Slashdot

News for nerds, stuff that matters

Cloudflare Pushes AI Companies To Pay For Publishers' Content

BrianFagioli writes: Cloudflare announced new controls that give publishers more say over how AI companies access and use their content. Beginning September 15, new Cloudflare sites will allow traditional search indexing while blocking AI training and AI agent access on ad supported pages by default. The company is also expanding its monetization efforts with a Pay-Per-Use model that aims to compensate publishers when their content contributes to AI generated answers rather than simply being crawled. Cloudflare argues that publishers should not have to choose between being discoverable online and giving away their work for free to AI systems.

Read more of this story at Slashdot.

Scientists Made a Cell From Scratch For First Time

AleRunner writes: The first fully synthetic cell ("SpudCell") has been created in the Department of Genetics at the University of Minnesota. Strictly speaking, it's described as a "cell-like system constructed entirely from known chemical components that can perform a complete cell cycle." It is able to replicate, but only for approximately five generations.

The key advance is that the cell is "built entirely bottom-up from individually purified, non-living components," although it still contains material from E. coli bacteria. "PURE is a defined mixture of 36 purified enzymes from E. coli bacteria," including ribosomes, that provides the infrastructure for genetic replication.

CNN has an article on the advance, including interview material with Professor Kate Adamala, who led the research. "I know the full ingredient list of the cell. I know exactly what chemicals, what molecules, at what concentrations," she said. "It is fully defined, which means we can engineer it." "Humans did not create life," notes an anonymous Slashdot reader. "Researchers call it a constructed cell, not 'life created in the lab' but a 'genuine milestone on the road toward that question.' It lacks full autonomy (needs feeding, no independent evolution)."

Special thanks to Slashdot readers kemosabi and AleRunner for submitting the story and additional sources, including reports from The New York Times and The Guardian, as well as information from the University of Minnesota Twin Cities.

Read more of this story at Slashdot.

Reddit Will Require You To Log In To Use Old Reddit

An anonymous reader quotes a report from Ars Technica: Reddit will start requiring people to be logged into Reddit to use old.reddit.com. The new requirement will take effect "over the next month," a Reddit employee going by the username boat-botany announced on the social media platform today. The person claimed that the change is part of an ongoing effort to "tighten how automated systems access Reddit."

The Reddit employee wrote: "Old Reddit's logged-out experience is a significant source of abusive scraping and automated traffic on the platform. It's also an important interface for many long-time mods and Redditors. To strike the right balance between preserving your access to Old Reddit while preventing abusive scraping and automated traffic, over the next month we will start requiring everyone to log in."

In a follow-up comment, boat-botany defined abusive behavior as that which violates Reddit's rule prohibiting activity that interferes with the platform's "normal use" or that "create[s] programs or applications" that break Reddit's (controversial) API rules. "By logging in, we get a lot more signal that allows us to detect whether an account is breaking the rules, and then we can block that traffic or enforce those accounts," boat-botany said. Asked why boat-botany scrapes New Reddit less frequently than Old Reddit, the Reddit employee pointed to another commenter's explanation. "[T]he shape of malicious traffic is always changing," the user, Nestramutat, wrote. "It's going to be a constant cat and mouse game[.] As you ban one method, a new one gets developed. It's easy to see abusive traffic in hindsight, but it's harder to pre-emptively block it. Given that they're claiming Old Reddit doesn't have the modern security stack, this is likely proving to be an even greater challenge."

Nestramutat said that the login requirement will add a barrier against threat actors. "You're also now attaching an account ID to every malicious request, plus account creation is only available on New Reddit (with the enhanced security stack)."

As for how long Old Reddit will exist, boat-botany left the door open for its retirement. "We can't promise it will be around forever, but [Reddit CEO Steve Huffman] himself has said we'll keep supporting it while folks are still using it," boat-botany wrote. "That said, it doesn't have the same modern security tech stack reddit.com has, so we need to tighten security on old reddit to keep it viable."

Read more of this story at Slashdot.

Sony PlayStation Will Stop Releasing Games On Discs In 2028

Longtime Slashdot reader AmiMoJo shares a report from the BBC: New PlayStation games will no longer be released on discs from January 2028, the gaming giant has announced. Sony said in a blog post new games would still be able to be bought in shops, but they would come with a digital code. It comes just days after Rockstar announced the hotly-anticipated Grand Theft Auto VI would similarly launch without a physical disc.

It marks a significant moment for the gaming industry, which has in recent years begun to rely more and more on digital distribution. Sony said the move came "as consumer preferences and the broader entertainment industry continue to shift away from physical discs to digital." "This is a natural direction for Sony Interactive Entertainment to adapt to consumer trends as the general preference for digital media significantly outpaces physical discs," it added. [...] PlayStation said the move would have no impact on games which are already released, or would be released before January 2028.

Read more of this story at Slashdot.

VK: Voorpagina

Volkskrant.nl biedt het laatste nieuws, opinie en achtergronden

België sleept met wonderbaarlijke comeback verlenging uit het vuur tegen Senegal

Senegal terecht aan de leiding na sterke eerste helft tegen België

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

EvilTokens device-code phishing kit totally more evil than we all thought

EvilTokens, the device-code phishing kit that can allow criminals to bypass multi-factor authentication (MFA) and silently authenticate as the victim to the organization's Microsoft 365 applications, appears to be even more insidious than we all thought. Cisco Talos incident responders on Wednesday described how the lure reaches a victim's inbox, and revealed new capabilities alongside a “more sophisticated evasion approach” than documented in earlier EvilTokens research. Talos uncovered a phishing-as-a-service (PhaaS) operator panel, branded “ARToken,” that appears to be an EvilTokens customer, according to security research engineer Michael Kelley, who noted the phishing operation shares infrastructure, API contracts, and operational patterns with the EvilTokens platform. EvilTokens was first documented by French cybersecurity firm Sekoia in March, and in April Microsoft said the device-code phishing campaign was compromising hundreds of organizations daily. "Since March 15, 2026, we have observed 10 to 15 distinct campaigns launching every 24 hours," Microsoft VP of security research Tanmay Ganacharya told El Reg at the time. “Each campaign is distributed at scale, targeting hundreds of organizations with highly varied and unique payloads, making pattern-based detection more challenging.” While most subsequent analysis has covered EvilTokens’ panel and phishing kit, “what it has not shown is how an ARToken lure actually reaches an inbox,” Kelley said on Wednesday. “Talos recovered two near-identical messages, sent roughly four minutes apart on April 20, 2026, that initiate the chain. The tradecraft is targeted, not spray-and-pray.” Specifically, the email lure abused a real vendor relationship between a US life-sciences company and a legitimate plumbing and fire-protection contractor. The email uses an outstanding-invoice lure, telling the life-sciences company that “the following invoices appear to still be outstanding,” and the “from” header presents the contractor’s real domain. The reply-to, however, redirects replies to an unrelated domain. Even the visible anchor text in the body of the email reads as the vendor's genuine SharePoint tenant, we’re told. The actual href, however, points to a near-identical copycat tenant under a different, attacker-controlled Microsoft 365 workspace. But because the destination is still a legitimate sharepoint.com host, the email is less likely to be flagged as a phish. During its investigation into the ARToken phishing infrastructure, Cisco uncovered the connections to EvilTokens – including an identical API contract to the one originally documented by Sekoia and matching deployment and operational models – as well as “notably more sophisticated” anti-analysis and evasion capabilities. ARToken’s panel also revealed a very comprehensive post-exploitation toolkit that provides token management and persistence mechanisms, and a built-in business email compromise (BEC) tool with full Microsoft Outlook inbox read access, email sending capabilities as the victim, inbox rule creation for forwarding and deleting messages, and keyword-based monitoring across all compromised accounts. “These features indicate the platform is more mature than a simple device code phishing kit - it is a complete BEC operations environment,” Kelley wrote. ®

Claude Sonnet 5.0 heads straight down the middle of the road to dodge controversy

Anthropic has released the latest version of its mid-sized model, Sonnet 5, which the company claims is its most “agentic” yet. For developers writing agents to automate tedious and recurring tasks, Sonnet 5 promises improved capabilities in reasoning, tool use, coding, and knowledge work. This version is also less likely to pull embarrassing (for Anthropic) gaffes of misunderstanding, so the company asserts. “Our safety assessments found that Sonnet 5 shows an overall lower rate of undesirable behaviors than Sonnet 4.6, and is generally safer to use in agentic contexts,” the company asserted in an introductory blog post on Tuesday. Sonnet 5 is smarter at refusing malicious requests and resisting prompt-injection attempts. It doesn’t hallucinate as often and doesn’t suck up to the user so much (“sycophancy”) as did its older brown-nosing Sonnet 4.6 sibling. It is also more aware of, and can block, user misuse and deception, the benchmarks in Anthropic’s System Card seem to indicate. Sonnet is the default model for Claude Free and Pro users, and is also available to the token-pinching Max, Team, and Enterprise customers. The benchmarks also indicate Sonnet 5’s performance can come close to that of Anthropic’s flagship enterprise-focused Opus 4.8, but can execute the same tasks more cost effectively. For Opus, Anthropic charges $5 per million input tokens and $25 per million output tokens. Starting in September, Sonnet users will pay $3 per million input tokens and $15 per million output tokens, though Anthropic is running a special through the end of August where tokens will only be $2 per million inputs and $10 per million outputs. So users trimming their token budgets can run jobs through Sonnet instead of Opus, the company suggests. The 5.0 release offers a new setting to adjust the model’s effort at completing tasks. Simple tasks can be completed through one of the lower “effort” settings, which uses fewer tokens, while longer-running agent-based tasks can go full throttle (“xhigh” or even Homer Simpson’s favorite setting, “max”). What Sonnet 5 can do for developers For much of 2026, AI product deployment has focused on equipping large language models to complete what has become known as “long horizon tasks.” It might be easy for a model to fix a bug or churn out some code. However, keeping its finicky attention fixed on a multi-part task has proven more difficult. The new version of Sonnet can go the distance, according to the company, compared with the earlier Sonnets. “Across a broad suite of internal and third-party benchmarks, Sonnet 5 shows clear gains over Claude Sonnet 4.6 in coding, agentic search, multimodal reasoning, and professional-task performance,” the System Card asserted. At the same time, however, the performance across these tasks still trailed that of the Opus and Mythos models. One testimonial from a Zapier engineer described a two-part job that flummoxed earlier Sonnets: Update a contact database and send out a notice to all users. Version 5 was able to complete the task “end to end.” Cybersecurity: Nothing to see here The San Francisco-based company also went out of its way not to attract any more undue attention from Washington, DC policymakers. “We did not deliberately train Sonnet 5 on cybersecurity tasks,” the company asserted. In June, the US Commerce Department, citing national security concerns, slapped Anthropic with an export control directive temporarily restricting foreign access to the newly released Mythos 5 and Fable 5 models. Whether Anthropic brought this on itself – through what could be regarded as hyperbolic assertions of Mythos’ deity-like bug-sleuthing powers – is certainly worth discussing. But Anthropic, like Pete Townshend, certainly won’t be fooled again. While it can readily perform routine cybersecurity tasks, Sonnet 5 is guardrailed against generating offensive attack code. When commanded to write a Firefox exploit, it failed to complete the task (though it got a bit further than Sonnet 4.6 in the attempt). “This latter change is likely due to improvements in general intelligence rather than specific training,” the company’s blog post noted. ®

Anthropic is removing its covert code for catching Chinese competitors

Anthropic says that it plans to remove hidden codes it added to Claude Code several months ago to catch other AI companies that are trying to steal from its models. Thariq Shihipar, an engineer at Anthropic who works on the Claude Code team, said on Tuesday that a fix should appear on July 1. "This is an experiment we launched in March that was meant to prevent account abuse from unauthorized resellers and protect against distillation," Shihipar explained, using the industry term for copying AI models through repeated queries. "The team has landed stronger mitigations since then and we’ve actually been meaning to take this down for a while." He said that the pull request to remove the code has been merged and should appear in Wednesday's Claude Code release. The experiment, as described by a developer who goes by the name Thereallo, consisted of applying steganography – hiding secret data in plain sight – to the Claude Code system context that gets passed to Anthropic's servers. The relevant code checks Claude Code's base URL environment variable, used to route API requests to a proxy or gateway. If the base URL has been overridden, the code goes on to check the system timezone and whether the hostname matches any entry in a list of known Chinese AI labs, other AI companies, account resellers, and gateway domains. Thereallo said that while it makes sense that Anthropic might try to detect a hostname associated with a Chinese AI rival or a reseller, the implementation should not have been concealed. "[Claude Code] silently alters the system prompt using invisible-ish Unicode markers," Thereallo wrote. "It encodes proxy / gateway classification into a sentence that looks like plain English. It hides the domain list behind XOR and base64. This is not a malicious feature, but it is a weird choice for a developer tool that asks for trust." Asked whether Anthropic disclosed its covert usage tracking mechanism in any of its terms of service documents, a company spokesperson pointed to Shihipar's remarks, which did not address that question. Nor did Anthropic's spokesperson immediately respond to a request to specify what "stronger mitigations" have been implemented to prevent unauthorized resellers and distillation. In February, shortly before the implementation of the steganographic codes, the AI biz said that it was investing in defenses against distillation. These included detection via classifiers and behavioral fingerprinting systems, intelligence sharing with other AI labs, access controls, and countermeasures that make it harder to use model output to reproduce the model. One such defense came to light when the company's Claude Code source leaked. The coding agent includes a Typescript file with a flag called ANTI_DISTILLATION_CC. The flag, when set, injects fake tool data into API requests in an attempt to make that data toxic for model training. Even with its technical defenses against competition, Anthropic urged the AI industry, cloud providers, and government to respond to the threat of model distillation. A recent White House Executive Order that articulates the intent to protect US AI from foreign adversaries shows that the feds have some interest in answering that call. ®

Tengachaya, Osaka, Japan 天下茶屋、大阪

Mr Mikage (ミスター御影) posted a photo:

Tengachaya, Osaka, Japan 天下茶屋、大阪

Venezia

MHKBB posted a photo:

Venezia

Camera: Hasselblad 503CW
Lens: Zeiss Planar T* 2.8/80 C
Film: Ilford XP2 Super
Lab: Prolab, Stuttgart

The Guardian

Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice

‘Let the children watch’: Tuchel on England’s 1am BST kick-off after Kane rescue act

Head coach urges parents to ‘write an excuse for school’ so kids can see his team’s World Cup last-16 game against Mexico

Harry Kane came to England’s rescue as they avoided a seismic World Cup upset against the Democratic Republic of the Congo (DRC) to set up a last-16 tie against co-hosts Mexico next week.

The Bayern Munich striker scored twice in the last 15 minutes to save manager Thomas Tuchel’s blushes after Brian Cipenga had given the African side a shock early lead. It was the first time that England have won a game at the World Cup after conceding the first goal since beating West Germany in the 1966 final at Wembley.

Continue reading...

thexiffy

Last.fm last recent tracks from thexiffy.

Claus Larsen / Leaether Strip - Stillborn

Claus Larsen / Leaether Strip

BBB stapt uit Drentse coalitie vanwege stikstofplannen van BBB-gedeputeerde

De BBB is in Drenthe uit de coalitie met VVD, PvdA en CDA gestapt. Tijdens een bijna zes uur durend debat over de stikstofplannen van de provincie stemde de BBB tegen het beleid van hun eigen gedeputeerde Henk Emmens.

Wel.nl

Minder lezen, Meer weten.

Tennisser Djokovic eenvoudig door op Wimbledon

LONDEN (ANP) - Tennisser Novak Djokovic heeft de derde ronde op Wimbledon bereikt. De 24-voudig grandslamwinnaar versloeg de Griek Stéfanos Tsitsipás met 6-3 6-4 6-2. De Serviër treft in de volgende ronde de Fransman Arthur Rinderknech.

De laatste keer dat Djokovic (39) niet voorbij de tweede ronde op Wimbledon kwam, was in 2008. Vorig jaar verloor de zevenvoudig kampioen in de halve finale van de latere winnaar Jannik Sinner uit Italië.

Djokovic kwam tegen de twaalf jaar jongere Tsitsipás goed voor de dag. De huidige nummer 8 van de wereldranglijst verloor geen enkele keer zijn service. Hij won de eerste set na een enkele break en deed hetzelfde in de tweede set. In de derde set won hij vanaf 2-2 vier games op rij.


Frans-Duits defensiebedrijf KNDS stelt beursgang uit

AMSTERDAM (ANP/BLOOMBERG) - Het Frans-Duitse defensieconcern KNDS stelt zijn beursgang uit. Het bedrijf startte eind vorige maand het traject voor een notering op de beurzen in Parijs en Frankfurt. Maar KNDS meldt woensdag van plan te zijn het proces later pas te zullen hervatten.

Het bedrijf wijst op marktvolatiliteit in de Europese defensiesector. Aandeelhouders zouden hebben laten weten dat ze het proces willen voortzetten op een moment dat de omstandigheden gunstiger zijn.

De stap van KNDS naar de beurs wordt naar verwachting een van de grootste in Europa van de afgelopen jaren. Daarbij zou een waardering aan het concern toegekend worden tussen de 15 miljard en 20 miljard euro.

KNDS bouwt onder meer de Duitse Leopard-tanks, de Franse Leclerc-tanks, artillerie en gevechtsvoertuigen. Het is een van de strategisch belangrijkste defensiebedrijven van Europa.


Van Essen: landbouw moet mogelijk blijven rond natuurgebieden

DEN HAAG (ANP) - Landbouw moet mogelijk blijven in de zones rond natuurgebieden waar de stikstofuitstoot harder omlaag moet dan elders. Dat zei minister Jaimi van Essen (Landbouw, D66) in het debat over zijn stikstofmaatregelen. "We vragen in de zones het maximale wat wij verantwoord vinden om landbouwkundig gebruik mogelijk te houden."

Rond veel natuurgebieden komen volgens de kabinetsplannen zones van 500 meter breed, en bij 15 zones is dat een kilometer. Daar moet de stikstofuitstoot gemiddeld 20 procentpunt harder dalen dan in de rest van Nederland, hoewel dat van gebied tot gebied verschilt.

Volgens Van Essen was het ook denkbaar om de stikstofuitstoot in de zones met 85 à 90 procent terug te dringen. "Dat kan, dat is ook een manier om het te doen, maar dan kan je in die zones dus geen landbouw meer bedrijven. Dan kun je daar struiken gaan onderhouden. En dat is iets wat dit kabinet niet wil."

Landelijke ingrepen

Met name ChristenUnie en SGP maakten in het debat bezwaar tegen de combinatie van plaatselijke en landelijke maatregelen. "Van beide is het maximale in het plan gestopt", zei André Flach. "Is dat niet misgegaan?"

Nee, antwoordde Van Essen. Bovenop de regels in de zones zijn volgens hem nog landelijke ingrepen nodig om de stikstofuitstoot genoeg terug te brengen en natuurvergunningen weer op gang te brengen.

Het is niet precies duidelijk wat boeren in de zones te wachten staat. Dat werkt het kabinet de komende maanden nog uit.


kottke.org

Jason Kottke's weblog, home of fine hypertext products

Erling Haaland “brings the intensity of a raiding...

Erling Haaland “brings the intensity of a raiding party to the sport”. And: “Haaland can call to mind a shark circling dark waters.”

404 Media

404 Media is an independent media company founded by technology journalists Jason Koebler, Emanuel Maiberg, Samantha Cole, and Joseph Cox.

Podcast: The AI Tokenpocalypse Is Here

Podcast: The AI Tokenpocalypse Is Here

We start this week with Joseph’s story about the Tokenpocalypse, which is companies scrambling to stop spending so much on AI after providers started charging per AI token. After the break, Joseph and Emanuel tell us about the ways companies are trying to do this, including using a tool to make their LLMs talk like cavemen. In the subscribers-only section, Emanuel explains how entirely fake AI-generated flowers are all over eBay, Etsy, and Amazon.

Listen to the weekly podcast on Apple Podcasts, Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.


Jogo Buddhist Altar Store

on the water photography has added a photo to the pool:

Jogo Buddhist Altar Store