Thursday, 16 July 2026

Weekend volleyball at Shreewoods Society, Dhanori — the best plays of 12 July 2026.
🩳 Daily Shorts — drop schedule (IST):
• 15 Jul — 9 AM Insane Spikes · 9 PM Top Rallies
• 16 Jul — 9 AM Clutch Points · 9 PM Big Plays
• 17 Jul — 9 AM Power Spikes · 9 PM Best Blocks
• 18 Jul — 9 AM Rally Fest · 9 PM Net Battles
• 19 Jul — 9 AM Match Heat · 9 PM Weekend War
A new Short goes live twice a day — subscribe to catch each one as it drops.
🛒 Recommended gear on Amazon

Disclosure: some links above are affiliate links — if you buy through them I may earn a small commission at no extra cost to you. Thanks for supporting the channel!

Weekend volleyball at Shreewoods Society, Dhanori, Pune is where the neighbourhood comes alive — and the 12 July 2026 session was one of the most watchable yet. Fast serves, scrambling digs, and a run of clean net attacks turned an ordinary Saturday court into a proper contest. This is the full recap, the standout moments frame-by-frame, and every clip from the day.

Another day, another programming language feels the heat from AI. A prominent Haskell-based software platform is shifting new development to Python, with its founder arguing that Haskell's tooling and ecosystem have been slow to adapt to AI-assisted development. “Haskell is in real danger,” warned Scarf founder Avi Press, in a post entitled “After 7 years in production, Scarf has reluctantly moved away from Haskell.” “AI is here to stay. The people and ecosystems that use it well are going to move much faster than the people and ecosystems that do not.” Press’ post set off a firestorm of controversy within the Haskell community, which is small but vocal, and likely felt the sting of one of its most prominent users defecting to the comparatively toy-like Python to better serve the needs of agents. “Trying to change the language to work better for some metric of ‘better’ with AI is foolish for many many reasons,” wrote one user on Reddit. “It's foolish to try to change to LLMs in a kneejerk fashion because no one knows what's on the horizon.” Putting the fun into functional programming Haskell, a functional programming language that debuted in 1990, may not appeal to fast-moving startups. It ranks No. 46 in the latest TIOBE index of programming language popularity, with a rating of less than half a percent. Favoring recursion and immutable data over conventional imperative loops and mutable state, the language's mathematical underpinnings can intimidate even experienced developers. Nevertheless, it has attracted a highly dedicated following, particularly within academia. Press has been one of Haskell’s most vocal proponents, and has even served on the language’s foundation board. “Learning it made me a much better programmer,” he admitted. Press used Haskell to build Scarf, which provides usage analytics for open source software. In a 2023 talk entitled “Why Haskell is a Terrible Choice for Startups (and why we picked it anyway),” Press admitted it was difficult to find Haskell programmers, yet the language’s rigorous type safety comes with other benefits. Refactoring is a cinch, which is valuable as business priorities change. Also, documents can be auto-generated from data types. Plus, once you get the hang of it, programming in Haskell is downright fun, Press argued. Because AI But going forward, Scarf’s new features will be added in Python instead. “At Scarf, we started doing all new API work in Python,” he wrote. “New API routes go into Python, existing Haskell code keeps running, and over time the new server becomes the main path and our Haskell footprint will shrink.” Press said Python plays better with AI, which is the direction he sees development heading. A huge part of the problem is Haskell's sluggish compilation times. “If an LLM can produce a working implementation in a few minutes, but your compile step takes dramatically longer, then your language and build system have become a bottleneck in the development loop,” he wrote. Long compilation times, once a minor annoyance, become prohibitive when running multiple coding agents at once. Caching can help, but incurs its own overhead to manage. “I want to spin up multiple worktrees, fork off different lines of work, let agents try things, review the results, and keep the useful ones. In that world, cold start time matters a lot,” Press wrote. Rigor for runtime Using Python with AI practices immediately improved the Scarf production team’s workflows, allowing them to fix bugs with minimal oversight, Press noted. In some cases, AI can fix a bug “before I get off the call with a customer,” he noted. “Resisting this kind of productivity is not an option anymore,” Press wrote. Yet, Press doesn’t feel that the Haskell ecosystem is addressing the shift to agentic-led development. Many of the language’s maintainers focus more on restricting the use of AI, or restricting its use on Haskell entirely, rather than looking for ways Haskell can better serve AI, or vice versa, he argued. Agents have different bottlenecks than human code jockeys, he noted. “They are cheap at generating code and expensive when blocked. They benefit from fast feedback, clear examples, low setup friction, and errors that help them repair the code quickly,” he wrote. Press listed ways Haskell could be made easier for agents to use: Better documentation with actual copy-and-paste industry-targeted examples (rather than “beautiful types”), more informative error messages, and – most importantly – faster build times. Optimize and chill Press’ missive set off a firestorm of discussion across Hacker News, X, Reddit and Haskell’s own message boards. Many questioned the move from Haskell to Python, given Python’s own arguably inferior typing. They also questioned whether it would have been a simpler move to optimize the Haskell compiler for faster builds than switching languages altogether. Other Haskell fans voiced more philosophical concerns. It was as if they were taking the language’s tongue-in-cheek motto, “Avoid success at all costs," seriously. Longtime UK-based Haskell programmer Chris Done questioned the motivation of making Haskell more AI-friendly, given that production use is only one way that people use Haskell. “I don’t subscribe to this growth mindset anymore,” he wrote. “I’ve come to accept Haskell on its own terms. If it dies out and becomes irrelevant like Elm or PureScript, I’ll be fine and still enjoy it.” “It leaves a bitter taste in my mouth,” wrote another contributor on the Haskell forum about Press’ post. “I don’t feel like you take our concerns about the harm of AI seriously at all.” Another accused Press of having a financial stake in AI companies (to which Press replied, “Nope”). Haskell Foundation Executive Director José Manuel Calderón Trilla urged folks to chill in an X message. Haskell is a community that prides itself on doing things “the right way,” he noted, but that shouldn’t “let that blind you into thinking that your way is the only ‘right’ way, and then attacking someone for violating your idea of what the party line is.” ®

source https://www.theregister.com/devops/2026/07/15/prominent-haskell-defector-pilloried-by-anti-ai-purists/5272124
Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts. [...]

source https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/
A Russian-speaking threat actor known as "bandcampro" used Google's open-source Gemini CLI AI tool as a hacking agent and to operate a small-scale botnet. [...]

source https://www.bleepingcomputer.com/news/security/google-gemini-cli-abused-as-a-hacking-agent-malware-botnet-operator/

Wednesday, 15 July 2026

New York Governor Kathy Hochul on Tuesday paused incomplete state environmental permit applications for large datacenters while officials work out new rules, a process expected to take up to a year. The order makes New York the first state to enact such a moratorium amid growing concerns over AI datacenters' impact on utility rates and public health. “New York has always been at the forefront of innovation and change but we’ve also always guaranteed that New Yorkers benefit. As data center development threatens to hike up utility bills, deplete our natural resources, and create uncertainty for New Yorkers, it’s my responsibility to take action and lead,” Hochul said in a canned statement. The order specifically targets large hyperscale datacenters capable of consuming at least 50 MW, subject to exemptions for manufacturing, research, education, and medical facilities. Prior to the AI boom, 50 megawatts would have been considered a large cloud campus. While datacenter campuses now often demand gigawatts of power, the moratorium doesn't preclude all AI bit barns. Fifty megawatts is still enough power for roughly 20,000-30,000 modern GPUs. The moratorium won’t last and is instead aimed at providing state officials time to develop and enact rules designed to ensure large-scale buildouts don't hurt New Yorkers. The portable generator units used while bit barn builders wait for grid connections and improvements have come under fire due to their impact on air quality. Elon Musk's Colossus 2 DC is now facing legal challenges over alleged Clean Air Act violations tied to the use of these generators. Over the next year, the executive order directs New York's Department of Public Service (DPS) to develop a generic environmental impact statement (GEIS). Officials will use this to evaluate proposed datacenter projects' environmental, public health, and grid impacts. The order directs the state's economic development agency, Empire State Development, to develop a framework to help local communities negotiate benefits like infrastructure improvements or financial support for community programs in exchange for letting bit barns in their backyards. Finally, DPS will consider establishing a fund that datacenter operators may be required to pay into, including a possible insurance pool to protect ratepayers from stranded grid costs tied to projects that are delayed, scaled back, or never materialize. The effect of datacenters on utility bills has become a national issue as several US states launched an inquiry into why, despite claims to the contrary, ratepayers are still paying more. US President Donald Trump isn’t keen on AI infrastructure making life more expensive for voters either — at least not any more than his infatuation with tariffs and the US war with Iran already have. In January, the president demanded Big Tech take responsibility for the power their datacenters consume. Alongside the moratorium, Hochul has promised legislation to end sales tax exemptions for datacenter. New York isn't the first to pursue a moratorium on new datacenters. Earlier this year, Maine became the first to pass a statewide moratorium on new bit barns, only for the measure to be vetoed by Governor Janet Mills. Going forward, New York's moratorium may now serve as a blueprint for other states to push back against the spread of datacenters. Having said that, capping datacenter campuses at 50 megawatts may not stop developers from pursuing multiple smaller sites across the state. While massive datacenters are needed to train frontier models, once they have been trained, those models can be served by much smaller facilities. There is also the potential for multiple smaller, but physically disparate datacenters to be stitched together using high speed, low latency interconnects like Nvidia’s Spectrum-XGS switches. These devices are designed exactly for this purpose. ®

source https://www.theregister.com/ai-and-ml/2026/07/14/new-york-becomes-first-state-to-halt-datacenter-buildouts/5271377
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware. [...]

source https://www.bleepingcomputer.com/news/security/nearly-300-github-repos-pose-as-legit-software-to-push-malware/
Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed. [...]

source https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2026-patch-tuesday-fixes-massive-570-flaws-3-zero-days/

Tuesday, 14 July 2026

When it comes to AI services, you don't necessarily get what you pay for. It turns out that AI models with expensive tokens may cost less than models with cheap tokens for particular tasks. And the tooling attached to those models can have a significant effect on cost and output quality. Databricks, which sells data analytics software and services, recently devised an internal coding benchmark to assess the tradeoff between price and performance using various AI models. Matei Zaharia, CTO of Databricks and associate professor of computer science at UC Berkeley, said the company undertook the evaluation because models are often tuned to existing benchmark tests like SWE-Bench – which is "broken," according to OpenAI. Databricks devised its benchmark using real engineering tasks performed by its staff to assess how AI agents perform. Zaharia said while the results reflect the company's internal codebase, other companies should be able to conduct similar evaluations using their own code. One of the things Databricks found was that open weight models like Z.ai's GLM 5.2 are competitive with frontier models, like Anthropic's Opus 4.8. "It landed in the top capability tier, statistically tied with Opus 4.8 on quality, but costing $1.28/task against Opus’s $1.94," the company said in its report. But the price-per-token doesn't tell the whole story. Databricks contends that price-per-task needs to be considered. "Cheaper per-token does not imply cheaper per-task," said Zaharia in a social media post. "For example, Sonnet 5 costs less per token than Opus 4.8 but used more tokens, resulting in higher cost and lower quality." So while Anthropic's Sonnet 5 was around 1.7x cheaper than Opus 4.8 on a per-token basis, it was more costly on a per-task basis – $2.09 for Sonnet 5 compared to $1.94 for Opus 4.8. That's because it completed tasks less often (81 percent compared to 87 percent), and consumed more tokens to achieve the desired result. Academics already reached this conclusion, noting back in March that in about a third of the model comparisons they conducted, the model with the lower listed price ended up costing more. "For example, Gemini 3 Flash's listed price is 80 percent cheaper than GPT-5.4's, yet its actual cost across all tasks is 38 percent higher," they observed. The other thing that had a significant impact on test results was the harness – software like Claude Code, OpenAI Codex, and the Pi coding agent – which passes user input to the model, invokes various tools, and returns results. "Harnesses make a huge difference in cost-performance," said Zaharia. "The very simple Pi harness got the same success rate as harnesses from the LLM vendors with Opus and GPT 5.5, but at 2x less cost!" Zaharia attributed the difference to the size of the input – the context – passed to the model with every turn. When Claude Code served as the harness for Opus 4.8, Databricks measured a context of 742,000 tokens per task, compared to 236,999 for Pi. That's about 3.2x fewer tokens overall. With Codex, the total context per task was 1,235,000 tokens, compared to 665,000 tokens for Pi, which is known for its minimal system prompt. Zaharia said the results explain why Databricks built a tool called Omnigent to harness the harnesses – it's a wrapper for combining and swapping multiple coding agents. It's the front-end equivalent of the kind of back-end model swapping that OpenRouter enables. ®

source https://www.theregister.com/ai-and-ml/2026/07/13/the-price-is-wrong-ai-cost-calculation-has-to-consider-task-completion-rates-not-just-token-costs/5270683
Japan's largest taxi operator, Nihon Kotsu, announced that its systems were compromised in a cyberattack, forcing the company to shut down part of its infrastructure. [...]

source https://www.bleepingcomputer.com/news/security/japans-largest-taxi-operator-shuts-systems-after-cyberattack/
A new macOS information-stealing malware called CrashStealer pretends to be Apple's crash-reporting tool to steal credentials, keychain data, and crypto wallets. [...]

source https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/

Monday, 13 July 2026

Meta has withdrawn the first image generation product created by its Superintelligence Labs fewer than 72 hours after launch. The product was called “Muse Image” and Meta launched it on July 8, billing it as “the first AI image generation model from Meta Superintelligence Labs.” That lab is Zuck’s latest big bet and aims to create a “personal superintelligence that knows us deeply, understands our goals, and can help us achieve them.” In the case of Muse AI, that help came in the form of applying one of 30 new filters that “uniquely understand Instagram videos and photos and can interpret your photo's scene — the lighting, composition, and subject — to make nuanced edits that feel natural and true to you.” Instagram users could use those effects to “transform your photos with a single tap,” the social networking company promised. Users could also apply the filters to content posted by third parties. “Meta is also launching the ability to @mention friends’ public Instagram accounts in Meta AI and generate creative AI images featuring them, such as personalized birthday cards, group trip memes, or playful edits between friends. It's an upgrade to what people can create with AI features at Meta, making it more personal, fun, and social,” the company said. Meta almost certainly leads the world in three things: The number of people signed up to its social networks; experience of people behaving horribly online, and; dealing with community backlashes after privacy abuses. Yet somehow it didn’t imagine that enabling this feature by default might be controversial, or that allowing users to alter images with AI might be abused. Backlash was therefore swift and widespread. Actors’ union SAG-AFTRA condemned the product. “Anything other than a clear and conspicuous OPT-IN for these types of uses of Instagram users’ images is unacceptable, and an utter miscalculation of public sentiment regarding the obvious dangers and harms inherent in such use,” it posted on Instagram. Within three days of release, Meta realized the error of its ways and pulled the product. “Earlier this week, we announced that one way for people to generate images in Meta AI is by @-mentioning public Instagram accounts that they want to reference,” the company wrote. “Our intent was to provide a useful creative tool and to give people control over whether their public content could be referenced in this way. We've heard the feedback that this feature missed the mark, so it's no longer available.” Interestingly, Meta says several of the effects it offered were “designed by Instagram creators, who used Meta AI to amplify their creativity and bring their ideas to life.” Zuck believes users of his social networks mostly want to see content made by creators – Meta-speak for prominent accounts who post a lot – rather than content produced by media outlets or others. Involving creators in Meta’s own creative processes has now backfired. ®

source https://www.theregister.com/ai-and-ml/2026/07/13/meta-admits-its-first-superintelligence-was-too-stupid-to-survive-for-three-days/5270234
OpenAI is temporarily relaxing GPT-5.6 Sol usage after demand for the company's most powerful model surged over the past 48 hours. [...]

source https://www.bleepingcomputer.com/news/artificial-intelligence/openai-temporarily-relaxes-gpt-56-sol-usage-limits/
Anthropic has just extended access to Claude Fable 5 for paid subscribers until July 19, giving you another week to keep using the most powerful model. [...]

source https://www.bleepingcomputer.com/news/artificial-intelligence/claude-fable-5-stays-free-for-paid-users-until-july-19-as-anthropic-buys-more-time/

Sunday, 12 July 2026

A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. [...]

source https://www.bleepingcomputer.com/news/security/redhook-android-malware-now-uses-wireless-adb-for-shell-access/
It’s a good time to be in the memory business. As the AI datacenter business booms, SK Hynix and Micron’s revenues have tripled in the last year, and Samsung’s has roughly doubled. But while the trio have the AI revolution to thank for their good fortune, the deck is stacked for a reversal. Such is the memory business historically. Today, sky high demand for high-bandwidth memory (HBM), DDR5, and NAND flash memory needed for GPU servers has devoured any remaining capacity, leading to shortages that have driven up prices on everything from consumer electronics to AI infrastructure. You can't even buy a budget smartphone these days. The big three memory vendors are now in the process of investing hundreds of billions of dollars to bring new fab capacity online. In June, South Korean President Lee Jae Myung announced a $576 billion investment led by SK Hynix and Samsung to bolster chip production and shore up AI supply chains. On Thursday, Micron said that it would invest up to $3 billion to strengthen the US semiconductor supply chain, and according to recent reports, the Idaho-based chipmaker is also working to boost production across its Singapore, Taiwan, and Japan sites. Unfortunately, it's a slow process. Semiconductor manufacturing is among the most complex and resource-intensive industries in the world, and building a new DRAM or NAND flash wafer fab is not a trivial endeavor. Before the first chip can roll off the production line, financing must be secured, a location must been selected, permits must be won, and tens of millions of dollars of support facilities ranging from power conditioning and air handling to the ultra-pure water filtration systems must be deployed. Even after the clean rooms are completed, hundreds of millions of dollars of specialized lithography, wafer transport, and test equipment must be installed and validated. And once everything is ready to be powered on, it can take months to dial everything in and bring yields to acceptable levels. This process often takes years even without delays. So while there are a handful of new memory fabs already under way, anything SK, Samsung, or Micron starts today will take at least three years to bring online, and even longer to ramp production. That means memory prices are going to stay high for the foreseeable future. A recent IDC report warns that we may not see relief from the RAMpocalypse until at least 2028. That’s great news for memory makers, whose revenues will stay inflated. But it’s a big problem for AI startups and model devs, who will be paying higher infrastructure prices until that happens. OpenAI and others have spent the last four years or so and hundreds of billions of VC capital developing ever more capable models, agents, and tools. It’s no longer a matter of whether the technology works, but rather whether the benefits justify continued investment at current or higher levels. Sooner or later, these startups will have to turn a profit, and sky high memory prices certainly aren’t helping to find anything resembling a margin in the cost per token. The question now is whether or not the memory vendors can bring new capacity online before the great AI houses exhaust their VC-subsidized runway and the music stops. Historically, memory is a commodity, with wild swings in pricing characterized by boom and bust cycles. Memory vendors therefore rely on boom cycles to finance fabs, knowing full well that, once they come online, the additional capacity could end up cratering prices. As we reported late last year, the AI boom has changed this dynamic dramatically. Where we should have expected memory prices to fall across 2025 and 2026, we’ve seen the exact opposite as AI infrastructure consumes every bit of DRAM and NAND it can get its hands on. But if the anticipated demand for AI falls short, everyone loses and memory vendors will find themselves at the bottom of a bust cycle to end all bust cycles. On a bright note, the sky-high price of memory will no longer factor into why you can't afford a new laptop or smartphone. ®

source https://www.theregister.com/ai-and-ml/2026/07/12/memory-makers-are-slaves-to-the-boom-bust-rollercoaster-and-the-ai-boom-is-the-wildest-ride-of-all/5269549
OPINION Things you might not know about me. I was the first person to write a popular article about the web. Little did I, or anyone else, know how it would change everything. Our lives were transformed when all of human knowledge became just a click away. That was then. This is now. Today, more web traffic now comes from bots than humans. We're just picking up AI's crumbs. That was not how it was meant to be. Mind you, I was never an internet idealist. I didn't think the internet would set us free and lead us to a technological paradise. I did think, however, we'd do better than we have. The internet quickly became, as the song goes, for porn. That was relatively harmless, though, compared to doxxing, targeted misinformation, and automated botnets and troll farms. But there was still some good, although it was hard to find at times. And it was all driven by people. Now it's another story. Cloudflare's public Radar "Bot vs Human" tracker is reporting that bots now account for roughly 57-58 percent of HTTP requests for HTML content, compared with about 42-43 percent from humans. Meanwhile, Imperva's Bad Bot Report based on 2025 data put bots at about 53 percent of measured web traffic for the second year in a row, with humans at 47 percent. Separately, according to Pangram, an AI detection company, on websites such as LinkedIn, Medium, Twitter, and Reddit, "about one in four long-form items were fully AI-generated." The company went on to report that "LinkedIn was the most AI-saturated platform, where more than 40 percent of long-form posts [were] flagged as fully AI-generated. However, if we included mixed AI and human content, X/Twitter was the worst off: almost half of X articles were either fully AI-generated (23.9 percent) or AI-assisted/mixed (22.9 percent), with only 53.2 percent of X articles flagging as fully human-authored." There are that many flesh-and-blood people still posting on LinkedIn and Twitter? Based on what I've been seeing, I'd have guessed there were fewer. So, with the web increasingly written and consumed by AI, where does that leave us, exactly? Nowhere good. It's not just online. AI is everywhere. A non-fiction writer friend of mine "wrote" a novel last year using AI as a goof. It was, well, awful. But he put it online to see what would happen. A year and a half later, it's still bringing in a few thousand dollars a month. That's a lot better than many full-time, mid-tier novelists I know are doing. Of course, AI isn't actually writing anything. It's really a copy-and-paste scam on an industrial scale. OpenAI and the other AI powers claim it's not so. However, a recent court filing by the New York Times and others alleges that Vincent Monaco, who leads privacy engineering at OpenAI, acknowledged in a deposition that "OpenAI had searched training datasets and output data despite the company's initial claims that it couldn't access that data. The outlets also alleged OpenAI deleted logs, a violation of the court's preservation orders." As it happens, one of the publishers suing OpenAI is Ziff-Davis, which published my web article back in 1993. Since then, it's published thousands of my Linux and open source news stories, how-tos, interviews, and features. So, when someone accuses me of using AI in my Linux stories, my reply is "Where do you think AI got that information and phrasing in the first place? Hello! It was me." Just go ahead and cut me a check, OpenAI, and all will be forgiven. That said, another AI problem I'm all too painfully aware of is that you can't trust AI's answers. When AI tells you something about Linux, for example, it's not just quoting me, the Linux Kernel Mailing List, or Linux Weekly News. No, it's also pulling data from Ima Moron, a poster from a deservedly obscure subreddit. Repeat after me: AI isn't intelligent at all. It's just a copy-and-paste of words that are likely to go together. It may sound right, but it often isn't. Confidence is why so many buy AI garbage as gospel truth. You really can't trust it. The reason I use Perplexity as my search engine isn't that it's more accurate than other AI LLMs; it's that it shows me its sources. I can see if what it just turned up is the real thing or just BS. Guess what? It's often crap. It's only going to get worse. I saw the AI model collapse coming back in 2025. It's here now. When I dive into AI "answers" today, every time and in every question, I find it referring not to primary or reputable secondary sources, but to AI summaries. When you pile garbage on top of garbage you do not get reliable information. I see this all the time in Google's AI Overviews. That's one of the reasons I almost never use Google anymore. Unfortunately, everyone else is using Google's made-up answers and not even looking down the page to get a real answer from a true expert, or at least someone with a clue about your question of the day. I can tell on many subjects when an answer is likely to be accurate. But I don't have a clue about medical treatments. I wouldn't trust an AI answer on a serious health problem at all. Nevertheless, I know millions of people do that every day. That's seriously scary. Equally worrying is that many of us now turn to AI for companionship. I understand loneliness, but this is no cure; it's, at best, a sticking plaster. You see, the web really is written by AI for AI. We're losing both accuracy and humanity. This is not the web I'd hoped we would end up with. I fear there's no way we can reverse this trend. We'd rather have easy, fast answers and artificial companionship than the real things. That's profoundly sad. Pass the cheese. ®

source https://www.theregister.com/columnists/2026/07/12/its-an-ai-web-and-were-just-rats-in-the-walls/5269760

Saturday, 11 July 2026

Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware. [...]

source https://www.bleepingcomputer.com/news/security/new-u-boot-flaws-could-enable-stealthy-firmware-attacks/

Windows has a fairly complex update ecosystem, so every now and then, the company feels like it needs to publish clarifications and explainers so people can keep up with what’s going on.

Most individuals and organizations regularly deploy monthly security updates, released on the second Tuesday of each month. Windows also provides optional non-security preview updates, which give IT teams and early adopters an opportunity to validate upcoming fixes before they’re included in the next monthly security update.

This guide explains the purpose of each update type, when updates are released, and how they fit into the modern Windows servicing model.

↫ Chris Morrissey at the Windows IT Pro Blog

It’s easy to make fun of Microsoft and Windows for just how complex and obtuse the update ecosystem really is, but in all honestly it’s kind of understandable. Windows is a sprawling platform used by so many different people, companies, and organisations, under so many different circumstances and in so many different environments, it makes sense that Microsoft wants to address the multitude of needs that arise from that complexity. And so we end up not only with a dizzying array of update types and a long corpus of mystic terminology, but also a long list of complex different management tools to deploy said updates.

And then there’s the various preview channels making everything even more complex.

I’m definitely not smart, qualified, or experienced enough to come up with a better solution, but I do think choosing better names for the various update types, and perhaps a centralised settings panel inside Windows that gave users a better idea of what each type of update actually does, would go a long way to improving clarity. During my month with Windows 11, I also found it deeply frustrating just how little information Microsoft provides about each of the updates Windows is installing. As a user, I was expected to copy/paste the KB number and then hope that would lead me to useful information, while it would be much more convenient if such information was available right then and there inside Windows Update.

If you can’t reduce complexity, you should try to improve transparency.



source https://www.osnews.com/story/145498/understanding-windows-monthly-updates-servicing-explained/
HANDS HEAD ON Have you ever felt so lazy that reaching up to scroll on your MacBook’s trackpad was too much work? Yeah, me too – especially with the summer heat blanketing much of the Northern Hemisphere, even reaching my remote corner of the US. Thankfully, there’s an app for that. ScrollPods is a simple macOS app that’s been out since last November but which just came to my attention thanks to a blog post this week from its creator, Ahmed Mohamed, who hails from Austria. It lets anyone with a compatible Mac and supported headphones scroll through webpages, documents, and other scrollable content using nothing but a head tilt. Look down, and the page scrolls down; look up, and your content will scroll back that way. You can continue typing as you scroll. The idea, Mohamed wrote, was to allow himself to move up and down a document without taking his hands off the keyboard – not as a complete replacement for conventional navigation methods, but as a supplement. “ScrollPods is not trying to replace the mouse but when it comes to intuitive scrolling, I think it gives traditional scrolling methods like the mouse, scroll wheel, trackpad and touchscreen a good run for their money,” Mohamed wrote. “I enjoy ScrollPods when I’m reading long documents, when my hands are occupied, when I’m drinking an iced coffee or when I simply want to rest my hands.” With the ScrollPods website stating that the app is free, and its Mac App Store page reporting that it doesn’t collect any data, I decided to give it a shot. Installation was easy. It detected my second-gen AirPods Pro without issue, and we were off to the hands-free races. ScrollPods is responsive, easy to use, and isn’t too sensitive, either. It does tend to jump a bit if you slightly move your head, so if you’re fidgety you might want to turn the sensitivity down or enable the feature that automatically pauses the app with a quick tilt of the head. Speaking of settings, there are a lot of options to get ScrollPods working to your liking. Sensitivity, the threshold at which the app starts to scroll, acceleration speed, and even how fast the scrolling stops can all be tweaked, as can how you actually scroll – if you’d prefer to move content up and down by turning left and right, you can do that, too. You can also reverse the order so that looking up scrolls down and looking down scrolls up, if you’re a crazy person. It’s also a great accessibility feature, but Mohamed told us that wasn’t his original goal. “This was initially designed for comfort, I initially came up with ScrollPods because I needed a hands-free way to scroll documents as I was soothing my baby, often stuck in the same position for an hour,” Mohamed told The Register via email, adding that he didn’t want to make an assumption that it would be a significant accessibility product since he’s an able-bodied person. That said, he has heard from a number of people using ScrollPods for accessibility, and the feedback has been positive. “Feedback from the accessibility community … has been phenomenal and is also my current main focus,” Mohamed added. “Updates with a bigger emphasis on accessibility will follow.” As for whether Apple, famous for baking accessibility features into its products, could snipe his idea, he said he’s not entirely surprised it hasn’t happened yet. “Based on the simplicity, it seems so straightforward,” Mohamed said. “With an original concept, this is part of the game and I can’t influence what another company does.” If you want to try ScrollPods out, the link is included above. You’ll need a Mac running macOS 14 or newer and a pair of AirPods 3rd gen or newer, or any version of AirPods Pro, AirPods Max, and Beats Fit Pro. ScrollPods is free right now, but it might not stay that way – Mohamed said he hasn’t settled on final pricing. “Due to the accessibility element of ScrollPods, I do foresee a free tier,” he told us. ®

source https://www.theregister.com/personal-tech/2026/07/10/slothful-summer-app-lets-you-scroll-simply-by-tilting-your-head/5270096

Friday, 10 July 2026

A US county reportedly paid $1 million to Kairos, an extortion gang that claimed to have stolen more than 2 TB of data, but the county never received independently verifiable proof that the stolen files had been deleted - just the criminals' promise. This means the county’s stolen files may turn up for sale on a dark web forum, and the same (or another) crime crew could again demand an extortion payment to not leak the data. It’s also a reminder that, despite the feds urging victims not to pay cybercriminals, sometimes coughing up the ransom demand seems to be the lesser of evils. The alleged incident played out in May and June 2025, according to a case study by threat-intel researcher Rakesh Krishnan on Ransom-ISAC, a global knowledge-sharing platform for defenders and incident responders. Krishnan based his report on a leaked transcript of the negotiations between the county and Kairos, along with attacker-provided artifacts and screenshots, and payment-tracing evidence on the blockchain. It doesn’t name the ransomware negotiator, citing privacy concerns, nor does it identify the victim, describing it as a US government entity. Communications between the attackers and the public agency, however, suggest it’s a US county, including this one following the attackers’ initial $3 million demand: “We have reviewed the situation with our leadership and financial teams. As a small county with very limited resources, we simply do not have the ability to meet the amount you have proposed. That said, we understand the seriousness of the matter and want to work toward a resolution. The most we have been able to identify at this time is $100,000. We respectfully ask that you consider this offer.” Additionally, one of the allegedly stolen documents, "Media Release - Motorcycle Crash Claims the Life of Dublin Resident 9-10-2020.pdf," indicates that there’s a city of Dublin inside the county’s boundaries. It’s worth noting that the city of Dublin, Ohio, spans four counties in that state: Union, Franklin, Delaware, and Madison. And last fall, Union County, Ohio disclosed a May 2025 “ransomware attack that involved unauthorized access to and acquisition of protected personal information held by the County.” According to the cyber-incident notice, the intruders accessed Union County networks from May 6, 2025 through May 18, 2025 and stole data including people’s names, Social Security numbers, driver’s license/state identification card numbers, financial account information, dates of birth, fingerprint information, medical information, payment card information, and passport numbers. The disclosure doesn’t say anything about paying a $1 million ransom, nor does it name the attacker. The Register reached out to county officials and law enforcement and asked if Union County is the government entity described in the Ransom-ISAC report. We will update this story if we receive any response. The FBI declined to comment. We should also note that there’s no indication this was a ransomware attack, as the attackers didn’t claim to encrypt any data or provide a decryptor in exchange for payment. Plus, as Krishnan says, security researchers have not obtained, or linked to Kairos, any ransomware sample, encryptor, or locker binary. What we do know, based on the transcript and Kairos’ data-leak site, is that the miscreants claimed to steal more than 2TB of data, totaling about 1.6 million files. 'You are wasting our time with such offers' After listing the victim county on their name-and-shame blog, Kairos demanded $3 million. “We will give you the full list of files we have and give you some time to study it,” the crims told the victim. “You can choose up to 10 files from this list and we will send them to you. In order to prevent the publication of data you need to pay 3000000$.” According to the transcript, county officials reviewed the files during the last week of May 2025, and made the first counteroffer of $100,000 on June 4, 2025. Kairos responded: “You are wasting our time with such offers.We cant accept it.Your files will be a great advertisement on our site and we understand what terrible consequences will await you. You cant hide the data leak.You have two more days to make us a favorable offer.” Two days later, the county increased its offer to $255,000. Kairos reduced its demand to $2 million, and on June 9, 2025, the county proposed paying $430,000. “As a small county and limited resources, we are doing our best to navigate this within what is financially feasible for us,” the leaked negotiations say. “That said, we are committed to finding a resolution and have taken steps internally to increase our offer to $430,000. This reflects a sincere attempt to make progress despite our constraints. We ask that you consider this proposal as part of a continued effort to resolve the matter in a constructive and timely manner.” That same day, both parties settled on $1 million, Kairos provided a Bitcoin payment wallet and the county requested a few deliverables in exchange for the payment: “Please confirm for $1,000,000 you will provide us with: proof of deletion, a complete list of all files taken, and tell us how you got in.” Kairos claimed to have gained initial access by bruteforcing their way into the network, shared an RAR file that they claimed provided “proof of deletion of all downloaded files,” and a promise: “We also guarantee that we will not share the downloaded data with third parties, and we also guarantee that we will not attack you again.” However, as Krishnan notes, “the transcript does not show a technical mechanism by which deletion could be independently verified, which remains a fundamental limitation in ransom-payment scenarios.” To pay, or not to pay? It’s also one of the reasons why both the FBI and US Cybersecurity and Infrastructure Agency urge victims not to pay criminals. “Paying a ransom doesn’t guarantee you or your organization will get any data back,” according to the FBI. “It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.” While there is no outright ransom-payment ban at the US federal government level, two states - North Carolina and Florida - explicitly prohibit public agencies from paying extortion demands, and others have proposed similar legislation. The Register has discussed the topic of a ransomware-payment ban with many experts over the years, and while they mostly agree that the only way to eliminate attacks is to cut off the financial incentive for the criminals, they also typically say a total payment ban won’t work. “Complex problems are rarely solved with binary solutions, and ransomware is no different,” Sezaneh Seymour, VP and head of regulatory risk and policy at Coalition, told us in an earlier interview. “A payment ban will backfire because it doesn't address the root cause of our national problem: widespread digital insecurity.” ®

source https://www.theregister.com/cyber-crime/2026/07/09/an-unnamed-us-county-perhaps-in-ohio-paid-1m-extortion-demand-to-cybercriminals/5269575
The OpenMandriva Linux project announced that it was the target of an attempted act of internal sabotage after a dispute among contributors. [...]

source https://www.bleepingcomputer.com/news/security/openmandriva-linux-says-contributor-tried-to-sabotage-the-project/
No surprise here. A study from AI detection platform Pangram suggests that social media posts are teeming with AI-generated slop, particularly if the posts are long and especially if they live on LinkedIn or X. If you’re sick of reading non-human prose, we’d recommend getting off the platforms altogether. Along with offering your typical AI-content detection services, Pangram released a Chrome extension at the end of April that, with a $20/month subscription, will automatically scan a user’s LinkedIn, Medium, Substack, X, and Reddit feeds to check for AI-generated or assisted content. With more than one million posts analyzed from users who opted in to share data through the extension since its launch, Pangram has concluded that, while AI slop is flooding social media, it’s hitting longform content particularly hard. With longform content defined in its study as any post over 250 words, Pangram found that a full 25 percent of such posts across all the platforms it studies were fully AI-generated. Fully, mind you, meaning that doesn’t include posts in which users got the assistance of an LLM to gussy up their bland prose. That average across platforms was hardly evenly distributed, though. Leading the way was LinkedIn, where 41 percent of longform content was fingered by Pangram as being AI-generated. That’s likely unsurprising to anyone who's ever bothered to read a lengthy professional diatribe from the Microsoft-owned slop shop, or for El Reg readers - a prior story we reported on in late 2024 from AI detection outfit Originality.ai found that 54 percent of LinkedIn longforms were AI-generated. Originality’s definition of Longform was a bit looser, however, with anything over 100 words counting in its analysis. Per Pangram, shortform content on LinkedIn isn’t much more likely to be human authored - they found 30 percent of posts between 50 and 250 words were fully written by AI. For LinkedIn thought slop leaders, it’s generally all or nothing when it comes to using AI to write posts, with a mere 4.3 percent of longform content written with AI assistance. On the other hand, only 55.2 percent of longform posts on the platform, Pangram concluded, are actually written by humans. While LinkedIn may take the cake in terms of the volume of full-slop longform posts, Elon’s X has it beat when adding partially-written AI garbage into the mix, but not by much, honestly. A quarter of posts on X are fully AI authored, and an additional 23.2 percent are believed to be written with AI help. That leaves 52.7 percent of Twitter posts attributed to humans. In effect, you’re roughly batting .500 on either site. Pangram found that Medium isn’t that much better, with roughly one in three posts likely to have been written by, or with the aid of, an AI. Substack was far and away the least likely place to find AI slop in disguise, but even then, nearly a quarter (21.9 percent) of posts analyzed by the Chrome extension were written by or with AI. Reddit is a slightly more complicated situation, with comments on posts making up a large portion of Reddit content. According to Pangram, 11.6 percent of Reddit posts are AI authored or assisted; 98.1 percent of comments were found to be human authored, and the sheer quantity of comments vs. top-level posts meant that Reddit appears to be the place to go if you want to avoid an intrusion of AI thinking. All said, Pangram concluded from its data that AI writing is flooding social media, just like it’s flooding websites and basically everywhere else online. “An internet that is completely flooded with undisclosed AI content is bleak, but we don't believe it's inevitable,” Pangram CEO Max Spero said of his company’s findings in the report. Pangram believes letting internet users know what’s been AI-generated so they can ignore it is a solution to the problem, but you’ll have to pay $20/month if you want the Chrome extension to provide that service. It’s still usable without paying, but content has to be manually input, and the daily limit is just 4,000 words. In other words, unless you want to pony up and see who’s bullshitting you on social media, you’ll have to just assume everyone is. Like we suggested up top, maybe it’s time to disconnect from those feeds entirely. ®

source https://www.theregister.com/ai-and-ml/2026/07/09/ai-slop-writing-has-taken-over-the-internet-particularly-linkedin-and-x/5269525
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]

source https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/

Thursday, 9 July 2026

Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications. [...]

source https://www.bleepingcomputer.com/news/security/fake-paysafe-skrill-sdks-on-npm-and-pypi-steal-credentials/
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]

source https://www.bleepingcomputer.com/news/security/hackers-exploit-roundcube-flaw-to-spy-on-academic-researchers/
The memory chip crisis caused PC shipments to fall by 5 percent from last year in Q2 2026 as vendors struggled to secure supplies, and IDC warns smaller suppliers may be forced out of business if the situation continues. While rising component costs have already priced budget PCs out of existence, the market intelligence biz says the AI-driven shortage also pushed shipments down to 68.2 million units during the quarter spanning April, May, and June. This was the first decline after nine consecutive quarters of growth, with persistent memory chip shortages taking much of the blame. But other components such as storage, along with "geopolitical issues," have continued to weigh on the market, IDC says. "The real story here is the disconnect between units and dollars: shipments are falling, but revenue is climbing because vendors are pushing through price increases faster than demand is dropping," said Jitesh Ubrani, IDC research director for consumer devices. As The Register has previously noted, the largest vendors such as Lenovo are doing just fine thanks to their ability to negotiate supplies far in advance. The China-based tech biz saw revenue for PC and smart devices rise by 26 percent in its most recent earnings release. But IDC warns there's growing risk of vendor consolidation as brand behemoths such as Apple, Dell, HP, and Lenovo use their scale to secure memory supply and squeeze out smaller competitors. The giants are well positioned to take share from smaller rivals, potentially forcing weaker players into mergers or exits. Sustained cost pressures from the memory shortage could also significantly slow the broader PC upgrade cycle, despite IDC reporting growing interest in on-device AI processing among enterprise customers. IDC warns that the memory shortage is not expected to ease until early 2028. According to Ubrani, another round of inventory pull-forward is not expected, which points to a sharp slowdown in the second half of 2026. Earlier this year, corporate buyers were bringing forward planned PC purchases in an attempt to beat further anticipated price hikes. "Vendors are bracing for further price hikes into 2027, and channels are already flagging concern about elevated inventory at these higher price points," Ubrani said. Last month, Taiwanese market watcher TrendForce said that DRAM prices are set to rise again by more than 50 percent this year, while chipmakers such as Micron are increasing memory output. However, meaningful new capacity is only projected to come fully online in 2027 and 2028, it said. ®

source https://www.theregister.com/personal-tech/2026/07/08/ai-memory-crunch-takes-a-bite-out-of-pc-shipments/5268593

Wednesday, 8 July 2026

The UK's Court of Appeal has dismissed Microsoft's appeal against a ruling that ValueLicensing (VL) can resell pre-owned software licences. The judgment, handed down July 7, follows a ruling by the Competition Appeal Tribunal (CAT) in November that customers could resell their licenses, even if Office contained clipart. In 2021, VL filed a claim accusing Microsoft of stifling the market for pre-owned on-prem software licenses, alleging the US biz baked restrictive clauses into its contracts – essentially, better subscription deals for customers who didn't resell old licenses. VL sought £270 million in damages; Microsoft denied wrongdoing. The case later took a turn, when Microsoft attempted to reframe it as a copyright dispute. VL was leaning on the EU's UsedSoft ruling, which established that secondhand software licenses could legally be resold. Microsoft changed tack and countered that Office's icons and help files made it a creative work, and thus covered by the Copyright and Information Society Directive rather than the software licensing rules UsedSoft addressed. Microsoft also argued that licenses it had sold in bulk (for example, a 1,000-seat purchase) couldn't legally be broken up and resold piecemeal by VL. The CAT rejected both arguments and ruled unanimously for ValueLicensing. Microsoft filed an appeal, and that appeal has now failed. The judgment is unambiguous on both counts. On copyright, the Court of Appeal agreed with the CAT that Microsoft's reasoning would lead to "odd results." "It would mean that all that was necessary to avoid the effect of UsedSoft would be to incorporate some icons or clip art with the program," the judgment noted. As for the subdivision of volume licenses, again, the Court of Appeal sided with the CAT and dismissed Microsoft's appeal: there's nothing wrong with VL's approach. VL's Jonathan Horley told The Register in a statement: "I am delighted that the Court of Appeal has given such a clear judgment in ValueLicensing's favour on both of Microsoft's appeals. The judgment agreed with all the main conclusions of the CAT on both rulings under appeal as well as clarifying the overall legality of our business model." Horley pointed out that none of Microsoft's arguments succeeded and VL now intends to pursue its compensation claim. "We are considering the consequences of the Court of Appeal's judgment for Microsoft's defence to our claim and will focus in the coming weeks and months on the key procedural steps leading up to a liability trial," he added. A Microsoft spokesperson told The Register: "We respectfully disagree with the court's decision and will seek permission to appeal. Today's decision does not address ValueLicensing's core complaint that we gave customers the option to apply the value of their licenses for older products to new cloud subscriptions rather than selling them to third parties. "We continue to believe that was both legal and the right thing to do. Helping our customers move to the cloud improves productivity and security." Justin Turner KC, the judge presiding over ValueLicensing's claim, is also overseeing Alexander Wolfson's collective action against Microsoft. Wolfson was granted permission to intervene in the appeal on March 30, and the judgment noted that "the intervener's position was essentially supportive of VL's case." That potentially makes today's dismissal significant well beyond VL's own claim. The Wolfson collective action, bolstered by this ruling, could expose Microsoft to liability running into the billions, dwarfing the hundreds of millions at stake in VL's original claim. ®

source https://www.theregister.com/software/2026/07/07/court-tosses-microsofts-appeal-in-pre-owned-software-licenses-battle/5267742

Tuesday, 7 July 2026

Hard times have come to Microsoft employees. Thousands of Microsoft team members reported to work following the US holiday weekend to learn their jobs no longer exist, with Redmond gutting its Commercial business and Xbox team, and spinning off several game studios to cut costs. Microsoft human resources boss Amy Coleman announced that the company is eliminating some 4,800 roles Monday morning in a letter to employees the company published online. Coleman explained that Microsoft is doing the layoffs, which will reduce its global headcount by around 2.1 percent, because the business of technology is changing, which means that Redmond can’t be the same slow, unwieldy vessel it has been for years. “The way technology is built, deployed, and used is transforming faster than at any point in my time here,” explained Coleman, who has worked in HR at Microsoft for nearly 17 years. “That means we will need to adjust resources and roles and shift how we operate so we can have the greatest impact for our customers.” It doesn’t help that Microsoft’s stock price has fallen by nearly a quarter in the past 12 months either, although Coleman didn't mention that in her note. She did, however, mention AI. “I also want to be direct that the roles eliminated today are not being replaced by AI,” the Microsoft exec said before couching the statement in a necessary detail. “At the same time, what is true is that AI is changing how work gets done.” So no one is going to be forced to start working alongside a digital replacement for their former human colleague, but AI probably means fewer people overall. “Some of the tasks we do every day can now be automated, and that means we all need to keep learning, keep building new skills, and keep adapting as the work evolves,” Coleman added. How long until a bot can do an HR executive’s job, we wonder. Coleman noted that two units will be the heaviest hit by Monday’s announcements: Microsoft Commercial Business (MCB, which includes sales, marketing, and operations), and the Xbox team. It's also going to unload several gaming studios that Microsoft likely spent hundreds of millions to acquire over the past few years. Coleman didn’t share much about how the cuts will affect either group, though she did say that the MCB moves build on the company’s announcement from last week that it was spinning up a new MCB subsidiary called Microsoft Frontier Company to help customers deploy AI and realize returns on their rather costly investments. Xbox boss doesn't beat around the bush Asha Sharma, Microsoft’s Xbox division chief, was honest in her assessment of the state of her division, telling employees in an email posted on XBox Wire that the Xbox business “is not healthy.” Sharma said that she intends to cut the headcount on the Xbox team by 3,200 people during the 2027 fiscal year, which began on July 1. Monday's cuts included 1,600 from the group. The Xboss also admitted that Microsoft’s habit of buying up every promising independent game studio is “neither possible nor desirable” after several years of pursuing such a strategy, which is part of the reason that the company is cutting Compulsion Games, Double Fine Productions, Ninja Theory, and Undead Labs loose from their corporate leash. The former two will be transitioning to full independence, while the latter pair have reportedly entered into terms to join new ownership. All of the studios’ various IPs and upcoming games are going with them. Microsoft is making cuts to remaining studios too, with Activision, Bethesda/ZeniMax, Blizzard, King, Mojang and Xbox’s own game studio all trimming staff and shifting their directions toward higher-priority projects. Redmond is reducing management layers as part of the Xbox restructuring as well, and the division now has a chief operating officer for the first time ever. The changes won’t be ending there, either, Sharma said. “It is not possible to make all the necessary changes in a single day, and I wanted to be direct about the scale,” she explained. “History is full of companies that mistake longevity for inevitability. We will not be one of them.” The fact Sharma had to say that isn’t encouraging, for either Xbox or Microsoft's other less-than-popular platforms. ®

source https://www.theregister.com/software/2026/07/06/microsoft-says-the-world-is-changing-faster-than-it-can-keep-up-as-it-guts-commercial-xbox-teams/5267032
​Vietnamese authorities have arrested and are prosecuting seven suspects believed to have run HiAnime, the largest anime piracy streaming service before its shutdown in June. [...]

source https://www.bleepingcomputer.com/news/security/vietnam-arrests-suspects-behind-hianime-anime-piracy-service/

Monday, 6 July 2026

Colour me positively surprised, as I had no idea Alpha emulation had progressed this much.

As you might know, I’m involved a bit in the OpenVMS community and the Alpha emulation side via AXPBox. AXPBox (github) is a fork of the es40 alpha emulator by Camiel Vanderhoeven (who is now Chief Architect at VSI, the company that makes OpenVMS, for x86 nowdays). There have been many forks of es40 in the past and recently a new one has popped up with some great new features. Like speedups via a JIT compiler, S3 graphics port from MAME and ARC support, resulting in the ability to run Windows 2000 for the DEC Alpha.

↫ Remy van Elst

Not only can you run the unreleased Alpha version of Windows 2000 on this forked emulator, it’s also capable of running OpenVMS and Tru64 UNIX. In fact, both OpenVMS and Tru64 can run their full X11 CDE desktops on the emulator as well, which is incredibly cool and a huge milestone. As the name of the original emulator implies, it’s emulating an AlphaServer Es40 from the turn of the century, which should be fast enough for enthusiast use.

The last AlphaStation ever made, the ES47, is still very high on my list of computers I desperately want but will never have – they are incredibly rare, and whenever they do come up for sale, incredibly expensive. If you have one, consider yourself lucky, and please, write about it! Tell the world!



source https://www.osnews.com/story/145445/improved-dec-alpha-emulator-runs-windows-2000-for-alpha-and-openvms-and-tru64-with-x11/

LineageOS, the de-Googled Android ROM that serves as the backbone for pretty much the entire custom Android ROM community, has published an article about what the Android developer verification changes mean for them. I really like the factual tone of their article, especially this part:

Critics such as F-Droid, EFF, and “Keep Android Open” point out that this also happens to route every install path through Google-controlled infrastructure, hands Google a kill switch over any app or developer worldwide, and arrives shortly after Google’s antitrust lawsuits.

Both things can be true at once: real fraud is a problem and the restriction of developers is a convenient side effect of solving it this way – and we’re not in a position to pretend we know Google’s internal reasoning. We’re just telling you what they’ve said and what it changes; you can weigh the “why” yourself.

↫ Nolen Johnson on the LineageOS website

For LineageOS, these new verification measures don’t really mean much, as they don’t affect the project’s work or software. The developer verification infrastructure is a separate application that is part of Google Mobile Services, and LineageOS does not ship GMS nor does it ever intend to. As such, they don’t have to do anything, as this won’t be an issue unless LineageOS users choose to install a GApps package that happens to include the developer verification infrastructure.

If Google were to move the developer verification infrastructure into Play Services in the future, LineageOS makes it clear they’ll disable it globally, as they have done with a number of other “annoying Play Services-provided over-the-air update implementations“. There really isn’t much more they can do; the rest is up to users and projects that use LineageOS as their base.



source https://www.osnews.com/story/145443/lineageos-and-androids-upcoming-developer-verification-what-it-is-and-how-it-affects-you/

The Nintendo Entertainment System. Is it the platonic ideal of an 8-bit video game system? Well, only because it’s so prominent and successful– it’s actually kind of an oddball in its expandability and design. But there’s something else about it. The picture is a bit… wobbly. Well, over composite video anyway. Let’s dig in and learn a little big more about the nitty-gritty of composite video.

↫ Nicole Branagan

As usual, the information density in this article by Branagan is kind of remarkable, especially when you consider it never overwhelms you. Such a great read.



source https://www.osnews.com/story/145440/composite-video-on-the-nes-whys-it-so-wobbly/

Sunday, 5 July 2026

OPINION I write a weekly column called PWNED, about how poor security practices can lead to serious damage. Usually, there’s something funny in the malfeasance, like a CEO who kept every employee’s password in an Excel file on his desktop. However, I wasn’t laughing back in May when professional thieves invaded my 84-year-old mother’s entire financial life and managed to make off with $30,000 from her bank accounts alone. And they wouldn’t have gotten in if her financial institutions required multi-factor authentication (aka MFA or 2FA), a step too many institutions won’t take. One day in May, Mom got a call from the institution that runs her retirement savings account, who had identified a suspicious transaction and asked her if it was legit. She said no and they immediately protected her account. Then she checked her bank account at a different institution to see if it was compromised and found thousands of dollars transferred out of her checking and savings accounts. The thieves knew exactly how much they could withdraw each day, and used both withdrawals and transfers to a strange account. But the financial institution hadn't flagged the fraudulent activity. The thieves were so slick that they broke into her Gmail account and created spam filters to filter any mail from her bank or retirement savings provider to the trash so she wouldn’t get alerts about the transfers or about the fake accounts they made in her name. She spent hours on the phone reporting the theft to an unhelpful and incredulous fraud department who asked “Are you sure a relative didn’t do this?” We don’t know for certain how the crims got into my mom’s accounts, but we know she used the same or similar passwords on all of her accounts, and at least one of her accounts was part of a data breach a few years ago, so that info was probably available somewhere online. The miscreants then could have used this info to get into her retirement account, her bank, and her Gmail. None of this would have been possible if she had MFA enabled on those accounts, but neither Google nor her financial institutions require it. “Many consumers assume every bank requires 2FA, but that's not the reality,” said Gregory Shein, CEO of Nomadic Soft, a SaaS company that serves fintech clients. “Some financial institutions still treat it as an optional feature because they're balancing security against friction. Every extra login step can reduce conversions, increase support tickets, and frustrate less technical customers.” Indeed, while some banks such as PNC require MFA, others such as Bank of America, Chase, Capital One, and Citibank leave it as optional. Google’s accounts are also MFA-optional. Fortunately, after they spent hours telling my mom that someone in her family could have done the deed, and repeatedly putting her on hold, then forcing her to navigate a labyrinthine phone tree, the bank eventually agreed to investigate. A few weeks later, they restored the stolen funds. A not entirely happy ending My mother was lucky, because if money is stolen from your bank account, there is no guarantee that you will get it back, at least in the US. According to the Consumer Financial Protection Bureau, you have 60 days from the date of a bank statement to dispute any transactions. The bank also has 45 days to investigate, unless your bank account was just opened in the last 30 days or the fraudulent transactions took place outside the US. But the bank could very well decide that those fraudulent transactions look legitimate and refuse to reimburse you. If the bank doesn’t agree to reimburse you, your next step is to get a lawyer and attempt to sue. A quick search revealed dozens of lawyers in my area who specialize in dealing with this problem. It would be easy to blame my mom for being robbed. Using the same password in multiple places left her wide open for exploitation. However, her bank’s lack of a required second authentication factor also contributed. The bank doesn’t let you transact without a password, and it doesn’t issue you an ATM card without a PIN, because it knows that there has to be a required minimum level of security. Banks and other financial institutions know better. Google knows better. But they’re all putting convenience ahead of security when it’s your money that’s on the line. “Different segments of the population adopt technology faster or slower. If I’m a bank, I have to consider that very closely because I don’t want to lose any banking relationships.” Andrew Shikiar, CEO of the FIDO Alliance, an industry association that advocates for stronger login security, told me in an interview. “So I think there’s some concerns around friction that have held some banks and other service providers back from really pushing this more aggressively.” How effective is MFA? According to a 2019 article from Microsoft, MFA prevents 99.9 percent of attacks on your accounts. However, other experts say this number is exaggerated, as there are many ways to get past MFA if you’re a criminal, including social engineering and interception. One of the most common types of MFA, issuing a one-time passcode via an SMS message or an email, is inherently flawed. A determined thief can use social engineering to get a SIM card with your phone number on it, then get to your texts. And if your email itself isn’t perfectly secure and it is receiving an OTP, they can get to that too. Phishers can also trick you into giving up your OTPs by creating a fake website that looks like your bank’s login page. The right way to do MFA today is with a passkey. Passkeys are cryptographic key pairs where there’s a private key on the user’s device and a public key on the server. To access the key on the device, the user must either enter a PIN, touch a physical security key like a Yubikey, or enter a biometric login such as their face or fingerprint. Passkeys cannot be phished or intercepted, which is why they are known as “phishing-resistant MFA.” Unfortunately, a lot of banks are sticking with their OTPs. For example, when I went to set up MFA for a family member’s account with US bank Chase, using its website. Chase offered the chance to receive an OTP via email, SMS, or a phone call. The bank is rolling out passkeys, according to the FIDO Alliance. So are Wells Fargo, US Bank, and Bank of America. Some banks may be using better MFA only within their mobile apps. Chase’s app, for example, asks users to use a fingerprint or facial recognition at login, even though the website does not. However, if a thief wants to log in at Chase's website, there will be no biometric challenge. And if a user doesn’t have MFA enabled at all, it’s even easier for thieves to get in. “OTP is just another password. So it’s a shorter-lived one, but it really is just another password,” Shikiar said. “And there’s also usability issues. You’re juggling between your mobile and your desktop. It’s insecure, inefficient, and a really inadequate user experience.” What banks don’t seem to understand is that you’re only as secure as your weakest entry point. If security controls only exist on mobile apps, it doesn’t help with web-based attacks. If a level of security is optional, the majority of people won’t enable it. Thieves will take the path of least resistance, so service operators need to lock down all entry paths equally by default. Unfortunately, an approach that favors convenience over security will lead to a lot more people losing their money. And, ultimately, banks will lose money when they have to reimburse people for those fraudulent transactions. “I don't expect banks to be mandating passkeys and only passkeys for some time, but the more they push them, the more comfort there is,” Shikiar told us. “The sooner we’ll get to that point where it becomes a de facto default and then becomes really something that's either required or essentially required.” That time should be now. ®

source https://www.theregister.com/security/2026/07/05/mfa-optional-banks-leave-safe-doors-and-accounts-wide-open-for-thieves-to-pillage/5266161
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. [...]

source https://www.bleepingcomputer.com/news/security/flipper-zero-firmware-development-continues-with-community-help/
The Twenty-Ninth International Obfuscated C Code Contest – or IOCCC for short – is back again with the results of the 2025 competition. This year, one of the entrants has a unique new trick up their sleeve: a valid use case. When we reported on last year's event, it was had just been revived from a four-year hiatus, so we're happy to see it back so soon. As we write, the judging concluded some three weeks ago, but although there is a recording on YouTube, it's very nearly three hours long. It took a while to edit it down to individual clips for each winner, which is why we are covering it now. For many of these programs, you really must see what they do to believe it, and although it's generally not our preferred format, video clips are superb for this. There are no fewer than 23 winning entries this year, including a hat-trick of hat-tricks: three entrants, Yusuke Endoh, Nick Craig-Wood, and Don Yang, all had three winning entries each. We have room for only a few of our personal highlights, but we highly recommend reading all the winners – they are well worth your time. One element of the IOCCC is that the judges, Landon Curt Noll and Leonid A. Broukhis, invent new categories each time for each winning entry. We're using their titles, so if the subheadings initially don't make much sense, reading the relevant IOCCC pages might explain all… but we wouldn't rely on it. IOCCC29 – 2025/cable – Best imaginary emulator We cannot claim to have studied every result in every IOCCC. When the first one happened in 1984, this vulture was still at school and learning BASIC. However, this year, Adrian Cable's Subleq computer was the one that grabbed our attention the most. The reason is that we had already looked at it and what it does – or at least a closely related project. Unusually for the IOCCC, it has a real-life use case in software preservation. The idea of the Eternal Software Initiative (ESI) is to aid in the preservation of software after its original hardware platform no longer exists by implementing a computer architecture that is specifically designed to be emulated very easily. There's a sample implementation on GitHub. The CPU architecture isn't new; it's a One Instruction Set Computer called Subleq. OISC is the logical extrapolation of RISC: you can't reduce an instruction set any further than cutting it down to just one instruction. In this instance, that instruction is Subleq (subtract and branch if less than or equal to zero). Here's an explanation from 2020, and it wasn't new then – here's FPGA hardware from 2011 [PDF]. The ESI has implemented Subleq in software, built a C compiler to target it using LLVM, and ported Linux to it, complete with C and C++ runtime libraries. Run your emulator on that Linux, and you can bootstrap a runnable version of any hardware architecture from this tiny basis. And we do mean tiny. This is the IOCCC winning implementation of the architecture: #include #define o s[1&s[t=e++]?s[t]/4:t]/4,t b,y,t,e,s[38e5?s[memcpy(3[ g],6[s]+s,25

source https://www.theregister.com/offbeat/2026/07/05/c-programmers-commit-fresh-crimes-against-readability/5265981

Saturday, 4 July 2026

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. [...]

source https://www.bleepingcomputer.com/news/security/jadepuffer-ransomware-used-ai-agent-to-automate-entire-attack/
Vendors are trying to position "confidential computing" as the technical backbone of Europe's sovereign cloud ambitions. But new research shows that a security protocol used to prove cryptographic trust in the system may have a fundamental architectural flaw. Confidential computing rests on a mechanism called remote attestation, in which a server cryptographically proves to a client that it is running inside a genuine, unmodified Trusted Execution Environment (TEE) before any sensitive data changes hands. Intel's product pages promise TDX will "add safeguards to data sovereignty and governance." Google Cloud describes its confidential computing infrastructure as offering "full, auditable control over access to customer data." In May, The Register reported that the chip beneath the chip, the management engines running below the operating system on Intel and AMD silicon, falls outside what European sovereignty frameworks like SecNumCloud actually assess. That left an open question about the layer above the silicon: the protocol meant to prove the chip itself can be trusted. New, independently verified research answers it, and the answer is not reassuring. A protocol that promises more than it proves Muhammad Usama Sardar, a researcher at TU Dresden, has spent the past two years formally verifying whether that protocol, known as attested TLS, actually does what it claims. Using ProVerif, a tool for the symbolic security analysis of protocols, he and his co-authors discovered that it largely does not. Their recent paper, Identity Crisis in Confidential Computing, published with co-authors Mariam Moustafa and Tuomas Aura and presented at the AsiaCCS 2026 conference, found diversion attacks against two state-of-the-art attested TLS protocols. A connection intended for one server can be silently redirected to a different, compromised machine running identical software, anywhere in the world, without the client ever knowing. The intended server has done nothing wrong. The attacker simply exploits the fact that the protocol checks the software's integrity, not its location. The most recent paper, Intra-handshake.fail, published with co-authors Viacheslav Dubeyko and Jean-Marie Jacquet and accepted for ESORICS 2026, goes further. It examines what the industry calls intra-handshake attestation, where evidence is generated during the TLS handshake itself, and tests seven different ways of cryptographically binding that evidence to the underlying connection. None of them prevent relay attacks, in which a client verifies the evidence of a genuine, trustworthy AI agent or server but ends up encrypting its traffic to an entirely different, malicious one. The starting assumption in all of this is that the hardware itself can be trusted. "In confidential computing, you have to trust the hardware manufacturer anyway," Sardar told The Register. "There is absolutely no way around this." With that root of trust accepted, he argues, the protocol layer was supposed to provide everything else. His research shows it provides far less than assumed. Three levels of trust The researchers formalise the problem as three increasingly strict levels of cryptographic binding between the attestation evidence and the actual TLS connection it is meant to vouch for. The weakest, level one, ties evidence only to the very first key exchange in the handshake, the Diffie-Hellman step, where client and server agree on a shared secret before either side has proven who they are. Level two ties it to the client's handshake traffic key, covering everything up to the server's identity confirmation. Level three, the strongest and the one that matters most in practice, ties evidence to the application traffic key itself, the key actually used to encrypt the sensitive data a client sends once the connection is live. Sardar's extensive analysis in ProVerif focused on intra-handshake attestation; post-handshake attestation fell outside its scope. Three of the seven binding mechanisms examined achieve level one. The rest fail even that baseline. His team's own proposed mitigation, a cryptographic binder built from the TLS handshake secret combined with the server's public key, formally achieves level two. Level three, the paper concludes, "may not be possible" within intra-handshake attestation as currently architected, without breaking properties of TLS 1.3 that the protocol was never designed to give up. In plain terms: the best fix available today proves a client is talking to the right machine at the start of a handshake. It cannot prove that the data sent minutes later is still going to that same machine. Production systems, not laboratory proofs of concept The vulnerability is not confined to academic models. Sardar's team formally analysed four real-world implementations of intra-handshake attestation: Meta's Private Processing system for WhatsApp, Edgeless Systems' Contrast, the open-source Cocos AI platform, and a proof-of-concept maintained by the Confidential Computing Consortium's (CCC) Attestation Special Interest Group. The first three of the four are running in production today. The attacks apply to every version of Cocos AI between 0.4.0 and 0.8.2. The class of flaw itself is not new. Sardar's team notes the attacks are subtle enough to have gone undiscovered for years before formal analysis caught them. The responsible disclosure resulted in CVE-2026-33697, rated 7.5 on the Common Vulnerability Scoring System, high severity. For comparison, the researchers note in their paper that BadRAM, the 2024 memory aliasing attack against AMD's SEV-SNP that made headlines in its own right, scored 5.3. The CCC Attestation SIG's repository lists CVE-2026-33697 as the highest-scoring vulnerability among a cluster of recent confidential computing flaws, ahead of Fabricked (5.9), BreakFAST (5.9) and Staleus (4.0). The working group and the IETF's TLS working group have both formally acknowledged the relay attacks. "As implemented today, attested TLS is not mature yet," Sardar told The Register. "We are investigating further, and we are confident there are more issues yet to be discovered." What makes the finding more pointed is who missed it first. Meta commissioned an extensive security review of its WhatsApp implementation from Trail of Bits, a well-regarded security firm, before Sardar's team examined it. That review did not detect the relay attack. It is methodology, not incompetence, that explains the gap. The ESORICS paper records that Sardar's team contacted Trail of Bits directly, who confirmed no formal methods were used in their review process. Formal verification tools like ProVerif check a protocol exhaustively against every scenario a defined threat model allows. A manual audit, however thorough, samples. A subtle flaw in how evidence is bound to a connection can slip past a sampled review and still be provably broken under exhaustive formal analysis. The Attestation Special Interest Group of the CCC, which governs the adopted proof-of-concept project Sardar tested, found its own system vulnerable to the same relay attacks. A repository nobody would create The vulnerability itself had already been through a lengthy, orderly disclosure process. Sardar's team flagged it to Cocos AI in October 2025, the vendor acknowledged it two months later, and the CVE was published in March 2026. What happened next was different. On 14 June, Sardar wrote to the chairs of the CCC's Attestation Special Interest Group requesting a new public GitHub repository, named relay-attacks-in-intra-handshake, so his formal analysis artefacts for the relay attacks could be released under an Apache 2.0 licence, for use by researchers and the standardization community. He referenced an existing, adopted project under the same group's governance, the kind of administrative step that, on paper, should take minutes. Three days later, on 17 June, he sent a reminder. The following day, a second, noting the artefact link was needed for the paper's final version. On 24 June, ten days after the original request, he wrote again, this time without the diplomatic padding: "I do not see a good reason for such a delay, since the requested repo is part of an adopted project and creation of a new repo is not such a time-consuming task." The new repository still did not exist. The CCC's Attestation Special Interest Group is made up of representatives from the hardware and cloud vendors whose products the research concerns. That fact requires no embellishment. A working group populated by the companies whose attestation implementations were just shown to be vulnerable to relay attacks did not act, for over a week and across three written reminders, on a request to publish proof of that vulnerability. Since no repository had been created before the paper's final version went to the publisher, Sardar published the artefacts anyway, but inside an existing CCC-affiliated repository rather than the dedicated one he had asked for. He told The Register the repository had originally been built for an unrelated project: "Since the monopoly [of vendor-dominated working groups over this infrastructure] continues, we have released the artifacts to inform the community and for researchers to analyse it independently." The CVE stands regardless, credited and public. The delay changes nothing about the underlying mathematics. BSI reaches the same verdict None of this requires taking Sardar's interpretation on faith. A world away from the IETF mailing lists, Germany's Federal Office for Information Security (BSI) arrived at a closely related conclusion through its own, entirely separate channel. Carina Hilt, deputy press spokesperson at BSI, was asked directly about confidential computing's role in digital sovereignty. She told The Register the technology functions as "a defense-in-depth component," strengthening tenant isolation and protecting confidentiality and integrity, but not availability. Crucially, she added that "dependencies on other services, such as identity and key management etc., are also not mitigated by CC." That is, in other words, an institutional echo of exactly the gap Sardar's protocol analysis exposes: confidential computing's guarantees stop well short of guaranteeing who actually controls the keys and the identity infrastructure a deployment depends on. Pressed further on vendor marketing claims, BSI did not soften its position. "The vendors' positioning on CC might give too much weight to its technical capabilities," the spokesperson told The Register. "CC alone cannot satisfy the requirements for digital sovereignty." What the chipmakers say Mikael Moreau, Intel's France Communication Manager, was asked specifically about the attestation infrastructure underpinning its TDX confidential computing technology, and whether Intel's own role in that infrastructure constitutes a dependency. He said the company does "not consider its attestation infrastructure to be a limitation to sovereignty guarantees," arguing that any reliance on Intel's silicon and certificate root of trust is "bounded." Intel is not in the customer's workload data path, does not receive customer plaintext through attestation, and the operational trust decision can be delegated to an independent verifier or retained by the customer. That is a carefully constructed, technically defensible answer. It explains the architecture, not the law. Intel was asked whether its attestation infrastructure poses a sovereignty risk under RISAA, the 2024 US law that can compel hardware manufacturers to cooperate with secret intelligence orders. That question went unanswered. Google did not respond to a request for comment for this article. Acknowledged everywhere except the sales pitch Sardar's findings prompted four different institutional responses. The IETF's Secure Evidence and Attestation Transport (SEAT) working group, formed after a group including Sardar successfully argued for it at a Birds of a Feather session at IETF 123 in Madrid in July 2025, wrote his correlation properties directly into its charter as an explicit, mandatory requirement for any new specification work. That is a standards body doing exactly what it should, building formal verification into the process rather than bolting it on afterwards. The IETF's TLS working group formally acknowledged the same attacks, without adopting a binding requirement of its own. The CCC's inaction over ten days meant Sardar published the evidence himself, without the working group's help. None of that reached the sales conversation. Intel and Google continue to market confidential computing as proof of sovereign, verified protection. Asked directly about the infrastructure underpinning that claim, Intel's answer stopped short of the legal question at its centre. Google did not answer at all. For European CIOs and procurement officers, this raises a question beyond the one usually asked. It is no longer only which company owns the cloud or which government can compel which hardware manufacturer. It is whether the cryptographic handshake meant to prove a workload is running where it claims to be running can be trusted at all. The level that timing rules out Sardar's own mitigation reaches level two. Level three, the one that actually matters to a customer trying to verify their workload is still protected once data starts flowing, may not be achievable at all within the current architecture of intra-handshake attestation, where evidence is generated during the handshake itself. The timing is the problem. Level three requires binding the evidence to the key that encrypts the actual application data, but by the time that key exists, the evidence has already been sent, unless the TLS protocol itself is significantly changed. Post-handshake attestation waits until after that point, when the key is already there to bind against. "We believe post-handshake attestation alone can achieve level three binding," Sardar told The Register, warning that newer proposals combining both approaches add unnecessary complexity without adding security. His recommendation to the IETF's TLS working group is blunt: developers should abandon intra-handshake attestation altogether. ®

source https://www.theregister.com/security/2026/07/04/confidential-computings-core-trust-mechanism-is-broken-the-fix-may-not-exist/5266056
For those growing sick of Earth's geopolitics, NASA is looking for volunteers to spend a year living and working in isolated conditions in preparation for a journey to some other celestial orb. The US space agency is set to carry out a simulated deep space mission from no earlier than August 2027 to understand what might happen to its human lab rats during planned crewed missions to the Moon or Mars. Johnson Space Center in Houston will be home to the willing participants who are set for a yearlong Moon and Mars Exploration Analog experience designed to help keep potential space travelers safe and mission-ready during future stays on the Red Planet or Earth's natural satellite. The simulation could also inform plans for a sustained lunar presence through the agency's Moon Base and future Artemis missions. The "experience" will take place in two confined habitats. The NASA notice does not say whether there will be outside comms, but specifies physical and educational requirements, as well as a willingness to take part in a multi-day selection process and pass a psychological assessment. "Candidates also should have a strong desire for unique, rewarding experiences, and interest in contributing to NASA's work to prepare for extended stays on the lunar surface and the first crewed mission to Mars," the notice says. Given the state of affairs, there may well be a flood of applicants who feel skipping a year would be well worth the inevitable curbs on their freedoms. Nonetheless, they may wonder about the world they will emerge to find when the experiment ends. Will WWE star Cody Rhodes be running for president, given the recent showcase on the White House lawn? Anything is possible in a world that shows an unnerving resemblance to Mike Judge's 2006 Idiocracy. Then again, given the perilous state of NASA's funding under the Trump regime, it is always possible volunteers could fall victim to cuts while they were in isolation, leaving no one to tell them the experiment had reached its end. ®

source https://www.theregister.com/science/2026/07/04/nasa-says-it-will-isolate-volunteers-from-the-outside-world-for-a-year/5266558

About

Privacy Policy

ShortNewsWeb

Blog Archive

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Total Pageviews