Cloudflare: Config change borked net access for all

Posted on by

There was a disturbance in the force on July 14 after Cloudflare borked a configuration change that resulted in an outage, impacting internet services across the planet.

In a blog post, the content delivery network services biz detailed the unfortunate series of events that led to Monday’s disruption.

On the day itself, “Cloudflare’s 1.1.1.1 Resolver service became unavailable to the internet starting at 21:52 UTC and ending at 22:54 UTC. The majority of 1.1.1.1 users globally were affected. For many users, not being able to resolve names using the 1.1.1.1 Resolver meant that basically all Internet services were unavailable,” Cloudflare said.

But the problem originated much earlier.

The outage was caused by a “misconfiguration of legacy systems” which are used to uphold the infrastructure advertising Cloudflare’s IP addresses to the internet.

“The root cause was an internal configuration error and not the result of an attack or a BGP hijack,” the corp said.

Back on June 6 this year, as Cloudflare was preparing a service topology for a future Data Localization Suite (DLS) service, it introduced the config gremlin – prefixes connected to the 1.1.1.1 public DNS Resolver were “inadvertently included alongside the prefixes that were intended for the new DLS service.”

“This configuration error sat dormant in the production network as the new DLS service was not yet in use,  but it set the stage for the outage on July 14. Since there was no immediate change to the production network there was no end-user impact, and because there was no impact, no alerts were fired.”

On July 14, a second tweak to the service was made: Cloudflare added an offline datacenter location to the service topology for the pre-production DNS service in order “to allow for some internal testing.” But the change triggered a refresh of the global configuration of the associated routes, “and it was at this point that the impact from the earlier configuration error was felt.”

Things went awry at 2148 UTC.

“Due to the earlier configuration error linking the 1.1.1.1 Resolver’s IP addresses to our non-production service, those 1.1.1.1 IPs were inadvertently included when we changed how the non-production service was set up… The 1.1.1.1 Resolver prefixes started to be withdrawn from production Cloudflare datacenters globally.”

Traffic began to drop four minutes later and internal health alerts started to emerged. An “incident” was declared at 2201 UTC and a fix dispatched at 2220 to restore the previous configuration.

“To accelerate full restoration of service, a manually triggered action is validated in testing locations before being executed,” Cloudflare said in its explanation of the outage. Revolver alerts were cleared by 2254 UTC and DNS traffic on Resolver prefixes went back to typical levels, it added.

Data on DNSPerf shared with us by a reader indicates a length of the disruption of around three hours, far longer than Cloudflare’s summary suggests.

As a Reg reader pointed out: “Remember this is a DNS service. Every person using the service would have had no ability to use the internet. Every business using Cloudflare had no internet for the length of the outage. NO DNS = NO INTERNET.” ®

Source: Cloudflare: Config change borked net access for all • The Register

UK F-35 fleet poorly supported, can’t use vital weapons, shows NAO

Posted on by

The F-35 stealth fighter is not meeting its potential in British service because of availability issues, a shortage of support personnel, and delays in integrating key weapons that are limiting the aircraft’s effectiveness.

The various problems are highlighted in a reality check from the UK’s National Audit Office (NAO) that offers a contrast to the typically measured tone of official government communications when it comes to the state of the country’s armed forces.

Its report calls on the Ministry of Defence (MoD) to address these problems in the F-35 fleet: firstly to increase the effectiveness of the aircraft but also to demonstrate the program is delivering value for the huge cost it represents to the taxpaying public.

Britain currently has 37 of the F-35B variant of the aircraft, which is designed for short take-off and vertical landing (STOVL) operations like the Harrier it effectively replaces in Royal Air Force (RAF) and Royal Navy service.

The NAO, a public sector spending watchdog, starts by noting that the F-35 offers capabilities “significantly superior to any previous UK aircraft,” not just because of its low radar observability, but due to its advanced sensor suite including an electro-optical targeting system and long-range infrared target sensors, which are combined to provide the pilot with an integrated picture of the space surrounding them.

However, the report finds the MoD has not been able to deliver on its own targets for aircraft availability – the proportion of time each aircraft is ready to fly – despite these targets being lower than those for the global program.

It claims that last year, the UK F-35 fleet had a mission-capable rate (the ability of an aircraft to perform at least one of its seven defined missions) about half of the MoD’s target. The full mission capable rate (the ability of an F-35 to perform all required missions) was only about one third of the MoD’s target and significantly lower than for F-35B aircraft operated by other nations.

Some reasons behind this poor performance are cited as a shortage of engineers able to work on the F-35 in Britain’s forces, plus a global shortage of F-35 spare parts.

In fact, the UK Lightning Force faces “major personnel shortages across a range of roles,” which the NAO says are not likely to be resolved for several years, although it notes the MoD is recruiting to fill some of these gaps.

According to the report, the MoD has previously underestimated the number of engineers and other staff required to support F-35 aircraft during operations.

This was highlighted during Operation Fortis, the UK-led carrier strike group deployment to the Pacific in 2021, when an aircraft was lost after a protective engine blank was erroneously left in one of the air intake ducts. This led to the aircraft not being able to generate enough thrust for take-off and ditching in the sea immediately after leaving the flight deck of HMS Queen Elizabeth.

As reported by Navy Lookout, the US Marines F-35 squadron that was onboard the carrier at the same time had 25 personnel for each jet, while the British squadron had only 14.

Just as worrying are the ongoing delays in getting key weapons integrated with the F-35 so that they can be used in operations. The report states that the original support date for the Spear 3 air-to-surface cruise missile and the Meteor medium range air-to-air missile was December last year, but the F-35 is not expected to get these until the early 2030s.

These delays have been caused by “poor supplier performance,” the NAO says, referring to the US defense firm responsible for the F-35, Lockheed Martin. However, it also criticizes Britain’s MoD for “negotiating commercial arrangements that failed to prioritize delivery” and the low priority given to Meteor by the global program.

This means that UK F-35s are currently only capable of operating with the Paveway IV laser-guided bomb and US-made missiles such as the AIM-120D.

Part of the problem is that support for many of the key weapons British forces wish to use was planned for the Block 4 upgrades to the aircraft’s systems software, and these have been massively delayed. Much of the blame for this lies with Lockheed Martin and the Joint Program Office (JPO), the agency within the US Department of Defense (DoD) responsible for overseeing the F-35 program.

It was originally expected that this would be fully delivered by 2022, but the NAO says that in 2023 the US Government Accountability Office (GAO) found that it would not be delivered until 2029, and now the JPO doesn’t expect Block 4 to be completely delivered before 2033.

There has been a certain suspicion that the US doesn’t see supporting European-made weapons as a priority, especially when F-35 operators are then forced to buy American kit instead.

Small wonder, perhaps, that Britain is pushing ahead with a program for its planned next-generation fighter – currently codenamed Tempest – that does not involve any US defense companies but partners with Japan and Italy instead.

[…]

The UK government has, however, recently disclosed that it intends to procure a new tranche of F-35 aircraft which will comprise a dozen of the F-35A version, which operates from an airfield, along with another 15 F-35B, although delivery of these is not expected until the end of the decade.

Adding another variant of the F-35 is unlikely to help with the engineer shortage, since there are significant differences between the two versions.

Meanwhile, the MoD is also behind in delivering the Aircraft Signature Assessment Facility, which is needed to check that the F-35’s much-vaunted stealth technology is doing its job and has not been degraded by the harsh conditions of operating at sea.

[…]

 

Source: UK F-35 fleet poorly supported, can’t use vital weapons • The Register

This ‘Molecular Shield’ Might Stop Pollen Before It Wrecks Your Nose

Posted on by

what if, by spraying something akin to a nasal spray, you could thwart the onslaught of those pesky allergens before they latch onto your sensitive nasal passages?

This was the “simple but powerful idea” that inspired Kaissar Tabynov, who led the efforts to create a “molecular shield” that intercepts allergens the moment they approach our airways. For the experiment, they targeted mugwort pollen, which is the most common cause of pollen allergy in Central Asia and Europe. Tabynov and colleagues reported the first proof-of-principle for this technology, in this instance with mice, in a paper published today in Frontiers in Immunology.

[…]

Here’s how the “shield” works. Researchers first develop a monoclonal antibody, or a lab-made protein designed to attach to a specific molecule. In this case it’s aimed at a major allergy-causing protein found in mugwort pollen. These antibodies are applied to the nose, effectively snatching the allergens away from our natural antibodies, which trigger allergic responses when bound with allergens.

The immune system is an intricate network of cells and hormones, so adjusting the treatment such that it wouldn’t disrupt the natural system of mice proved to be a major challenge, explained Tabynov. Not only that, mugwort pollen is actually a combination of multiple allergy-causing particles (partly the reason they’re so insufferable), meaning Tabynov’s team had to focus on the most clinically relevant parts of the allergen complex.

After several adjustments, the team succeeded in making an antibody treatment that curbed nasal inflammation and asthma symptoms in mice, and it did so without harming the animals’ natural antibodies. Although the duration of the treatment was shorter than Tabynov hoped, he told Gizmodo that he and his team have already devised a strategy to potentially make the treatment last longer.

“What’s exciting about our approach is that it shows how precise, targeted biologics can be used not just for chronic therapy but for prevention, delivered right where allergens strike,” Tabynov added. “Our approach is non-invasive, needle-free, and fast-acting [and] reduces the allergen load on the immune system and may help prevent the progression of allergic rhinitis into more severe conditions such as bronchial asthma.”

[…]

Source: This ‘Molecular Shield’ Might Stop Pollen Before It Wrecks Your Nose

Bug Hunters Gain Access to 64 Million McDonald’s Job Applicants’ Info by Using the Password ‘123456’

Posted on by

A recruitment platform used by McDonald’s is alleged to have had such poor cybersecurity that researchers were able to log into it using a non-password and thus gain access to information on tens of millions of job applicants, including contact details and chat logs between the user and the restaurant’s AI bot.

The platform in question, called McHire, operates a chatbot, dubbed Olivia. Job applicants chat with Olivia, who, in an effort to decide whether they’re worthy of flipping hamburgers or not, assesses them via a personality test. The bot was created by a company called Paradox.ai.

Security researchers Sam Curry and Ian Carroll found that, using the username/password combination 123456/123456, they were able to log into the application, where they were given access to a treasure trove of information on job applicants. Indeed, Curry and Carroll were able to “retrieve the personal data of more than 64 million applicants,” the researchers write.

Their write-up is as hilarious as it is disturbing. The duo notes:

“Without much thought, we entered “123456” as the username and “123456” as the password and were surprised to see we were immediately logged in! It turned out we had become the administrator of a test restaurant inside the McHire system.

The information included names, email addresses, phone numbers, addresses, the state where the job candidate lived, and the auth token they used to gain access to the website. Additionally, Curry and Carroll could see “every chat interaction [from every person] that has ever applied for a job at McDonald’s.”

[…]

Source: Bug Hunters Gain Access to 64 Million McDonald’s Job Applicants’ Info by Using the Password ‘123456’

Watch out, another max-severity Cisco bug on the loose

Posted on by

Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges.

ISE is a network access control and security policy management platform, and ISE-PIC centralizes identity management across security tools. And this vulnerability, tracked as CVE-2025-20337, is about the worst of the worst, allowing miscreants to take total control of compromised computers easily. In other words – patch now.

The vendor disclosed CVE-2025-20337 on Wednesday in an update to a June security advisory about two other max-severity flaws in the same products. The new bug is related to CVE-2025-20281, one of the two disclosed in June, which also received a 10 CVSS rating and affects ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.

“These vulnerabilities are due to insufficient validation of user-supplied input,” Cisco noted. “An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.”

There are no workarounds, but Cisco has released a software update that fixes both flaws, along with another critical-rated bug tracked as CVE-2025-20282 disclosed in June.

The vendor noted that since the original publication of the security advisory last month, “improved fixed releases have become available” and customers should upgrade as follows:

  • If Cisco ISE is running Release 3.4 Patch 2, no further action is necessary.
  • If Cisco ISE is running Release 3.3 Patch 6, additional fixes are available in Release 3.3 Patch 7, and the device must be upgraded.
  • If Cisco ISE has either hot patch ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz or hot patch ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz installed, Cisco recommends upgrading to Release 3.3 Patch 7 or Release 3.4 Patch 2. The hot patches did not address CVE-2025-20337.
  • […]

Source: Watch out, another max-severity Cisco bug on the loose • The Register

Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission – calling home 389 times per day even when completely idle and all google apps closed!

Posted on by

Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users’ cellular data when they were idle to passively send information to the company.

The verdict marks an end to a legal class-action complaint that was originally filed in August 2019.

In their lawsuit, the plaintiffs argued that Google’s Android operating system leverages users’ cellular data to transmit a “variety of information to Google” without their permission, even when their devices are kept in an idle state.

“Although Google could make it so that these transfers happen only when the phones are connected to Wi-Fi, Google instead designed these transfers so they can also take place over a cellular network,” they said.

“Google’s unauthorized use of their cellular data violates California law and requires Google to compensate Plaintiffs for the value of the cellular data that Google uses for its own benefit without their permission.”

The transfers, the plaintiffs argued, occur when Google properties are open and operating in the background, even in situations where a user has closed all Google apps, and their device is dormant, thereby misappropriating users’ cellular data allowances.

In one instance, the plaintiffs found that a Samsung Galaxy S7 device with the default settings and the standard pre-loaded apps, and connected to a new Google account, sent and received 8.88 MB/day of cellular data, out of which 94% of the communications were between Google and the device.

The information exchange happened approximately 389 times within a span of 24 hours. The transferred information mainly consisted of log files containing operating system metrics, network state, and the list of open apps.

“Log files are typically not time-sensitive, and transmission of them could easily be delayed until Wi-Fi is available,” according to court documents.

“Google could also program Android to allow users to enable passive transfers only when they are on Wi-Fi connections, but apparently it has chosen not to do so. Instead, Google has chosen to simply take advantage of Plaintiffs’ cellular data allowances.”

That’s not all. The court complaint also cited another 2018 experiment that found that an Android device that was “outwardly dormant and stationary” but had the Chrome web browser app opened and in the background resulted in about 900 passive transfers in 24 hours.

[…]

Source: Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission

Wow! And when did anyone agree to send this much data about their phone to Google then?

Synology starts selling overpriced underperforming 1.6 TB SSDs for $535 — self-branded, archaic PCIe 3.0 SSDs the only option to meet ‘certified’ criteria being enforced on newer NAS models

Posted on by

Synology has begun selling its newest SNV5400 enterprise NAS SSDs, and the asking prices for what you receive are nothing short of shocking. For a 1.6 TB NVMe SSD at PCIe Gen3 speeds, Synology is asking $535 on B&H Photo Video, while many competing devices retail for around $100. The new SNV5400 family, which also includes 400GB and 800GB models, is one of only a few Synology-branded SSD families compatible with certain Synology NAS models due to the company’s new restrictive compatibility requirements.

Synology recently announced its plans to require the use of approved SSDs for certain NAS systems. To date, only Synology-branded SSDs have received the stamp of approval from the company. While previous SSD releases from Synology have remained marginally in line with market rates for SSDs, the SNV5400 family significantly exceeds the comparative pricing of the market.

Synology’s newest drives, which were first seen online at a gobsmacking €620 from one Newegg shop, are priced comfortably above any other similar models in the industry

[…]

The unfortunate thing about the Synology SNV5400 family is that it feels like it arrived several years too late. PCIe 3.0 has largely been left behind, as most storage manufacturers are now transitioning to PCIe 5.0, leaving PCIe 4.0 also in the dust. What’s more, the SNV5420’s endurance is vastly outclassed by its competitors; Western Digital’s WD Red SN700 SSD, another PCIe 3.0 NAS drive, advertises a TBW of 5100TB, nearly double what Synology offers.

[…]

While some loopholes exist for using non-approved drives in newer Synology NAS units (like this one written in German), eventually Synology customers may be forced to pay the hefty Synology tax for their off-the-shelf NAS solutions. Perhaps independent testing reveals some fairy dust in the new units that deserves its hefty upcharge, but we haven’t found any from Synology’s own site just yet.

Source: Synology starts selling overpriced 1.6 TB SSDs for $535 — self-branded, archaic PCIe 3.0 SSDs the only option to meet ‘certified’ criteria | Tom’s Hardware

Your Samsung phone has a secret Wi-Fi menu. Here’s how to find it

Posted on by

One such example is the “Connectivity Labs” Wi-Fi settings menu. It’s buried deep in the Settings app on your Samsung phone, and it’s something I didn’t know existed until just the other day. Which is a shame, because there’s some really cool stuff in here. Let me show you.

How to find Samsung’s secret Wi-Fi settings

Connectivity Labs toggle on a Samsung phone.

So, where is this hidden Wi-Fi settings menu? Here’s how to find and activate it:

  1. Open the Settings app on your Samsung phone.
  2. Tap Connections.
  3. Tap Wi-Fi.
  4. Tap the three dots in the upper-right corner.
  5. Tap Intelligent Wi-Fi.

From this page, find the Intelligent Wi-Fi button at the bottom and repeatedly tap it. You’ll see a pop-up letting you know that Connectivity Labs will be enabled if you keep tapping, so keep on doing that until you see the new Connectivity Labs option appear below Intelligent Wi-Fi.

It seems that Connectivity Labs was quietly added sometime in 2023, and it recently garnered a fresh batch of attention over the weekend on the r/SamsungGalaxy subreddit.

I’ve confirmed that Connectivity Labs is available on Samsung phones running One UI 7 and the One UI 8 Beta. Given that Connectivity Labs was introduced in 2023, it should also be present on Samsung phones that still have One UI 6.

The best Connectivity Labs features you should try

Samsung Connectivity Labs page.

Once Connectivity Labs is enabled, you’ll find a swath of new settings to play around with. The page starts by showing a graph of your Wi-Fi time and usage over the past week, including which specific bands you were using. It’s neat, but there are far more interesting things to check out.

Scroll past this graph, and you’re met with a laundry list of settings and toggles. You can play with all of them if you want, but I want to highlight a few of my favorites.

The first option on the list, Home Wi-Fi inspection, is particularly cool. Once you select it and tap on your home Wi-Fi network, you’re asked to walk around your house while the feature tests all the different access points and bands of your router, determining if there are any weak signal areas.

There are also some helpful toggles to configure how your phone stays connected to Wi-Fi networks and when it disconnects from them. The Switching to mobile data faster toggle, for example, will stop your phone from holding onto a weak Wi-Fi signal for too long and jump to your mobile data sooner than it typically does — something you may want to enable if you have an unlimited data plan and aren’t worried about your mobile data useage.

Auto reconnect to carrier Wi-Fi is another interesting setting. If you have a carrier like Xfinity Mobile or Spectrum Mobile, your phone probably automatically connects to your carrier’s public Wi-Fi hotspots to supplement your cell coverage. This is enabled by default, but if you don’t want that to happen, you can easily disable it from this menu.

I also quite like the Customize Wi-Fi list settings page. From here, you can enable a filter button on your main Wi-Fi networks page. When you tap it, you can choose to only see secured networks, Wi-Fi 6 connections, etc.

Finally, if you tap Wi-Fi developer options at the bottom of the Connectivity Labs page, you’ll find an entirely new menu of even more Wi-Fi settings to fiddle with.

Wi-Fi information page in Samsung's Connectivity Labs.

You can probably ignore most of these, but the Nearby Wi-Fi information page is quite helpful. It displays a list of all nearby Wi-Fi networks, along with their signal strengths, categorized as Best, Good, Bad, and Worst. If you’re in an area with a lot of public Wi-Fi networks to choose from, this could be a great way to ensure you choose the best one.

Who knew this was here?

Wi-Fi settings toggles in Samsung's Connectivity Labs page.

Had I not stumbled across that recent Reddit thread, I probably never would have known that Connectivity Labs existed. And given the small amount of reporting/discussion there is about Connectivity Labs online, it seems that most people don’t know about it either.

I’m not sure why Samsung has these settings buried so deeply and behind so many sub-menus. There’s genuinely useful stuff here, and while some of the settings are a bit technical, almost anyone can benefit from features like the home Wi-Fi inspection and the Wi-Fi filter menu.

I’d love to see Samsung make some of these settings more obvious, but until that happens, hopefully, this article helped you find them.

Source: Your Samsung phone has a secret Wi-Fi menu. Here’s how to find it

Someone Built a Concept Ad Blocker for Real Life, and I Can’t Wait to Try It

Posted on by

I use as many ad-blocking programs as possible, but no matter how many I install, real-life advertising is still there, grabbing my attention when I’m just trying to go for a walk. Thankfully, there may be a solution on the horizon. Software engineer Stijn Spanhove recently posted a concept video showing what real-time, real-life ad-blocking looks like on a pair of Snap Spectacles, and I really want it. Check it out:

The idea is that the AI in your smart glasses recognizes advertisements in your visual field and “edits them out’ in real time, sparing you from ever seeing what they want you to see.

While Spanhove’s video shows a red block over the offending ads, you could conceivably cover that Wendy’s ad with anything you want—an abstract painting, a photo of your family, an ad for Arby’s, etc.

Source: Someone Built an Ad Blocker for Real Life, and I Can’t Wait to Try It

Note – it looks like Stijn took everything related to this down. So it’s probably just a concept. But it’s a really cool concept!

Proton joins anti-Apple lawsuit to force App Store changes in the US

Posted on by

Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.

Proton is a Switzerland-based (for now) provider of encrypted communications services and on Monday filed a legal complaint [PDF] against Apple, claiming the iGiant is abusing its control of iOS and the App Store in ways that reduce competition.

Apple has been fighting legal battles on this front for some time. Most notably, Epic Games sued in 2020 to try and allow itself and other app makers to sell its wares for use on Apple devices through channels other than Apple’s own App Store and payment systems. While Apple mostly won that case, the court said it had to allow third-party developers to inform customers of payment systems other than Apple’s own. (A judge recently questioned whether Apple has complied and pondered whether the company is in contempt of court.)

In Europe, regulators have taken a harder line, forcing the mega-biz to allow sales of iOS apps on third-party app stores.

Proton would like to see that happen in the US and has therefore asked the US District court for Northern California to require Apple to get out of the way and give app developers direct access to customers. The company’s filing suggests making that happen by requiring Apple to allow alternative app stores, expose those stores through its own Apple App Store, plus allowing developers to disable Apple’s in-app payment system and to gain fill access to Apple APIs.

[…]

Secure comms biz Proton has joined a lawsuit that alleges Apple’s anticompetitive ways are harming developers, consumers, and privacy.

Proton is a Switzerland-based (for now) provider of encrypted communications services and on Monday filed a legal complaint [PDF] against Apple, claiming the iGiant is abusing its control of iOS and the App Store in ways that reduce competition.

Apple has been fighting legal battles on this front for some time. Most notably, Epic Games sued in 2020 to try and allow itself and other app makers to sell its wares for use on Apple devices through channels other than Apple’s own App Store and payment systems. While Apple mostly won that case, the court said it had to allow third-party developers to inform customers of payment systems other than Apple’s own. (A judge recently questioned whether Apple has complied and pondered whether the company is in contempt of court.)

In Europe, regulators have taken a harder line, forcing the mega-biz to allow sales of iOS apps on third-party app stores.

Proton would like to see that happen in the US and has therefore asked the US District court for Northern California to require Apple to get out of the way and give app developers direct access to customers. The company’s filing suggests making that happen by requiring Apple to allow alternative app stores, expose those stores through its own Apple App Store, plus allowing developers to disable Apple’s in-app payment system and to gain fill access to Apple APIs.

Rather than suing anew, Proton is joining a group of Korean developers that took Apple to a US court in May [PDF] on similar grounds.

“We believe that Apple’s conduct constitutes further violations of US antitrust law,” Proton said in a blog post.

“Without this case, Apple could get away with behavior in the US that is already outlawed in the European Union. If this were to happen, American consumers, and developers focused on the American market, would have to pay higher prices for fewer choices, and be left at a disadvantage.”

Proton’s complaint covers many of the same issues raised by Epic and other app makers, and adds a novel argument that Apple’s system also harms user privacy. The Swiss company argues that developers of free apps usually harvest user data and sell that to cover their bills. Companies like Proton that don’t collect or sell user data have no choice but to charge subscriptions for revenue. Apple’s pricing model particularly penalizes these companies by taking a cut of annual subscriptions sold on its App Store.

The post also revisits Proton’s 2020 run-in with Apple that saw the iBiz reject an update to Proton’s VPN after the Swiss company pointed out it could be used to “unblock censored web sites.” Apple eventually relented but the episode shows how Apple puts profit before privacy, Proton argued.

“We don’t question Apple’s right to act on behalf of authoritarians for the sake of profit, but Apple’s monopoly over iOS app distribution means it can enforce this perverse policy on all app developers, forcing them to also be complicit,” it wrote.

[…]

Source: Proton joins anti-Apple lawsuit to force App Store changes • The Register

A tiny implant just helped paralyzed rats walk again—is human recovery next? | ScienceDaily

Posted on by

A groundbreaking study from the University of Auckland and Chalmers University of Technology is offering new hope for spinal cord injury patients. Researchers have developed an ultra-thin implant that delivers gentle electric currents directly to the injured spinal cord. This device mimics natural developmental signals to stimulate nerve healing, and in animal trials, it restored movement and touch sensation in rats—without causing inflammation or damage.

[…]

Spinal cord injuries shatter the signal between the brain and body, often resulting in a loss of function.”Unlike a cut on the skin, which typically heals on its own, the spinal cord does not regenerate effectively, making these injuries devastating and currently incurable,”

[…]

“We developed an ultra-thin implant designed to sit directly on the spinal cord, precisely positioned over the injury site in rats,” Dr Harland says.

The device delivers a carefully controlled electrical current across the injury site. “The aim is to stimulate healing so people can recover functions lost through spinal-cord injury,” Professor Darren Svirskis, director of the CatWalk Cure Program at the University’s School of Pharmacy says.

[…]

After four weeks, animals that received daily electric field treatment showed improved movement compared with those who did not.

Throughout the 12-week study, they responded more quickly to gentle touch.

“This indicates that the treatment supported recovery of both movement and sensation,” Harland says. “Just as importantly, our analysis confirmed that the treatment did not cause inflammation or other damage to the spinal cord, demonstrating that it was not only effective but also safe.”

[…]

Source: A tiny implant just helped paralyzed rats walk again—is human recovery next? | ScienceDaily

Scientists Discover Unknown Organelle Inside Our Cells

Posted on by

The organelle, a type of specialized structure, has been dubbed a “hemifusome” by its discoverers at the University of Virginia School of Medicine and the National Institutes of Health. This little organelle has a big job helping our cells sort, recycle and discard important cargo within themselves, the scientists say. The new discovery could help scientists better understand what goes wrong in genetic conditions that disrupt these essential housekeeping functions.

“This is like discovering a new recycling center inside the cell,” said researcher Seham Ebrahim, PhD, of UVA’s Department of Molecular Physiology and Biological Physics. “We think the hemifusome helps manage how cells package and process material, and when this goes wrong, it may contribute to diseases that affect many systems in the body.”

[…]

UVA’s expertise in cryo-electron tomography (cryo-ET) – a powerful imaging method that “freezes” cells in time – to create striking images of the organelle.

The scientists believe hemifusomes facilitate the formation of vesicles, tiny blister-like sacs that act as mixing bowls, and of organelles made up of multiple vesicles. This process is critical to cellular sorting, recycling and debris disposal, the researchers report.

“You can think of vesicles like little delivery trucks inside the cell,” said Ebrahim, of UVA’s Center for Membrane and Cell Physiology. “The hemifusome is like a loading dock where they connect and transfer cargo. It’s a step in the process we didn’t know existed.”

While the hemifusomes have escaped detection until now, the scientists say they are surprisingly common in certain parts of our cells.

[…]

“Now that we know hemifusomes exist, we can start asking how they behave in healthy cells and what happens when things go wrong. That could lead us to new strategies for treating complex genetic diseases.”

Findings Published

The researchers have published their findings in the scientific journal Nature Communications. The research team consisted of Amirrasoul Tavakoli, Shiqiong Hu, Ebrahim and Kachar.

The research was supported by the NIH’s National Institute on Deafness and Other Communications Disorders, grant Z01-DC000002; the Owens Family Foundation; and a startup grant from UVA’s Center for Cell and Membrane Physiology.

Source: Scientists Discover Unknown Organelle Inside Our Cells

Update your Brother printer: Multiple Critical Vulnerabilities found

Posted on by

Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, 2 printer models from Toshiba Tec Corporation, and 6 models from Konica Minolta, Inc. are affected by some or all of these vulnerabilities. In total, 748 models across 5 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities.

The most serious of the findings is the authentication bypass CVE-2024-51978. A remote unauthenticated attacker can leak the target device’s serial number through one of several means, and in turn generate the target device’s default administrator password. This is due to the discovery of the default password generation procedure used by Brother devices. This procedure transforms a serial number into a default password. Affected devices have their default password set, based on each device’s unique serial number, during the manufacturing process. Brother has indicated that this vulnerability cannot be fully remediated in firmware, and has required a change to the manufacturing process of all affected models. Only affected models that are made via this new manufacturing process will be fully remediated against CVE-2024-51978. For all affected models made via the old manufacturing process, Brother has provided a workaround.

A summary of the 8 vulnerabilities is shown below:

CVE Description Affected Service CVSS
CVE-2024-51977 An unauthenticated attacker can leak sensitive information. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 5.3 (Medium)
CVE-2024-51978 An unauthenticated attacker can generate the device’s default administrator password. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 9.8 (Critical)
CVE-2024-51979 An authenticated attacker can trigger a stack based buffer overflow. HTTP (Port 80), HTTPS (Port 443), IPP (Port 631) 7.2 (High)
CVE-2024-51980 An unauthenticated attacker can force the device to open a TCP connection. Web Services over HTTP (Port 80) 5.3 (Medium)
CVE-2024-51981 An unauthenticated attacker can force the device to perform an arbitrary HTTP request. Web Services over HTTP (Port 80) 5.3 (Medium)
CVE-2024-51982 An unauthenticated attacker can crash the device. PJL (Port 9100) 7.5 (High)
CVE-2024-51983 An unauthenticated attacker can crash the device. Web Services over HTTP (Port 80) 7.5 (High)
CVE-2024-51984 An authenticated attacker can disclose the password of a configured external service. LDAP, FTP 6.8 (Medium)

[….]

Source: Multiple Brother Devices: Multiple Vulnerabilities (FIXED) – Rapid7 Blog

Ahold Delhaize says 2.2M affected after cyberattack

Posted on by

Multinational grocery and retail megacorp Ahold Delhaize says upwards of 2.2 million people had their data compromised during its November cyberattack with personal, financial and health details among the trove.

Ahold Delhaize operates a network of stores in Europe and the US via brands including Food Lion, Stop & Shop and Giant. It also has a substantial web business. It employs more than 400,000 staff and serves around 63 million customers a week.

The digital break-in late last year caused disruption across its organization, with some Stop & Shop stores struggling to fill prescriptions due to IT issues, while Food Lion employees took to social media complaining about delayed and missing deliveries.

Now Ahold Delhaize has confirmed more details via a notification filed with the Office of the Maine Attorney General, revealing the data of more than 2.24 million individuals was exposed.

Different people will have had different data points compromised, it added, and said the following may be in the wrong hands:

  • Names
  • Contact information (postal address, email address, and telephone number)
  • Dates of birth
  • Government-issued identification numbers (Social Security, passport and driver’s license numbers)
  • Financial account information (including bank account numbers)
  • Health information (workers’ compensation information and medical information contained in employment records)
  • Employment-related information

In a “Notice of Data Breach” letter sent to impacted individuals, Ahold Delhaize made no reference to customer data, saying only that investigations revealed “personal information contained in employment records related to you or your family member” may have been accessed.

This indicates the breach involved current and former staff.

[…]

Source: Ahold Delhaize says 2.2M affected after cyberattack • The Register

Android 16 can warn you that you might be connected to a fake cell tower

Posted on by

[…] Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks.

Win $5,000!

See all deals

  • Limited Time!

With the release of Android 12, for example, Google added support for disabling 2G connectivity at the modem level. In Android 14, the company followed up by supporting the disabling of connections that use null ciphers — a form of unencrypted communication. More recently, Android 15 added support for notifying the OS when the network requests a device’s unique identifiers or tries to force a new ciphering algorithm. These features directly counter the tactics used by commercial “stingrays,” which trick devices into downgrading to 2G or using null ciphers to make their traffic easier to intercept. Blocking these connections and notifying the user about these requests helps protect them from surveillance.

2G network protection toggle in Android 16
The toggle to disable 2G networks in Android 16 on a Pixel 9a.

Unfortunately, only one of these three features is widely available: the ability to disable 2G connectivity. The problem is that implementing these protections requires corresponding changes to a phone’s modem driver. The feature that notifies the OS about identifier requests, for example, requires a modem that supports version 3.0 of Android’s IRadio hardware abstraction layer (HAL). This dependency is why these security features are missing on current Pixel phones and other devices, and it’s also likely why Google delayed launching the dedicated “mobile network security” settings page it planned for Android 15.

Since upcoming devices launching with Android 16 will support version 3.0 of Android’s IRadio HAL, Google is reintroducing the “mobile network security” settings page in the Safety Center (Settings > Security & privacy). This page contains two subsections:

  • Notifications
    • This subsection contains a “Network notifications” toggle. When enabled, it allows the system to warn you if your device connects to an unencrypted network or when the network requests your phone’s unique identifiers. This toggle is disabled by default in Android 16.
  • Network generation
    • This subsection features a “2G network protection” toggle that enables or disables the device’s 2G connectivity. This is the same toggle found in the main SIM settings menu, and it is also disabled by default in Android 16.
Mobile network security settings in Android 16

The “Mobile network security” page will only appear on devices that support both the “2G network protection” toggle and the “network notifications” feature. This is why it doesn’t appear on any current Pixel devices running Android 16, as they lack the necessary modem support for the network notifications feature.

When the “Network notifications” feature is enabled, Android will post a message in the notification panel and the Safety Center whenever your device switches from an encrypted to an unencrypted network, or vice versa. It will also post an alert in both places when the network accesses your phone’s unique identifiers, detailing the time and number of times they were requested.

[…]

Source: Android 16 can warn you that you might be connected to a fake cell tower – Android Authority

The Conservatives On The Supreme Court Are So Scared Of Nudity, They Threw Out The First Amendment

Posted on by

he Supreme Court this morning took a chainsaw to the First Amendment on the internet, and the impact is going to be felt for decades going forward. In the FSC v. Paxton case, the Court upheld the very problematic 5th Circuit ruling that age verification online is acceptable under the First Amendment, despite multiple earlier Supreme Court rulings that said the opposite.

Justice Thomas wrote the 6-3 majority opinion, with Justice Kagan writing the dissent (joined by Sotomayor and Jackson). The practical effect: states can now force websites to collect government IDs from anyone wanting to view adult content, creating a massive chilling effect on protected speech and opening the door to much broader online speech restrictions.

Thomas accomplished this by pulling off some remarkable doctrinal sleight of hand. He ignored the Court’s own precedents in Ashcroft v. ACLU by pretending online age verification is just like checking ID at a brick-and-mortar store (it’s not), applied a weaker “intermediate scrutiny” standard instead of the “strict scrutiny” that content-based speech restrictions normally require, and—most audaciously—invented an entirely new category of “partially protected” speech that conveniently removes First Amendment protections exactly when the government wants to burden them. As Justice Kagan’s scathing dissent makes clear, this is constitutional law by result-oriented reasoning, not principled analysis.

[…]

The real danger here isn’t just Texas’s age verification law—it’s that Thomas has handed every state legislature a roadmap for circumventing the First Amendment online. His reasoning that “the internet has changed” and that intermediate scrutiny suffices for content-based restrictions will be cited in countless future cases targeting online speech. Expect age verification requirements to be attempted for social media platforms (protecting kids from “harmful” political content), for news sites (preventing minors from accessing “disturbing” coverage), and for any online speech that makes moral authorities uncomfortable.

And yes, to be clear, the majority opinion seeks to limit this just to content deemed “obscene” to avoid such problems, but it’s written so broadly as to at least open up challenges along these lines.

Thomas’s invention of “partially protected” speech, that somehow means you can burden those for which it is protected, is particularly insidious because it’s infinitely expandable. Any time the government wants to burden speech, it can simply argue that the burden is built into the right itself—making First Amendment protection vanish exactly when it’s needed most. This isn’t constitutional interpretation; it’s constitutional gerrymandering.

The conservative justices may think they’re just protecting children from pornography, but they’ve actually written a permission slip for the regulatory state to try to control online expression.

[…]

By creating his “partially protected” speech doctrine and blessing age verification burdens that would have been unthinkable a decade ago, Thomas has essentially told state governments: find the right procedural mechanism, and you can burden any online speech you dislike. Today it’s pornography. Tomorrow it will be political content that legislators deem “harmful to minors,” news coverage that might “disturb” children, or social media discussions that don’t align with official viewpoints.

The conservatives may have gotten their victory against online adult content, but they’ve handed every future administration—federal and state—a blueprint for dismantling digital free speech. They were so scared of nudity that they broke the Constitution. The rest of us will be living with the consequences for decades.

Source: The Conservatives On The Supreme Court Are So Scared Of Nudity, They’ll Throw Out The First Amendment | Techdirt

Denmark to tackle deepfakes by giving people copyright to their own features

Posted on by

The Danish government is to clamp down on the creation and dissemination of AI-generated deepfakes by changing copyright law to ensure that everybody has the right to their own body, facial features and voice.

The Danish government said on Thursday it would strengthen protection against digital imitations of people’s identities with what it believes to be the first law of its kind in Europe.

[…]

It defines a deepfake as a very realistic digital representation of a person, including their appearance and voice.

[…]

“In the bill we agree and are sending an unequivocal message that everybody has the right to their own body, their own voice and their own facial features, which is apparently not how the current law is protecting people against generative AI.”

He added: “Human beings can be run through the digital copy machine and be misused for all sorts of purposes and I’m not willing to accept that.”

[…]

The changes to Danish copyright law will, once approved, theoretically give people in Denmark the right to demand that online platforms remove such content if it is shared without consent.

It will also cover “realistic, digitally generated imitations” of an artist’s performance without consent. Violation of the proposed rules could result in compensation for those affected.

The government said the new rules would not affect parodies and satire, which would still be permitted.

[…]

Source: Denmark to tackle deepfakes by giving people copyright to their own features | Deepfake | The Guardian

An interesting take on it. I am curious how this goes – defending copyright can be a very detailed thing, so what happens if someone alters someone else’s eyebrows in the deepfake by making them a mm longer? Does that invalidate the whole copyright?

This breakthrough turns old tech into pure gold — No mercury, no cyanide, just light and salt

Posted on by

An interdisciplinary team of experts in green chemistry, engineering and physics at Flinders University in Australia has developed a safer and more sustainable approach to extract and recover gold from ore and electronic waste.

Explained in the leading journal Nature Sustainability, the gold-extraction technique promises to reduce levels of toxic waste from mining and shows that high purity gold can be recovered from recycling valuable components in printed circuit boards in discarded computers.

The project team, led by Matthew Flinders Professor Justin Chalker, applied this integrated method for high-yield gold extraction from many sources – even recovering trace gold found in scientific waste streams.

The progress toward safer and more sustainable gold recovery was demonstrated for electronic waste, mixed-metal waste, and ore concentrates.

“The study featured many innovations including a new and recyclable leaching reagent derived from a compound used to disinfect water,” says Professor of Chemistry Justin Chalker, who leads the Chalker Lab at Flinders University’s College of Science and Engineering.

“The team also developed an entirely new way to make the polymer sorbent, or the material that binds the gold after extraction into water, using light to initiate the key reaction.”

Extensive investigation into the mechanisms, scope and limitations of the methods are reported in the new study, and the team now plans to work with mining and e-waste recycling operations to trial the method on a larger scale.

“The aim is to provide effective gold recovery methods that support the many uses of gold, while lessening the impact on the environment and human health,” says Professor Chalker.

The new process uses a low-cost and benign compound to extract the gold. This reagent (trichloroisocyanuric acid) is widely used in water sanitation and disinfection. When activated by salt water, the reagent can dissolve gold.

Next, the gold can be selectively bound to a novel sulfur-rich polymer developed by the Flinders team. The selectivity of the polymer allows gold recovery even in highly complex mixtures.

The gold can then be recovered by triggering the polymer to “un-make” itself and convert back to monomer. This allows the gold to be recovered and the polymer to be recycled and re-used.

[…]

The team also collaborated with experts in the US and Peru to validate the method on ore, in an effort to support small-scale mines that otherwise rely on toxic mercury to amalgamate gold.

Gold mining typically uses highly toxic cyanide to extract gold from ore, with risks to the wildlife and the broader environment if it is not contained properly. Artisanal and small-scale gold mines still use mercury to amalgamate gold. Unfortunately, the use of mercury in gold mining is one of the largest sources of mercury pollution on Earth.

[…]

ARC DECRA Fellow Dr Nicholls, adds: “The newly developed gold sorbent is made using a sustainable approach in which UV light is used to make the sulfur-rich polymer. Then, recycling the polymer after the gold has been recovered further increases the green credentials of this method.”

[…]

Story Source:

Materials provided by Flinders University. Note: Content may be edited for style and length.

Journal Reference:

  1. Maximilian Mann, Thomas P. Nicholls, Harshal D. Patel, Lynn S. Lisboa, Jasmine M. M. Pople, Le Nhan Pham, Max J. H. Worthington, Matthew R. Smith, Yanting Yin, Gunther G. Andersson, Christopher T. Gibson, Louisa J. Esdaile, Claire E. Lenehan, Michelle L. Coote, Zhongfan Jia, Justin M. Chalker. Sustainable gold extraction from ore and electronic waste. Nature Sustainability, 2025; DOI: 10.1038/s41893-025-01586-w

Source: This breakthrough turns old tech into pure gold — No mercury, no cyanide, just light and salt | ScienceDaily

Why cats prefer to sleep on their left side may be part of a survival strategy

Posted on by

An international research team that analyzed several hundred YouTube videos of sleeping cats found that they prefer to sleep on their left side. The researchers see this bias as an evolutionary advantage because it favors hunting and escape behavior after waking up.

The team from the University of Bari Aldo Moro (Italy), Ruhr University Bochum, Medical School Hamburg and other partners in Germany, Canada, Switzerland and Turkey report on the study in the journal Current Biology, published online on June 23, 2025.

All animals are particularly vulnerable while sleeping. Cats sleep around 12 to 16 hours a day, preferably in elevated places where their predators can only access them from below.

The research team led by Dr. Sevim Isparta from the Animal Physiology and Behavior Research Unit in Bari and Professor Onur Güntürkün from the Bochum working group Biopsychology wanted to find out whether cats prefer to sleep on one side or the other. “Asymmetries in behavior can have advantages because both hemispheres of the brain specialize in different tasks,” says Onur Güntürkün.

00:00
01:12
Credit: Current Biology (2025). DOI: 10.1016/j.cub.2025.04.043

Perceiving dangers with the left visual field brings advantages

The group analyzed 408 publicly available YouTube videos in which a single cat was clearly visible with its entire body sleeping on one side for at least 10 seconds. Only original videos were used; modified or flipped material was excluded from the study. Two-thirds of the videos showed sleeping on their left side.

The explanation: Cats that sleep on their left side perceive their surroundings upon awakening with their left visual field, which is processed in the right of the brain. This hemisphere is specialized in spatial awareness, the processing of threats and the coordination of rapid escape movements.

If a cat sleeps on its left shoulder and wakes up, about predators or prey goes directly to the right hemisphere of the brain, which is best in processing them. “Sleeping on the left side can therefore be a survival strategy,” the researchers conclude.

More information: Sevim Isparta et al, Lateralized sleeping positions in domestic cats, Current Biology (2025). DOI: 10.1016/j.cub.2025.04.043

Source: Why cats prefer to sleep on their left side may be part of a survival strategy

Security pro counts the cost of Microsoft dependency

Posted on by

A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers.

Czech developer and pen-tester Miloslav Homer has an interesting take on reducing an organization’s exposure to security risks. In an article headlined “Microsoft dependency has risks,” he extends the now familiar arguments in favor of improving digital sovereignty, and reducing dependence on American cloud services.

The argument is quite long but closely reasoned. We recommend resisting the knee-jerk reaction of “don’t be ridiculous” and closing the tab, but reading his article and giving it serious consideration. He backs up his argument with plentiful links and references, and it’s gratifying to see several stories from The Register among them, including one from the FOSS desk.

He discusses incidents such as Microsoft allegedly blocking the email account of International Criminal Court Chief Prosecutor Karim Khan, one of several incidents that caused widespread concern. The Windows maker has denied it was responsible for Khan’s blocked account. Homer also considers the chances of US President Donald Trump getting a third term, as Franklin Roosevelt did, the lucrative US government contracts with software and services vendors, and such companies’ apparent nervousness about upsetting the volatile leader.

We like the way Homer presents his arguments, because it avoids some of the rather tired approaches of FOSS advocates. He assigns financial value to the risks, using the established measurement of Return on Security Investment [PDF]. He uses the Crowdstrike outage from last July as a comparison. For instance, what if a US administration instructed Microsoft to refuse service to everyone in certain countries or even regions?

He tries to put some numbers on this, and they are worryingly large. He looks at estimated corporate Microsoft 365 usage worldwide, and how relatively few vendors offer pre-installed Linux systems. He considers the vast market share of Android on mobile devices compared to everything else, with the interesting comparison that there are more mobile phone owners than toothbrush owners. However, every Android account is all but tied to at least one Google account – another almost unavoidable US dependency.

There is a genuine need for people to ask questions like this. And, importantly, many of the decisions are made by people who are totally tech-illiterate – as many movers and shakers are these days – so it’s also important to express the arguments in terms of numbers, and specifically, in terms of costs. Few IT directors or CEOs know what an OS is or how it matters, but they’re all either former beancounters or guided by beancounters.

Another issue we rarely see addressed is the extreme reach of Microsoft in business computing. The problem is not just bigwigs who mostly don’t know a hypervisor from an email server; the techies who advise them are also a problem. We have personally talked to senior decision-makers and company leaders who know nothing but Windows, who regard Macs as acceptable toys (because they can run MS Office and Outlook and Teams), but who have never used a Linux machine.

There’s a common position that a commodity is only worth what you pay for it, and if you don’t have to pay for it, then it’s worthless. Many people apply this to software, too. If it’s free, it must be worthless.

It’s hard to get through to someone who is totally indifferent to software on technical grounds. When choices of vendors and suppliers are based on erroneous assumptions, challenging those false beliefs is hard.

(We’ve had a few abusive comments and emails from anti-vaxxers following our coverage of Xlibre. They’re wrong, but it’s tricky to challenge the mindset of someone who doesn’t believe in the basic concepts of truth, falsehood, or evidence.)

One way to define “information” is that it is data plus context. We all need contrast and context and comparisons to understand. Any technologist who only knows one company’s technologies and offerings lacks necessary context. In fact, the more context the better. Looking around the IT world today, it would be easy to falsely conclude that Windows NT and various forms of Unix comprise everything there is to know about operating systems. That is deeply and profoundly wrong. Nothing in computing is universal, not even binary; there have been working trinary or ternary computers, and you can go and see a working decimal computer at Bletchley Park.

Lots of important decision-makers believe that Microsoft is simply a given. It is not, but telling them that is not enough. It’s like telling an anti-vaxxer that the Earth is an oblate spheroid and there are no such things as chemtrails. After all, some US legislators want to ban chemtrails, so they must be real, right?

But if you can put a price on false beliefs, and then show that changing those beliefs could reduce risk in a quantifiable way, you can maybe change the minds of IT decision-makers, without needing to tell them that they’re science deniers and the Earth isn’t flat. ®

Source: Security pro counts the cost of Microsoft dependency • The Register

The Blue Screen of Death Is Dead. All hail the black screen of death.

Posted on by

Microsoft’s iconic Blue Screen of Death (BSOD) is dead after 40 years. RIP to the most panic-inducing screen a Windows user can encounter. Now, get ready to fear the Black Screen of Death.

In a blog post on its website today, the company revealed it’s ready to go live with an error screen redesign it’s been testing since March. In an update to all Windows 11, version 24H2 devices coming “later this summer,” the BSOD will finally be put out of its misery.

It’s likely to be a bittersweet moment for Windows users, who will undoubtedly have mixed feelings about the warning’s fate. Despite its ominous name, getting a BSOD wasn’t always as serious as it seemed—a simple crash could trigger it, and restarting could easily fix it. It could be worse than that, too, but in many cases, the old BSOD simply added a bit of personality to the most annoying interruptions to your workflow. Especially in recent years, when you would see a sideways frowning emoticon alongside your error message.

But sometimes, personality isn’t what you need, especially when you’re already stressed out about your computer encountering a serious error. Businesses and travelers alike were bombarded with a particularly unsolvable Blue Screen of Death during last year’s extended Crowdstrike outage, so it makes sense why Microsoft might want to move away from any association with it.

Black Screen of Death
Credit: Microsoft

Enter the new Black Screen of Death. Looking more like other Windows error messages, this is a simple black screen that says, in white text, that “Your device ran into a problem and needs to restart.” Below that is a progress counter, alongside your error code and which process triggered it.

“The updated UI improves readability and aligns better with Windows 11 design principles,” Microsoft Vice President of Enterprise and OS Security David Weston said in today’s blog post.

[…]

Source: The Blue Screen of Death Is Dead

TBH the new blue screen was pretty useless. The older one used to give you actual information about the problem and what triggered it.

Join the EU stakeholder consultation on classification of AI systems as high-risk

Posted on by

The EU is asking for feedback on how the AI act classifies and handles high risk AI systems

This consultation is targeted to stakeholders of different categories. These categories include, but are not limited to, providers and deployers of (high-risk) AI systems, other industry organisations, as well as academia, other independent experts, civil society organisations, and public authorities.

[…]

The purpose of the present targeted stakeholder consultation is to collect input from stakeholders on practical examples of AI systems and issues to be clarified in the Commission’s guidelines on the classification of high-risk AI systems and future guidelines on high-risk requirements and obligations, as well as responsibilities along the AI value chain.

As not all questions may be relevant for all stakeholders, respondents may reply only to the section(s) and the questions they would like. Respondents are encouraged to provide explanations and practical cases as a part of their responses to support the practical usefulness of the guidelines.

The targeted consultation is available in English only and will be open for 6 weeks starting on 6 June until 18 July 2025.

Source: EUSurvey – Survey

So if you are at all interested in how AI systems will be allowed to impact your life (also as a consumer!), join in and let the EU know what you think.

A review of the impacts of boredom: A review of the best evidence

Posted on by

Undoubtedly, one of the most important social issues is the discussion of boredom and disillusionment, which is currently observable in many societies, and perhaps many individuals, as well as our loved ones, have encountered it and are seeking treatment to be relieved of it and resolve the crisis. The issue of boredom is a perennial topic that has always been on the list of fundamental human crises from the past to the present, and perhaps in the future as well. This work examines the meaning and concept of boredom, as well as its effects, reasons, treatments, and outcomes. Five articles that have provided accurate insights into explaining and defining the issue have been reviewed, and important questions have been answered that may have occupied individuals’ minds for a long time.

Source: (PDF) A review of the impacts of boredom: A review of the best evidence

What exactly is boredom? And what is it good for? What does it signal to us? What are it’s effects. It turns out that boredom is interesting!

Federal judge sides with Meta in lawsuit over training AI models on copyrighted books, close on Federal judge ruling for Anthropic

Posted on by

A federal judge sided with Meta on Wednesday in a lawsuit brought against the company by 13 book authors, including Sarah Silverman, that alleged the company had illegally trained its AI models on their copyrighted works.

Federal Judge Vince Chhabria issued a summary judgment — meaning the judge was able to decide on the case without sending it to a jury — in favor of Meta, finding that the company’s training of AI models on copyrighted books in this case fell under the “fair use” doctrine of copyright law and thus was legal.

The decision comes just a few days after a federal judge sided with Anthropic in a similar lawsuit. Together, these cases are shaping up to be a win for the tech industry, which has spent years in legal battles with media companies arguing that training AI models on copyrighted works is fair use.

However, these decisions aren’t the sweeping wins some companies hoped for — both judges noted that their cases were limited in scope.

Judge Chhabria made clear that this decision does not mean that all AI model training on copyrighted works is legal, but rather that the plaintiffs in this case “made the wrong arguments” and failed to develop sufficient evidence in support of the right ones.

“This ruling does not stand for the proposition that Meta’s use of copyrighted materials to train its language models is lawful,” Judge Chhabria said in his decision. Later, he said, “In cases involving uses like Meta’s, it seems like the plaintiffs will often win, at least where those cases have better-developed records on the market effects of the defendant’s use.”

Judge Chhabria ruled that Meta’s use of copyrighted works in this case was transformative — meaning the company’s AI models did not merely reproduce the authors’ books.

Furthermore, the plaintiffs failed to convince the judge that Meta’s copying of the books harmed the market for those authors, which is a key factor in determining whether copyright law has been violated.

“The plaintiffs presented no meaningful evidence on market dilution at all,” said Judge Chhabria.

[…]

Source: Federal judge sides with Meta in lawsuit over training AI models on copyrighted books | TechCrunch

I have covered the Silverman et al case before here several times and it was retarded on all levels, which is why it was thrown out against OpenAI. Most importantly is that this judge and the judge in the Anthropic case rule that AI’s use of ingested works is transformative and not a copy. Just like when you read a book, you can recall bits of it for inspiration, but you don’t (well, most people don’t!) remember word for word what you read.