TheRegister

Microsoft has announced a new, Fedora-based Linux distro for Azure VMs, while Fedora has consigned the Deepin desktop to the bin. Fedora decided to remove a component maintained outside Red Hat. In the same week, another external company - granted, a slightly better-known one - decided to rebase one of its projects onto Fedora as its upstream distro. It’s the circle of life, or something. Fedora 💔Deepin Seven years after it added the Deepin Desktop Environment in Fedora 30, Tuesday's FESCo meeting decided to drop Deepin from the distro. The minutes say: AGREED: Retire all packages maintained by the deepinde-sig group The decision comes one year after the project called for a security review of the Deepin Desktop Environment, after openSUSE dropped the desktop following a negative security assessment. We reported on that decision at the time. SUSE asked Deepin for feedback, but didn’t get good enough answers – for which, some months later, the Chinese project issued an apology. Linux Deepin is very much still around: we most recently looked at version 25 in January, and, back in 2023, the project claimed it had passed three million installs of its paid Tongxin UOS desktop edition. It’s a very pretty Windows-like desktop environment, but it never made it to having its own Fedora spin – and it certainly won’t now. Microsoft ❤️ Fedora But as one door closes, another opens. Fedora is still winning new friends and allies, and mere days earlier, there was a surprise announcement at the Open Source Summit North America, which as we write is winding down. On Monday, Microsoft announced a new version of its in-house Linux distro, Azure Linux 4, along with a companion distro called Azure Container Linux. There have been products called Azure Linux for quite a while. It’s based on the much more minimal CBL-Mariner distro, which we tried in 2022. The Register reported on Azure Linux becoming generally available in 2023, and then on the release of version 3 in 2024. We also knew back then that the company was working on turning it into a more general-purpose server OS: we reported on it migrating LinkedIn to Azure Linux in place of CentOS Linux that same year. There isn’t very much information about Azure Linux 4 yet; the broader rollout will be at the Microsoft Build conference next month. For now, all you can do is fill in a form to register your interest. However, the announcement reveals that version 4 switches to Fedora as its upstream distro. It was already based on the RPM packaging tools, hinting at some Red Hat or SUSE heritage in there somewhere. There’s slightly more information about Azure Container Linux. This is a separate distro, an immutable host OS for running containers. The announcement says “Azure Container Linux is based on the Flatcar project.” Flatcar is the continuation of CoreOS Container Linux, which The Reg has covered since it released its first version in 2014. As Linux Weekly News reported that year, CoreOS was based on Google’s ChromeOS, but redesigned to host containers. Red Hat acquired CoreOS in 2018, and then two years later, discontinued Container Linux. It replaced the Google and Gentoo-based distro with a new one based on Red Hat’s own immutable tool chain, called Fedora CoreOS. German FOSS consultancy Kinvolk forked the CoreOS code and continued development under the name of Flatcar Container Linux. Kinvolk was acquired by Microsoft in 2021, but continued to work on Flatcar. Now it seems that, with the announcement of Azure Linux 4 as well as Azure Container Linux, Microsoft has two separate in-house distros: one based on Fedora, and one based on ChromeOS. For now, Flatcar is still trundling along the tracks just fine, but we suspect some future consolidation may be coming down the line. ®

Pour one out for the Gemini Command Line Interface. Come June 18, the open source development agent will stop serving most users in favor of the new Antigravity CLI, and developers aren’t happy that the replacement is far less open than the old tool. Google announced the Antigravity CLI at Google I/O this week, billing it as a way for the Chocolate Factory to unify its efforts in developing a command line interface for AI agents. One of the key arguments Google makes in a post about transitioning from Gemini CLI to Antigravity CLI is that the new one has improved support for multi-agent environments, but the company isn’t giving most of its users much of a choice on whether to switch. “On June 18, 2026, Gemini CLI and Gemini Code Assist IDE extensions will stop serving requests for Google AI Pro and Ultra, as well as those using it free of charge using Gemini Code Assist for individuals,” the Gemini CLI team wrote in their announcement of the transition. The change also affects Gemini Code Assist for GitHub, which won’t allow new installations beginning June 18, and will stop serving requests in the following weeks. Enterprises appear to be getting a pass, however, with Google noting that those using Gemini CLI or its IDE extensions through a Gemini Code Assist Standard or Enterprise license won’t see any changes in their access, nor will Gemini Code Assist for GitHub users accessing the tools through their enterprise Google Cloud accounts. “Gemini CLI will remain accessible via paid Gemini and Gemini Enterprise Agent Platform API keys,” Google explained. For everyone else, sorry: It’s Antigravity CLI or bust, but don’t expect the same experience. “There won't be 1:1 feature parity right out of the gate” between Gemini CLI and Antigravity CLI, Google added. Agent skills, hooks, subagents, and extensions are all being supported by Antigravity CLI at launch. But other stuff may take time to arrive, if it does at all. Pray we don’t alter the deal any further Take a look at the Gemini CLI GitHub page, and you'll find all the code that made it possible - it is an open-source project, after all. Surf over to the Antigravity CLI GitHub page and all you’ll see is a change log, readme, and a GIF file demonstrating the tool’s appearance. That’s right: Antigravity CLI isn’t open source - at least not from what Google has published so far - and it took developers no time at all to notice. Gemini CLI Lead Product Manager Dmitry Lyalin took to GitHub to make an announcement detailing some additional info about the forced CLI tool migration, and the comments are rife with people frustrated by the move. No small portion of the vitriol is targeted at apparent usage limits, with multiple people reporting they’d hit their weekly quota with just a couple of requests. The issues page for Antigravity CLI similarly has numerous posts asking Google to look into usage limits. Other posts accuse Google of using open-source contributions to improve a new closed-source product and generally express frustration with Google for killing yet another thing customers relied on. At the same time, Lyalin teased developers by telling them that, no, Gemini CLI isn’t truly gone if you’re willing to pay top dollar for it. “The project remains available to the community as an Apache 2.0 licensed repository with no changes,” Lyalin noted in his GitHub post. “You will continue to see us work on GitHub as we keep Gemini CLI updated with latest model releases, bugs and security fixes for our enterprise customers.” Now please open your wallets if you want access to this open-source product. Google didn’t respond to questions for this story. ®

Software platform Plex is killing its buy-once-use-forever model with an eye-watering hike of its Lifetime Plex Pass from $249.99 to $749.99. The increase will take effect on July 1, but does not apply to existing Lifetime Plex Pass holders. The existing monthly and annual subscription pricing for the service is also unchanged, suggesting Plex really would rather you subscribed. Lifetime Plex Passes used to cost $74.99, before increasing to $149.99 in 2014. It later fell back to $119.99 before jumping to $249.99 in April 2025. Just over a year later, the price is heading to $749.99. Plex is used primarily as a media server. Load it up with content and point clients at it. The project has its origins in the Xbox Media Center (XBMC) from which it was forked. The server software runs on Windows, macOS, Linux, and several network devices, and the client runs almost everywhere, including iOS and Android devices. Remote access to a Plex media server used to be free, but in 2025 Plex shifted that functionality to its paid tiers. Other paid-tier functionality includes hardware transcoding and media file downloads. "We've considered eliminating the Lifetime Plex Pass," Plex wrote. Considering the hike, it might as well have. An annual subscription costs $69.99, meaning it will take more than a decade before that $749.99 pays off. Unless, of course, Plex increases the subscription cost in the future. The increase is the latest in a long line of price hikes from media companies, though it is among the most extreme. Plex has made no secret of the fact that "recurring subscriptions help us sustain long-term development" – hence the attempt to make the one-off lifetime payment less attractive. The jump might be eye-watering, but it also reflects a growing realization across the tech and streaming industries. One-off payments don't cut it anymore and ads aren't enough, so a subscription is the way to go to sustain development. Although existing Lifetime Plex Pass customers are not affected, the hike highlights how important subscriptions have become across all sectors (we can't see Microsoft weaning itself off Microsoft 365 any time soon) and what "lifetime" actually means. ®

Meta's massive role reshuffle begins today, with thousands of staff being transferred to AI-focused teams and their managers reportedly laid off. The tech giant is reassigning 7,000 workers to AI projects, eliminating around 10 percent of its current workforce, and closing 6,000 open positions, according to Reuters, which saw copies of the internal memos. The workforce changes, the latest in a series of moves that started 2022, will affect roughly 20 percent of Meta's approximately 78,000 employees. Janelle Gale, Meta's chief people officer, penned the memos to affected staff. Some have already begun their new AI-related duties, while the rest will be told of their fates today, she reportedly said. "As org leaders worked on the changes, many of them incorporated AI-native design principles ⁠into their new org structures," Gale's memo read. "We're now at the stage where many orgs can operate with a flatter structure with smaller teams of pods/cohorts that can move faster and with more ownership." This flatter structure will involve, in part, managers being either laid off or moved into roles where they are producing work instead of overseeing teams. Previous memos sent to staff in April stated that top engineers – those who represented the company's "strong software engineering talent" – were being "selected" for brand-new divisions within the business. Among these were the Applied AI Engineering and Agent Transformation Accelerator units, as well as Central Analytics. Once famed for letting its staff pick and choose their projects, Meta said those selected for this new AI mission had no say in the matter. Responding to an employee's question, Maher Saba, VP of AAI Engineering, wrote: "AAI is one of the company's highest priorities and we're resourcing it by moving our strongest talent to address it. Therefore, the transfers aren't optional." Both AI units were established for engineers to develop AI agents capable of automating and taking over duties previously undertaken by human employees. Those transferred to Central Analytics will work on ways of assessing productivity and analytics for agent development. According to Gale's memo, another new unit called Enterprise Solutions will soon be established, but Meta has not yet revealed details. The Register asked Meta for a statement, but it did not immediately respond. The Great Flattening Gale's language regarding "flatter structures" echoes chief Mark Zuckerberg's wording from Meta's January earnings report, promising to flatten teams over the coming year. "We're elevating individual contributors, and flattening teams," Zuck wrote in a post-earnings note on January 28. "We're starting to see projects that used to require big teams now be accomplished by a single very talented person. "I want to make sure as many of these very talented people as possible choose Meta as the place they can make the greatest impact – to deliver personalized products to billions of people around the world. And if we do this, then I think we'll get a lot more done and it's going to be a lot more fun." Reports surfaced around the same time about a major round of job cuts at the company, equivalent to 20 percent of its workforce, or around 15,000 roles, but it was unclear when or if this would materialize. Meta's latest round of layoffs follows a smaller-scale round in March, affecting 700 roles across Reality Labs, the social media division, and recruitment. The changes come against a backdrop of Meta investing heavily in AI, with the company saying it plans to spend between $162 billion and $167 billion this year, up from $118 billion in 2025. The company has reportedly also tried tempting top AI talent to join its ranks with nine-figure pay packets, and ex-OpenAI players with $100 million sign-on bonuses. The revolt Meta slashing roles to embrace AI replacements has led to protests across its Menlo Park HQ and internal Workspace comms platform, Reuters reports. First announced in April, Meta said it would be tracking mouse clicks and keystrokes to train AI rather than assess staff productivity. A company spokesperson told the BBC: "If we're building agents to help people complete everyday tasks using computers, our models need real examples of how people actually use them." They said the data is not used for any other purpose, and there are safeguards in place to protect sensitive content. But Meta staff have expressed their disdain for the changes in various ways, including by setting up an online petition – which now has over 1,000 signatures – and plastering flyers all over US offices referring to the company as an "Employee Data Extraction Factory." ®

The UK government may move to forestall objections to datacenter projects via an overhaul of planning regulations that would shield critical energy and infrastructure buildouts from legal challenges. Finance minister, Chancellor of the Exchequer Rachel Reeves, is preparing to unveil reforms allowing Parliament to designate key projects as having critical national importance to prevent them from being subject to judicial review. "For too long, vital infrastructure delivery has been delayed by judicial reviews of projects," a spokesperson for HM Treasury said in a ⁠statement. The Chancellor "is clear that Parliament must take back control to get Britain building the ⁠power plants, wind farms and grid connections that will bring ⁠bills down, strengthen our energy security, and ⁠deliver growth in every part of our country." This does not explicitly mention datacenters, but as The Register has reported previously, massive server farms have already been lumped in with energy generation as projects to be urgently fast-tracked by government. Back in 2024, server farms were given Critical National Infrastructure (CNI) designation - a move that a government a civil servant warned would allow the authorities to override opposition to datacenter sites by local residents. Last year, a datacenter project management biz urged the government go a step further and categorize large datacenter developments as Nationally Significant Infrastructure Projects (NSIPs). This would shift decision-making from local authorities to the national level, potentially expediting approvals for large projects, while removing any say that local residents may have in developments that affect them. Parliament’s Public Accounts Committee also published a report last year on Treasury plans to implement stronger governance to speed large infrastructure schemes, criticizing it for not including “technically complex” projects such as those involving “digital transformation and artificial intelligence (AI),” despite the government’s focus on these to deliver economic growth. Some are already welcoming the planning reforms before they have even been officially announced. “Today’s announcement is the right thing to do if we are serious about growth, energy security and getting Britain building again,” said Ben Brittain, director of public affairs at the Association for Consultancy and Engineering (ACE). “For too long, critical infrastructure projects have been delayed by blockers, layers of uncertainty and lengthy legal challenge, driving up costs and holding back investment." But the government should be wary, as public sentiment is turning against the growing number of datacenters being built and the AI technology that is driving their construction. Putting them beyond the reach of any legal challenge could easily exacerbate this. In America, for example, a recent survey found that people would sooner see a nuclear power plant sited in their locality than a datacenter. Gunshots were also fired at the home of an Indianapolis councilor who backed plans for a server farm in his area. In the UK, there have been protests against various datacenter building projects. Activist group Global Action Plan organized several at the end of February at sites including Iver in Buckinghamshire and Potters Bar in Hertfordshire where recently announced campuses are being constructed. HM Treasury had not responded to our requests for further information at the time of publication. ®

Microsoft has confirmed that SMS is on the way out as a method of authentication and recovery for personal Microsoft accounts. Fraud and dubious security were cited as reasons for the move: "SMS authentication is vulnerable to phishing and SIM-swap attacks." Passwordless accounts, passkeys, and verified email are the future, according to Microsoft. The announcement was first spotted by WindowsLatest and comes as passkeys are increasingly accepted as a default authentication standard. In April 2026, the UK's National Cyber Security Centre officially endorsed the technology and urged consumers to adopt it. For its part, Microsoft has promoted the use of passkeys for more than a year, declaring in 2025 that all new Microsoft accounts would be passwordless by default. As such, the days of SMS as a method of authentication and account recovery have been numbered for some time, and Microsoft's announcement confirms that users will be directed elsewhere. However, it did not state when it will pull the plug on the technology once and for all. Dropping SMS is laudable, but users will still need to learn a new authentication method. Microsoft promises to guide them through it - offering options to sign in with or create a passkey at login – yet that transition may prove easier said than done. Passkeys also have challenges, most notably when used over multiple devices. In that instance, a synchronization tool or password manager can help, but users might not be familiar with these technologies. Ultimately, SMS as a method of authentication and recovery for a Microsoft account is on the way out. For many security professionals, it is not a moment too soon. ®

EXCLUSIVE Kyndryl – the global technology services division spun out of IBM in 2021 – is cutting jobs to reduce overheads and "streamline our operations" in several countries. The business is this week entering a 45-day consultation with employees, where local law requires, under what insiders described as "workforce rebalancing," a euphemistic term that invariably means redundancies. Sources at the IT services biz told us more than 150 managers were called into an extraordinary meeting with HR on Monday. Personnel earmarked for redundancy will have meetings on Wednesday and an announcement is expected on Friday. The cuts are expected to affect delivery teams, with hundreds of people likely to be placed at risk of redundancy in the UK alone. "We had 150-plus [managers] in the call so it's basically everyone in every department who is an architect, consultant, subject matter expert," said a source. "Kyndryl employed loads of new VPs and they are not affected, just cutting the real workers. I do not know how the company will last with a significantly reduced delivery [capability]." The 45-day consultation, a requirement under UK law, indicates at least 100 staff will be at risk of losing their role, although no figures have been confirmed by Kyndryl. According to UK accounts for fiscal 2025, Kyndryl's UK arm employed 1,303 people in the year to March 2025, up from 1,232 in the prior year. A Kyndryl spokesperson told The Register: "As we continue to transform our business in support of serving our customers and sustainable growth, we expect a limited workforce rebalancing in some countries affecting a small percentage of our workforce to address labor costs and streamline our operations." The job cuts will not surprise anyone following Kyndryl. Interim chief financial officer Harsh Chugh, who came into the role in February when the permanent CFO departed amid a board review of accounting practices, warned of changes ahead during the company's earnings conference call earlier this month. Chugh said Kyndryl was taking $200 million of "charges associated with the workforce rebalancing actions, which we expect to incur substantially in the first quarter of fiscal 2027." Kyndryl's 2027 financial year began on April 1. "These actions are expected to yield annualized savings in the range of $400 million to $500 million in fiscal 2028. With the expectation that most of the charges will take place in the first quarter, we expect our first quarter adjusted pretax income to be a low point in earnings for the year with meaningful profit improvement expected for the remaining nine months of the year." According to fiscal 2026 financial results, Kyndryl's sales stagnated: revenue of $15.092 billion was largely flat against the $15.057 billion reported in the prior 12 months. Selling, general, and admin expenses went up by $63 million to $2.654 billion. Net profit shrank 21 percent to $198 million. During the conference call, Kyndryl chairman and CEO Martin Schroeter said the company is "taking workforce rebalancing actions to yield meaningful savings." "We're confident in our strategic direction and our financial position remains strong. We believe our focus on higher-value services, coupled with the actions we're taking to streamline our own operations, positions us to navigate the evolving ways our customers consume IBM's innovation while keeping us on track toward our multiyear objectives." Not all staff share that level of self-assurance. One insider told The Register that Kyndryl is too reliant on "big whales" – meaning too few big-ticket legacy contracts. The source claimed Kyndryl tends to jump onto the latest crazes, including agentic AI, when its real strength is in classic infrastructure services. "Despite all the bluster, we are really running IBM but without the hardware," one told us. "I'm tasked with getting X number of accreditations from my teams whether they are useful or not and spend too much of my time having strategic meetings about strategy plans and plays that don't come off." Kyndryl was formerly IBM's Global Technology Services division, minus Technical Support Services. It was an area that suffered revenue shrinkage and mounting financial losses in the years before it was spun out. Some 90,000 employees moved from IBM to Kyndryl in November 2021. As of this month, it employed 73,000 globally. Schroeter and his management team have tried to convince shareholders of the way forward – a future steeped in cloud services and AI. The share price peaked at $43.41 in July last year but has since tumbled to $12.26, hit badly by an accounting issue pertaining to cash management practices. ®

AMD’s answer to Nvidia’s DGX Spark AI workstations, codenamed the Ryzen AI Halo, will be available for pre-order later next month for anyone with $3,999 burning a hole in their pocket. That might sound like a lot for an AI mini PC, but don’t worry. Compared to cloud APIs, it practically pays for itself. Or, well, that’s AMD’s sales pitch. The House of Zen argues that if you spend eight hours a day vibe coding, the system could save you $750 a month. Whether this helps you justify paying for hardware that less than a year ago could be found for between $2,200 and $2,999 or not, it’s (probably) not AMD being greedy here; the RAMpocalypse has been hard on everyone. Much like the DGX Spark, which now retails for $4,699, up from $3,999 when we reviewed it last fall, AMD’s rendition aims to provide a curated developer environment for running local models and agentic AI frameworks. This is really the core value proposition behind either of these devices. They aren’t the most powerful or fastest AI systems, but they’re able to run models that a few years ago would have cost $20K or more. A little box of TOPS The diminutive system measures in at 5.9 x 5.9 x 1.7 inches (150 x 150 x 43 mm) and is powered by a 120 watt Ryzen AI Max+ 395 APU, better known by its codename Strix Halo. The chip is backed by 128 GB of LPDDR5x 8000 MT/s memory, which feeds both its 16 Zen 5 cores and 40 RDNA 3.5 GPU compute units, providing up to 256 GB/s of bandwidth, more than a Ryzen 9000 Threadripper (non-Pro) system. For local AI enthusiasts, that’s enough to run models up to 200 billion parameters in size at 4-bit precision — just like the more expensive Spark. The bulk of the Ryzen AI Halo’s compute comes from its integrated graphics, which are capable of delivering roughly 56 teraFLOPS at 16-bit precision. While impressive for onboard graphics, that’s still between 55 and 88 percent slower than what the DGX Spark advertises. Unlike the Spark’s Blackwell-based GB10 APU, Strix Halo doesn’t support FP8 or FP4 data types in hardware. At BF16, the Spark delivers 125, at FP8 250, and FP4 500 teraFLOPS. Double those figures if you happen to find a workload that can leverage Nvidia’s 4:2 sparsity. That performance discrepancy won’t necessarily be obvious in every workload. In fact, in LLM inference, AMD claims the AI Halo generates tokens 4-14 percent faster than the Spark. The lower end of that roughly matches what we saw when we pitted the Spark against a similarly equipped HP Z2 Mini G1a back in December. The G1a packs the same silicon as AI Halo, and in Llama.cpp with the Vulkan backend, eked out a small but meaningful lead over the Spark in tokens per second generated. However, the speed any GPU can generate tokens at is largely dictated by effective memory bandwidth, not floating point performance. GPU compute has a much bigger impact on things like prompt processing time. In our testing, the Spark’s more capable tensor cores gave it a 2-3x lead in prompt processing. For shorter prompts, this isn’t all that noticeable, usually the difference between waiting 100 ms versus 200 ms or 300 ms, but for longer prompts, it did become more pronounced. We saw the Spark take similar leads in our image generation and fine tuning benchmarks, but it’s worth noting that AMD’s software stack has matured greatly since our initial review and the performance gap has likely closed somewhat since then. AMD’s AI Halo does have two things going for it that can’t be said of the Spark. Alongside the GPU is an XDNA 2-based neural processing unit (NPU) that AMD rates for 50 TOPS. What good that’ll do you depends heavily on the application in question. Many content creation apps have now been updated to take advantage of it, but the number of generative AI inference engines that could properly harness it was quite limited the last time we looked. The second thing AMD’s Ryzen AI Halo has going for it is that it’s a standard x86 box at its heart, and you can run Windows or your preferred flavor of Linux on it if that’s more your style. On the Spark, you’re stuck with a lightly customized version of Ubuntu 24.04. Beyond that, you’re coloring outside the lines. Particularly for developers building for Microsoft’s NPU-accelerated AI PC ecosystem, this is an obvious advantage. In terms of networking, AMD’s Spark-clone falls a bit flat. One of the hallmark features of Nvidia’s AI workstation is a 200 Gbps ConnectX-7 NIC, which allows for clustering of up to two and eventually four systems. AMD’s AI Halo has a single 10 Gbps NIC, which should help with downloading large model files in a timely manner. In theory, the system should be able to achieve high-speed networking over USB-4, but it’s not clear whether this is actually a supported use case. That said, Apple has already demonstrated just this using RDMA over Thunderbolt, so it should work so long as AMD has a playbook for configuring RDMA on its systems. AMD’s own AI lab As we mentioned earlier, much of the Ryzen AI Halo’s value proposition comes from being validated hardware with well documented playbooks for common use cases and known good software. Finding the right combination of device drivers, ROCm, HIP, SYCL, CUDA, PyTorch, TensorFlow, and JAX has long plagued the AI/ML devs regardless of which ecosystem you opt for. Having validated environments for workloads, whether it be vLLM, Llama.cpp, Ollama, ComfyUI, or something else ensures users spend more time doing something productive than debugging mismatched dependencies. At launch, AMD says the Ryzen AI Halo will ship with five preinstalled playbooks, with another 10 available online and additional playbooks to be added monthly. Additionally, customers will gain access to AMD’s developer program, cloud credits, and exclusive playbooks. More memory on the way The 128 GB Ryzen AI Halo will be available for pre-order next month starting at $3,999, but if that isn’t enough for you, AMD is already prepping a higher capacity version of the system with 192 GB of memory on board. That system will feature a refreshed Ryzen APU in the AI Max+ 495, which just like the rest of AMD’s 400-series lineup gets a modest clock bump to the CPU, GPU, and NPU, and not a whole lot else. Still, 192 GB of unified memory opens the door to even larger, more capable models, if you can stomach the presumably higher asking price. ®

European Space Agency (ESA) Director General Josef Aschbacher has taken a swipe at NASA and US policy, while calling for autonomy in human spaceflight via an opinion post titled "Are we pilots or are we passengers?" The May 18 post is emblematic of the hand-wringing within ESA over the last few years as NASA has lurched from plan to plan amid fluctuating priorities and funding. Aschbacher, it appears, has had enough. "Europe has become too exposed to decisions beyond its control," he said. NASA administrator Jared Isaacman recently announced changes that would pause, and likely cancel, the Lunar Gateway space station project in favor of a Moon base. The decision, along with scrapping the over-budget and delayed Mars Sample Return mission, does not sit well with ESA, which had a hand in both. Aschbacher warned of the potential for dependence on third parties for programs including human spaceflight. ESA removed reliance on Russia for missions such as ExoMars, and turbulence in US space policy has given the agency pause for thought. "Europe must decide whether it prefers to be dependent on others to send its explorers into space or to assume its role as a fully capable space power. As the head of the European Space Agency (ESA), I am convinced that autonomous human spaceflight is not a luxury. It is a necessary anchor for Europe to secure its freedom to unlock the scientific, economic, strategic and geopolitical benefits of space and to inspire a new generation to shape Europe’s future." In 2025, an agency insider referred to NASA as "an abusive spouse who could lash out at any moment in unpredictable ways." In 2026, Aschbacher's patience appears to be running out. "I'm glad," a source told The Register. "The US has fucked us around for too long." Aschbacher and ESA would not put it so bluntly. However, one of ESA's strengths is also one of its weaknesses. The agency has 23 member states. Political and funding decisions are imminent: the ESA Council meets in June, the Intermediate Ministerial Council is in December, and a full Council at Ministerial level is due in 2028. "If we started today," Aschbacher wrote, "it would still take us many years to build autonomous capability – we must act quickly. The cost of inaction would far outweigh the necessary investment." Aschbacher's comments came on the eve of the successful launch of the Smile spacecraft on a Vega-C rocket from Europe's Spaceport in French Guiana on May 19. The mission, a collaboration between ESA and the Chinese Academy of Sciences (CAS), will study how Earth responds to solar wind. "The current environment demands both diversified international partnerships and strengthened autonomous capabilities," wrote Aschbacher. "We must use this challenging moment and turn it into an opportunity to redefine our position." His next challenge is to persuade ESA's member states, each with their own budgetary pressures, to see things the same way. "History will not wait for Europe to feel comfortable and ready; it will move forward with or without us. The choice before Europe is clear: do we pilot, or are we merely passengers? We have everything we need. What remains are the confidence and political will to act." ®

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity." One GitHub post references "the attacker's current claims of ~3,800 repositories" as consistent with its investigation. This may refer to a post attributed to TeamPCP, the malware crew linked to the Shai-Hulud worm, the code for which has been published and caused widespread damage. In a post, the crew advertised GitHub's internal source code for sale, claiming around 4,000 repositories. They said it was not a ransom and if no buyer was found, they would leak the code for free. Claims like these should be treated with caution. A key concern for GitHub users is whether private repositories are at risk, either immediately or in the future if the attackers have gained a foothold into internal systems via stolen credentials. Risks include leakage of commercial code and credentials. Although best practice is not to check secrets into any repository, public or private, some organizations are less disciplined about this when repositories are private. Last month, Wiz Research discovered a remote code execution flaw in GitHub.com and GitHub Enterprise Server (the self-hosted version), which the researchers said was "remarkably easy to exploit." The vulnerability was discovered using AI. Developer reactions to GitHub's latest problems combine alarm and resignation – plus some humor. "How did the attackers find a large enough uptime window to get in?" quipped one. GitHub is in some difficulty. This compromise comes after a surge in npm attacks, many related to Shai-Hulud code, which the company has failed to prevent despite being aware of the issue since September 2025. Further, the platform has reliability issues caused in part by AI bots hoovering public code to feed large language models – problems that led HashiCorp co-founder Mitchell Hashimoto to declare GitHub "no longer a place for serious work." Another said that "the era where a developer machine with source code access also has access to meaningful security systems should be over. Internal repository access should mean nothing... GitHub compromise could happen at any time, even from GitHub themselves." Issues with cloud platforms also increase the appeal of self-hosted systems such as the open source

The Government Commercial Agency (GCA) - the UK procurement body formed from Crown Commercial Service and Cabinet Office commercial teams - is seeking greater input from customers and smaller suppliers as it develops a new version of its framework for security-focused digital and IT services. The GCA's current Digital and IT Professional Services (DIPS) framework, which runs until November 2027, is open only to buyers within the Ministry of Defence (MoD) and its 17 suppliers are mostly large defense companies and consultancies. The agency wants its replacement to be open to more buyers and suppliers, according to a procurement notice published on May 18 and linked material. The notice says that DIPS 2, which the GCA plans to run for eight years from September 2027 to August 2035, will be available to a wider group of "customers with defence and security requirements" including some outside the MoD, potentially the Home Office and Foreign Office. It has a total possible value of £2.88 billion including VAT. In a supplier engagement session held in March, the GCA said it wants to increase the participation of small and medium-sized enterprises (SMEs), which the government defines as companies with fewer than 250 staff along with turnover and balance sheet limits. It is considering having fewer lots than the six in DIPS 1 and outlined a range of options for this, including a possible lot specifically for projects worth less than £5 million. "We are learning lessons from Ukraine in terms of rapid technological development," Darren Corkindale, a deputy head for professional services in the Ministry of Defence's digital commercial service, told the session. He noted that the UK's Strategic Defence Review (SDR) is expected to include a clear focus on digital and technology including artificial intelligence, cybersecurity, and the electromagnetic domain, adding: "Never thought I'd really say this, but there's an emphasis in the SDR around transition to conflict, war readiness, war preparedness. Again, DIPS 2 needs to reflect that." The GCA plans to complete engagement with suppliers by the end of this year and publish its tender for the DIPS 2 framework in 2027. ®

A group of companies including AWS and Percona have stepped up to fund the maintenance of pgBackRest, an extension to the widely used open source database PostgreSQL, after its future was left hanging in the balance. The tool provides a backup and restore solution for the PostgreSQL RDBMS, which has become more or less ubiquitous in services offered by cloud providers including AWS, Google, and Microsoft Azure. It had been maintained for the last 13 years by David Steele, a principal architect at Crunchy Data – which provides PostgreSQL managed cloud services, Kubernetes deployments, and on-prem solutions – until June last year. At that time, cloud data analytics company Snowflake bought Crunchy Data to help provide a transactional database. A Snowflake spokesperson said: "Open source software is built on broad community participation, and we are pleased to see continued support for pgBackRest from organizations across the ecosystem. Snowflake supports a variety of open source projects, including within the Postgres ecosystem, and we look forward to continued community collaboration." Last month, Steele announced he was no longer able to maintain the project. "Since Crunchy Data was sold, I have been maintaining pgBackRest and looking for a position that would allow me to continue the work, but so far I have not been successful. Likewise, my efforts to secure sponsorship have also fallen far short of what I need to make the project viable," he said. Steele said he was hoping to continue the project, but lack of support was forcing him to consider new roles that would not leave him enough time. A group of interested companies have now banded together to fund ongoing development. "Their support means the project is no longer reliant on a single sponsor, giving pgBackRest the stability it needs for the long term," Steele said. As well as AWS and Percona, sponsors include Supabase, which provides a back-end platform built on PostgreSQL, and pgEdge, which offers open source distributed PostgreSQL. Open source consultancy and technology company Percona said thousands of organizations depend on the pgBackRest extension for backup and recovery of PostgreSQL, including customers running Percona's Expert Support for PostgreSQL. "pgBackRest has been our recommended backup solution/tool for years. When its future came into question, coordinating with other companies to keep it healthy was a straightforward decision – for our customers and for the community," said Percona CEO Peter Farkas. The group of companies, which also includes Tiger Data, creators of TimescaleDB, have committed to supporting bug fixes, feature work, and community reviews. Percona said it plans to bring a new maintainer on board who can help provide continuity in the long term. The project is also looking to recruit more sponsors and reduce reliance on a single maintainer. ®

London’s Metropolitan Police – the UK’s largest police force – asked tech companies to give officers access to private communications data over 700,000 times in 2025 alone, according to figures obtained by The Register under the Freedom of Information Act. These statistics expose the monitoring of everyday platforms like takeaway delivery services, and also show a massive surge in the force's surveillance of the users of low cost MVNO LycaMobile. Additionally, our FoI exposed the acquisition of data from encrypted messaging services designed to offer privacy. Since 2024, the Met says that it has obtained communications data (CD) from Proton’s privacy-focused mail service users 139 times. CD is not messaging content, but metadata. In Proton’s case, this could include account payment details and, in some instances, IP addresses. Although Proton did not dispute these figures, a spokesperson told us: "Proton does not transmit data directly to any foreign law enforcement agencies," adding that it operates under a “strict legal framework” so all requests must go through the Swiss authorities. Requests for data that don’t meet Proton’s legal and human rights requirements are refused, which it has an "established practice" of doing, according to the spokesperson. The Met also claims that it has acquired data results from ProtonVPN, although the non-profit says this is "highly dubious and inconsistent with our technical reality [...] because Proton VPN does not log user activity, there is no data to provide," referring El Reg to its transparency report. “We engage with every request in good faith, but we simply cannot hand over what we do not collect,” Proton said. The Met’s data also suggests encrypted messenger Signal has provided data once since 2024. But this is also, apparently, contrary to records that the non-profit holds. A spokesperson told us: “Signal collects very little data about its users to begin with and publishes the requests we respond to at signal.org/bigbrother. We have not shared any user data in response to a legal request originating from the United Kingdom.” If data was shared by Signal it could only include phone numbers, when the account was created, and when the user last accessed the platform. When queried about the denials by both Proton and Signal, the police force said it couldn’t comment on the specifics of how it acquired the data. The Met Police says that all companies “have a legal obligation” to cooperate with officials thanks to the powers of the Office for Communications Data Authorizations (OCDA). The OCDA is now a part of the Investigatory Powers Commissioner’s Office (IPCO), which monitors the select public authorities, law enforcement agencies, and government departments with the power to acquire comms data. But there’s some fog around authorizations for the police, according to Dr Bernard Keenan, a law lecturer and surveillance researcher at University College London: “When it comes to communications data and metadata, it’s seen as a less severe intrusion than intercepting or accessing the content of a message, and so while the police need an authorization to get it, the decision is delegated to designated senior officers. So it’s something that the police can do operationally, more-or-less autonomously.” Sources compromised In 2024, the year of the most recent IPCO annual report, it was found that these authorizations to all law enforcement agencies affected lawyers 219 times and journalists on 157 occasions. This came with a caveat: “Most [CD] applications relating to sensitive professionals were submitted because the individual had been a victim of a crime.” While CD does not contain message content itself, there remains a risk that contacts such as a journalist’s sources could be disclosed. Also in the report is the revelation that in 2024, 106 warrant applications were issued to specifically identify journalists’ sources, and under these separate powers, the request could also include the communications content itself. There’s no requirement to inform sensitive professionals they have been targeted in this way, and while ordinary law enforcement agencies need to seek a judge’s approval, intelligence and security spies are exempt from this. Tim Dawson, freelance organizer at the National Union of Journalists - who also convenes the International Federation of Journalists’ working group on surveillance - said: “UK legislation lays down clear guardrails for law enforcement agencies obtaining communications data, and includes protections specifically for journalists.” But he continued: “The NUJ does not consider these are sufficiently robust. More disturbingly, however, it is clear that they are sometimes ignored – just look at the cases around the attempted prosecution of Barry McCaffrey and Trevor Birney.” These two journalists were unlawfully spied on by the Met and Police Service Northern Ireland to identify the source of allegedly stolen police documents used in a documentary about paramilitary killings during the Troubles. The police had claimed that information revealed in the film had breached the Official Secrets Act. McCaffrey and Birney used judicial review [PDF] to challenge the police action and the court ruled that the searches were unlawful. 'The digital border is expanding through policing' In 2025, the number of requests sent by the Met to MVNO LycaMobile increased by almost 500 percent year-on-year, rising from 15,702 to 93,527. This drastic spike was totally absent for other British network providers such as Vodafone, O2, Three, and Lebara. Considering LycaMobile’s focus on cheap overseas calling, and the likelihood of foreign nationals using its service, concerns have been raised that this data could be used for a crackdown on immigration. Fizza Qureshi, chief executive of Migrants’ Rights Network, a charity that researches the digital hostile environment, said: “A 500 percent surge in data requests from the Metropolitan Police to a network used largely by migrants and racialized people makes clear that the digital border is expanding through policing.” This checks out, considering the Home Office recently said immigration enforcement officers can now, under the Border Security, Asylum, and Immigration Act 2025, rifle through the mouths of undocumented migrants to search for hidden SIM-cards — as part of new powers granted to seize phones and gather digital intelligence. The new powers came into force last year in December, despite legal reviews finding procedural unfairness of such searches. In 2022, a High Court ruling found the Home Office’s controversial seizure and retention of over 2,000 migrants’ mobile phones was unlawful. “Migrants and racialized people are singled out for surveillance that would never be tolerated elsewhere,” according to Qureshi. “They are treated as acceptable subjects for intrusive monitoring, from phone records to delivery routes. This marks part of a wider trend of pre-emptive criminalization of migrants and racialized people and is an enormous infringement of our right to privacy.” While a Met spokesperson denied any indication that the increase was specifically related to immigration crime, they offered a pretty milquetoast example that an increase in requests to a specific mobile operator could have been due to its increased popularity. If this were the case, Lycamobile would have needed to have grown its users from an estimated 2 million to 10 million for the surge to be consistent. LycaMobile did not respond to The Register’s queries. Additionally, Counter Terrorism Policing (CTP) – a part of the Met – started a procurement process for software for a Communication Exploitation Data Tool last year. Some of the requirements listed on the procurement notice were to process data from Uber rides and deliveries to be used for “intelligence analysis.” At the time of publication, it read: It’s understood the requirements for the project have now changed. When asked for further details, including if a supplier has been found, a CTP spokesperson told The Register: “We previously confirmed a routine tender process to procure software, however further details on systems and their use will not be made publicly available.” This is not surprising given the operational secrecy around national security tech; or, in this case, takeaway delivery surveillance. Dr Keenan explained: “It’s what the government wants the police to be doing: bringing in these capacities to synthesize multiple different data points to use them effectively and to have these powerful surveillance technologies.” The Met Police requested data from ride and food delivery services Uber, Bolt, JustEat, Deliveroo, and Dominos Pizza a sum total of 768 times in 2025. Hundreds of delivery drivers were arrested last year in a spate of immigration enforcement operations, not long after gig economy firms pledged to use facial recognition checks and fraud detection tech to clamp down on illegal working. In response to all of the findings and questions posed by El Reg, a Met spokesperson said: “Every year the Met makes thousands of requests for communications data from a wide range of companies and telephone providers. The information provided helps our officers gather intelligence, solve crimes and find missing people.” ®

Partner Content ZTE recently released its Sustainability Report 2025, highlighting the company's latest achievements in deepening Environmental, Social, and Governance (ESG) practices. This marks the 18th consecutive year that ZTE has voluntarily disclosed its annual sustainability performance to the public. The report demonstrates that in the past year, ZTE fully embraced artificial intelligence, achieving milestone progress in advancing scientific carbon reduction, accelerating global digital inclusion and industry transformation through intelligent technologies, and strengthening governance resilience. These efforts profoundly embody ZTE's responsibility and mission as a "Driver of Digital Economy". Xu Ziyang, Executive Director and CEO of ZTE, states in the report: "In the face of profound changes in the global digital economy, ZTE has unveiled its new vision, 'To lead in connectivity and intelligent computing', with greater strategic foresight and a stronger sense of responsibility. Driven by our 'Connectivity + Computing' strategy, we remain committed to our original aspiration of empowering high-quality and sustainable economic development through technology, and work with our partners to build an intelligent future that is more efficient, green, and inclusive." Strengthening Innovation and Reshaping Digital Momentum with AI ZTE continues to advance its "Connectivity + Computing" strategy, fully embracing AI under the guiding principle of "All in AI, AI for All". In 2025, the company sustained disciplined R&D investment, recording annual expenses of RMB 22.76 billion, approximately 17% of total revenue. Efforts focused on key areas such as connectivity (6G, optical communications, and IP networks), computing power, energy technology, smart terminals (such as AI-powered devices), operating systems, databases, and chips, underpinned by a core commitment to frontier technology exploration and collaborative innovation. According to the report, as of December 31, 2025, ZTE has filed approximately 95,000 global patent applications, with over 50,000 patents granted globally. In the chip sector, the company holds around 5,900 patent applications and over 3,700 granted patents. In the field of AI, it has nearly 5,500 patent applications, with nearly half of them granted. Throughout the year, the company declared and secured over 100 technology projects. Within R&D, AI tools have been widely applied, with a usage penetration rate of 79.78% among developers. The AI code generation rate reached 31.45%, and the improvement in R&D efficiency has begun to manifest. ZTE's innovation was further recognized with 11 gold awards, 3 silver awards, and 39 excellence awards from the China Patent Awards, and 31 honors from the Guangdong Patent Awards. Leading Science-Based Carbon Reduction, Paving the "Digital Green Path" ZTE has deeply integrated climate action with its development strategy, advancing the "Digital Green Path" across four key dimensions: green corporate operations, green supply chain, green digital infrastructure, and green industry empowerment, ensuring the achievement of science-based targets. For Scope 1 & 2 (operational emissions), in 2025, the company exceeded the Phase I target outlined in its 2024 Zero-Carbon Strategy White Paper. Through management measures for energy saving and technologies such as AI-based dynamic scaling and remote control, the company achieved a 46% reduction in carbon emissions compared with the base year of 2021. For Scope 3 (upstream and downstream emissions), ZTE achieved an 8.55% reduction in physical emissions intensity during the use and maintenance phase of telecom products, with a year-on-year reduction of 3.05% in absolute emissions across the full lifecycle of terminal products. For three consecutive years, ZTE has been recognized on the CDP Climate A list for its excellence in environmental governance. In terms of green operations, ZTE has established a systematic decarbonization pathway spanning energy mix optimization, refined technical energy-saving solutions, management-driven electricity saving, dual-carbon digitalization, as well as capability building and awareness enhancement. In 2025, the company completed new photovoltaic projects in Xi'an and Changsha, increasing the proportion of photovoltaic power generation with an annual generation of 39.22 million kWh. Furthermore, ZTE actively participated in green electricity trading and obtained 33,700 green electricity certificates (a total of 33.69 million kWh of electricity) throughout the year.Regarding the green supply chain, ZTE has comprehensively integrated low-carbon requirements into its SPIRE 2.0 supply chain strategy, collaborating with partners to build a technology-driven, end-to-end eco-friendly value chain that drives sustainable development across the entire industry ecosystem.In 2025, with its Xi'an Base and Changsha Base newly awarded the "National Green Factory" certification, the company now operates three national-level green factories and one provincial-level green factory. Over the past year, ZTE accelerated supply chain decarbonization by conducting dual-carbon training for 97 suppliers and performing dual-carbon audits on 158 suppliers. Furthermore, it provided guidance for 152 key suppliers (covering 50.82% of procurement spend) on completing carbon accounting and drove 83 key suppliers to participate in CDP assessments and make public disclosures.For green digital infrastructure, ZTE adopts self-developed low-power chips, advanced cooling technologies such as liquid cooling, PV applications at sites, and full lifecycle carbon footprint management to provide green digital infrastructure for the industry. By the end of 2025, the company had completed carbon footprint assessments for 240 products, achieving full coverage of all product categories.For green industry empowerment, ZTE leverages ICT technologies (such as 5G, cloud, AI, and the Digital Nebula platform) to provide digital transformation solutions for various industries, helping them achieve energy saving, carbon reduction, and quality and efficiency enhancement. A prime example is ZTE's collaboration with Benxi Tool Co., Ltd. on its smart factory initiative. Leveraging the 5G-enabled industrial Internet solution, the project successfully reduced the cumulative number of frontline operators across process steps by 20% while boosting the annual output by 1.5 times. Furthermore, the project shortened the lead time for raw material procurement by 40%, slashed the downtime due to material shortages by 50%, and cut the delivery time by 20%. These improvements significantly enhanced the overall competitiveness of this metal tool manufacturer. Advancing Tech for Good, Building an Inclusive and Equitable Society ZTE remains committed to a people-centric philosophy, striving to ensure equal communication rights and digital opportunities for communities worldwide. Providing network services to one-third of the global population, ZTE extends sustainable infrastructure and technological empowerment to every corner of the globe. From the remote heights of Baqen, Xizang, where ZTE deployed an FTTR-B all-optical network solution at the People's Hospital of the county (situated at an altitude of over 4,500 meters) to bridge the telemedicine divide, to Africa, where the company's "Signal Reach" program built 152 rural network sites in Ethiopia to bring reliable connectivity to over one million people, ZTE continues to bridge the digital divide and foster an inclusive, equitable, and intelligent digital world. ZTE regards talent as its most valuable asset, committed to building a learning organization and continuously fostering an employee empowerment ecosystem in the AI era. In 2025, the company maintained 100% employee training coverage and regularly carried out Employee Assistance Program (EAP) initiatives. In addition, ZTE successfully passed the re-assessment for the ISO 45001 system for all domestic operations and production sites, as well as for operations in 30 overseas countries. In public welfare, ZTE further strengthened its volunteer service system in 2025, with the number of employee volunteers surpassing 20,000 and more than 600 global community programs carried out during the year. Guided by its vision of "Goodwill, Everywhere", ZTE implemented tailored projects in over 40 countries, including China, India, Indonesia, Spain, South Africa, and Ethiopia, focusing on educational support, medical assistance, low-carbon environmental protection, and rural revitalization. These efforts benefited more than one million people globally, underscoring ZTE's commitment to building a more inclusive and sustainable society. Strengthening Compliance Foundations, Enhancing Governance Resilience ZTE continuously builds and improves its three-tier sustainability governance system of "Strategy—Decision-Making—Execution", proactively addressing emerging risks to ensure steady implementation of its strategic goals. In 2025, the company sustained its ISO 22301:2019 Business Continuity Management System certification, covering five manufacturing bases and major R&D centers, while also guiding major suppliers to establish BCM management systems. ZTE also sustained ISO 37001 certification for anti-bribery management systems, covering its subsidiaries and branches in 38 key countries. In addition, the company officially launched its "Cross-Border Data Compliance Service Platform for Enterprises Going Global", a one-stop solution designed to help companies tackle complex global compliance challenges. ZTE regards data compliance governance as an important part of the company's overall compliance governance framework. In 2025, the company sustained ISO/IEC 27001 (Information Security Management System) and ISO/IEC 27701 (Privacy Information Management System) certification. Alongside releasing its updated ZTE Privacy Protection White Paper, ZTE secured EU's ePrivacyseal Global certification for five of its key fixed network and multimedia products, reinforcing its world-class data protection standards. As a member of the United Nations Global Compact and the Global Enabling Sustainability Initiative (GeSI), and a key participant and one of the first Champions of the Partner2Connect (P2C) Digital Coalition initiated by the International Telecommunication Union (ITU), ZTE's ESG efforts continue to receive worldwide recognition. In 2025, the company was rated by Sustainalytics as "Low ESG Risk" for the fourth consecutive year, included in the 2025 Fortune China ESG Impact List for the fourth year, honored with "Excellence in Practice Award" from the Association for Talent Development (ATD) for the sixth consecutive year, and once again included in the S&P Global Sustainability Yearbook (China Edition) 2025. ZTE was also selected for the 2025 China's Top 100 Overseas Brands Index released by People's Daily Overseas Online and Global Yearly Brand Research Institute, and was selected as a model case in the 2025 China Corporate ESG Blue Book, and was recognized by Phoenix TV as an "ESG Communication Influence Pioneer". Looking forward, ZTE will continue to leverage its strengths in the R&D innovation and commercialization of fundamental technology, actively supporting the realization of the United Nations Sustainable Development Goals (SDGs). The company remains committed to creating long-term value for stakeholders and driving society toward a future that is more efficient, greener, smarter, and more inclusive. Download ZTE Sustainability Report 2025 here. Visit ZTE's sustainability website for more updates on their commitment to sustainability. Contributed by ZTE.

American outfit Varda Space Industries thinks it’s a little closer to operating factories in space after successfully landing its latest test craft. Varda won the USA’s first-ever license to first license fly uncrewed spacecraft that reenter the Earth's atmosphere. The company wants to do this so it can build small craft that include manufacturing facilities that create products it’s only possible to make in microgravity - mostly pharmaceuticals - and figures that the relatively cheap launch services offered by private launch companies will make orbital factories economically viable. Spacecraft are not cheap to build, and the cost rises if they include equipment to slow from orbital speeds before reaching Earth’s atmosphere. Crewed craft can be more expensive still. And humanity just doesn’t have a lot of capacity to schlep stuff home from space. In March, Varda therefore launched a capsule called the W-6 that it hoped would survive re-entry at hypersonic speeds, and do so using an autonomous navigation system “that uses onboard imagery to identify resident space objects, including stars and low Earth orbit satellites, to determine precise vehicle position.” The company reckons that represents “a critical step toward fully autonomous navigation for hypersonic and reentry vehicles.” The craft also carried one nose tile that included samples of advanced thermal protection materials, another two tiles equipped with sensors to record data NASA will use to learn about hypersonic re-entry and the materials that make it possible. Thermal performance matters because if you go to all the trouble of launching an orbiting factory if the product made in space gets cooked during re-entry. It all seems to have worked because the capsule touched down as planned on Monday. Varda hasn’t said much about the state of the W-6’s capsule and its interior when it landed but has celebrated the flight as “another demonstration that frequent, low-cost, reliable return is easily accessible.” The W-6 landed at the Koonibba Test Range in South Australia, whose operator Southern Launch celebrated the fact this is the fourth capsule to land in the patch of remote bushland it tends in the last twelve months. ®

PaaS platform Railway says Google temporarily suspended its account on Wednesday without cause, inducing a major outage. Railway automates code deployment by taking a GitHub repo and doing all the work needed to get it running from the cloud. It’s struggled to do that for the last few hours and the company’s status page tells the sad tale, starting with an update time-stamped May 19, 22:29 UTC that said the company is “investigating a widespread service disruption” that meant “Users may be experiencing errors including ‘no healthy upstream’, ‘unconditional drop overload’, login failures, and inability to access the dashboard.” Angelo Saraceno, a solutions engineer for Railway, told The Register the company noticed a problem at around 22:00 UTC. He said the company’s resources appeared to have been deleted and appeared not to exist. Google has since explained it suspended the account, making Railway’s resources invisible. “Our contacts at Google were confused, customers are irate,” he added. We are livid and still trying to get all the details Ironically, in 2024 Railway decided to shift much of its infrastructure into colocation services after Google “caused a multitude of problems that have posed an existential risk to our business.” Those problems resurfaced in 2025 after more trouble at Google Cloud that again impacted Railway’s services. But Railway kept its control plane in Google Cloud and still has a dependency on databases that run there. Those resources see it spend an eight-figure sum each year. Yet Saraceno said when this incident commenced, it took an hour for Google’s support team to engage. “We are livid and still trying to get all the details,” he said before advancing a theory that Railway somehow triggered an enforcement rule. Railway’s status page says that as of 22:43 UTC the company “escalated this directly with Google.” Oh, to have been a fly on the wall during that escalation! Railway’s most recent status update, at the time of writing, is an 03:05 May 20 missive that states “More workloads are coming back online. Some users may still experience intermittent issues during the recovery. Non-enterprise deploys remain paused; enterprise deploys are unaffected.” The Register has contacted Google to ask if and why it blocked Railway’s account. You know the drill: We will update this story if we receive more than corporate platitudes. Cloud providers might rightly block a customer’s account over unpaid bills or inappropriate use – but usually do so after giving fair warning. Railway told us this incident came out of the blue. Google has form taking down customers without cause: In 2024 it infamously wiped out all rented infrastructure used by Australian pension fund UniSuper. Railway’s status page includes apologies to its customers, despite the problem being at Google’s end. “Our customers don’t care if it is Google,” Saraceno said. “We have to own our uptime.” ®

The wave of layoffs attributable to the adoption of AI has washed up on the shores of New Zealand, which has announced an overhaul of its public service that will see the technology become a “basic expectation” for government agencies and help to make it possible to sack 9,000 staff - about 14 percent of current headcount. Finance Minister Nicola Willis announced the job cuts yesterday, in a speech that saw her bemoan the fact that New Zealand’s government comprises 39 departments and ministries, and compared that to the 16 in Australia and 24 in the UK. She characterized the nation’s public service as “scared of AI, slow to move to the cloud” and said it operates a “complex and fragmented set of overlapping IT solutions.” “Our government is as frustrated as you are by the fragmentation and silos, the complexity, the status-quo thinking and the dangerously slow take up of digital and AI technologies,” she added. Aotearoa’s answer is to task its Chief Digital Officer “to embed AI deployment as a basic expectation for all public entities.” Minister Willis mentioned a “recent trial of an AI scribe tool in hospital emergency rooms which has reduced the amount of time clinicians have to spend on file notes and increased the time they spend with patients” as an example of the sort of thing she hopes to replicate. She said the planned overhaul will therefore “reduce the number of government departments, increase the use of AI and other digital tools, and deliver significant savings.” The government plans to cap departmental budgets and says that combined with redundancies it will save NZ$2.4 billion ($1.4 billion) over four years – less than one percent of all core government spending. Plenty of tech companies have made substantial redundancies that they justify as necessary to create an appropriate workforce for the age of AI, an explanation we’ve seen deployed to explain deep cuts at Cisco, Cloudflare, Atlassian, Meta, and Arctic Wolf. Few governments have done likewise, but one early high-profile effort – the Elon-Musk-led “Department of Government Efficiency” – hoped to use AI to improve government operations but left behind little evidence it had succeeded. New Zealand is blessed with many resources and extraordinary natural beauty, but has a modest tax base – yet residents expect a high level of government services. Minister Willis’s plan is therefore a very big bet on AI. ®

Anthropic is acquiring Stainless, a maker of software development tools that counts rivals OpenAI and Google as clients. The deal, reportedly for more than $300 million, demonstrates Anthropic's continued interest in exercising greater control over the AI technical stack and suggests that speculation about the commodification of models is on the mark. Frontier models will not be so strong that they serve as a moat or barrier to competition, but the tooling and workflow around those models should provide some cover. Anthropic has made several recent acquisitions that give it more say in the software that orchestrates model input, output, and tool calls. In December, it snarfed Bun, a JavaScript runtime, package manager, and test runner. Two months later, it bought Vercept, a company focused on AI-mediated computer usage. In April, it admitted healthcare AI startup Coefficient Bio into the fold. Enter Stainless. "Hundreds of companies rely on Stainless to generate SDKs, CLIs, and MCP servers – the libraries, command-line tools, and connectors that let developers and agents use an API," Anthropic said in its announcement. "Stainless turns an API spec into SDKs across TypeScript, Python, Go, Java, Kotlin, and more." SDKs are sticky. Whoever ships the cleanest one wins the long tail of developer mindshare One of those hundreds of companies is OpenAI – its Python, Node, Java, Go, and Ruby clients are based on SDKs generated by Stainless. With Stainless now planning to shutter its platform on September 1, 2026, OpenAI and other industry customers will have to shoulder the burden of maintaining existing SDKs and find equivalent tools elsewhere. It should be noted that OpenAI in March agreed to acquire Python tool maker Astral, one of six such deals this year. So far, the Astral acquisition hasn't affected the ability of Anthropic or developers to use Astral's tooling. Jan Schmitz, who runs AI analytics biz BrightBean, described the Stainless acquisition as both offensive and defensive. "By acquiring the SDK infrastructure used across the industry, Anthropic gets visibility into how competitors evolve their APIs, even if only through generator usage patterns, and it gains the ability to set the pace on integration tooling," he said in a blog post. "The defensive read: If OpenAI or Google had bought Stainless first, the damage to Anthropic’s developer ecosystem would have been worse. SDKs are sticky. Whoever ships the cleanest one wins the long tail of developer mindshare." Schmitz also argues that Anthropic sees value in controlling the MCP standard that it proposed and promoted. "The pattern looks like this: Control the standard by giving it away, then control the implementation by owning the toolchain," he said, noting that Google followed that playbook with Kubernetes and then making GKE the leading managed version. ®

Google is warning some long-time G Suite Legacy users that they must start paying for Workspace subscriptions or lose access to Gmail, Drive, Calendar, and other core services, after the company flagged their accounts as "commercial use." A reader alerted The Register to what appears to be a new crackdown on long-standing G Suite Legacy accounts, with similar complaints now piling up on Reddit from users accused of violating Google’s non-commercial use policy, despite insisting they use the accounts only for family email and personal domains. Reports have been stacking up on Reddit’s r/gsuitelegacymigration subreddit from users who say their long-running personal G Suite Legacy accounts are suddenly being classified as “commercial use” accounts and pushed toward paid Google Workspace plans by May 2026. A lot of users have been through this before. Google spent part of 2022 trying to wind down free G Suite Legacy accounts, then changed course after users running family domains made enough noise. Now some of those same users are being told they have fallen outside Google’s rules after all. Emails seen by The Register warn users their accounts have been "identified as being used for commercial purposes" and say Google may start suspending Gmail, Calendar, Drive, Meet, and other Workspace services if they do not either win an appeal or begin paying for Workspace subscriptions. "Please upgrade to a paid Google Workspace subscription to continue using your services. Look out for a notification regarding the appeal process in Google Admin console or email," the email reads. "If you don’t take action during your 45-day appeal period, Google will begin suspending your Google Workspace core services, including Gmail, Calendar, Drive, and Meet. As a result, you will lose access to these core services and data." In a statement to The Register, a Google Workspace spokesperson said: "G Suite legacy free edition is intended for personal non-commercial use. If users are identified as commercial users, we are enforcing our existing policy and helping them transition to a Google Workspace subscription. Anyone who believes their account has been identified as being used for commercial purposes in error can file an appeal." The trouble, according to users, is that the appeals system appears about as transparent as a brick. One Reddit user said their appeal was initially denied despite "none" of the account activity being commercial. After filing a GDPR subject access request asking Google to provide evidence of business use, the user said the company abruptly reversed course the following day and restored the account. Others say they were not so lucky. One UK-based user whose appeal failed accused Google of relying on vague "signals" data and effectively trapping users into accidentally linking personal accounts to business activity. Another said their family-only custom domain, used solely for relatives’ email accounts and with no commercial activity, was permanently classified as business use despite an appeal. Some users suspect the enforcement may be tied to custom domains that have at some point been associated with public business listings, websites, or Google Business profiles. Google has not explained what specifically triggers the bans. The move also lands days after Google quietly began testing a 5 GB storage cap for some users who decline to add phone numbers to their accounts, suggesting the company’s definition of "free" continues to come with increasingly creative terms and conditions. ®

Microsoft seized websites and took down hundreds of virtual machines running a cybercrime service that allegedly sold code-signing certificates to ransomware gangs, thus making their malware look like legitimate software – and allowing criminals to infect thousands of machines in the US, including at least 12 owned and operated by the Windows giant. The malware signing-as-a-service operation called Fox Tempest has been around since May 2025, and abuses Microsoft’s Artifact Signing code-signing service. This service allows developers to digitally sign their software applications, signaling to the Windows operating system and end-user that the software is authentic, and hasn’t been tampered with. Since May 2025, the Fox Tempest crew – referred to as John Doe 1 and 2 in court documents unsealed on Tuesday – used fake identities and impersonated real organizations, allowing them to create more than 580 fraudulent Microsoft accounts. They then used these accounts to abuse Microsoft’s Artifact Signing service and obtain real code-signing credentials, then sold the code-signing certificates to other criminals for thousands of dollars. According to Microsoft, Fox Tempest’s customers included a ransomware group Redmond tracks as Vanilla Tempest (aka Vice Spider, Vice Society, Rhysida), which allegedly used the certificates to digitally sign malware and make it appear legitimate to Windows and users. This also allowed the ransomware slingers “to more easily deploy the malware onto the computers of unsuspecting victims without their consent,” according to the court documents [PDF]. Malware included Windows backdoor Oyster, infostealers Lumma and Vidar, and Rhysida ransomware. Vanilla Tempest “unlawfully accessed victims’ computers and devices, exfiltrated and stole the personal and confidential information of victims, deployed ransomware designed to encrypt victims’ files and systems, and extorted victims by demanding payment in exchange for restoring access to, or suppressing, their data,” the civil complaint continues, adding that the criminal activity remains ongoing. In a subsequent blog post, Microsoft Digital Crimes Unit attorney Steven Masada said the tech company's investigation “further linked Fox Tempest to various additional ransomware affiliates and families, including INC, Qilin, Akira, and others.” Between February and March, the Digital Crimes Unit (DCU), working with “a cooperating source,” anonymously bought and tested the code signing service from John Doe 2, aka SamCodeSign. “These test purchases allowed DCU investigators to observe first-hand how Fox Tempest Defendants operate the service, the information a purchaser is provided, and the instructions given by SamCodeSign to connect to the service and sign the test software created by Microsoft,” the court documents say. “Additionally, the test purchases allowed DCU to identify cryptocurrency wallets used by Fox Tempest Defendants.” During the first test purchase, the source filled out a Google Form asking them to select how quickly they needed the certificates. Standard costs $5,000, while priority runs $7,500 and expedited carries a hefty $9,500 price tag. SamCodeSign then sent a direct message to the source and requested the $7,500 payment to be sent to a bitcoin wallet, according to screenshots (translated from Russian) in the court documents. After the source paid up, SamCodeSign sent instructions on how to access the virtual machine and complete the code signing process. “Microsoft has identified thousands of customer machines, including more than a dozen machines owned and operated by Microsoft, in the United States that have been impacted by malware signed with certificates originating from the tenants created by Fox Tempest Defendants,” the complaint says. ®