butcher and carpet installer." [T]he bigger story has been additive. In 1998, few could conceive of social media — let alone 65,000 social-media managers — and 200,000 information-security analysts would have sounded absurd when data still lived on floppy disks... Marketing shifted from campaign bursts to always-on funnels and A/B testing. Clinics embedded e-prescribing and patient portals, reshaping front-office and clinical handoffs. The steps, owners and metrics shifted. Only then did the backbone scale: We went from server closets wedged next to the mop sink to data centers and cloud regions, from lone system administrators to fulfillment networks, cybersecurity and compliance.

That is where many unexpected jobs appeared. Networked machines and web-enabled software quietly transformed back offices as much as our on-screen lives. Similarly, as e-commerce took off, internet-enabled logistics rewired planning roles — logisticians, transportation and distribution managers — and unlocked a surge in last-mile work. The build-out didn't just hire coders; it hired coordinators, pickers, packers and drivers. It spawned hundreds of thousands of warehouse and delivery jobs — the largest pockets of internet-driven job growth, and yet few had them on their 1998 bingo card... Today, the share of workers in professional and managerial occupations has more than doubled since the dawn of the digital era.

So what does that tell us about AI? Our mental model often defaults to an industrial image — John Henry versus the steam drill — where jobs are one dominant task, and automation maps one-to-one: Automate the task, eliminate the job. The internet revealed a different reality: Modern roles are bundles. Technologies typically hit routine tasks first, then workflows, and only later reshape jobs, with second-order hiring around the backbone. That complexity is what made disruption slower and more subtle than anyone predicted. AI fits that pattern more than it breaks it... [LLMs] can draft briefs, summarize medical notes and answer queries. Those are tasks — important ones — but still parts of larger roles. They don't manage risk, hold accountability, reassure anxious clients or integrate messy context across teams. Expect a rebalanced division of labor: The technical layer gets faster and cheaper; the human layer shifts toward supervision, coordination, complex judgment, relationship work and exception handling.

What to expect from AI, then, is messy, uneven reshuffling in stages. Some roles will contract sharply — and those contractions will affect real people. But many occupations will be rewired in quieter ways. Productivity gains will unlock new demand and create work that didn't exist, alongside a build-out around data, safety, compliance and infrastructure.

AI is unprecedented; so was the internet. The real risk is timing: overestimating job losses, underestimating the long, quiet rewiring already under way, and overlooking the jobs created in the backbone. That was the internet's lesson. It's likely to be AI's as well.

For nearly three years OpenAI has touted ChatGPT as a "revolutionary" (and work-transforming) productivity tool, reports the Washington Post.

But after analyzing 47,000 ChatGPT conversations, the Post found that users "are overwhelmingly turning to the chatbot for advice and companionship, not productivity tasks." The Post analyzed a collection of thousands of publicly shared ChatGPT conversations from June 2024 to August 2025. While ChatGPT conversations are private by default, the conversations analyzed were made public by users who created shareable links to their chats that were later preserved in the Internet Archive and downloaded by The Post. It is possible that some people didn't know their conversations would become publicly preserved online. This unique data gives us a glimpse into an otherwise black box...

Overall, about 10 percent of the chats appeared to show people talking about their emotions, role-playing, or seeking social interactions with the chatbot. Some users shared highly private and sensitive information with the chatbot, such as information about their family in the course of seeking legal advice. People also sent ChatGPT hundreds of unique email addresses and dozens of phone numbers in the conversations... Lee Rainie, director of the Imagining the Digital Future Center at Elon University, said that it appears ChatGPT "is trained to further or deepen the relationship." In some of the conversations analyzed, the chatbot matched users' viewpoints and created a personalized echo chamber, sometimes endorsing falsehoods and conspiracy theories.
Four of ChatGPT's answers about health problems got a failing score from a chair of medicine at the University of California San Francisco, the Post points out. But four other answers earned a perfect score.