news aggregator

Democratic lawmakers on Thursday blasted President Trump’s spending priorities – specifically a proposed $1 billion White House security and ballroom project and a nearly $1.8 billion “slush fund” for Trump allies tied to the January 6 Capitol riot – as his administration pushes deep cuts to cybersecurity funding. US Representative Delia Ramirez (D-IL) decried the president's priorities as Congress weighs reauthorization of the State and Local Cybersecurity Grant Program (SLCGP), a funding effort that began in 2022 and earmarked $1 billion to state and local governments over the next four years to help mitigate cyber risks. "Budgets are moral documents, and spending a billion dollars on a ballroom, which is what the president wants, or $1.7 billion to incentivize insurrectionists while we still are waiting for the reauthorization of this critical grant program, says a lot about where priorities are right now with this administration," she said during a House Homeland Security subcommittee hearing on state and local cybersecurity. Another Democrat on the committee, Rep. James Walkinshaw (D-VA), noted the US Cybersecurity and Infrastructure Security Agency (CISA) also eliminated federal support for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which used to provide free and low-cost threat detection and response services to state and local governments. The MS-ISAC has since shifted to a fee-based model to support the state threat sharing program. This means, as expert witness Samir Jain, VP of policy for the Center for Democracy and Technology, testified, “jurisdictions that most need the help are least likely to be able to afford it. Smaller jurisdictions, because if they don't have the resources and the money to join the ISAC, they probably also don't have the resources and the money to buy equipment, to buy network monitoring tools, to have cybersecurity staff. It's the ones who need it the most are the least likely to be able to get it as a result.” Walkinshaw also pointed out that CISA’s 2025 budget was about $3 billion. President Trump proposed slashing the cyber-defense agency’s spending by $707 million in 2027, to just over $2 billion. This is on top of the $135 million in cuts to CISA, along with about a third of its workforce (close to 1,000 people) since Trump returned to office. “So we are looking at a one-third cut in federal funding for cybersecurity,” Walkinshaw said. “If President Trump gets his way, we'd be spending a billion dollars for the ballroom and $1.8 billion for the January 6 slush fund – $2.8 billion just on those two items, $800 million more than his total commitment to cybersecurity.” Meanwhile, other expert witnesses who testified before the committee, all IT and security chiefs from Tennessee, New York, and Florida, implored the lawmakers to spend more – not less – on state and local infosec. “State and local governments operate critical systems that citizens rely on every day, including emergency services, schools, utilities, courts, and public infrastructure,” Tennessee CIO Kristin Darby told lawmakers. “Those systems are increasingly targeted by criminal organizations and nation-state actors,” she said, adding that “demand for cybersecurity support far exceeds the current funding levels.” As AI-enabled attacks, ransomware infections, and cloud-based system intrusions accelerate across Tennessee, “many local governments across our state have little or no dedicated cybersecurity staff,” Darby continued. “This creates a dangerous imbalance between highly sophisticated attackers and severely resource-constrained defenders.” New York state director of security and intelligence Colin Ahern urged lawmakers to “reauthorize and fully fund the state and local cybersecurity grant program, which is the single most consequential investment in the cyber protection of state and local governments in this country.” He also advocated for frontier-model AI access for state and local governments, which are tasked with protecting the power grid, drinking water supply, public health systems, and other critical operations. “We cannot do that while frontier defensive AI capabilities are restricted to federal partners and a handful of large enterprises,” Ahern said. “Cybersecurity is the silent partner of democracy,” he continued. “When the utilities, school districts, and state and local governments that constitute the operational fabric of American life are hollowed out by cyber attacks, the institutions that support our democratic life are hollowed out with them.” ®

Thousands of Chicago-area Zillow and Trulia listings disappeared after Midwest Real Estate Data cut off Zillow's access to its feed, "in the latest escalation of a legal battle with Lisle-based Midwest Real Estate Data (MRED)," reports the Chicago Sun-Times. "The fight is over MRED's private listing network, where homes for sale are shared among real estate professionals. And MRED followed through on a threat to cut Zillow's access to its listing data feed." From the report: There were nearly 5,000 Chicago homes listed on Zillow Tuesday, but as of Wednesday afternoon, that number plummeted to about 1,700. Meanwhile, other listing sites like Redfin and Realtor.com show about 5,000 to 8,000 listings in Chicago. MRED manages listings -- submitted by brokers -- throughout Illinois, as well as parts of Wisconsin and Indiana. The regional multiple listing service has more than 43,000 members and processed more than 264,000 listings worth $43 billion in 2025. The loss of listings on Zillow's websites have made a behind-the-scenes real estate industry fight public. And it now hinders some consumers in their search to buy a home, while also limiting the marketing opportunity for sellers. The legal fight is basically over who gets to control how home listings are marketed and displayed online. Zillow recently adopted a rule saying that if a home is marketed privately, such as behind a paywall, login, or private listing network, it should not also appear on Zillow. The policy, the real estate marketplace says, is meant to discourage "pocket listings," preserve transparency, and make sure buyers can see the full market. MRED sees it differently. It expanded its private listing network and partnered with Compass, which wants to give sellers more control over whether their homes are broadly publicized or marketed privately first. MRED argues that Zillow is violating MLS rules and licensing agreements by refusing to display certain listings, including private Compass listings. Consumers are now caught in the middle...

Read more of this story at Slashdot.

Vivaldi 8.0 is being pitched as the browser's "most significant design overhaul" yet, featuring a new unified, edge-to-edge interface, six preset layouts, and deeper customization across tabs, toolbars, panels, and themes. The company is also taking a swipe at rivals chasing questionable AI features. Neowin reports: After updating to version 8.0, Vivaldi will present you with the ability to select one of the six pre-built styles. You can select a minimal edge-to-edge theme, one with the UI fully hidden for focused work, or a power user variant with everything on the screen. The update comes with a built-in collection theme, and users are free to select one of over 7,000 community themes available on the official website. Vivaldi says that while other browsers were busy adding questionable AI features, it focused on "a foundation that no other browser can match" with flexible tab management, built-in productivity tools, and advanced customization. At the same time, Vivaldi does not force the new design onto its users, so those who prefer the previous user interface can go back to it at any moment in settings. "With 8.0, we have done something we have been working toward for a long time: we have given the browser itself a visual system worthy of everything it can do," says Vivaldi's CEO and co-founder, Jon Stephenson von Tetzchner. "With this update Vivaldi feels like one considered, coherent tool." You can download Vivaldi 8.0 and view the changelog at their respective links.

Read more of this story at Slashdot.

Google’s AI-powered transformation of its search engine will give the mega company a more captive audience than ever before - and what better way to turn those eyeballs into cash than by serving up new forms of AI-powered ads? Announcements out of the Chocolate Factory’s I/O AI fest continued Wednesday with the premiere of what the company called “a new generation of ads” tailor-made “for the AI era of Search” that it decided you definitely need earlier this week. As we mentioned in our earlier I/O coverage, Google announced what Search VP Elizabeth Reid called the “biggest upgrade in over 25 years” to Google Search. Those changes center on pushing Gemini 3.5 Flash deeper into Search and AI Mode, giving the engine the ability to “anticipate your intent” and surface more detailed AI-generated responses. That doesn’t mean AI Mode is being made the default, mind you. Google told The Register that standard search engine result pages are still going to be the default for anyone doing a typical Google search, though AI responses will be served alongside results, we’re told. Any web search that returns an AI Overview, on the other hand, will include an option to follow up with the Overview in AI Mode, and AI Mode with rich content input can be selected from the Search box as well. It’s here that Google’s beefing up its AI, letting it do the searching for you and surface whatever it’s been programmed to prioritize in a manner designed to keep you from clicking away, enabling Google to hand you more profit-generating content … er, helpful results. Those results will include “more helpful ads,” which will come in two varieties: Conversational Discovery ads, and Highlighted Answers. Regarding the Conversational Discovery ads, Gemini’s responses to specific questions will build ads “tailored to that search, highlighting specific relevant features.” Google cites the example of someone searching for a way to make their house smell fresher. Results for such a search could recommend deodorizing your house using, say, a $1 box of baking soda mixed with water or a simple 1:1 vinegar/water mix - or it could tell you how much you need a $20 reed diffuser, electric wax melter, or some other expensive product Google’s getting paid to flog. Highlighted Answers, on the other hand, means “highly relevant, high-quality ads are eligible to appear” on lists of recommendations delivered by AI Mode. What meets that threshold wasn’t mentioned, but Google told us that it’s using similar standards to its existing ad filtering, and the same auction mechanics to get the ads in front of eyeballs. Brands approved for Highlighted Answers will have their recommendations inserted into the end of AI Mode results, Google explained. The feature is currently in testing, with Google telling us it wants its placement to feel natural and add value to users' searches. Of course, just because the standard Google Search mode isn’t going away, contrary to the panic that Google’s announcements triggered this week, that doesn’t mean Google isn’t stuffing more AI ads into those results, too. AI-powered shopping ads that use Gemini to “pull up your most relevant products and instantly write a custom explainer highlighting why your product may be the right choice” are coming to Google’s standard search results pages in the coming months, as is the ability to “put a smart brand agent right inside your ad.” Those ads, for example, could be a chat window that provides answers on the content of a website, Google explained, “turning a practical interaction into a valuable lead.” Google said that it’s also expanding its Direct Offers program that allows retailers to offer user-tailored discounts and offers on products purchased via Gemini, giving brands more ways to motivate consumers to buy whatever they’re flogging without customers ever leaving Google’s ecosystem. Businesses that want to use these new AI advertising features will be encouraged to build campaigns around Google’s AI Max and Performance Max ad tools, naturally ensuring the Chocolate Factory keeps collecting its cut as it pushes advertisers deeper into the AI era of Search. Google assured us that people actually do want this, and that they really are gravitating toward AI experiences delivered through Google, even though they’re not always optional. The Chocolate Factory further told us that, despite ads featuring prominently across its various AI tools, ads never impact organic results. They’re just buried behind an ever-growing wall of AI schlock one has to weed through to find actual search results, and now even more ads. ®

Trump called off a planned AI executive order just hours before a signing ceremony because he said he was worried the framework could slow America's lead over China. "We're leading China, we're leading everybody, and I don't want to do anything that's going to get in the way of that lead," Trump told reporters. The Associated Press reports: The order would have established a framework for the government to vet the national security risks of the most advanced AI systems before their public release, according to a person familiar with the White House's deliberations with the tech industry but not authorized to speak about it publicly. The directive was being characterized as a voluntary collaboration with participating U.S.-based tech companies, including Anthropic, OpenAI and Google, the person said. There are competing factions within the administration, said Serena Booth, a computer science professor at Brown University and former AI policy fellow in a Democratic-led Senate committee. "We do see this kind of public fighting," she said. "'We will release an executive order. No, we won't. We're going to sign it this afternoon. Oh, the signing is canceled.' I think this whiplash is because we're seeing these fractures.'" Some of those divides are balancing what Booth said is a "reasonable idea" to test the most capable AI models before their public release, with a concern that government scrutiny, if it takes too long, could burden AI developers. "It does come at a potential very large cost to innovation and speed of development," she said. "There is, I think, a real risk here and I do see both sides." [...] "They don't want to do it because it's politically risky in a million different ways," said Dean Ball, now at the Foundation for American Innovation. Ball said he would welcome an executive order that would get those companies working more closely with the government on cybersecurity but "ultimately, I'm fine with them taking time to get this right."

Read more of this story at Slashdot.

You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use the API keys for up to 23 minutes after a user deletes them, creating a window of opportunity that, when combined with Google’s automatic billing tier upgrades, can devastate victims. “We've identified a substantial window where an attacker with access to a leaked Google API key can continue to misuse that credential, after the user believes the key is revoked,” Joseph Leon, a security researcher with Aikido, told The Register. “In that window, an attacker could run up charges, pull sensitive files uploaded to Gemini, and exfiltrate cached context.” Aikido tested the gap during 10 trials over two days. In each trial, researchers created an API key, deleted it, and then sent three to five authenticated requests per second until no valid response came back for several minutes. From the time a user deletes the Google API key to when it can no longer be used propagates gradually across Google's infrastructure, he said. Some servers reject the key within seconds while others keep accepting it for 23 minutes. What this means is that an attacker holding a deleted key can repeatedly send requests until one reaches a server that has not caught up, Leon said. If Gemini is enabled on the project, they can dump files that were uploaded and exfiltrate cached conversations. The paper cited a similar problem researchers disclosed in December involving AWS keys. In that case, after deletion, attackers had a four-second window to exploit, and researchers showed how they could create new credentials in that time. “Four seconds was enough to matter on AWS,” Leon wrote in the paper. “Given recent attention to Google API keys used to access Gemini, we set out to measure how long Google's API key revocation window remains open.” Flaws can hit devs with huge surprise bills The Register has reported numerous cases of Google API key abuse in which developers are suddenly hit with five figure bills after their credentials are compromised. The problem was compounded in April after Google reworked its billing policy to include spending tiers for users. While developers initially thought of it as a way to limit costs, Google automatically upgrades that spending tier to the next highest level without their knowledge. For users who have been working with Google for more than 30 days and have spent more than $1,000 over the lifetime of the account, their cap can be increased from $250 to $100,000 if their usage spikes – a windfall for crooks if the credentials fall into the wrong hands. Developers whose Google API keys were stolen told The Register that their bills rocketed up to five figures minutes after their credentials were stolen, as bad actors loaded up on Google’s Gemini models such as Nano Banana and its video production model Veo 3. Google issued refunds in the three instances that The Register brought to its attention, returning $154,000 to those developers. The victims told The Register that, during the attack, they were frantically trying to shut down the spending and turn off access to their projects even as costs climbed by thousands of dollars. Leon said in cases where a Google developer tries to shut off access to their account, deleting the API key will still give crooks time to inflict damage. “It's hard to put a dollar figure on it,” Leon told us. “The window averaged 16 minutes in our testing and stretched to nearly 23 at the worst. During that window, the success rate is wildly unpredictable. We saw minutes where over 90% of requests still authenticated, and others where fewer than 1% did. An attacker who knows this can send requests at high volume to maximize their odds of hitting a server that hasn't caught up. For Google API keys with Gemini access, the damage isn't just a compute bill. It's the files and cached context an attacker can exfiltrate before the key actually dies.” Using VMs, Aikido tested its findings across three Google Cloud regions – east coast US, western Europe, and southeast Asia – then they spot checked those results on different dates. For each trial, Aikido deleted a single API key and sent requests from each of the three VMs in parallel, Leon wrote in the paper. “VMs further from the US picked up the deletion faster, which is the opposite of what you'd expect. We can't say exactly why from the outside. Google's request routing is more complex than ‘VM region equals server region,’ and a VM in Singapore isn't necessarily talking to servers in Singapore,” the paper states. “But the pattern was consistent across trials, which points to something about regional infrastructure, caching, or routing affinity driving the difference.” The trial used keys with access to Gemini, but he observed the same behavior with keys scoped to other GCP APIs, such as BigQuery and Maps. Google has built faster revocation for other credential types, Leon said. He said Google’s service account API credential revocations propagate in about 5 seconds. Gemini's newer API key format – the one that starts with AQ – propagates in about a minute. “Both run at Google scale. Both suggest this is technically solvable for Google API keys, too,” Leon wrote. But Google told Aikido it has no plans to address the 23-minute gap researchers found with its other API keys. “After reviewing our report, they closed it as ‘Won't Fix (Infeasible)’ with the comment ‘the delay due to propagation of the deletion of these keys is working as intended,’ “ Leon told us. The Register has reached out to Google about this research, but has not yet received a response. ®

BrianFagioli writes: Flipper Devices has finally revealed Flipper One, a Linux-powered cyberdeck that sounds less like a gadget and more like an attempt to rebuild portable ARM computing from the ground up. Unlike Flipper Zero, which focuses on offline protocols like RFID and Sub-1 GHz radio, Flipper One is all about networking, modular hardware, SDR experimentation, local AI, and upstream Linux kernel support. The company says it wants to build "the most open and best-documented ARM computer in the world," complete with zero vendor BSP dependency and as few binary blobs as possible. That alone is enough to get Linux folks paying attention. The hardware itself is loaded with nerd bait: dual Gigabit Ethernet, Wi-Fi 6E, M.2 expansion for SSDs and 5G modems, GPIO add-ons, HDMI 2.1, and a dual-processor architecture pairing a Rockchip RK3576 with a Raspberry Pi RP2350 microcontroller. Flipper Devices is even developing its own small-screen Linux UI framework because squeezing KDE onto tiny touchscreens is miserable. The company openly admits the project is financially and technically terrifying, which honestly makes this announcement feel more believable than most startup hardware pitches. Whether Flipper One succeeds or not, it is one of the most ambitious Linux hardware projects in years.

Read more of this story at Slashdot.

GitHub's npm package registry has rolled out a publishing approval step to prevent the distribution of compromised packages before they can poison the software supply chain. Modern software development relies on imported bundles of code known as packages (and sometimes libraries or modules). In the past decade or so, miscreants have focused on gaining access to the accounts of package maintainers. Subverting a widely used package offers a fast track to malware distribution. Last December, amid the Shai-Hulud 2.0 campaign that compromised software packages, GitHub described a series of planned security measures intended to harden security for npm package publishers. One of the measures, staged publishing, has now been implemented. GitHub on Wednesday merged npm stage into npm CLI (v11.15.0) and has updated the registry documentation that describes the process. Staged publishing might also be called gated publishing – it requires a project maintainer to approve changes to a package that has been staged for release. It's been under discussion since 2020. "Instead of publishing directly with npm publish, you can submit packages to a staging area with npm stage publish," the documentation explains. "A maintainer must then review and explicitly approve the staged package — with two-factor authentication (2FA) via the CLI or npmjs.com — before it becomes publicly available." This process should have particular value for automated workflows, which typically don't include a way to authorize via 2FA. Automated workflows often rely on tokens for authentication, but these can be copied and stolen. Tokens that remain valid for long periods of time become attractive targets for cyberattackers. That's why GitHub did away with long-lived classic tokens and encouraged the use of short-lived session tokens and permission-limited access tokens for automation. GitHub's discontinuation of classic tokens hasn't gone all that well because short-lived tokens tend to expire at inconvenient times – no one likes having to regenerate tokens every 90 days or less and then go through the reconfiguration process. Staged publishing should make it easier for developers to set up maintainable workflows without burdensome re-authentication rituals. It gives package publishers the option to stage their package via automation and to delay the 2FA approval for publishing at a later date. GitHub offers trusted publishing as a way to establish trust between npm and the developer's CI/CD provider using OpenID Connect (OIDC) authentication. The OIDC mechanism still doesn't work when trying to publish a package for the first time, but together with staged publishing, the software supply chain looks a bit more defensible – so long as developers avail themselves of these tools. ®

Finding vulns just doesn't pay like it used to. At least one bug hunter who found an open source security flaw and reported it months ago via HackerOne’s backlogged Internet Bug Bounty (IBB) program finally got paid for his work - but at a drastically reduced reward rate. The security researcher found a medium-severity vulnerability that previously paid $1,843. As of Monday, HackerOne’s IBB pays $297 for the same severity level. Similarly, the new IBB cash prize for a critical vulnerability is $2,257, compared to the previous $9,250 reward. High-severity bugs now fetch $1,009, while they used to earn a $4,429 payout. And low-severity bugs earn researchers $68, compared to the previous $597 reward. HackerOne’s IBB remains on a break, and is not accepting new submissions. “The IBB program is currently paused while we evaluate adjustments to the program that will maximize value to researchers, sponsors, and the open-source ecosystem,” a spokesperson told us. “We remain committed to strengthening open source security through ethical security research.” When asked if AI-generated reports played a role in the pause and reduced reward amounts, a spokesperson didn’t give us a direct answer. “The Internet Bug Bounty is a unique, dynamic program where bounty levels automatically adjust based on the contributions from active participating sponsors,” the HackerOne spokesperson said. “Payouts under this program are regularly adjusted accordingly, as provided in the IBB program description.” Tale of two hackers Back in January, The Register talked with hacker Jakub Ciolek, who told us he reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne’s IBB program last fall. Both were assigned CVEs and fixed. Ciolek expected to receive about $8,500 for the two flaws - but instead HackerOne ghosted him for months, finally sending him an email after The Register reached out to the bug bounty platform. HackerOne thanked him for his patience and said his bug reports remain "pending reward processing due to a temporary operational backlog." Shortly after, we heard from another researcher in a similar situation. “I still hope to get some bounty some day for it,” the bug hunter told The Reg, noting that HackerOne set an end-of-March deadline to sort the backlog. On Wednesday, this hacker told us he finally received a bounty announcement and payout from HackerOne, although at $297, it was less than expected, as the payout amounts changed after they submitted their report. “I am glad I finally got something,” they said. Ciolek said he’s still waiting for any word from HackerOne, and told us repeatedly that this isn’t about the money. “The reduced payout is a symptom,” he said. “The economics of vulnerability reporting are changing very quickly.” Until just a few months ago, project maintainers - and bug hunters themselves, Ciolek included - dismissed this as an AI-slop problem. Recently, however, as models have gotten exponentially better at writing code and exploits, open source projects can’t keep up with the pace of bug reports, which still require humans to evaluate them. "Over the last few months, we have stopped getting AI slop security reports in the curl project,” Daniel Stenberg, founder and lead developer of curl, famously said in a social media post. "They're gone. Instead, we get an ever-increasing amount of really good security reports, almost all done with the help of AI." Linux kernel maintainer Greg Kroah-Hartman also noted in an interview with The Register how AI-assisted bug reports contained less slop and more valid concerns. On Sunday, Linux kernel boss Linus Torvalds declared that the project’s security mailing list has become “almost entirely unmanageable” due to multiple researchers using AI to find bugs and then filling the list with duplicate reports. “The recent Linux security mailing list situation is a clear signal: AI-assisted reports are increasingly real enough to matter, but numerous enough to overwhelm the people who have to validate and fix them,” Ciolek told us. “Bug bounties were supposed to reward what was scarce,” he continued. “That used to be discovery. Today, finding plausible bugs is becoming much cheaper, and generating reports is easy to scale. The expensive part is still very human: someone has to verify impact, deduplicate reports, decide whether something really crosses a security boundary, coordinate disclosure, and get a safe fix shipped.” While Ciolek says he’s sympathetic to changing economics, and overworked, underpaid open source project maintainers' capacity to investigate every serious-looking security report, the trust issue between researchers and bug bounty programs remains. “The trust issue here is that the change was effectively applied long after the work was already done, fixed, and publicly credited under a different expectation,” Ciolek said. “Responsible disclosure depends on researchers believing the process is predictable. The rules should not change after the work is complete. Serious researchers will price that in as risk, or they will stop participating.” Ciolek says he’s no longer actively doing bug bounty research - but will report serious issues as he finds them. “With the current flood of findings, I don't want to add more volume unless I'm confident the issue is serious enough,” Ciolek said. “In this AI-assisted era, the valuable work is no longer just ‘I found another bug.’ It is ‘I verified this matters and helped get it fixed.’ I think the original discovery-first bug bounty model is becoming obsolete. The next model has to reward more of the remediation cycle, not only the finding.” ®

An anonymous reader quotes a report from the Quantum Insider: The Trump administration is preparing a new round of industrial policy aimed at quantum computing, with roughly $2 billion in grants expected to go to nine companies developing quantum hardware and related technologies. According to Reuters, citing a Wall Street Journal report, the U.S. Department of Commerce plans to distribute the funding through deals that also give the federal government equity stakes in the companies receiving the awards. The approach would expand Washington's increasingly direct involvement in sectors viewed as strategically important to national security, advanced manufacturing and competition with China. Reuters reported that IBM is expected to receive the largest share of the package at about $1 billion. Semiconductor manufacturer GlobalFoundries is slated to receive approximately $375 million, according to the report. Other recipients are expected to include D-Wave Quantum, Rigetti Computing, Quantinuum and Infleqtion, with each company potentially receiving around $100 million, Reuters reported. Australian quantum startup Diraq could receive about $38 million, according to the Wall Street Journal report cited by Reuters. Fast Company notes in its reporting that IBM will invest the funds it receives into a new IBM company called Anderon. It will also match the grant with another $1 billion in cash. "Anderon will operate as a state-of-the-art 300-millimeter quantum wafer foundry," IBM stated in an announcement. "It will help the nation solidify its leadership at the center of a thriving new quantum industry that is estimated to generate up to $850 billion in economic value by 2040 and spur American economic growth while also bolstering national security." Quantum computing stocks soared after the news. As of publication, IBM is up about 9.7%, D-Wave is up about 28.1%, and Rigetti is up about 26.7%. Meanwhile, Global Foundries rose about 13.8% and Infleqtion jumped about 30.9%.

Read more of this story at Slashdot.

Spotify is launching "Reserved," a new feature that will set aside concert tickets for Premium subscribers it identifies as an artist's most dedicated fans based on streams, shares, and other activity. "Getting concert tickets today can feel like a race you're set up to lose," Spotify wrote in a post on Thursday. "You show up at the right time, refresh endlessly, and still miss out. Too often, the experience is stressful, unpredictable, and disconnected from what should matter most: whether real fans actually get tickets. We think there's a better way." From the Hollywood Reporter: Spotify said that starting in the U.S. this summer, select artists will be able to use Reserved to set aside tickets for fans on the platform. The platform has partnered with Live Nation on the program as part of a multiyear agreement. The platform will use streams, shares and other types of activity to "identify an artist's most dedicated fans and hold two tour tickets for them." Fans selected through Reserved will get up to two tickets, and they'll have a day-long window to make a ticket purchase if selected. Spotify didn't give any details on what artists will work with the streaming service for the new feature, or how many tickets artists would set aside with Reserved, though the service acknowledged "there will be significantly more superfans than there are seats available on a tour, so not every fan will receive an offer."

Read more of this story at Slashdot.

Generative AI apps and services are getting more expensive by the day as model devs grapple with surging infrastructure costs. A new generation of GPUs and AI accelerators promises relief from rising inference demand, but you won't see the savings. After years and billions spent building bigger and better models, the great AI houses are beginning to find tangible use cases for the technology beyond chatbots and image generators. Claude Code, Codex, GitHub Copilot, and the slew of other code assistants have arguably become AI’s biggest success story to date, but history tells us they won’t be the last. But success is a double-edged sword. The bit barns built with borrowed money to train the Sonnets, GPTs, and Geminis at the heart of these apps and services were never meant to serve them at this scale. Inference and training are very different beasts. Those selling the shovels of the AI boom are now racing to bring new hardware better suited to serving these models. Nvidia pulled $20 billion from its war chest to acquihire AI chip startup Groq for this very reason. And it's not alone; everyone, from AMD and AWS to Intel and Google, is rearchitecting their GPUs, AI accelerators, and systems to drive down the cost per token. Cheaper tokens mean better inference economics, higher margins, and the venture capitalists fanning the flames hope that OpenAI, Anthropic, and all the others might actually drag themselves out of the red one day. Your AI addiction is their opportunity There’s just one little problem. All that AI-optimized hardware isn’t quite ready yet. Much of it is promised for the second half of this year, but it takes time to work out the kinks and ramp supply chains, which means the bulk of these new systems won't have widespread deployments until early to mid 2027. But here lies a fleeting opportunity for the flag-bearers to see how addictive their products have become, and just how much the market will bear. If Nvidia and AMD are the arms dealers of the AI age, the model devs are the drug dealers: the first hit's free, the next ones are cheap, and before long you’re hooked. We’re already seeing this play out. With the launch of GPT-5.5, OpenAI doubled the price per token to $5 (input), $0.50 (cached input), and $30 (output) per million tokens. It didn’t take long for Google to follow suit. The Chocolate Factory’s newly-launched Gemini Flash 3.5 is between 3x and 6x more expensive than Gemini 3.1 Flash-Lite and Gemini 3 Flash Preview. These price hikes are further compounded by the fact that the agent harnesses being built atop these models are burning through tokens orders of magnitude faster than a typical chatbot. Flat rate pricing makes a lot of sense when the majority of your customers aren’t running up against usage caps. It makes a lot less sense when customers are spending $200 a month on $5,000 worth of tokens. Microsoft seems to have figured this out. It outright abandoned seat-based pricing for GitHub Copilot and began transitioning its customers to usage-based pricing. Anthropic appears to be rethinking its pricing model as well, but rather than moving to a pure usage-based pricing model, it’s considering watering down its subscription features. AI isn’t the payroll paradise execs were promised Executives who thought AI was going to replace a full-time employee for pennies on the dollar are in for a rude awakening. That's not happening and it probably never will. Not when Anthropic, Google, or OpenAI can charge the equivalent of $30 an hour in tokens and make the case it’s still cheaper than paying an employee $40 an hour plus benefits and unemployment insurance. Just wait, before long AI pricing will be marketed in dollars per full-time equivalent ($/FTE) instead of dollars per million tokens. AI may not be the sweet deal execs might have hoped for, but that hasn’t stopped large tech firms from laying off thousands in pursuit of the technology. The FOMO has never been higher, and, if there’s anything big tech loves, it’s leading by example. So far this month, we’ve learned: Meta is laying off about 10 percent of its global workforce, closing around 6,000 open positions, and reassigning some 7,000 workers to AI-focused divisions. Cloudflare is cutting more than 1,100 workers, citing increased reliance on AI. Cisco is letting about 4,000 workers go because, as its CEO Chuck Robbins put it, “The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest.” Even New Zealand has revealed plans to use AI to sack around 9,000 government workers. Competition won’t save us Competition, it’s said, is the cure to high prices, but for that to happen, there has to be a profit margin to shave and so far the top model devs are all running deep in the red. Hyperscalers have the advantage here. They can lose billions on AI investments for years while leaning on other product divisions to keep their shareholders from staging a riot. But it is probably not the death knell for Sam Altman’s hypemaxing or Dario Amodei’s sanctimonious posturing. Someone still has to build the models. Microsoft, Meta, and AWS are dabbling in model training, but have yet to show they can compete with OpenAI or Anthropic in any meaningful way. Google is really the standout in this respect. Gemini routinely trades blows with GPT and Claude, and after this week’s I/O, it’ll be practically inescapable. If history tells us anything, the AI boom and inevitable bust will follow a familiar trajectory. Competition abounds in a bubble, but once it bursts, consolidation is inevitable. ®

Waymo has paused service in Atlanta after one of its driverless cars entered a flooded street and got stuck. It follows a similar pause in San Antonio that prompted a recent software recall (PDF) over flood avoidance. TechCrunch reports: Waymo admitted that it hadn't finished developing a "final remedy" for avoiding flooded areas when it issued its software recall last week. Instead, the company said that it shipped an update to its fleet that placed "restrictions at times and in locations where there is an elevated risk of encountering a flooded, higher-speed roadway," according to documents released by the National Highway Traffic Safety Administration (NHTSA). But even those precautions apparently were not enough to stop the Waymo robotaxi from entering the flooded intersection in Atlanta. Waymo told TechCrunch on Thursday that the storm in Atlanta produced so much rainfall that flooding was happening before the National Weather Service had issued a flash flood warning, watch, or advisory. The company said its fleet those alerts are part of a larger set of signals it relies on to prepare the vehicles for poor weather.

Read more of this story at Slashdot.

Who needs a minister when you have an LLM? America’s Christian population appears to have found God in precisely the place you’d expect a manifestation of the divine to be spotted in 2026: Amid AI chatbot responses. A survey of Americans published this week by Evangelical polling outfit Barna sought to discover what Christians thought about AI’s ability to serve as a spiritual mentor, and the split is surprisingly even: A full 48 percent of practicing US Christians told the organization that they trusted AI’s advice to aid their spiritual growth. Potentially more surprising than that, 34 percent said spiritual advice dispensed by an AI was just as trustworthy as what they'd get out of a flesh-and-blood pastor. That share rises, unsurprisingly, among younger Christians, with 39 percent of Gen Z respondents and 44 percent of Millennials agreeing that preachers and AI are at trust parity. Pastors themselves, it likely won’t surprise you to learn, are splitting sharply from their flocks on the matter of AI’s ability to fill their roles in the lives of congregates, with just 12 percent saying they agree that AI can help people grow spiritually. That said, there’s a pretty serious tension among American Christians when it comes to AI. At the same time half say it’s aiding their spiritual journeys, most also expressed concerns about negative effects of AI on spirituality. A full 83 percent of practicing US Christians believe AI is likely to misinterpret scripture, 73 percent are worried AI will cause loss of religious faith, and 72 percent believe that AI is beginning to act as a replacement for God and earthly spiritual leaders. “Christians say they trust AI with spiritual growth, and a meaningful share say its spiritual guidance is as trustworthy as a pastor’s—yet large majorities are simultaneously concerned about AI misinterpreting scripture, replacing God, or undermining the role of spiritual leaders, Barna VP of research Daniel Copeland said of the findings, which he called “confounding.” “That level of openness is higher than we might have expected,” Copeland added in the Barna’s report. Worshipping at the altar of Altman AI and religion have been butting heads for the past couple of years, with the Catholic Church particularly outspoken about the technology. The late Pope Francis called on world governments to establish global AI regulations in 2023, as well as calling on people to avoid turning to AI models for moral and ethical decisions. Vatican AI authority Friar Paolo Benanti later accused Silicon Valley elites of playing God with their creations, AI included, noting that “the focus will always be on using AI for profit,” which - according to the good book itself - isn’t compatible with Christianity. That hasn’t stopped some of God’s faithful from creating an AI Jesus and Christian AI platforms, and the new Pope, Leo XIV, has continued his crusade against the technology. "By simulating human voices and faces, wisdom and knowledge, consciousness and responsibility, empathy and friendship… artificial intelligence [could] not only interfere with information ecosystems, but also encroach upon the deepest level of communication, that of human relationships,” Leo said earlier this year. Leo further expressed worry that AI was turning people into “passive consumers of unthought thoughts,” and that’s not even to touch on the fact that AI has a tendency to make stuff up to appease its questioners, potentially leading the spiritually curious into full-blown episodes of psychosis aided by a digital yes-man in the guise of an authority. ®

Microsoft has hired games analyst and investor Matthew Ball as Xbox's new chief strategy officer. With a long track record of analyzing the video game market and industry's biggest shifts, Ball's background could help Xbox rethink its hardware and console strategy at a moment when competition is tougher than ever. Engadget reports: Ball is a venture capitalist and tech industry consultant with a well-documented history of analyzing emerging digital economies and the video game market. He was most recently the CEO and founder of Epyllion, an advisory firm and digital production house that also runs a large-scale metaverse investment fund, and he publishes regular breakdowns of the industry's biggest players and trends, including an annual State of Gaming report. Ball is the author of The Metaverse, a book beloved by Tim Sweeney, Mark Zuckerberg, Karlie Kloss and, not awkwardly at all, former Xbox head Phil Spencer.

Read more of this story at Slashdot.

Flipper Devices has announced the Flipper One, an ARM-based Linux computer built around openness, though its price tag may give you pause. The computer is not a successor to the Flipper Zero, according to the manufacturer, despite the visual similarity. Whereas the Flipper Zero was more about hacking anything from NFC cards to infrared controls and RFID devices, the One is a full-fledged Linux computer. The device uses a Rockchip RK3576 as its main CPU, and a Raspberry Pi RP2350B microcontroller to take care of the on-device controls and the 256 x 144 grayscale screen. There is also a pair of USB-C ports (one to charge the device), a USB-A port, and a full-size HDMI connector. Rounding out the package are two Gigabit Ethernet ports, a MicroSD card slot, and a 3.5 mm audio jack. The device has 8 GB of LPDDR5 memory and 64 GB of internal storage. There's also Wi-Fi and Bluetooth. For users keen to expand the device, there is an M.2 port and GPIO connectors. The device's cost is tricky – the aim is $350 for the base configuration without the cellular module. However, considering the volatility of chip prices at the moment (and the relentless rise in memory costs), the final figure might be different. The first prototype arrived earlier this year, and the inevitable Kickstarter campaign is due at the end of the summer. The question is whether it is a worthwhile investment. The price elevates the device firmly out of the impulse purchase category, but its flexibility does have appeal. The HDMI port makes it a useful media box for connecting to televisions. It could also serve as a Linux workstation, and all the networking interfaces make the device a "multi-tool," as the company put it. Flipper Devices suggests use cases including VPN gateway, Ethernet sniffer, and USB Wi-Fi/Ethernet adapter. As if to emphasize the clear blue water between the Zero and the One, there is no NFC reader or RFID onboard – hopefully an M.2 peripheral will handle that, or users can fall back on a Zero. Flipper Devices plans to keep development running – the Zero and One are very different categories of device. Things get more interesting on the software front. Flipper Devices is aiming for full mainline Linux kernel support and has partnered with Collabora to bring the RK3576 SoC into the mainline kernel and give Flipper One full upstream support. "The current state of ARM Linux is depressing," it wrote. "Every vendor bolts on their own custom mess: closed boot blobs, vendor-specific patches, 'board support packages' that nobody outside the chip maker can really understand. "You can no longer just read the specs and understand how computers work – you can only learn the workarounds for one specific chip with one specific BSP. We're sick of this ourselves, and we don't want to be part of the problem by shipping yet another product that just adds to the mess." But first you have to ship it. Calling the Flipper One a "community-driven project," Flipper Devices added: "We've made the entire development process open – so you can see how things are built and even take part in shaping Flipper One's future." While the project has now been officially announced, prospective purchasers should keep in mind that there are no guarantees about what (if anything) will actually ship. And, of course, one should always exercise caution when backing Kickstarter projects. In the announcement, Flipper Devices boss Pavel Zhovner wrote: "There's a lot of uncertainty in this project, along with technical challenges and financial risks (like the current RAM chip crisis). "I don't know if we'll be able to do everything we've planned, but we'll give it everything we've got. Thank you all, and welcome to a new adventure." ®

An anonymous reader quotes a report from TechCrunch: OpenAI claims its new reasoning model has produced an original mathematical proof disproving a famous unsolved conjecture in geometry, which was first posed by Paul Erdos in 1946. If this sounds familiar to you, it's because this isn't the first time OpenAI has made such a bold claim. Seven months ago, the AI giant's former VP Kevin Weil posted on X: "GPT-5 found solutions to 10 (!) previously unsolved Erds problems and made progress on 11 others." It turns out, GPT-5 didn't actually solve those problems; it just found solutions that already existed in the literature. Taunts from rivals like Yann LeCun and Google DeepMind CEO Demis Hassabis followed, and Weil promptly took down his premature post. Today, at least, it seems OpenAI didn't make the same mistake twice. Alongside the announcement, the company published companion remarks (PDF) in support of the disproof from mathematicians like Noga Alon, Melanie Wood, and Thomas Bloom, who maintains the Erdos Problems website, and previously called Weil's post "a dramatic misrepresentation." [...] The proof, per OpenAI, came from a new general-purpose reasoning model, not a system specifically designed to solve math problems or even this problem in particular. OpenAI says this is significant because it means AI systems are now more capable of holding together long, difficult chains of reasoning and connecting ideas across fields in ways researchers may not have previously explored. That has implications for biology, physics, engineering, and medicine.

Read more of this story at Slashdot.

A "state of Web Dev AI" survey shows that nearly half of web developers worry AI will displace their jobs, with one stating "it will be devastating to our sector." The survey of 7,258 developers is the second on this topic to be conducted by Devographics, home of other surveys including State of JavaScript and State of CSS. There are big changes since the first in early 2025, when the majority of respondents used AI to create less than 25 percent of their code, whereas today 63 percent of devs use AI to generate more than half their code. Over a quarter of respondents (27 percent) use AI for 90 percent or more of their code. Code generation is the top AI use case, followed by code review, research, and debugging. The researchers gathered respondents from those who had completed previous surveys plus others contacted via social media, and state that the topic may have "biased the respondent set towards developers who do have an interest in AI." Regarding job security, a common view is that although developer skills remain relevant in an AI world, their bosses may be convinced otherwise and let them go. "AI companies can convince employers that AI can take my job, even if it can’t," said one. Another commented that they "already had to search for a new one, because my job as designer and frontend dev got cancelled for AI." There is concern over loss of skills as junior hires decrease. "Companies will rather spend the money on AI than train employees," one commented. The most used model provider is ChatGPT (88.4 percent), just ahead of Anthropic’s Claude (82.1 percent). When it comes to paid subscriptions though, Claude is the winner (69 percent), followed by ChatGPT (49 percent) and Google Gemini (32 percent). Despite increased usage, the respondents are by no means AI enthusiasts. Use of AI for image generation has fallen since last year, from 38 percent to 37 percent, and some respondents have ethical objections. "I do not use image generators on principle," said one, and another claimed "AI image generators are built entirely on stolen images." A general section on AI risks revealed a multitude of concerns: while job displacement topped the list, military use of AI, environmental impact, and AI slop takeover were not far behind. Security issues and rising costs were also areas of unease. The survey limited respondents to three top choices; many comments showed that they would have liked to pick more. From a technical perspective, the biggest issues cited were hallucination and inaccuracies (64 percent); poor code quality (53 percent) and lack of context (38 percent). It is a strangely mixed picture, with respondents expressing strong reservations about the overall impact of AI, while at the same time becoming dependent on it. 74 percent agreed AI tools are integral to their workflow, and 64 percent felt they were more productive thanks to AI. 88 percent feel the quality of AI tools has improved significantly year on year.®

AWS is pushing its European Sovereign Cloud, revealing some of the customers it has signed up to operate sensitive workloads on the platform and the continent's over how much sovereign control over data the Amazon subsidiary really offers. The service became generally available to European customers in January, amid growing alarm over the Trump administration’s open hostility to Europe and the continent's near-total dependence on US cloud platforms. AWS claims the European Sovereign Cloud represents a physically and logically separate cloud infrastructure, with all components located entirely within the EU. It started with just a single Region, located in the state of Brandenburg, Germany, but plans to extend its footprint across the EU. Organizations that have signed up for the service include University Hospital Essen, Schufa, a German credit information bureau, and smart energy and water meter biz Diehl Metering. Schufa has built a new credit scoring system that uses the AWS Cloud to hold the sensitive financial data of more than 69 million German consumers, while Diehl is operating services such as monitoring and billing for its public sector customers, helping critical infrastructure like waterworks and municipal utilities to manage water and energy data from a single centralized system. University Hospital Essen says it is using the platform for working with patient health data and also developing new AI technologies to improve patient care. “The AWS European Sovereign Cloud will support this mission by allowing us to work with health data at scale, while meeting German and European sovereignty expectations,” said Prof Jens Kleesiek, the hospital’s director of its Institute for Artificial Intelligence in Medicine, in a statement. There are, however, legitimate doubts about whether clouds operating under the aegis of any US company can really offer full sovereignty in Europe. Concerns often center on the US CLOUD Act, under which the authorities can compel any American organization to provide access to data they hold - including data stored outside the United States - subject to due legal process. An AWS spokesperson told The Register earlier this year that its European Sovereign Cloud includes multiple layers of protection – legal, operational, and technical – to safeguard data; that not even AWS employees can access customer data; and that it provides advanced encryption to allow customers to protect their content. A Microsoft executive was forced to admit under oath in a French Senate inquiry last year that it cannot guarantee data on French citizens would not be handed over to the American government if requested, and the same US legal rules – namely, the US Cloud Act – apply to AWS. “The AWS ESC is a fully isolated infrastructure with a separate legal entity in Germany. Although it does offer a certain level of legal insulation, it is still entirely owned by the US mother company. This is an important limitation to its immunity from the CLOUD Act and other US-led prescriptions,” said Forrester senior analyst Dario Maisto. Technology biz Thales unveiled on Thursday that it is launching its own European sovereign cloud service in Germany, working with Google Cloud. This is based on the model already used by S3NS, a Thales subsidiary, whereby Google Cloud software and services are operated on dedicated local infrastructure controlled by a local entity. In this case, Thales says it will be a new German entity, legally and operationally independent from Google Cloud, that will be staffed and managed by local German personnel. It is available in preview now and aims for general availability by the end of 2026. This new arrangement is perhaps because there are still doubts over whether the S3NS platform is entirely free from potential CLOUD Act interference. “The joint venture between Thales and Google - S3NS - offers (some) Google services on French sovereign infrastructure. The JV is owned for its vast majority by Thales, which is basically a French government-owned company. This legal configuration grants much better legal insulation and immunity from the CLOUD Act, although this is yet to be tested in court since Google still has a minority share,” Forrester's Maisto told The Register. The CLOUD Act worries have little to do with sovereignty in its strictest sense, he added, but rather with data privacy and data protection, which is regulated under the US-EU data privacy framework. Earlier this year, the European Commission awarded four contracts to Europe-based tech firms designed to advance cloud sovereignty in the EU, while spending on sovereign cloud infrastructure services is forecast to more than triple from 2025 to 2027. ®

The UK Post Office has awarded Accenture and OneView Commerce contracts worth £410 million to replace its troubled Horizon systems, which contributed to one of the most serious miscarriages of justice in British history. Accenture has won the bidding to replace incumbent supplier Fujitsu — which built the error-prone PoS and finance system starting from 1996 — on a so-called Walk In Take Over basis. It is set to stabilize services and upgrade software as it prepares for a complete business transformation and manages the migration to new SaaS. Its deal is worth £269 million for five years plus two optional single-year extensions, according to a procurement notice. The lesser-known OneView Commerce — a provider of retail and inventory management SaaS — has won the £141 million agreement to provide software to “transform [the Post Office's] retail technology platform to meet evolving business, operational, and customer requirements,” according to a tender notice. The system is set to be cloud-hosted, in an AWS or equivalent environment, and allows bespoke customization according to the Post Office's needs. It is expected to include ePOS, mobile services, customer engagement and insight, and self-service kiosks, among other features. The Post Office began rolling out the legacy Horizon IT system for accounting in 1999, along with two subsequent upgrades. From 1999 until 2015, around 736 subpostmasters were wrongfully prosecuted and convicted over errors resulting from the computer system, devastating lives in the process. A statutory inquiry into the mass miscarriage of justice launched in 2021 is ongoing. Its first report was published in July last year, finding that senior Post Office staff in the UK – and those working for suppliers Fujitsu and ICL – knew or should have known about the defects causing errors in the Horizon system. It also found that 13 lives were lost through suicide, most likely as a result of the Post Office prosecutions, in which Fujitsu assisted. In May 2025, the state-owned company gave up on its plan to build a replacement for Horizon in-house and launched the £410 million procurement process, which Accenture and OneView Commerce would win. Failed bidders included IBM and Escher Software, a provider of retail and ecommerce software. ®