CBS News investigates what happened when police thought they'd tracked down a "porch pirate" who'd stolen a package — and accused an innocent woman.

"You know why I'm here," the police sergeant tells Chrisanna Elser. "You know we have cameras in that town..." "It went right into, 'we have video of you stealing a package,'" Elser said... "Can I see the video?" Elser asked. "If you go to court, you can," the officer replied. "If you're going to deny it, I'm not going to extend you any courtesy...." [You can watch a video of the entire confrontation.] On her doorstep, the officer issued a summons, without ever looking at the surveillance video Elser had. "We can show you exactly where we were," she told him. "I already know where you were," he replied.

Her Rivian — equipped with multiple cameras — had recorded her entire route that day... It took weeks of her collecting her own evidence, building timelines, and submitting videos before someone listened. Finally, she received an email from the Columbine Valley police chief acknowledging her efforts in an email saying, "nicely done btw (by the way)," and informing her the summons would not be filed.
Elser also found the theft video (which the police officer refused to show her) on Nextdoor, reports Electrek. "The woman has the same color hair, but different facial and nose shape and apparent age than Elser, which is all reasonably apparent when viewing the video..."

But Elser does drive a green Rivian truck, which police knew had entered the neighborhood 20 times over the course of a month. (Though in the video the officer is told that a male driver in the same household passes through that neighborhood driving to and from work.) The problem may be their certainty — derived from Flock's network of cameras that automatically read license plates, "tracking movements of vehicles wherever they go..." The system has provoked concern from privacy and freedom focused organizations like the Electronic Frontier Foundation and American Civil Liberties Union. Flock also recently announced a partnership with Ring, seeking to use a network of doorbell cameras to track Americans in even more places.... [The police] didn't even have video of the truck in the area — merely tags of it entering... (it also left the area minutes later, indicating a drive through, rather than crawling through neighborhoods looking for packages — but police neglected to check the exit timestamps)... Elser has asked for an apology for [officer] Milliman's aggressive behavior during the encounter, but has heard nothing back from the department despite a call, email, and physical appearance at the police station.
The article points out that Rivian's "Road Cam" feature can be set to record footage of everything happening around it using the car's built in cameras for driver-assist features. But if you want to record footage all the time, you'll need to plug in a USB-C external drive to store it. (It's ironic how different cameras recorded every part of this story — the theft, the police officer accusing the innocent woman, and that innocent woman's actual whereabouts.)

Electrek's take? "Citizens should not need to own a $70k+ truck, or even a $100 external hard drive, to keep track of everything they do in order to prove to power-tripping officers that they didn't commit a crime."

"We've spent the last year rebuilding major components of our system," Cloudflare announced this week, "and we've just slashed the latency of traffic passing through our network for millions of our customers," (There's a 10ms cut in the median time to respond, plus a 25% performance boost as measured by CDN performance tests.) They replaced a 15-year-old system named FL (where they run security and performance features), and "At the same time, we've made our system more secure, and we've reduced the time it takes for us to build and release new products."

And yes, Rust was involved: We write a lot of Rust, and we've gotten pretty good at it... We built FL2 in Rust, on Oxy [Cloudflare's Rust-based next generation proxy framework], and built a strict module framework to structure all the logic in FL2... Built in Rust, [Oxy] eliminates entire classes of bugs that plagued our Nginx/LuaJIT-based FL1, like memory safety issues and data races, while delivering C-level performance. At Cloudflare's scale, those guarantees aren't nice-to-haves, they're essential. Every microsecond saved per request translates into tangible improvements in user experience, and every crash or edge case avoided keeps the Internet running smoothly. Rust's strict compile-time guarantees also pair perfectly with FL2's modular architecture, where we enforce clear contracts between product modules and their inputs and outputs...

It's a big enough distraction from shipping products to customers to rebuild product logic in Rust. Asking all our teams to maintain two versions of their product logic, and reimplement every change a second time until we finished our migration was too much. So, we implemented a layer in our old NGINX and OpenResty based FL which allowed the new modules to be run. Instead of maintaining a parallel implementation, teams could implement their logic in Rust, and replace their old Lua logic with that, without waiting for the full replacement of the old system.
Over 100 engineers worked on FL2 — and there was extensive testing, plus a fallback-to-FL1 procedure. But "We started running customer traffic through FL2 early in 2025, and have been progressively increasing the amount of traffic served throughout the year...." As we described at the start of this post, FL2 is substantially faster than FL1. The biggest reason for this is simply that FL2 performs less work [thanks to filters controlling whether modules need to run]... Another huge reason for better performance is that FL2 is a single codebase, implemented in a performance focussed language. In comparison, FL1 was based on NGINX (which is written in C), combined with LuaJIT (Lua, and C interface layers), and also contained plenty of Rust modules. In FL1, we spent a lot of time and memory converting data from the representation needed by one language, to the representation needed by another. As a result, our internal measures show that FL2 uses less than half the CPU of FL1, and much less than half the memory. That's a huge bonus — we can spend the CPU on delivering more and more features for our customers!

Using our own tools and independent benchmarks like CDNPerf, we measured the impact of FL2 as we rolled it out across the network. The results are clear: websites are responding 10 ms faster at the median, a 25% performance boost. FL2 is also more secure by design than FL1. No software system is perfect, but the Rust language brings us huge benefits over LuaJIT. Rust has strong compile-time memory checks and a type system that avoids large classes of errors. Combine that with our rigid module system, and we can make most changes with high confidence...

We have long followed a policy that any unexplained crash of our systems needs to be investigated as a high priority. We won't be relaxing that policy, though the main cause of novel crashes in FL2 so far has been due to hardware failure. The massively reduced rates of such crashes will give us time to do a good job of such investigations. We're spending the rest of 2025 completing the migration from FL1 to FL2, and will turn off FL1 in early 2026. We're already seeing the benefits in terms of customer performance and speed of development, and we're looking forward to giving these to all our customers.

After that, when everything is modular, in Rust and tested and scaled, we can really start to optimize...!
Thanks to long-time Slashdot reader Beeftopia for sharing the article.

Bluesky has surpassed 40 million users and is launching a "dislikes" beta to improve its personalization algorithms and reduce toxic content. TechCrunch reports: With the "dislikes" beta rolling out soon, Bluesky will take into account the new signal to improve user personalization. As users "dislike" posts, the system will learn what sort of content they want to see less of. This will help to inform more than just how content is ranked in feeds, but also reply rankings.

The company explained the changes are designed to make Bluesky a place for more "fun, genuine, and respectful exchanges" -- an edict that follows a month of unrest on the platform as some users again criticized the platform over its moderation decisions. While Bluesky is designed as a decentralized network where users run their own moderation, some subset of Bluesky users want the platform itself to ban bad actors and controversial figures instead of leaving it up to the users to block them. Bluesky, however, wants to focus more on the tools it provides users to control their own experience.

alternative_right shares a report from Phys.org: It is known in the scientific community that if you have a self-sustained oscillation, such as an arteriole, and you add an external stimulus at a similar but not identical frequency, you can lock the two, meaning you can shift the frequency of the oscillator to that of the external stimulus. In fact, it has been shown that if you connect two clocks, they will eventually synchronize their ticking. Distinguished Professor of Physics and Neurobiology David Kleinfeld found that if he applied an external stimulus to a neuron, the entire vasculature would lock at the same frequency. However, if he stimulated two sets of neurons at two different frequencies, something unexpected happened: some arterioles would lock at one frequency and others would lock at another frequency, forming a staircase effect.

Searching for an explanation, Kleinfeld enlisted the help of his colleague, Professor of Physics Massimo Vergassola, who specializes in understanding the physics of living systems, and then recruited Ecole Normale Superieure graduate student Marie Sellier-Prono and Senior Researcher at the Institute for Complex Systems Massimo Cencini. Together, the researchers found they could use a classical model of coupled oscillators with an intestinal twist. The gut oscillates naturally due to peristalsis -- the contracting and relaxing of muscles in the digestive tract -- and provided a simplified model over the complex network of blood vessels in the brain. The intestine is unidirectional, meaning frequencies shift in one direction in a gradient from higher to lower. This is what enables food to move in one direction from the beginning of the small intestine to the end of the large intestine.

"Coupled oscillators talk to each other and each section of the intestine is an oscillator that talks to the other sections near it," stated Vergassola. "Normally, coupled oscillators are studied in a homogeneous setting, meaning all the oscillators are at more or less similar frequencies. In our case, the oscillators were more varied, just as in the intestine and the brain." In studying the coupled oscillators in the gut, past researchers observed that there is indeed a staircase effect where similar frequencies lock onto those around it, allowing for the rhythmic movement of food through the digestive tract. But the height of the rises or breaks, the length of the stair runs or frequencies, and the conditions under which the staircase phenomenon occurred -- essential features of biological systems -- was something which had not been determined until now. The findings have been published in the journal Physical Review Letters.

Critics question why basic flaws like buffer overflows, command injections, and SQL injections are "being exploited remain prevalent in mission-critical codebases maintained by companies whose core business is cybersecurity," writes CSO Online. Benjamin Harris, CEO of cybersecurity/penetration testing firm watchTowr tells them that "these are vulnerability classes from the 1990s, and security controls to prevent or identify them have existed for a long time. There is really no excuse." Enterprises have long relied on firewalls, routers, VPN servers, and email gateways to protect their networks from attacks. Increasingly, however, these network edge devices are becoming security liabilities themselves... Google's Threat Intelligence Group tracked 75 exploited zero-day vulnerabilities in 2024. Nearly one in three targeted network and security appliances, a strikingly high rate given the range of IT systems attackers could choose to exploit. That trend has continued this year, with similar numbers in the first 10 months of 2025, targeting vendors such as Citrix NetScaler, Ivanti, Fortinet, Palo Alto Networks, Cisco, SonicWall, and Juniper. Network edge devices are attractive targets because they are remotely accessible, fall outside endpoint protection monitoring, contain privileged credentials for lateral movement, and are not integrated into centralized logging solutions...

[R]esearchers have reported vulnerabilities in these systems for over a decade with little attacker interest beyond isolated incidents. That shifted over the past few years with a rapid surge in attacks, making compromised network edge devices one of the top initial access vectors into enterprise networks for state-affiliated cyberespionage groups and ransomware gangs. The COVID-19 pandemic contributed to this shift, as organizations rapidly expanded remote access capabilities by deploying more VPN gateways, firewalls, and secure web and email gateways to accommodate work-from-home mandates. The declining success rate of phishing is another factor... "It is now easier to find a 1990s-tier vulnerability in a border device where Endpoint Detection and Response typically isn't deployed, exploit that, and then pivot from there" [says watchTowr CEL Harris]...

Harris of watchTowr doesn't want to minimize the engineering effort it takes to build a secure system. But he feels many of the vulnerabilities discovered in the past two years should have been caught with automatic code analysis tools or code reviews, given how basic they have been. Some VPN flaws were "trivial to the point of embarrassing for the vendor," he says, while even the complex ones should have been caught by any organization seriously investing in product security... Another problem? These appliances have a lot of legacy code, some that is 10 years or older.
Attackers may need to chain together multiple hard-to-find vulnerabilities across multiple components, the article acknowleges. And "It's also possible that attack campaigns against network-edge devices are becoming more visible to security teams because they are looking into what's happening on these appliances more than they did in the past... "

The article ends with reactions from several vendors of network edge security devices.

Thanks to Slashdot reader snydeq for sharing the article.

An anonymous reader quotes a report from Ars Technica: The outage that hit Amazon Web Services and took out vital services worldwide was the result of a single failure that cascaded from system to system within Amazon's sprawling network, according to a post-mortem from company engineers. [...] Amazon said the root cause of the outage was a software bug in software running the DynamoDB DNS management system. The system monitors the stability of load balancers by, among other things, periodically creating new DNS configurations for endpoints within the AWS network. A race condition is an error that makes a process dependent on the timing or sequence events that are variable and outside the developers' control. The result can be unexpected behavior and potentially harmful failures.

In this case, the race condition resided in the DNS Enactor, a DynamoDB component that constantly updates domain lookup tables in individual AWS endpoints to optimize load balancing as conditions change. As the enactor operated, it "experienced unusually high delays needing to retry its update on several of the DNS endpoints." While the enactor was playing catch-up, a second DynamoDB component, the DNS Planner, continued to generate new plans. Then, a separate DNS Enactor began to implement them. The timing of these two enactors triggered the race condition, which ended up taking out the entire DynamoDB. [...] The failure caused systems that relied on the DynamoDB in Amazon's US-East-1 regional endpoint to experience errors that prevented them from connecting. Both customer traffic and internal AWS services were affected.

The damage resulting from the DynamoDB failure then put a strain on Amazon's EC2 services located in the US-East-1 region. The strain persisted even after DynamoDB was restored, as EC2 in this region worked through a "significant backlog of network state propagations needed to be processed." The engineers went on to say: "While new EC2 instances could be launched successfully, they would not have the necessary network connectivity due to the delays in network state propagation." In turn, the delay in network state propagations spilled over to a network load balancer that AWS services rely on for stability. As a result, AWS customers experienced connection errors from the US-East-1 region. AWS network functions affected included the creating and modifying Redshift clusters, Lambda invocations, and Fargate task launches such as Managed Workflows for Apache Airflow, Outposts lifecycle operations, and the AWS Support Center. Amazon has temporarily disabled its DynamoDB DNS Planner and DNS Enactor automation globally while it fixes the race condition and add safeguards against incorrect DNS plans. Engineers are also updating EC2 and its network load balancer.

Further reading: Amazon's AWS Shows Signs of Weakness as Competitors Charge Ahead

Hackers have been spreading malware through more than 3,000 YouTube videos advertising cracked software and game hacks, cybersecurity firm Check Point warned this week. The campaign, active since at least 2021, tripled its video production in 2025. The videos promoted free versions of Adobe Photoshop, FL Studio, Microsoft Office, and game cheats for titles like Roblox. Fake comments created the appearance of legitimacy, the researchers found.

Users who downloaded archives from Dropbox, Google Drive, or MediaFire were instructed to disable Windows Defender before opening files. The downloads contained malware including Lumma and Rhadamanthys, which steal passwords and cryptocurrency wallet information. The hackers hijacked existing accounts and created new ones. One compromised channel with 129,000 subscribers posted a cracked Photoshop video that reached 291,000 views. Another video for FL Studio received over 147,000 views.

A web browser linked to Chinese online gambling websites and downloaded millions of times routes all internet traffic through servers in China and covertly installs programs that run in the background, according to findings published by network security company Infoblox. The researchers said the Universe Browser, which advertises itself as offering privacy protection, includes features similar to malware such as key logging and surreptitious connections.

Infoblox collaborated with the United Nations Office on Drugs and Crime on the research. The investigators found links between the browser and Southeast Asia's cybercrime ecosystem, which has connections to money laundering, illegal online gambling, human trafficking and scam operations using forced labor. The browser is directly linked to BBIN, a major online gambling company that has existed since 1999. Infoblox researchers examined the Windows version of the browser and found that it checks users' locations and languages when launched, installs two browser extensions, and disables security features including sandboxing.

Airbus, Leonardo, and Thales are merging their space divisions into a new France-based company that aims to create a "leading European player in space." The joint venture, expected to launch operations by 2027 pending regulatory approval, will pool R&D resources to accelerate satellite development and strengthen Europe's technological sovereignty in space. Engadget reports: The companies Airbus, Leonardo and Thales have finalized this deal. The new unnamed entity will be based in France and will employ around 25,000 people. Airbus will own 35 percent, while the other two companies will each own 32.5 percent. Executives are hoping this company will better serve Europe's need for "sovereignty" in space and help it create a rival to SpaceX's Starlink communications network. Increasing a presence in space is also seen as a good thing for security and defense.

This isn't just bluster. Thales and Airbus have long been rivals in the satellite market, but it looks like they are friends now. Leonardo is known for space systems and services. Combining all three could actually give SpaceX a run for its money, but we will have to wait and see. There are no planned site closures, as the companies say that each home country will keep its existing capabilities. This will be a standalone company, so think of it as an extremely well-financed startup. The first task for the upstart? Reporting indicates it'll be to find more efficient ways to develop and manufacture satellites.

Millions of tons of discarded electronics from the United States are being shipped overseas, much of it to developing countries in Southeast Asia unprepared to safely handle hazardous waste, according to a new report by an environmental watchdog. AP: The Seattle-based Basel Action Network, or BAN, said a two-year investigation found at least 10 U.S. companies exporting used electronics to Asia and the Middle East, in what it says is a "hidden tsunami" of electronic waste. "This new, almost invisible tsunami of e-waste, is taking place ... padding already lucrative profit margins of the electronics recycling sector while allowing a major portion of the American public's and corporate IT equipment to be surreptitiously exported to and processed under harmful conditions in Southeast Asia," the report said.

Electronic waste, or e-waste, includes discarded devices like phones and computers containing both valuable materials and toxic metals like lead, cadmium and mercury. As gadgets are replaced faster, global e-waste is growing five times quicker than it's formally recycled. The world produced a record 62 million metric tons in 2022. That's expected to climb to 82 million by 2030, according to the United Nations' International Telecommunication Union and its research arm, UNITAR.

SpaceX has deactivated over 2,500 Starlink terminals allegedly used by scam operations in Myanmar, where the service isn't licensed but was reportedly enabling large-scale cybercrime networks tied to human trafficking and fraud. Ars Technica reports: Lauren Dreyer, vice president of Starlink business operations, described the action in an X post last night after reports that Myanmar's military shut down a major scam operation: "SpaceX complies with local laws in all 150+ markets where Starlink is licensed to operate," Dreyer wrote. "SpaceX continually works to identify violations of our Acceptable Use Policy and applicable law... On the rare occasion we identify a violation, we take appropriate action, including working with law enforcement agencies around the world. In Myanmar, for example, SpaceX proactively identified and disabled over 2,500 Starlink Kits in the vicinity of suspected 'scam centers.'"

Starlink is not licensed to operate in Myanmar. While Dreyer didn't say how the terminals were disabled, it's known that Starlink can disable individual terminals based on their ID numbers or use geofencing to block areas from receiving signals. On Monday, Myanmar state media reported that "Myanmar's military has shut down a major online scam operation near the border with Thailand, detaining more than 2,000 people and seizing dozens of Starlink satellite Internet terminals," according to an Associated Press article. The army reportedly raided a cybercrime center known as KK Park as part of operations that began in early September. The operations reportedly targeted 260 unregistered buildings and resulted in seizure of 30 Starlink terminals and detention of 2,198 people.

"Maj. Gen. Zaw Min Tun, the spokesperson for the military government, charged in a statement Monday night that the top leaders of the Karen National Union, an armed ethnic organization opposed to army rule, were involved in the scam projects at KK Park," the AP wrote. The Karen National Union is "part of the larger armed resistance movement in Myanmar's civil war" and "deny any involvement in the scams."

OpenBSD 7.8 has been released, adding Raspberry Pi 5 support, enhanced AMD Secure Encrypted Virtualization (SEV-ES) capabilities, and expanded hardware compatibility including new Qualcomm, Rockchip, and Apple ARM drivers. Phoronix reports: OpenBSD 7.8 also brings multiple improvements around enabling AMD Secure Encrypted Virtualization (AMD SEV) support with support for the PSP ioctl for encrypting and measuring state for SEV-ES, a new VMD option to run guests in SEV-ES mode, and other enablement work pertaining to that AMD SEV work in SEV-ES form at this point as a precursor to SEV-SNP. AMD SEV-ES should be working to start confidential virtual machines (VMs) when using the VMM/VMD hypervisor and the OpenBSD guests with KVM/QEMU.

OpenBSD 7.8 also improves compatibility of the FUSE file-system support with the Linux implementation, suspend/hibernate improvements, SMP improvements, updating to the Linux 6.12.50 DRM graphics drivers, several new Rockchip drivers, Raspberry Pi RP1 drivers, H.264 video support for the uvideo driver, and many network driver improvements. The changelog and download page can be found via OpenBSD.org.

General Motors is ending production of its Chevy BrightDrop electric delivery vans after sluggish demand and the expiration of key EV tax credits. "This is not a decision we made lightly because of the impact on our employees," GM CEO Mary Barra said during the company's third quarter earnings call Tuesday. "However the commercial electric van market has been developing much slower than expected, and changes to the regulatory framework and fleet incentives has made the business even more challenging." The Verge reports: Brightdrop first launched in 2021 as GM's effort to capture a large portion of the commercial EV market, starting with a pair of electric vans, as well as fleet management software and electric-powered carts for goods delivery. The automaker made deals with Walmart, FedEx, and other major retailers to add the van to their delivery fleets. But after trying to make a go of it as a standalone brand, GM reabsorbed BrightDrop in 2023, and then later assigned it to Chevy in order to tap into the brand's sales and service dealer network.

Now the van will stand as yet another casualty of the expiration of the $7,500 federal EV tax credit, which ended on September 30th. In addition to the consumer credit, there was also a $7,500 discount for commercial EVs under 18,000 lbs -- which Brightdrop was eligible for. The van was a range leader, but also was more expensive than its most prominent competitor. Brightdrop's vans started at $74,000, while Ford's E-Transit van with extended battery range sold for $51,600.

The German Koblenz Regional Court has banned the internet service provider 1&1 from marketing its fiber-to-the-curb service as fiber-optic DSL. The court found that the company misled customers because its network uses copper cables for the final stage of connections, sometimes extending up to a mile from the distribution box to subscribers' homes.

Customers who visited the ISP's website and checked connection availability received a notification stating that a "1&1 fiber optic DSL connection" was available, even though fiber optic cables terminate at street-level distribution boxes or building service rooms. The company pairs the copper lines with vectoring technology to boost DSL speeds to 100 megabits per second. The Federation of German Consumer Organizations filed the lawsuit. Ramona Pop, the organization's chairperson, said that anyone who promises fiber optics but delivers only DSL is deceiving customers.

An anonymous reader quotes a report from Ars Technica: On Monday afternoon, Amazon confirmed that an outage affecting Amazon Web Services' cloud hosting, which had impacted millions across the Internet, had been resolved. Considered the worst outage since last year's CrowdStrike chaos, Amazon's outage caused "global turmoil," Reuters reported. AWS is the world's largest cloud provider and, therefore, the "backbone of much of the Internet," ZDNet noted. Ultimately, more than 28 AWS services were disrupted, causing perhaps billions in damages, one analyst estimated for CNN.

[...] Amazon's problems originated at a US site that is its "oldest and largest for web services" and often "the default region for many AWS services," Reuters noted. The same site has experienced two outages before in 2020 and 2021, but while the tech giant had confirmed that those prior issues had been "fully mitigated," apparently the fixes did not ensure stability into 2025. ZDNet noted that Amazon's first sign of the outage was "increased error rates and latency across numerous key services" tied to its cloud database technology. Although "engineers later identified a Domain Name System (DNS) resolution problem" as the root of these issues and quickly fixed it, "other AWS services began to fail in its wake, leaving the platform still impaired" as more than two dozen AWS services shut down. At the peak of the outage on Monday, Down Detector tracked more than 8 million reports globally from users panicked by the outage, ZDNet reported. Ken Birman, a computer science professor at Cornell University, told Reuters that "software developers need to build better fault tolerance."

"When people cut costs and cut corners to try to get an application up, and then forget that they skipped that last step and didn't really protect against an outage, those companies are the ones who really ought to be scrutinized later."

London police finally understand why 80,000 phones disappeared from the city's streets last year. The answer involves budget cuts [non-paywalled source] that hollowed out British policing in the 2010s, the arrival of electric bikes that made theft easy, and a lucrative black market in China where stolen British phones retain full functionality. The Metropolitan Police discovered an industrial-scale operation in December when officers traced a woman's iPhone to a Heathrow warehouse on Christmas Eve. Boxes labeled as batteries and bound for Hong Kong contained almost 1,000 stolen iPhones. The police arrested two men in their thirties in September as suspected ringleaders of a group that sent up to 40,000 stolen phones to China.

The epidemic took root after Conservative-led austerity measures reduced police numbers and budgets. In 2017 the Metropolitan Police announced it would stop investigating low-level crimes to focus resources on serious violence and sexual offenses. Thieves on rented electric bikes began mounting sidewalks to snatch phones at high speed while wearing balaclavas and hoods. Police data shows only 495 people were charged out of 106,000 phones reported stolen between March 2024 and February 2025. Thieves earn up to $401 per device. The phones sell for up to $5,000 in China because Chinese network providers do not subscribe to the international blacklist for stolen devices.

An anonymous reader quotes a report from Ars Technica: Anthropic has added web and mobile interfaces for Claude Code, its immensely popular command-line interface (CLI) agentic AI coding tool. The web interface appears to be well-baked at launch, but the mobile version is limited to iOS and is in an earlier stage of development. The web version of Claude Code can be given access to a GitHub repository. Once that's done, developers can give it general marching orders like "add real-time inventory tracking to the dashboard."

As with the CLI version, it gets to work, with updates along the way approximating where it's at and what it's doing. The web interface supports the recently implemented Claude Code capability to take suggestions or requested changes while it's in the middle of working on a task. (Previously, if you saw it doing something wrong or missing something, you often had to cancel and start over.) Developers can run multiple sessions at once and switch between them as needed; they're listed in a left-side panel in the interface.

Alongside this web and mobile rollout, Anthropic has also introduced a new sandboxing runtime to Claude Code that, along with other things, aims to make the experience both more secure and lower friction. In the past, Claude Code worked by asking permission before making most changes and steps along the way. Now, it can instead be given permissions for specific file system folders and network servers. That means fewer approval steps, but it's also more secure overall against prompt injection and other risks. You can learn more about "Claude Code on the web" through the company's blog and official YouTube channel.

Note: the new features are available in beta as a research preview, and they are available to Claude users with Pro or Max subscriptions.

"A new study published on Monday found that communications from cellphone carriers, retailers, banks, and even militaries are being broadcast unencrypted through geostationary satellites..." reports Gizmodo. "The team obtained unencrypted internet communications from U.S. military sea vessels and even communications regarding narcotics trafficking from Mexican military and law enforcement." Researchers from the University of California, San Diego (UCSD) and the University of Maryland scanned 39 of these satellites from a rooftop in Southern California over three years. They found that roughly half of the signals they analyzed were transmitting unencrypted data, potentially exposing everything from phone calls and military logistics to a retail chain's inventory. "There is a clear mismatch between how satellite customers expect data to be secured and how it is secured in practice," the researchers wrote in their paper titled "Don't Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites...." "They assumed that no one was ever going to check and scan all these satellites and see what was out there. That was their method of security," Aaron Schulman, a UCSD professor and co-lead of the study, told Wired....

Even more surprisingly, the researchers didn't need any fancy spy gear to collect this data. Their setup used only off-the-shelf hardware, including a $185 satellite dish, a $140 roof mount with a $195 motor, and a $230 tuner card. Altogether, the system cost roughly $750 and was installed on a university building in La Jolla, San Diego.

With their simple setup, the researchers were able to collect a wide range of communication data, including phone calls, texts, in-flight Wi-Fi data from airline passengers, and signals from electric utilities. They even obtained U.S. and Mexican military and law enforcement communications, as well as ATM transactions and corporate communications... When it came to telecoms, specifically, the team collected phone numbers, calls, and texts from customers of T-Mobile, AT&T Mexico, and Telmex... It only took the team nine hours to collect the phone numbers of over 2,700 T-Mobile users, along with some of their calls and text messages.
T-Mobile told Gizmodo the lack of encryption was "a vendor's technical misconfiguration" affecting "a limited number of cell sites" and was "not network-wide... [W]e implemented nationwide Session Initiation Protocol (SIP) encryption for all customers to further protect signaling traffic as it travels between mobile handsets and the network core, including call set up, numbers dialed and text message content. We appreciate our collaboration with the security research community, whose work helps reinforce our ongoing commitment to protecting customer data and enhances security across the industry."

Indeed, the researchers write that "Each time we discovered sensitive information in our data, we went through considerable effort to determine the responsible party, establish contact, and disclose the vulnerability. In several cases, the responsible party told us that they had deployed a remedy. For the following parties, we re-scanned with their permission and were able to verify a remedy had been deployed: T-Mobile, WalMart, and KPU."

The researchers acknowledge that exposure "was limited to a relatively small number of cell towers in specific remote areas."

It's the world's largest network of environmental groups, according to NBC News, with more than 1,400 members from roughly 160 countries. It meets once every four years.

And in a vote Tuesday, the International Union for Conservation of Nature "approved further exploration of the use of genetic engineering tools to aid in the preservation of animal species and other living organisms." Researchers are already pursuing projects that involve changing some species' DNA. Scientists are genetically modifying mosquitoes to reduce transmission of diseases like malaria, for example, and synthesizing horseshoe crab blood, which is used in drug development. Controversial efforts to "de-extinct" archaic creatures — such as the so-called "dire wolf" that a biosciences company announced it had revived this spring — fall under the umbrella, as well. So do possibilities like modifying organisms to help them adapt to a warming world, which are on the table but further off in development.... The decision is applicable to work on a range of organisms, including animals, plants, yeasts and bacteria....

The notion of introducing genetic engineering into wild ecosystems would have been considered a nonstarter in most conservation circles a decade ago, according to Jessica Owley [a professor and environment law program director at the University of Miami]. But the intensifying effects of climate change and other stressors to biodiversity are bolstering arguments in favor of human intervention that could make endangered species resistant to those threats... The IUCN vote, she added, reflects a feeling of desperation among conservationists and governments, as existing regulations and conservation efforts fall short and species continue to disappear worldwide.
"A separate measure, a proposed moratorium on releasing genetically modified organisms into the environment, failed by a single vote..."

A network of classified Starshield satellites built by SpaceX for the U.S. government is transmitting signals on radio frequencies reserved for Earth-to-space commands. According to NPR, it may violate international standards. From the report: Satellites associated with the Starshield satellite network appear to be transmitting to the Earth's surface on frequencies normally used for doing the exact opposite: sending commands from Earth to satellites in space. The use of those frequencies to "downlink" data runs counter to standards set by the International Telecommunication Union, a United Nations agency that seeks to coordinate the use of radio spectrum globally.

Starshield's unusual transmissions have the potential to interfere with other scientific and commercial satellites, warns Scott Tilley, an amateur satellite tracker in Canada who first spotted the signals. "Nearby satellites could receive radio-frequency interference and could perhaps not respond properly to commands -- or ignore commands -- from Earth," he told NPR.

Outside experts agree there's the potential for radio interference. "I think it is definitely happening," said Kevin Gifford, a computer science professor at the University of Colorado, Boulder who specializes in radio interference from spacecraft. But he said the issue of whether the interference is truly disruptive remains unresolved. [...] Tilley says he's detected signals from 170 of the Starshield satellites so far. All appear in the 2025-2110 MHz range, though the precise frequencies of the signals move around.