Michael Burry, the investor made famous for his bet against the US housing market ahead of the 2008 financial crisis, is closing his hedge fund [non-paywalled source] as he warned that market valuations had become unhinged from fundamentals. From a report: Scion Asset Management this week terminated its registration with US securities regulators, according to a Securities and Exchange Commission database. Burry told investors that he would "liquidate the funds and return capital -- but for a small audit/tax holdback -- by year's end," according to two people with direct knowledge of a letter he sent to investors.

"My estimation of value in securities is not now, and has not been for some time, in sync with the markets," said the letter, which was dated October 27. The move to close Scion comes as some investors have become concerned that markets are trading at frothy levels after years of strong returns. Those jitters flared up on Thursday, with the tech-heavy Nasdaq Composite sliding nearly 2%. Still, the big gains for tech stocks this year, driven by hopes that artificial intelligence will transform business and society, have left valuations at lofty heights compared with their average in recent years.

Tim Berners-Lee thinks AI will help the web, not destroy it. The inventor of the World Wide Web has spent years warning about platform concentration and social media's corrosive effects, but he views AI differently. AI has accomplished what his Semantic Web project could not. The technology extracts structured data from websites regardless of how the information was formatted. Berners-Lee spent decades trying to convince database owners to make their systems machine-readable voluntarily. AI companies simply took the data anyway. They achieved the machine-readable internet through extraction rather than cooperation, but the result is the same.

Berners-Lee also weighed in on the growing browser competition in the market. OpenAI released Atlas a few weeks ago. Perplexity has launched Comet. Google has expanded AI features in Chrome. All these browsers run on Chromium, which Berners-Lee acknowledges is not ideal, but conceded that browser engines are expensive to build. He thinks Apple's decision to restrict iPhones to WebKit prevents web apps from competing with native apps.

The nonprofit Dust-to-Digital Foundation is making thousands of historic songs accessible to the public for free through a new partnership with the University of California, Santa Barbara. The songs represent "some of the rarest and most uniquely American music borne from the Jazz Age and the Great Depression," according to the university, and classic blues recordings or tracks by Fiddlin' John Carson and his daughter Moonshine Kate "would have likely been lost to landfills and faded from memory."

Launched in 1999 by Lance and April Ledbetter, Dust-to-Digital focused on preserving hard-to-find music. Originally a commercial label producing high-quality box sets (along with CDs, records, and books), it established a nonprofit foundation in 2010, working closely with collectors to digitize and preserve record collections. And there's an interesting story about how they became familiar with library curator David Seubert... Once a relationship is established, Dust-to-Digital sets up special turntables and laptops in a collector's home, with paid technicians painstakingly digitizing and labeling each record, one song at a time. Depending on the size of the collection, the process can take months, even years... In 2006, they heard about Seubert's Cylinder Preservation and Digitization Project getting "slashdotted," a term that describes when a website crashes or receives a sudden and debilitating spike in traffic after being mentioned in an article on Slashdot.
Here in 2025, the university's library already has over 50,000 songs in a Special Research Collections, which they've been uploading it to a Discography of American Historical Recordings (DAHR) database. ("Recordings in the public domain are also available for free download, in keeping with the UCSB Library's mission for open access.") Over 5,000 more songs from Dust-to-Digital have already been added, says library curator Seubert, and "Thousands more are in the pipeline."

One interest detail? The bulk of the new songs come from Joe Bussard, a man whose 75-year obsession with record collecting earned him the name "the king of the record collectors and "the saint of 78s".

"According to court filings and interviews with lawyers and scholars, the legal profession in recent months has increasingly become a hotbed for AI blunders," reports the New York Times: Earlier this year, a lawyer filed a motion in a Texas bankruptcy court that cited a 1985 case called Brasher v. Stewart. Only the case doesn't exist. Artificial intelligence had concocted that citation, along with 31 others. A judge blasted the lawyer in an opinion, referring him to the state bar's disciplinary committee and mandating six hours of A.I. training.

That filing was spotted by Robert Freund, a Los Angeles-based lawyer, who fed it to an online database that tracks legal A.I. misuse globally. Mr. Freund is part of a growing network of lawyers who track down A.I. abuses committed by their peers, collecting the most egregious examples and posting them online. The group hopes that by tracking down the A.I. slop, it can help draw attention to the problem and put an end to it... [C]ourts are starting to map out punishments of small fines and other discipline. The problem, though, keeps getting worse. That's why Damien Charlotin, a lawyer and researcher in France, started an online database in April to track it.

Initially he found three or four examples a month. Now he often receives that many in a day. Many lawyers... have helped him document 509 cases so far. They use legal tools like LexisNexis for notifications on keywords like "artificial intelligence," "fabricated cases" and "nonexistent cases." Some of the filings include fake quotes from real cases, or cite real cases that are irrelevant to their arguments. The legal vigilantes uncover them by finding judges' opinions scolding lawyers...

Court-ordered penalties "are not having a deterrent effect," said Freund, who has publicly flagged more than four dozen examples this year. "The proof is that it continues to happen."

Mark Zuckerberg opened an unlicensed school named after the family's pet chicken -- and it was the final straw for his neighbors, writes Slashdot reader joshuark, citing a report from Wired. The magazine obtained 1,665 pages of documents about the neighborhood dispute -- "including 311 records, legal filings, construction plans, and emails." Here are excerpts from the report: The documents reveal that the school may have been operating as early as 2021 without a permit to operate in the city of Palo Alto. As many as 30 students might have enrolled, according to observations from neighbors. [...] Over time, neighbors became fed up with what they argued was the city's lack of action, particularly with respect to the school. Some believed that the delay was because of preferential treatment to the Zuckerbergs. "We find it quite remarkable that you are working so hard to meet the needs of a single billionaire family while keeping the rest of the neighborhood in the dark," reads one email sent to the city's Planning and Development Services Department in February. "Just as you have not earned our trust, this property owner has broken many promises over the years, and any solution which depends on good faith behavioral changes from them is a failure from the beginning." [...]

In order for the Zuckerbergs to run a private school on their land, which is in a residential zone, they need a "conditional use" permit from the city. However, based on the documents WIRED obtained, and Palo Alto's public database of planning applications, the Zuckerbergs do not appear to have ever applied for or received this permit. Per emails obtained by WIRED, Palo Alto authorities told a lawyer working with the Zuckerbergs in March 2025 that the family had to shut down the school on its compound by June 30. [...] However, Zuckerberg family spokesperson Brian Baker tells WIRED that the school didn't close, per se. It simply moved. It's not clear where it is now located, or whether the school is operating under a different name. [...] Most of the Zuckerbergs' neighbors did not respond to WIRED's request for comment. However, the ones that did clearly indicated that they would not be forgetting the Bicken Ben saga, or the past decade of disruption, anytime soon.

An anonymous reader quotes a report from the Associated Press: Google Maps is heading in a new direction with artificial intelligence sitting in the passenger's seat. Fueled by Google's Gemini AI technology, the world's most popular navigation app will become a more conversational companion as part of a redesign announced Wednesday. The hands-free experience is meant to turn Google Maps into something more like an insightful passenger able to direct a driver to a destination while also providing nearby recommendations on places to eat, shop or sightsee, when asked for the advice. "No fumbling required -- now you can just ask," Google promised in a blog post about the app makeover.

The AI features are also supposed to enable Google Maps to be more precise by calling out landmarks to denote the place to make a turn instead of relying on distance notifications. AI chatbots, like Gemini and OpenAI's ChatGPT, have sometimes lapsed into periods of making things up -- known as "hallucinations" in tech speak -- but Google is promising that built-in safeguards will prevent Maps from accidentally sending drivers down the wrong road. All the information that Gemini is drawing upon will be culled from the roughly 250 million places stored in Google Maps' database of reviews accumulated during the past 20 years. Google Maps' new AI capabilities will be rolling out to both Apple's iPhone and Android mobile devices.

A massive cyberattack on Swedish IT supplier Miljodata exposed personal data from up to 1.5 million citizens, prompting a national privacy investigation and scrutiny into security failures across multiple municipalities. BleepingComputer reports: MiljÃdata is an IT systems supplier for roughly 80% of Sweden's municipalities. The company disclosed the incident on August 25, saying that the attackers stole data and demanded 1.5 Bitcoin to not leak it. The attack caused operational disruptions that affected citizens in multiple regions in the country, including Halland, Gotland, Skelleftea, Kalmar, Karlstad, and Monsteras.

Because of the large impact, the state monitored the situation from the time of disclosure, with CERT-SE and the police starting to investigate immediately. According to IMY, the attacker exposed on the dark web data that corresponds to 1.5 million people in the country, creating the basis for investigating potential General Data Protection Regulation (GDPR) violations. [...] Although no ransomware groups had claimed the attack when Miljodata disclosed the incident, BleepingComputer found that the threat group Datacarry posted the stolen data on its dark web portal on September 13. The leaked database has been added to Have I Been Pwned, which contains information such as names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth.

An anonymous reader quotes a report from Ars Technica: On Monday afternoon, Amazon confirmed that an outage affecting Amazon Web Services' cloud hosting, which had impacted millions across the Internet, had been resolved. Considered the worst outage since last year's CrowdStrike chaos, Amazon's outage caused "global turmoil," Reuters reported. AWS is the world's largest cloud provider and, therefore, the "backbone of much of the Internet," ZDNet noted. Ultimately, more than 28 AWS services were disrupted, causing perhaps billions in damages, one analyst estimated for CNN.

[...] Amazon's problems originated at a US site that is its "oldest and largest for web services" and often "the default region for many AWS services," Reuters noted. The same site has experienced two outages before in 2020 and 2021, but while the tech giant had confirmed that those prior issues had been "fully mitigated," apparently the fixes did not ensure stability into 2025. ZDNet noted that Amazon's first sign of the outage was "increased error rates and latency across numerous key services" tied to its cloud database technology. Although "engineers later identified a Domain Name System (DNS) resolution problem" as the root of these issues and quickly fixed it, "other AWS services began to fail in its wake, leaving the platform still impaired" as more than two dozen AWS services shut down. At the peak of the outage on Monday, Down Detector tracked more than 8 million reports globally from users panicked by the outage, ZDNet reported. Ken Birman, a computer science professor at Cornell University, told Reuters that "software developers need to build better fault tolerance."

"When people cut costs and cut corners to try to get an application up, and then forget that they skipped that last step and didn't really protect against an outage, those companies are the ones who really ought to be scrutinized later."

"Windows 10 is officially dead," writes Slashdot user darwinmac, "and the vultures are circling. Or maybe they are liberators, depending on your point of view." Neowin reports: Of all the projects trying to poach Windows users, Zorin Group might be the most aggressive, launching its biggest OS upgrade, Zorin OS 18, on the very day Windows 10 died. In a recent post on X, Zorin Group celebrated the launch of version 18, claiming that it hit 100,000 downloads in "a little over 2 days". The company called it its "biggest launch ever" and claimed that over 72% of those downloads came from Windows...

Zorin OS 18 now includes an updated version of WINE 10 for better support of Windows software. On top of that, there's also an expanded database that helps when it detects a Windows installer. The system checks the file and suggests the best way to run over 170 popular apps, whether that means installing a native Linux version, using the web-based alternative, or firing it up through WINE.
The article also notes LibreOffice's creators have been presenting Linux as a secure and cost-effective alternative since June, and "We have also seen initiatives like The "End of 10" Campaign by KDE, making the case for Linux and providing guides and info on how to switch."

An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote Dictionary Server) is an open-source data structure store used in approximately 75% of cloud environments, functioning like a database, cache, and message broker, and storing data in RAM for ultra-fast access. The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default). Successful exploitation enables them to escape the Lua sandbox, trigger a use-after-free, establish a reverse shell for persistent access, and achieve remote code execution on the targeted Redis hosts.

After compromising a Redis host, attackers can steal credentials, deploy malware or cryptocurrency mining tools, extract sensitive data from Redis, move laterally to other systems within the victim's network, or use stolen information to gain access to other cloud services. "This grants an attacker full access to the host system, enabling them to exfiltrate, wipe, or encrypt sensitive data, hijack resources, and facilitate lateral movement within cloud environments," said Wiz researchers, who reported the security issue at Pwn2Own Berlin in May 2025 and dubbed it RediShell.

While successful exploitation requires attackers first to gain authenticated access to a Redis instance, Wiz found around 330,000 Redis instances exposed online, with at least 60,000 of them not requiring authentication. Redis and Wiz urged admins to patch their instances immediately by applying security updates released on Friday, "prioritizing those that are exposed to the internet." To further secure their Redis instances against remote attacks, admins can also enable authentication, disable Lua scripting and other unnecessary commands, launch Redis using a non-root user account, enable Redis logging and monitoring, limit access to authorized networks only, and implement network-level access controls using firewalls and Virtual Private Clouds (VPCs).

Currently DNA synthesis companies "deploy biosecurity software designed to guard against nefarious activity," reports the Washington Post, "by flagging proteins of concern — for example, known toxins or components of pathogens." But Microsoft researchers discovered "up to 100 percent" of AI-generated ricin-like proteins evaded detection — and worked with a group of leading industry scientists and biosecurity experts to design a patch. Microsoft's chief science officer called it "a Windows update model for the planet.

"We will continue to stay on it and send out patches as needed, and also define the research processes and best practices moving forward to stay ahead of the curve as best we can."

But is that enough? Outside biosecurity experts applauded the study and the patch, but said that this is not an area where one single approach to biosecurity is sufficient. "What's happening with AI-related science is that the front edge of the technology is accelerating much faster than the back end ... in managing the risks," said David Relman, a microbiologist at Stanford University School of Medicine. "It's not just that we have a gap — we have a rapidly widening gap, as we speak. Every minute we sit here talking about what we need to do about the things that were just released, we're already getting further behind."
The Washington Post notes not every company deploys biosecurity software. But "A different approach, biosecurity experts say, is to ensure AI software itself is imbued with safeguards before digital ideas are at the cusp of being brought into labs for research and experimentation." "The only surefire way to avoid problems is to log all DNA synthesis, so if there is a worrisome new virus or other biological agent, the sequence can be cross-referenced with the logged DNA database to see where it came from," David Baker, who shared the Nobel Prize in chemistry for his work on proteins, said in an email.

Amazon will be adding facial recognition to its camera-equipped Ring doorbells for the first time in December, according to the Washington Post.

"While the feature will be optional for Ring device owners, privacy advocates say it's unfair that wherever the technology is in use, anyone within sight will have their faces scanned to determine who's a friend or stranger." The Ring feature is "invasive for anyone who walks within range of your Ring doorbell," said Calli Schroeder, senior counsel at the consumer advocacy and policy group Electronic Privacy Information Center. "They are not consenting to this." Ring spokeswoman Emma Daniels said that Ring's features empower device owners to be responsible users of facial recognition and to comply with relevant laws that "may require obtaining consent prior to identifying people..."

Other companies, including Google, already offer facial recognition for connected doorbells and cameras. You might use similar technology to unlock your iPhone or tag relatives in digital photo albums. But privacy watchdogs said that Ring's use of facial recognition poses added risks, because the company's products are embedded in our neighborhoods and have a history of raising social, privacy and legal questions... It's typically legal to film in public places, including your doorway. And in most of the United States, your permission is not legally required to collect or use your faceprint. Privacy experts said that Ring's use of the technology risks crossing ethical boundaries because of its potential for widespread use in residential areas without people's knowledge or consent.

You choose to unlock your iPhone by scanning your face. A food delivery courier, a child selling candy or someone walking by on the sidewalk is not consenting to have their face captured, stored and compared against Ring's database, said Adam Schwartz, privacy litigation director for the consumer advocacy group Electronic Frontier Foundation. "It's troubling that companies are making a product that by design is taking biometric information from people who are doing the innocent act of walking onto a porch," he said.
Ring's spokesperson said facial recognition won't be available some locations, according to the article, including Texas and Illinois, which passed laws fining companies for collecting face information without permission. But the Washington Post heard another possible worst-case scenario from Calli Schroeder, senior counsel at the consumer advocacy and policy group Electronic Privacy Information Center: databases of identified faces being stolen by cyberthieves, misused by Ring employees, or shared with outsiders such as law enforcement.

Amazon says they're "reuniting lost dogs through the power of AI," in their announcement this week, thanks to "an AI-powered community feature that enables your outdoor Ring cameras to help reunite lost dogs with their families... When a neighbor reports a lost dog in the Ring app, nearby outdoor Ring cameras automatically begin scanning for potential matches."

Amazon calls it an example of their vision for "tools that make it easier for neighbors to look out for each other, and create safer, more connected communities." They're also 10x zoom, enhanced low-light performance, 2K and 4K resolutions, and "advanced AI tuning" for video...

An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

An analysis of a literature database finds that text-generating AI tools -- including ChatGPT and Gemini -- can be used to rewrite scientific papers and produce 'copycat' versions that are then passed off as new research. Nature: In a preprint posted on medRxiv on 12 September, researchers identified more than 400 such papers published in 112 journals over the past 4.5 years, and demonstrated that AI-generated biomedicine studies could evade publishers' anti-plagiarism checks.

The study's authors warn that individuals and paper mills -- companies that produce fake papers to order and sell authorships -- might be exploiting publicly available health data sets and using large language models (LLMs) to mass-produce low-quality papers that lack scientific value.

"If left unaddressed, this AI-based approach can be applied to all sorts of open-access databases, generating far more papers than anyone can imagine," says Csaba Szabo, a pharmacologist at the University of Fribourg in Switzerland, who was not involved in the work. "This could open up Pandora's box [and] the literature may be flooded with synthetic papers."

Customs and Border Protection collected DNA from nearly 2,000 US citizens between 2020 and 2024 and sent the samples to the FBI's CODIS crime database, according to Georgetown Law's Center on Privacy & Technology analysis of newly released government data. The collection included approximately 95 minors, some as young as 14, and travelers never charged with crimes.

Congress never authorized DNA collection from citizens, children or civil detainees. DHS has contributed 2.6 million profiles to CODIS since 2020, with 97% collected under civil rather than criminal authority. The expansion followed a 2020 Justice Department rule that revoked DHS's waiver from DNA collection requirements. Former FBI director Christopher Wray testified in 2023 that monthly DNA submissions jumped from a few thousand to 92,000, creating a backlog of 650,000 unprocessed kits. Georgetown researchers project DHS could account for one-third of CODIS by 2034. The DHS Inspector General found in 2021 that the department lacked central oversight of DNA collection.

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting "promising approaches that should be more widely used" and "areas where more work is needed." There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities are found. More development should be shifted to safer languages that make vulnerabilities and attacks less likely. We also need to find ways to fund open source development to make it less susceptible to takeover by the mere offer of free help. Relatively small investments in OpenSSL and XZ development could have prevented both the Heartbleed vulnerability and the XZ attack.
Some highlights from the 5,000-word article:

• Make Builds Reproducible. "The Reproducible Builds project aims to raise awareness of reproducible builds generally, as well as building tools to help progress toward complete reproducibility for all Linux software. The Go project recently arranged for Go itself to be completely reproducible given only the source code... A build for a given target produces the same distribution bits whether you build on Linux or Windows or Mac, whether the build host is X86 or ARM, and so on. Strong reproducibility makes it possible for others to easily verify that the binaries posted for download match the source code..."

• Prevent Vulnerabilities. "The most secure software dependencies are the ones not used in the first place: Every dependency adds risk... Another good way to prevent vulnerabilities is to use safer programming languages that remove error-prone language features or make them needed less often..."

• Authenticate Software. ("Cryptographic signatures make it impossible to nefariously alter code between signing and verifying. The only problem left is key distribution...") "The Go checksum database is a real-world example of this approach that protects millions of Go developers. The database holds the SHA256 checksum of every version of every public Go module..."

• Fund Open Source. [Cox first cites the XKCD cartoon "Dependencies," calling it "a disturbingly accurate assessment of the situation..."] "The XZ attack is the clearest possible demonstration that the problem is not fixed. It was enabled as much by underfunding of open source as by any technical detail."

The article also emphasized the importance of finding and fixing vulnerabilities quickly, arguing that software attacks must be made more difficult and expensive.

"We use source code downloaded from strangers on the Internet in our most critical applications; almost no one is checking the code.... We all have more work to do."

Google Tables, a work-tracking tool and competitor to the popular spreadsheet-database hybrid Airtable, is shutting down. TechCrunch: In an email sent to Tables users this week, Google said the app will not be supported after December 16, 2025, and advised that users export or migrate their data to either Google Sheets or AppSheet instead, depending on their needs.

Launched in 2020, Tables focused on making project tracking more efficient with automation. It was one of the many projects to emerge from Google's in-house app incubator, Area 120, which at the time was devoted to cranking out a number of experimental projects. Some of these projects later graduated to become a part of Google's core offerings across Cloud, Search, Shopping, and more. Tables was one of those early successes: Google said in 2021 that the service was moving from a beta test to become an official Google Cloud product. At the time, the company said it saw Tables as a potential solution for a variety of use cases, including project management, IT operations, customer service tracking, CRM, recruiting, product development and more.

A new study published in Nature links more than 200 severe heat waves directly to greenhouse gas pollution from major fossil fuel producers like ExxonMobil, Chevron, and BP. Researchers found that up to a quarter of these heat waves would have been virtually impossible without emissions from oil, coal, and cement companies. NPR reports: The new study, published Wednesday in the journal Nature, found that 213 heat waves were substantially more likely and intense because of the activity of major fossil fuel producers, also called carbon majors. They include oil, coal and cement companies, as well as some countries. The scientists found as much as a quarter of the heat waves would be "virtually impossible" without the climate pollution from major fossil fuel producers. Some individual fossil fuel companies, such as ExxonMobil, Chevron and BP, had emissions high enough to cause some of the more extreme heat waves, the research found.

For the new study, the scientists looked at something called the disaster database, a global list of disasters maintained by university researchers, to identify heat waves "with significant casualties, economic losses and calls for international assistance. The scientists then used historical reconstructions and statistical models to see how human-caused global warming made each heat wave more likely and more intense. Then, to examine the link to major fossil fuel producers, the researchers relied on the Carbon Majors Database to understand the emissions of major oil, gas, coal and cement producers.

"We ran a climate model to reconstruct the historical period, and then we ran it again but without the emissions of a specific carbon major, thus deducing its contribution to global warming," Yann Quilcaille, climate scientist at ETH Zurich and lead author of the study, says in an email. While some of the contributions to heat waves came from larger well-known fossil fuel companies, the study found that some smaller, lesser-known fossil fuel companies are producing enough greenhouse gas emissions to cause heat waves too, Quilcaille says.

An anonymous reader shares a report: The Darwin Awards are being extended to include examples of misadventures involving overzealous applications of AI. Nominations are open for the 2025 AI Darwin Awards and the list of contenders is growing, fueled by a tech world weary of AI and evangelists eager to shove it somewhere inappropriate.

There's the Taco Bell drive-thru incident, where the chain catastrophically overestimated AI's ability to understand customer orders. Or the Replit moment, where a spot of vibe coding nuked a production database, despite instructions from the user not to fiddle with code without permission. Then there's the woeful security surrounding an AI chatbot used to screen applicants at McDonald's, where feeding in a password of 123456 gave access to the details of 64 million job applicants.

The Washington Post covers "a string of false reports of active shooters at a dozen U.S. universities this month as students returned to campus." The FBI is investigating the incidents, according to a spokesperson who declined to specify the nature of the probe. While universities have proved a popular swatting target, the agency "is seeing an increase in swatting events across the country," the FBI spokesperson said... Local officials are frustrated by the anonymous calls tying up first responders, straining public safety budgets and needlessly traumatizing college students who grew up in an era in which gun violence has in some way shaped their school experience...

The recent string of swattings began Thursday with a false report to the University of Tennessee at Chattanooga, quickly followed by one about Villanova University later that day. Hoaxes at 10 more schools followed... Villanova also received a second threat. As the calls about shootings came in, officials on many of the campuses pushed out emergency notifications directing students and employees to shelter in place, while police investigated what turned out to be false reports. (Iowa State was able to verify the lack of a threat before a campuswide alert was sent, its police chief said. [They had a live video feed from the location the caller claimed to be from.]) In at least three cases, 911 calls reporting a shooting purported to come from campus libraries, where the sound of gunshots could be heard over the phone, officials told The Washington Post...

Although false bomb reports, shooter threats and swatting incidents are not new, bad actors used to be more easily traceable through landline phones. But the era of internet-based services, virtual private networks, and anonymous text and chat tools has made unmasking hoax callers far more challenging... In 2023, a Post investigation found that more than 500 schools across the United States were subject to a coordinated swatting effort that may have had origins abroad...

[In Chattanooga, Tennessee last week] a dispatcher heard gunfire during a call reporting an on-campus shooting. "We grabbed everybody that wasn't already out on the street and got to that location," said University of Tennessee at Chattanooga Police spokesman Brett Fuchs. About 150 officers from several agencies responded. There was no shooter.
The New York Times reports that an online group called "Purgatory" is "suspected of being connected to several of the episodes, including reports of shootings, according to cybersecurity experts, law enforcement agencies and the group members' own posts in a social media chat." (Though the Times, couldn't verify the group's claims.) Federal authorities previously connected the same network to a series of bomb scares and bogus shooting reports in early 2024, for which three men pleaded guilty this year... Bragging about its recent activities, Purgatory said that it could arrange more swatting episodes for a fee.
USA Today tries to quantify the reach of swatting: Estimated swatting incidents jumped from 400 in 2011 to more than 1,000 in 2019, according to the Anti-Defamation League, which cited a former FBI agent whose expertise is in swatting. From January 2023 to June 2024 alone, more than 800 instances of swatting were recorded at U.S. elementary, middle and high schools, according to the K-12 School Shootings Database, created by a University of Central Florida doctoral student in response to the Parkland High School shooting in 2018.tise is in swatting... David Riedman, a data scientist and creator of the K-12 School Shooting Database, estimates that in 2023, it cost $82,300,000 for police to respond to false threats.
Thanks to long-time Slashdot reader schwit1 for sharing the news.