AI

AI Tool Rips Off Open Source Software Without Violating Copyright (404media.co) 120

A satirical but working tool called Malus uses AI to create "clean room" clones of open-source software, aiming to reproduce the same functionality while shedding attribution and copyleft obligations. "It works," Mike Nolan, one of the two people behind Malus, who researches the political economy of open source software and currently works for the United Nations, told 404 Media. "The Stripe charge will provide you the thing, and it was important for us to do that, because we felt that if it was just satire, it would end up like every other piece of research I've done on open source, which ends up being largely dismissed by open source tech workers who felt that they were too special and too unique and too intelligent to ever be the ones on the bad side of the layoffs or the economics of the situation." 404 Media reports: Malus's legal strategy for bypassing copyright is based on a historically pivotal moment for software and copyright law dating back to 1982. Back then, IBM dominated home computing, and competitors like Columbia Data Products wanted to sell products that were compatible with software that IBM customers were already using. Reverse engineering IBM's computer would have infringed on the company's copyright, so Columbia Data Products came up with what we now know as a "clean room" design.

It tasked one team with examining IBM's BIOS and creating specifications for what a clone of that system would require. A different "clean" team, one that was never exposed to IBM's code, then created BIOS that met those specifications from scratch. The result was a system that was compatible with IBM's ecosystem but didn't violate its copyright because it did not copy IBM's technical process and counted as original work.

This clean room method, which has been validated by case law and dramatized in the first season of Halt and Catch Fire, made computing more open and competitive than it would have been otherwise. But it has taken on new meaning in the age of generative AI. It is now easier than ever to ask AI tools to produce software that is identical in function to existing open source projects, and that, some would argue, are built from scratch and are therefore original work that can bypass existing copyright licenses. Others would say that software produced by large language models is inherently derivative, because like any LLM output, it is trained on the collective output of humans scraped from the internet, including specific open source projects.

Malus (pronounced malice), uses AI to do the same thing. "Finally, liberation from open source license obligations," Malus's site says. "Our proprietary AI robots independently recreate any open source project from scratch. The result? Legally distinct code with corporate-friendly licensing. No attribution. No copyleft. No problems." Copyleft is a type of copyright license that ensures reproductions or applications of the software keep it free to share and modify.

Government

Pentagon Wants $54 Billion For Drones (arstechnica.com) 83

An anonymous reader quotes a report from Ars Technica: The US military's massive $1.5 trillion budget request for the next fiscal year includes what Pentagon officials described as the largest investment in drone warfare and counter-drone technology in US history. The proposed spending on drone and autonomous warfare technologies within the FY2027 budget proposal for the US Department of Defense would surpass most countries' defense budgets and rank among the top 10 in the world for military spending, ahead of countries such as Ukraine, South Korea, and Israel.

Specifically, the Pentagon is requesting $53.6 billion to boost US production and procurement of drones, train drone operators, build out a logistics network for sustaining drone deployments, and expand counter-drone systems to defend more US military sites. The funding request is budgeted under the Defense Autonomous Warfare Group (DAWG), an organization established in late 2025 that would see a massive budget increase after receiving about $226 million in the 2026 fiscal year budget.

[...] Another $20.6 billion would help purchase one-way attack drones and drone aircraft developed through the US Air Force's Collaborative Combat Aircraft program, which is building drone prototypes capable of teaming up with human-piloted fighter jets. Part of this funding would also go toward defensive systems for countering small drones and the US Navy's Boeing MQ-25 drone designed to perform midair refueling of carrier-borne fighter aircraft to extend their strike ranges. Such drone-related spending even rivals the entire budget of the US Marine Corps. But the Pentagon has not said that it is creating a dedicated drone branch of the US military similar to the standalone Space Force.

Pentagon officials emphasized that most of the money would go toward procuring drone and autonomous warfare technologies that already exist, and is largely separate from additional funding that would bolster US domestic manufacturing capacity to build such weapon systems. "That $70 billion is all going into existing systems and technologies," said Hurst. "The industrial base support is entirely separate."
"The evolution we've seen in the battlefield is this evolution of technologies in the timeframe of weeks, not the typical years we see with our defense production," said Lt. Gen. Steven Whitney, director of force structure, resources, and assessment for the Pentagon's Joint Chiefs of Staff, during a Pentagon press briefing. "So it's really critical we work with industry to get that capability fielded."
Firefox

Mozilla Uses Anthropic's Mythos To Fix 271 Bugs In Firefox (nerds.xyz) 172

BrianFagioli writes: Mozilla says it used an early version of Anthropic's Claude Mythos Preview to comb through Firefox's code, and the results were hard to ignore. In Firefox 150, the team fixed 271 vulnerabilities identified during this effort, a number that would have been unthinkable not long ago. Instead of relying only on fuzzing tools or human review, the AI was able to reason through code and surface issues that typically require highly specialized expertise.

The bigger implication is less about one release and more about where this is heading. Security has long favored attackers, since they only need to find a single flaw while defenders have to protect everything. If AI can scale vulnerability discovery for defenders, that dynamic could start to shift. It does not mean zero days disappear overnight, but it suggests a future where bugs are found and fixed faster than attackers can weaponize them.
"Computers were completely incapable of doing this a few months ago, and now they excel at it," says Mozilla in a blog post. "We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable. So far we've found no category or complexity of vulnerability that humans can find that this model can't."

The company concluded: "The defects are finite, and we are entering a world where we can finally find them all."
Hardware

Framework Laptop 13 Pro Is a Major Overhaul For the Modular, Upgradeable Laptop (arstechnica.com) 41

An anonymous reader quotes a report from Ars Technica: Framework has been selling and shipping its modular, repairable, upgradable Laptop 13 for five years now, and in that time, it has released six distinct versions of its system board, each using fresh versions of Intel and AMD processors (seven versions, if you count this RISC-V one). The laptop around those components has gradually gotten better, too. Over the years, Framework has added higher-resolution screens in both matte and glossy finishes, a slightly larger battery, and other tweaked components that refine the original design. But so far, all of those parts have been totally interchangeable, and the fundamentals of the Laptop 13 design haven't changed much.

That changes today with the Framework Laptop 13 Pro, which, despite its name, is less an offshoot of the original Laptop 13 and closer to a ground-up redesign. It includes new Core Ultra Series 3 chips (codenamed Panther Lake), Framework's first touchscreen, a new black aluminum color option, a larger battery, and other significant changes. And while it sacrifices some component compatibility with the original Laptop 13, displays and motherboards remain interchangeable, so Framework Laptop owners can buy the new Core Ultra board and owners of older Framework Laptop boards can pop one into a Pro to benefit from the new battery and screen. At 1.4kg (about 3 pounds), the Laptop 13 Pro is slightly heavier than the Laptop 13's 1.3kg, but it still stacks up well against the 14-inch M5 MacBook Pro (1.55kg, or 3.4 pounds).

The Framework Laptop Pro will start at $1,199 for a DIY edition with a Core Ultra 5 325 processor, and no RAM, SSD, or operating system. A prebuilt version with Ubuntu Linux installed will start at $1,499, and Windows 11 will cost another $100 on top of that. A Core Ultra X7 358H version starts at $1,599 for a DIY edition, and a "limited batch" Core Ultra X9 388H version starts at $1,799. A bare motherboard with the Core Ultra 5 325 starts at $449, while a Core Ultra X7 358H board will cost $799. Pre-orders are available now, and begin shipping in June.

Facebook

Meta To Start Capturing Employee Mouse Movements, Keystrokes For AI Training Data (reuters.com) 44

Reuters reports that Meta plans to start collecting U.S.-based employees' mouse movements, clicks, keystrokes, and occasional screen snapshots to train AI agents that can better learn how humans use computers. The tool, called Model Capability Initiative (MCI), will reportedly "not be used for performance assessments or any other purpose besides model training and that safeguards were in place to protect 'sensitive content.'" From the report: Meta CTO Andrew Bosworth told employees in a separate memo shared on Monday that the company would step up internal data collection as part of those "AI for Work" efforts, now re-branded as Agent Transformation Accelerator (ATA). "The vision we are building towards is one where our agents primarily do the work and our role is to direct, review and help them improve," Bosworth said. The aim, he added, was for agents to "automatically see where we felt the need to intervene so they can be better next time." Bosworth did not explicitly spell out how those agents would be trained, but said Meta would be "rigorous" about "building up data and evals for all the types of interactions we have as we go about our work."

Meta spokesperson Andy Stone acknowledged that the MCI data would be among the inputs. [...] "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people "actually use them -- things like mouse movements, clicking buttons, and navigating dropdown menus," said Stone.

Google

Google's Internal Politics Leave It Playing Catch-Up On AI Coding (bloomberg.com) 24

An anonymous reader quotes a report from Bloomberg: At Google, leaders are anxious about falling behind in the race to offer AI coding tools, especially as rivals like Anthropic PBC offer more effective and popular tools to businesses, according to people familiar with the matter. The search giant is now working to unite some of its coding initiatives under one banner to speed progress and take advantage of a surge in customer interest. In some corners of Alphabet's Google, particularly AI lab DeepMind, concerns about the company's position are mounting, according to current and former employees and executives, who declined to be named because they weren't authorized to speak publicly.

Businesses are just starting to realize that AI coding tools can enable anyone to build products by prompting a chatbot. But Google doesn't have a clear solution for them. Its Gemini model's capabilities are sprinkled across half a dozen different coding products with different branding, indicating how the company's lack of focus and competing internal efforts have hampered success, the people said. Even internally, some Google engineers prefer to use Anthropic's Claude Code, they said. More concerning, the people said, are the engineers who are struggling to adopt AI coding at all. [...] Google's emphasis on its own technology has also complicated the push to catch up. Most employees are banned from using competing tools such as Claude Code or Codex due to security concerns, but Googlers can request exceptions if they can demonstrate they have a business case, one former employee said. Some teams at DeepMind, including those working on the Gemini model, internal applications, and open source models, use Claude Code, according to three former employees. "You want the best people to use the best tool, even inside Google," one of the former employees said. [...]

In recent years, DeepMind has tried to tighten control over how its AI breakthroughs are woven into Google products. Last year, Google appointed Kavukcuoglu to a new position as chief AI architect, a role in which he is charged with folding generative AI into Google products. Yet confusion about who is leading the charge on AI coding persists. Along with DeepMind, Google Cloud, Google Core, Google Labs and Android are all pushing AI coding in different ways, one of the people said. [...] Within the Googleplex, there is a philosophical clash between AI researchers who want to move as quickly as possible and more traditional senior engineers who have exacting standards for code quality, former employees say. AI usage is factored into performance reviews, according to a former employee. But engineers who try to use internal AI coding tools often hit capacity constraints due to competition for computing power, the former employee said.

Social Networks

Palantir Posts Bond Villain Manifesto On X (engadget.com) 142

DeanonymizedCoward writes: Engadget reports that Palantir has posted to X a summary of CEO Alex Karp and Nicholas W. Zamiska's 2025 book, The Technological Republic, which reads like a utopian idealist doodled on a Bond villain's whiteboard. While the post makes some decent points, it also highlights the Big-AI attitude that the AI surveillance state is in fact a good thing, and strongly implies that the Good Guys need to do war crimes before the Bad Guys get around to it. "The ability of free and democratic societies to prevail requires something more than moral appeal," one of the 22 points states. "It requires hard power, and hard power in this century will be built on software."

The book is billed as "a passionate call for the West to wake up to our new reality," and other excerpts in the social media post include assertions such as: "Free email is not enough. The decadence of a culture or civilization, and indeed its ruling class, will be forgiven only if that culture is capable of delivering economic growth and security for the public"; "National service should be a universal duty"; "The postwar neutering of Germany and Japan must be undone"; and "Some cultures have produced vital advances; others remain dysfunctional and regressive."

The statement criticizes the West's resistance to "defining national cultures in the name of inclusivity," as well as the treatment of billionaires and the "ruthless exposure of the private lives of public figures."
Transportation

Videos Catch Amazon Delivery Drones Dropping Packages From 10 Feet in the Air (nypost.com) 86

There's been a few complaints about Amazon's drone delivery service. "The automated mailmen are dropping off packages from 10 feet in the air," reports the New York Post, "rendering the contents of each box susceptible to crashing and smashing."

One example? Tamara Hancock filmed a drone delivering a bottle of Torani flavoring syrup to her home in Arizona (as a test of how Amazon handled fragile items). It was delivered it in a plastic bottle — not glass — but the massive drone drops the drone from so high that the impact cracked the bottle's cap. (In the video Hancock opens her delivery to find leaked flavoring syrup "everywhere.")

The delivery was hard to film, Hancock says, because "If the drone sees me in the back yard, it will not drop, because it is worried about hurting humans or animals." The Post notes Amazon's "AI-charged fleet" of drones are "Outfitted with industry-leading 'sense and avoid' technology, the aerodynamic machines are equipped to drop off eligible items, weighing a maximum of five pounds, at designated areas in 60 minutes or less." The high-tech, however, apparently does not ensure gentle landings. Collisions, including a recent crash-and-burn into a Texas building, as well as several mid-flight malfunctions in rainy weather, have abounded since the drones' inaugural launch....

Tasha, a separate Amazon user, spotted the drone plunging a package near the paved driveway of a neighbor's yard. Unfortunately, its propellers caused other, previously delivered parcels to blow away, sending one into the street... In a statement to The Post, Amazon said it apologized for one of the "rare instances when products don't arrive as expected."

Amazon's drone fleet has been running since late 2024, the Post adds, and are now offering "ultra-fast" shipping in U.S. states including Arizona, Florida, Michigan, Kansas and Texas.

The machines do seem massive. I'm surprised neighbors aren't complaining about the noise...
Security

Zoom Partners With Sam Altman's Iris-Scanning Company To Offer Callers Verifications of Humanness (digitaltrends.com) 43

Zoom "has partnered with World, Sam Altman's iris-scanning identity company (previously known as Worldcoin), " reports Digital Trends, "to add real-time human verification inside meetings." Zoom is now inviting organizations to join the beta version of the rollout, which Digital Trends says "lets hosts confirm that every face on the call belongs to a real person, not an AI-generated imposter. " For those wondering how World's Deep Face technology works, it includes a three-step process. It cross-references a signed image from a user's original Orb registration, a live face scan from the device, and the frame of the video that's visible to the other participants in the meeting. Only when the three samples match does a "Verified Human" badge appear next to the user's name...

Hosts can also make Deep Face verification mandatory for joining meetings, preventing unverified participants from joining entirely. Mid-call, on-the-spot checks are also possible...

The Military

Nobel Prize-Winning Physicist Predicts Humankind Won't Survive Another 50 Years (livescience.com) 176

Live Science spoke with physicist David Gross, who today received the $3 million "Special Breakthrough Prize in Fundamental Physics". He was part of a trio that won the 2004 physics Nobel prize for research that helped complete the Standard Model of particle physics. But when asked if physics will reach a unified theory of the fundamental forces of nature within 50 years, Gross has a surprising answer. "Currently, I spend part of my time trying to tell people... that the chances of you living 50 [more] years are very small."

Cold War estimates for a 1% chance of nuclear war each year seem low, Gross says. "The chances are more likely 2%. So that's a 1-in-50 chance every year." David Gross: The expected lifetime, in the case of 2% [per year], is about 35 years. [The expected lifetime is the average time it would take to have had a nuclear war by then. It is calculated using similar equations as those used to determine the "half-life" of a radioactive material.]

Live Science: So what do you suggest as remedies to lower that risk?

Gross: We had something called the Nobel Laureate Assembly for reducing the risk of nuclear war in Chicago last year. There are steps, which are easy to take — for nations, I mean. For example, talk to each other. In the last 10 years, there are no treaties anymore. We're entering an incredible arms race.

We have three super nuclear powers. People are talking about using nuclear weapons; there's a major war going on in the middle of Europe; we're bombing Iran; India and Pakistan almost went to war. OK, so that's increased the chance [of nuclear war]. I would really like to have a solid estimate — it might be more, and I think I'm being conservative — but a 2% estimate [of nuclear war] in today's crazy world.

Live Science: Do you think we'll ever get to a place where we get rid of nuclear weapons?

Gross: We're not recommending that. That's idealistic, but yes, I hope so. Because if you don't, there's always some risk an AI 100 years from now [could launch nuclear weapons], but chances of [humanity] living, with this estimate, 100 years, is very small, and living 200 years is infinitesimal. So [the answer to] Fermi's question of "Where are the civilizations, all the intelligent organisms around the galaxy, and why don't they talk to us?" is that they've killed themselves...

There are now nine nuclear powers. Even three is infinitely more complicated than two. The agreements, the norms between countries, are all falling apart. Weapons are getting crazier. Automation, and perhaps even AI, will be in control of those instruments pretty soon... It's going to be very hard to resist making AI make decisions because it acts so fast.

He points out that with the threat of climate change, "people have done something," even though "It's a much harder argument to make than about nuclear weapons.

"We made them; we can stop them."

Thanks to hwstar (Slashdot reader #35,834) for sharing the article.
Power

Is the Iran War Driving a Surge of Interest in Electric Cars? (time.com) 296

In October and through November, America's EV sales reached their lowest point since 2022 after government subsidies expired, remembers Time. "But first-quarter data for 2026 shows that used EV sales were 12% higher than the same time last year and 17% higher than the previous quarter.

"One factor likely helping push buyers toward these cars is high gas prices, which recently topped $4.00 a gallon for the first time in four years," they write — but it's not just in the U.S. Instead, they argue the U.S.-Iran conflict "is driving a global surge of interest in electric vehicles..." In the U.K., electric car sales reached a record high, with 86,120 vehicles sold in March... The French online used-car retailer Aramisauto reported its share of EV sales nearly doubled from February 16 to March 9, rising to 12.7% from 6.5%, while sales of fueled models dropped to 28% of sales from 34%, and sales of diesel models dropped to 10% from 14%. Germany's largest online car market, mobile.de, told Reuters that the share of EV searches on its website has tripled since the start of March — from 12% to 36%, with car dealers receiving 66% more enquiries for used EVs than in February.

South Korea reported that registrations for electric vehicles more than doubled in March compared to the prior year, due in part to rising fuel prices and government subsidies... In New Zealand, more than 1,000 EVs were registered in the week that ended on March 22, close to double the week before, making it the country's biggest week for electric vehicle registrations since the end of 2023, according to the country's Transport Minister, Chris Bishop.

In America, Bloomberg also reports 605 high-speed EV charging stations switched on in just the first three months of 2025, "a 34% increase over the year-earlier period," according to their analysis of federal data. A data platform focused on EV infrastructure tells Bloomberg that speedier and more reliable chargers are convincing more drivers to go electric and use public plugs.
Social Networks

Motorola Sues Social Media Platforms and Creators in India (techcrunch.com) 15

"Motorola has filed a lawsuit in India against social media platforms and content creators," reports TechCrunch, "over posts it alleges are defamatory..." The lawsuit, filed in a Bengaluru court and obtained by TechCrunch, names platforms such as X, YouTube, and Instagram along with dozens of content creators, and seeks takedown of the content as well as broader restraint on what it describes as false or defamatory material related to the company's devices. In its over 60-page filing, Motorola has sought a permanent injunction restraining the defendants from publishing or sharing what it describes as false or defamatory content about its products, including reviews, videos, comments, and boycott campaigns.

The complaint cites hundreds of posts across platforms, including videos alleging device issues and phones catching fire. But it is also targeting unfavorable product reviews and user commentary that the company alleges are false or defamatory. In a statement after publication, a Motorola spokesperson said it had initiated legal action "in the interest of public safety" against what it described as demonstrably false claims that its devices had exploded or caught fire.

One online creator told TechCrunch "they expect more such legal action in the future, as evolving rules around online content increase liability for creators and platforms — a trend reflected in recently proposed changes to India's IT rules aimed at tightening oversight of online content."

A Motorola spokesperson "said the company did not seek to suppress legitimate reviews or criticism and was reviewing the scope of the proceedings, adding that it apologized to creators affected inadvertently."
Transportation

Old Cars 'Tell Tales' by Storing Data That's Never Wiped (itnews.com.au) 42

Slashdot reader Bismillah shared this report from ITNews: Research and development engineer Romain Marchand of Paris headquartered Quarkslab obtained a telematic control unit (TCU) from a salvage yard in Poland... Marchand tore down the TCU, which is based on a Qualcomm system on a chip, and extracted the Linux-based file system from the Micron multi-chip package (MCP) which contained NAND-based non-volatile storage memory. The non-volatile storage contained sensitive information, including system configuration data and more importantly, logs that revealed the vehicle's GPS positions over time.

None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What's more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD's full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis... The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker's TCU is broadly similar to what can be found in other brands.

Mozilla

Mozilla 'Thunderbolt' Is an Open-Source AI Client Focused On Control and Self-Hosting 23

BrianFagioli writes: Mozilla's email subsidiary MZLA Technologies just introduced Thunderbolt, an open-source AI client aimed at organizations that want to run AI on their own infrastructure instead of relying entirely on cloud services. The idea is to give companies full control over their data, models, and workflows while still offering things like chat, research tools, automation, and integration with enterprise systems through the Haystack AI framework. Native apps are planned for Windows, macOS, Linux, iOS, and Android. Thunderbolt allows organizations to do the following:
- Run AI with their choice of models, from leading commercial providers to open-source and local models
- Connect to systems and data: Integrate with pipelines and open protocols, including: deepset's Haystack platform, Model Context Protocol (MCP) servers, and agents with the Agent Client Protocol (ACP)
- Automate workflows and recurring tasks: Generate daily briefings, monitor topics, compile reports, or trigger actions based on events and schedules
- Work seamlessly across devices with native applications for Windows, macOS, Linux, iOS, and Android
- Maintain security with self-hosted deployment, optional end-to-end encryption, and device-level access controls
Data Storage

Microsoft Increases the FAT32 Limit From 32GB To 2TB (windows.com) 85

Longtime Slashdot reader AmiMoJo writes: Windows has limited FAT32 partitions to a maximum of 32GB for decades now. When memory cards and USB drives exceeded 32GB in size, the only options were exFAT or NTFS. Neither option was well supported on other platforms at first, although exFAT support is fairly widespread now. In their latest blog post, Microsoft announced that the limit for FAT32 partitions is being increased to 2TB. Of course, that doesn't mean that every device that supports FAT32 will work flawlessly with a 2TB partition size, but at least there is a decent chance that older devices with don't support exFAT will now be usable with memory cards over 32GB.
Privacy

'TotalRecall Reloaded' Tool Finds a Side Entrance To Windows 11 Recall Database (arstechnica.com) 29

An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database.

After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities.

The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session.

"The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded.
"We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries."
Operating Systems

Is Linux Mint In Trouble? (nerds.xyz) 50

BrianFagioli writes: The developers behind Linux Mint say the project is rethinking its release strategy and moving toward a longer development cycle, with the next version now expected around Christmas 2026. In a monthly update, project lead Clement Lefebvre said the team reached a "crossroads" and needs more flexibility to fix bugs, improve the desktop, and adapt to rapid changes across the Linux ecosystem. The upcoming development build, temporarily called Mint 23 "Alfa," is currently based on Ubuntu 26.04 LTS and includes Linux kernel 7.0, an unstable build of Cinnamon 6.7, and early Wayland related work.

Mint is also replacing the long used Ubiquity installer with "live-installer," the same tool used by Linux Mint Debian Edition, allowing the project to unify installation infrastructure across its Ubuntu based and Debian based variants. While the team frames the changes as an opportunity to improve quality and reduce maintenance overhead, the shift has raised questions about the project's long term direction and whether Linux Mint may eventually lean more heavily on its Debian roots rather than its traditional Ubuntu base.

Government

Google, Pentagon Discuss Classified AI Deal (reuters.com) 19

An anonymous reader quotes a report from Reuters: Alphabet's Google is negotiating an agreement with the Department of Defense that would allow the Pentagon to deploy its Gemini AI models in classified settings, the Information reported on Thursday, citing two people with direct knowledge of the discussions. The two parties are discussing an agreement that would allow the Pentagon to use Google's AI for all lawful uses, according to the report.

During the negotiations, Google has proposed additional language in its contract with the department to prevent its AI from being used for domestic mass surveillance or autonomous weapons without appropriate human control, the Information reported. The Pentagon will continue to deploy frontier AI capabilities through strong industry partnerships across all classification levels, a Pentagon official said, without confirming any talks with Google.

The Internet

IPv6 Usage Reaches Historic 50% Across Google Services 73

IPv6 usage briefly reached 50% across Google services for the first time, marking a major milestone for a protocol created in 1998 to solve IPv4's address shortage. Tom's Hardware reports: [...] IPv6 was dismissed early on as a headache-inducing, hard-to-implement complication that would hardly ever gain any traction -- despite offering 2^128 possible numbers, solving all network number assignments in one fell swoop. That changed over time by force of necessity, and Google's tracking graph shows that for a brief moment in time on March 28, 50% of worldwide users accessed the service over an IPv6 connection, marking a historic first. APNIC's stats show that the protocol is in use by 43% of the world, with Asia and the Americas inching ever close to those 50%. Cloudflare, meanwhile, shows that 40% of traffic is done in IPv6, an actually impressive figure if you consider it's measuring actual transferred packets rather than just counting addresses.

The tried-and-true IPv4 and its well-known 123.456.789.123 format from 1980 offers ~4.3 billion addresses in theory, and around 3.7 billion in practice. That always sounded like a lot, but nobody could have predicted just how rapid the explosion of the Internet would be. IANA, the entity controlling the North-American IPv4 space, ran out of IPv4 addresses around 2011, while its European equivalent RIPE NCC could spare no more four-octet addresses nearly seven years ago in 2019. Asian, African, and Latin-American IP registries equally ran out during that timeframe.
Technology

Researchers Induce Smells With Ultrasound, No Chemical Cartridges Required (uploadvr.com) 51

An anonymous reader quotes a report from UploadVR: A group of independent researchers built a device that can artificially induce smell using ultrasound, with no consumable cartridges required. [...] The team of four are Lev Chizhov, Albert Yan-Huang, Thomas Ribeiro, Aayush Gupta. Chizhov is a neurotech entrepreneur with a background in math and physics, Yan-Huang is a researcher at Caltech with a background in computation and neural systems, and Ribeiro and Gupta are co-researchers on the project with software engineering and AI expertise.

Instead of targeting your nose at all, the device directly targets the olfactory bulb in your brain with "focused ultrasound through the skull." The researchers say that as far as they're aware, no one has ever done this before, even in animals. A challenge in targeting the olfactory bulb is that it's buried behind the top of your nose, and your nose doesn't provide a flat surface for an emitter. Ultrasound also doesn't travel well through air. The solution the researchers came up with was to place the emitter on your forehead instead, with a "solid, jello-like pad for stability and general comfort," and the ultrasound directed downward towards the olfactory bulb.

To determine the best placement, they say they used an MRI of one of their skulls to "roughly determine where the transducer would point and how the focal region (where ultrasound waves actually concentrate) aligned with the olfactory bulb (the target for stimulation)". [...] According to the researchers, they were able to induce the sensation of fresh air "with a lot of oxygen", the smell of garbage "like few-day-old fruit peels," an ozone-like sensation "like you're next to an air ionizer," and a campfire smell of burning wood. While technically head-mounted, the current device does require being held up with two hands. But as with all such prototypes, it likely could be significantly miniaturized.

Slashdot Top Deals