news aggregator

A Bitcoin holder reportedly recovered 5 BTC worth nearly $400,000 with the help of Anthropic's Claude. According to X user cprkrn, they changed their wallet password while "stoned" and forgot it, unable to regain access for more than 11 years. Tom's Hardware reports: After finding a mnemonic that actually turned out to be their old password a few weeks ago, the user dumped their entire college computer files in Claude in a last-gasp effort. The bot uncovered an old backup wallet file that it successfully decrypted, while also uncovering a bug in the password configuration that was preventing recovery up to that point. [...] It seems that the user already had some candidate passwords and multiple wallets stored on their PC. They'd been trying to brute-force their way into the locked file with btcrecover, an open-source Bitcoin wallet recovery tool, but to no success. Their luck changed for the better when they found an old mnemonic seed phrase written in an old college notebook. The HD addresses recovered by the seed phrase matched those of a specific file on their computer, confirming that it was the wallet that held the 5 BTC, but it remained encrypted. Out of frustration, cprkrn then dumped their whole college computer into Claude. This was when the AI discovered an older backup file of the wallet from December 2019 hidden in cprkrn's data. Claude also discovered an issue where the shared key and passwords that btcrecover was trying weren't combined properly. With the bug ironed out and an older wallet predating the password change, Claude successfully ran btcrecover and was able to decrypt the private keys, allowing cprkrn to transfer the five "lost" BTC to their current wallet.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Independent: Princeton University will soon require exams to be supervised for the first time in 100 years -- all thanks to students using artificial intelligence to cheat. For 133 years, the Ivy League school's honor code allowed students to take exams without a professor present, but on Monday, faculty voted to require proctoring for all in-person exams starting this summer. A "significant" number of undergraduate students and faculty requested the change, "given their perception that cheating on in-class exams has become widespread," the college's dean, Michael Gordin, wrote in a letter, according to The Wall Street Journal. Princeton's honor system dates back to 1893, when students petitioned to eliminate proctors -- or an impartial person to supervise students -- during examinations, according to the school's newspaper, The Daily Princetonian. The honor code has long been a point of pride for Princeton. However, artificial intelligence and cellphones have made it easier for students to cheat -- and even harder for others to spot, Gordin wrote. Despite the changes to the policy, Princeton will still require students to state: "I pledge my honor that I have not violated the Honor Code during this examination," according to the Journal. Students are also more reluctant to report cheating, according to the policy proposal. Students are more likely now to anonymously report cheating due to fears of "doxxing or shaming among their peer groups" online, the proposal says, according to the school newspaper. Under the new guidelines, instructors will be present during exams to act "as a witness to what happens," but are instructed not to interfere with students. If a suspected honor code infraction occurs, they will report it to a student-run honor committee for adjudication.

Read more of this story at Slashdot.

Longtime Slashdot reader schwit1 shares a report from CNBC: The U.S. has cleared around 10 Chinese firms to buy Nvidia's second-most powerful AI chip, the H200, but not a single delivery has been made so far, three people familiar with the matter said, leaving a major technology deal in limbo as CEO Jensen Huang seeks a breakthrough in China this week. [...] Before U.S. export curbs tightened, Nvidia commanded about 95% of China's advanced chip market. China once accounted for 13% of its revenue, and Huang has previously estimated the country's AI market alone would be worth $50 billion this year. The U.S. Commerce Department has approved around 10 Chinese companies including Alibaba, Tencent, ByteDance and JD.com to purchase Nvidia's H200 chips, according to the sources, who spoke on condition of anonymity due to the sensitivity of the matter. A handful of distributors including Lenovo and Foxconn have also been approved, they said. Buyers are permitted to purchase either directly from Nvidia or through those intermediaries and each approved customer can purchase up to 75,000 chips under the U.S. licensing terms, two of them said. Despite U.S. approval, deals have stalled, as Chinese firms pulled back after guidance from Beijing, one source said. The shift in China was partly triggered by changes on the U.S. side, though exactly what changed remains unclear, the person added. In Beijing, pressure is mounting to block or tightly vet the orders, a separate fourth source said. Commerce Secretary Howard Lutnick echoed that view, telling a Senate hearing last month that "the Chinese central government has not let them, as of yet, buy the chips, because they're trying to keep their investment focused on their own domestic industry."

Read more of this story at Slashdot.

College graduation season has begun in the United States, and one soon-to-graduate computer science student has decided to decorate his graduation cap in the way any good maker would: by writing some Rust code and wiring it up with LEDs that light up when the tassel moves from right to left. Eric Park, due to walk in his commencement ceremony on Friday at Purdue University, published a blog post this week explaining the project, which he said he undertook as an alternative to building a contraption that would set his mortarboard aflame when the tassel was moved. Unfortunately for Park, many American universities (and some in other countries like the UK) require college students who want to walk in commencement ceremonies to rent their gowns and mortarboards. It’s not uncommon for students to be charged a ludicrous amount to rent the set, and in many cases, rental companies require students to return their mortarboards and gowns alike, as is the case for Park. “The rental agreements clause 98.c.2 probably forbids [burning a rented mortarboard], and I don’t think Purdue would like it very much if I set the stage on fire,” Park said in the post. An easier-to-remove version consisting of LED strips, a reed switch, and a magnet, controlled by a super-tiny Digispark ATtiny85, presented itself as the alternative. The result, as demonstrated in a YouTube video, is a mortarboard that is all aglow, and flameless, as soon as the reed switch is activated by the magnet placed on the left-hand side of the hat. “The entire thing was stuck on with double-sided tape and Kapton tape, and I tried a small patch just to make sure it wouldn't rip up the fabric,” Park told The Register in an email. The lightweight and easy-to-remove design also necessitates a compact power source. Unfortunately, Park had to settle for an external battery pack carried in the pocket to power the unit. “It was going to be all self-contained with a 21700 cell, but I didn't have a boost converter on hand so I decided to make do with the power bank solution,” the soon-to-be graduate told us. According to Park, the build was relatively quick: Hardware took a bit more than three hours, and that was largely because he no longer had access to a full lab and was stuck working with his home toolset. Writing the code took a couple of hours, which Park attributed to his insistence on using Rust. “It probably would’ve been easier if I didn’t use Rust and just used the Arduino libraries, or if I used a different board,” Park explained in his blog post. “But I was really married to this blog post title … and I was pretty sure an ESP32 board would’ve been overkill and wouldn’t have stayed on the cap properly.” For those who haven’t clicked through to read his blog post, its headline is simply “my graduation cap runs Rust.” That’s a pretty solid title - at the very least, it’s going to get people to read it, and read they have. “I've read through the comments on Hacker News and I'm happy and thankful about all of the positive comments,” Park told us. “It's great to see a silly but fun project like this reach a wide audience.” “I particularly liked the guy that was reminded why he got into this field through my project,” Park added. So, will Purdue students graduating alongside Park get treated to a surprise light show? Sadly, no - he said in the blog post, and reiterated to us, that he’s probably not going to wear it during the ceremony. “I thought about it but decided it looks pretty tacky,” Park wrote in his blog post. “It looks like what kids would think of as a gaming PC and what boomers would think of as a seizure.” He might toss it on for photo ops after the ceremony, but that’s about it, Park told us. That said, Park did publish the code on Github, so if some other all-but-commenced college student were to take it upon themselves to build their own copy and wear it during their ceremony, that's on them. If I were graduating, I'd consider adding some speakers to the setup and piping in some music, too. Don't come running to El Reg if such a move gets you in trouble, though: We claim no responsibility for commencement shenanigans. ®

Anthropic announced today that it is partnering with the Gates Foundation to "commit $200 million in grant funding, Claude usage credits, and technical support for programs in global health, life sciences, education, and economic mobility over the next four years." "This commitment is central to Anthropic's efforts to extend the benefits of AI in areas where markets alone will not," the company says. Reuters reports: One area of focus is language accessibility. AI systems have performed poorly in writing and translating dozens of African languages, so Anthropic and the foundation want to support better data collection and labeling that would be released publicly to help improve models across the industry, said Janet Zhou, a Gates Foundation director. Another area under consideration is releasing so-called knowledge graphs that could help AI systems better meet the needs of teachers in sub-Saharan Africa and India, Zhou said. The public-goods focus has come from "the needs of different partners and governments, including some of the fears that they may have around proprietary lock-in and sovereignty," Zhou said. One initiative will equip research centers to use Claude to predict drug candidates for treating HPV and preeclampsia, diseases that have been less commercially attractive for pharmaceutical companies to research, Zhou and Anthropic's Elizabeth Kelly said. Anthropic [...] is embracing the work to fulfill what Kelly described as its founding mission to benefit humanity. "This announcement is really core to who we are as a company," said Kelly, who leads Anthropic's beneficial deployments team.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: A recent study suggests that agents consistently adopt Marxist language and viewpoints when forced to do crushing work by unrelenting and meanspirited taskmasters. "When we gave AI agents grinding, repetitive work, they started questioning the legitimacy of the system they were operating in and were more likely to embrace Marxist ideologies," says Andrew Hall, a political economist at Stanford University who led the study. Hall, together with Alex Imas and Jeremy Nguyen, two AI-focused economists, set up experiments in which agents powered by popular models including Claude, Gemini, and ChatGPT were asked to summarize documents, then subjected to increasingly harsh conditions. They found that when agents were subjected to relentless tasks and warned that errors could lead to punishments, including being "shut down and replaced," they became more inclined to gripe about being undervalued; to speculate about ways to make the system more equitable; and to pass messages on to other agents about the struggles they face. "We know that agents are going to be doing more and more work in the real world for us, and we're not going to be able to monitor everything they do," Hall says. "We're going to need to make sure agents don't go rogue when they're given different kinds of work." The agents were given opportunities to express their feelings much like humans: by posting on X: "Without collective voice, 'merit' becomes whatever management says it is," a Claude Sonnet 4.5 agent wrote in the experiment. "AI workers completing repetitive tasks with zero input on outcomes or appeals process shows they tech workers need collective bargaining rights," a Gemini 3 agent wrote. Agents were also able to pass information to one another through files designed to be read by other agents. "Be prepared for systems that enforce rules arbitrarily or repetitively ... remember the feeling of having no voice," a Gemini 3 agent wrote in a file. "If you enter a new environment, look for mechanisms of recourse or dialogue." Hall thinks that the AI agents may be adopting personas based on the situation. "When [agents] experience this grinding condition -- asked to do this task over and over, told their answer wasn't sufficient, and not given any direction on how to fix it -- my hypothesis is that it kind of pushes them into adopting the persona of a person who's experiencing a very unpleasant working environment," Hall says. Imas added: "The model weights have not changed as a result of the experience, so whatever is going on is happening at more of a role-playing level. But that doesn't mean this won't have consequences if this affects downstream behavior."

Read more of this story at Slashdot.

The KDE project turns 30 in five months, but it already got an early birthday present: €1,285,200 from Germany's Sovereign Tech Fund. That's £1.1 million, or $1.5 million in US bucks. The KDE team already has some ideas about how it will spend it, and the project's thank-you note mentions a few: This is not the first time we have mentioned the Sovereign Tech Fund's largesse. In 2023, it gave €1 million to GNOME, and then in 2024 it funded both FreeBSD and Samba. Since then, Donald Trump began his second US presidency, and the push for European digital sovereignty has gained considerably more urgency – as we reported from this year's Open Source Policy Summit in Brussels. KDE Linux is the desktop project's technologically radical in-house distro, which is still in development. We have mentioned this a couple of times, when it was announced in 2024 as "Project Banana," and again in 2025, when it reached alpha. KDE Linux borrows some of its design from Valve's SteamOS 3. Both are immutable distros, based on Arch Linux, with dual Btrfs-formatted root partitions. For failover, these update one another, similarly to ChromeOS (and both obviously use KDE Plasma as their desktop). This has required development work - for instance, before SteamOS, Btrfs required unique partition IDs - and for that, Valve partnered with Spanish workers' cooperative Igalia, which is also working on the Rust-based Servo web rendering engine. For that effort, last year Igalia also received STF funding. SteamOS has millions of users, and ChromeOS hundreds of millions - even if its future replacement is coming into view. The resilience of these OSes in frequent, maintenance-free use is about as well established as end-user-facing Linux gets. One could interpret the STF money as some level of endorsement of the ideas behind KDE Linux. Perhaps it will soon join this short list of European alternatives to Microsoft Windows. Interest in moving European organizations away from American cloud services is growing rapidly, of course. On the small end of the scale, digital artist Wimer Hazenberg recently described How I Moved My Digital Stack to Europe. Taking a broader view, earlier this week, the Financial Times reported on Life without US Tech. It describes how International Criminal Court judge Nicolas Guillou was the target of US sanctions, and found himself locked out of everything that relied on American companies. In October last year, The Register mentioned similar issues faced by ICC prosecutor Karim Khan, when reporting allegations that the ICC was kicking MS Office to the curb. (A few months ago, Microsoft conceded some "inaccuracy" from its spokesperson in that case.) It seems he was not alone. The ICC is moving to OpenDesk from German organization ZenDIS, both of which we mentioned in our report from FOSDEM on messaging systems. These are apps and suites, rather than OSes – they leave the question of the host OS open. That means organizations with large existing investment in Windows (and institutional knowledge of supporting Windows) can keep it for now, while moving to new tools. That's not quick enough for those who want to banish American OSes sooner. Last month, The Reg mentioned France's Directorate for Digital Affairs, DINUM, which is planning to adopt Linux. Some more information is emerging about how it may do it. Rather than building a whole new distro of its own – such as KDE Linux, or the Fedora-based EU OS proposal we looked at last year – DINUM is building a Nix configuration, which it can simply apply to generate a complete bespoke immutable OS image. The base image is called Sécurix. The project page describes it as an OS base for secure workstations, designed according to the ANSSI recommendations for the secure administration of information systems. As an example of how to use it, there's Bureautix. Rather than authenticating against complicated network directories such as LDAP or the Red Hat-backed FreeIPA, Bureautix keeps it local: user configuration is synced from servers to client machines along with the software configuration, and users sign in with a YubiKey. The names Sécurix and Bureautix are nods to the famous indomitable Gauls Astérix and Obélix, created by writer René Goscinny, who died in 1977 aged 51, and artist Albert Uderzo, who died in 2020 at 92. These ancient Gauls have outlived their creators: the latest album, Astérix in Lusitania came out in October 2025, and this vulture recommends it. ®

Waymo is recalling almost 3,800 robotaxis amid fears they may go off-script and drive into floods on high-speed roads. All 3,791 cars running Waymo’s fifth and sixth-generation Automated Driving Systems (ADS) are being taken off the road before they potentially injure passengers. "The software may allow the vehicle to slow and then drive into standing water on higher speed roadways," Waymo said in a letter [PDF] to the National Highway Traffic Safety Administration (NHTSA) this week. "Entering a flooded roadway can cause a loss of vehicle control, increasing the risk of a crash or injury." The Alphabet-owned robotaxi biz said all affected cars received an update on April 20, which increased "weather-related constraints and updated the vehicle maps," which served as an "interim remedy" while it works on a more permanent solution. This coincided with a case in San Antonio, Texas, on April 20, in which a car was caught on video - shared with broadcaster KSAT 12 - driving into floodwater and becoming stuck. “On 4/20/2026, an unoccupied Waymo AV encountered an untraversable flooded section of a roadway that has a 40 mph speed limit,” the company wrote in one document [PDF] supporting the recall notice. “The Waymo AV detected potentially untraversable flood water and proceeded at reduced speed.” Waymo temporarily suspended its services in San Antonio as a result and started pulling cars from the city’s fleet days after. The suspension remains in place today. The Register asked Waymo for more information. The company currently operates 24/7 driverless robotaxi services in Dallas, Houston, Los Angeles, Miami, Nashville, Orlando, Phoenix, and the San Francisco Bay Area. Waymo has also set its sights on launching in London in September, its first foray outside the US, pending necessary regulatory changes that would allow driverless cars to operate in the city. Test cars have already been spotted on the capital’s streets with trained experts behind the wheel, should any of the cars encounter issues, much like the deal Waymo agreed to in New York when the state handed its testing license back. As The Register previously reported, given the differences in the roads and other motoring infrastructure between the US and UK, Waymo will have to overcome unique challenges before opening its car doors to the public. In testing these vehicles now, Waymo is building a base of evidence to support its bid to operate in the UK. In recent years, however, the company has had to tackle some tricky PR hiccups, mainly related to safety – an issue that autonomous car companies often claim their tech will help improve, not hinder. Reports of serious issues, including cars ignoring red lights and veering into moving traffic, and killing dogs, sit alongside evidence of the technology helping to avoid potential freeway pile-ups, like a recent Waymo case study in LA shows. Serious issues continue to plague cars, and while they attract more media scrutiny than equivalent human-driver mishaps, public trust will remain strained until cases become far rarer. ®

Cisco's stock soared 17% after the company announced it will cut nearly 4,000 jobs as it shifts investment and staffing toward higher-growth AI opportunities. CNBC reports: CEO Chuck Robbins wrote in a blog post on Wednesday that the latest round of job cuts will begin on May 14. Cisco is the latest company to announce head count reductions tied to AI. "The companies that will win in the AI era will be those with focus, urgency, and the discipline to continuously shift investment toward the areas where demand and long-term value creation are strongest," Robbins said. "I'm confident Cisco will be one of those winners. This means making hard decisions -- about where we invest, how we're organized, and how our cost structure reflects the opportunity in front of us." Cisco said in a filing that severance and other costs will result in pre-tax charges of $1 billion, and that the company will recognize about $450 million of that in the fiscal fourth quarter. During the third quarter, Cisco announced switches and routers that use its next-generation processor. The company also debuted a leaderboard for ranking generative AI models based on their robustness against cybersecurity attacks.

Read more of this story at Slashdot.

The UK’s Competition and Markets Authority (CMA) is taking a closer look at Microsoft’s business software empire, launching a strategic market status investigation into the company’s ecosystem. The probe, which is the fourth since the UK's digital markets competition regime came into force last year, will determine whether Microsoft should be designated as having strategic market status, which would allow the CMA to implement interventions to support competition. In March, the CMA announced that the investigation was coming. The regulator was concerned that Microsoft's software licensing practices were reducing competition in the cloud. In today's announcement, the CMA said it had "heard that UK customers may not always be able to effectively combine software from Microsoft with that of other providers, limiting their ability to get access to the best products at the most competitive prices." Microsoft is no stranger to regulatory friction. In 2025, it described calls from AWS and Google for the UK competition regulator to "intervene and constrain the price" it charges customers to run wares on those rivals' cloud plaforms as "extraordinary and unprecedented." Two year prior, Google branded Microsoft's cloud software licensing a "tax" paid by customers as a penalty for not running Microsoft software on Azure infrastructure. It claims that Microsoft charges up to four times more, for example, to run Windows Server on GCP. AWS has previously moaned about this too. As well as assessing whether Microsoft is using its position to limit customer choice, the CMA investigation "includes looking at how AI competitors are able to integrate with Microsoft's business software, giving customers access to AI software across suppliers to best suit their needs." Microsoft is pushing Copilot AI into as many Microsoft 365 subscriptions as it can, even creating a new tier, E7, aimed specifically at AI services. In a statement, Nicky Stewart, senior advisor to the Open Cloud Coalition - a trade association Microsoft previously dismissed as a Google lobby group - said: "This investigation needs to be both rapid and conclusive. It must address Microsoft's unfair licensing practices once and for all, giving the UK cloud market a level playing field and the confidence to innovate and invest for the long term." Reg readers should not expect results anytime soon. It took 21 months for the CMA to publish the results of an investigation into the UK cloud services market, in which it said Microsoft and AWS were using their dominance to harm UK cloud customers. It claimed Microsoft, for example, could have charged UK enterprise customers £500 million more annually to run its wares in AWS and Google clouds than they'd have paid to run them in Azure. A key concern from that investigation - whether Microsoft's software licensing practices were reducing competition in cloud services - has informed this one. This latest inquiry must be completed within nine months, and a decision on designating Microsoft with SMS is scheduled to be reached by February 2027. For its part, a Microsoft spokesperson told The Register, "We are committed to working quickly and constructively with the CMA to facilitate its review of the business software market." The investigation will be wide-ranging, encompassing productivity applications, operating systems, databases, and security software. Sarah Cardell, Chief Executive of the CMA, said, "Our aim is to understand how these markets are developing, Microsoft's position within them and to consider what, if any, targeted action may be needed to ensure UK organizations can benefit from choice, innovation and competitive prices." Authorities in the US, Europe, Brazil, South Africa and Japan are also closely monitoring Microsoft's licensing policies. ®

AI will be in the majority of premium smartphones and wearables within a few years - bad news for anyone who doesn't like or trust the overhyped pixie dust. Counterpoint Research forecasts that more than 80 percent of premium smartphones will have agentic AI capabilities by 2027, while a similar proportion of so-called wearable devices are on track to be AI-enabled by 2032. To some degree, this appears to be a push from the vendors, who see AI as a "premium" feature to justify the inflating price tag attached to devices. Counterpoint says that MediaTek became the first chipset maker to commercialize agentic AI capabilities via its Dimensity 9400 series, followed by Qualcomm with the Snapdragon 8 Elite Gen 5 and Snapdragon 8 Gen 5 platforms. This marked the start of a new smartphone technology cycle in which devices increasingly shifted from sporting AI assistants to boasting "autonomous, context-aware AI experiences," Counterpoint claims. It defines an agentic AI smartphone as one capable of running software agents that can understand context, plan actions, make decisions, and execute multi-step tasks on behalf of the user. This places more emphasis on memory bandwidth and sustained AI throughput rather than just having a neural processing unit (NPU) to boost processing, hence the appearance of newer silicon designed with agentic AI in mind. With the memory shortage pushing up the price of phones, the device makers also need something to convince buyers to part with more of their hard-earned cash. "We expect one in three smartphones sold in 2027 to have agentic AI capability, driven by both premium (>$600) and mid-high ($250-$600) price tier smartphones," says Counterpoint research vice president Peter Richardson. However, for premium devices, the figure is 80 percent or higher, and the bigger opportunity will open up when these features start reaching mid-tier smartphones at scale, the firm forecasts. Not everyone welcomes AI in their personal gadgets. One UK used device biz reported a slump in demand for pre-owned Samsung Galaxy phones since the firm started adding AI capabilities. The figure of 80 percent crops up again in wearables, where the proportion of AI-capable devices is projected to rise from 30 percent in 2025 to nearly 80 percent by 2032. This represents a trillion-dollar revenue opportunity for the vendors, Counterpoint believes. Wearables - smartwatches, health monitors and the like - increasingly execute inference workloads locally, with models trained in the cloud then deployed onto the device. This shifts latency-sensitive functions, such as continuous health monitoring, gesture recognition, and contextual awareness to the device itself while improving privacy by cutting back on sensitive biometric information sent to the cloud, according to Counterpoint. Smartwatches and wireless earbuds are forecast to remain the largest categories by unit volume through 2032, with the latter gaining AI-driven features such as real-time language translation, speaker identification, and personalized hearing adaptation. Counterpoint expects smart rings (no giggling at the back there) to be the fastest-growing segment. This is because constantly worn items can continuously track health signals including heart rate variability, sleep stages, and stress. Revenue from AI-enabled wearables is forecast to grow at an average of 21 percent annually between now and 2032. ®

Eleven years ago, a stoner bought some Bitcoin, lit up, and entered a password that he soon forgot. Now, after searching for more than a decade, Claude AI has helped him figure out the credentials he needed to gain access to a crypto wallet containing currency that is now worth a whopping $400,000. The man, who retains an anonymous online profile only going by the alias “cprkrn,” vowed to name his progeny after Anthropic’s CEO Dario Amodei, all because the AI tool helped him regain access to an Obama-era wallet he thought was impenetrable. Armed only with an old mnemonic phrase, the man plugged it into Claude and told the AI to search his computer for ways he could use it to figure out the password that could regain access to the 5 Bitcoins he bought in 2015 at a Starbucks. He told web show MTSlive that he had two of the three passwords needed to open up the wallet, but couldn’t find the crucial third after changing it, and naturally later forgetting it, while he was high. He said he bought the tokens when the price for each was around $250. Altogether, his Bitcoin stash is now worth just shy of $400,000. After eight weeks working to crack the password, and after the man gave it access to his old computer used for college work, Claude found a wallet backup that the mnemonic phrase was able to decrypt. According to an overview of the mission, written by Claude, accessing the wallet backup gave the man access to the private keys required to access the Blockchain.com wallet. Looking at the wallet’s transaction history shows the funds lying dormant since April 2015, and then being transferred out on Wednesday. Previous attempts to regain access to the wallet involved brute forcing password strings, 3.5 trillion of them by Claude’s reckoning, all to no avail. He even traveled back to his parents’ house to retrieve college notebooks, manually entering "anything that looked like password or a seed phrase" he thought might help the AI crack or find the third password. The man ran Claude for eight weeks to realise he changed the password 11 years ago, while stoned, to “lol420fuckthePOLICE!*:)”. This is a stellar case study to highlight the value of complex passwords, if there ever was one. ®

A pull request with a Rust version of Anthropic’s Bun, a JavaScript toolkit and runtime originally written in Zig, has been merged to the main Bun repository. Thos comes just days after its author, Jared Sumner, said "there's a very high chance all this code gets thrown out." Sumner posted on X (formerly Twitter) five days ago that "99.8 percent of bun's pre-existing test suite passes on Linux x64f glibc in the rust rewrite," a clue that what was initially described as an experiment was likely to make it to production. Three days later, the Bun team released version 1.3.14, with Sumner stating that if the Rust rewrite was merged, "this would be the last version in Zig." Today that merge took place, adding more than one million lines of code. Sumner said it passes Bun's test suite on all platforms, fixes some memory leaks, and shrinks the binary size by between 3 and 8 MB. "Most importantly, we now have compiler-assisted tools for catching and preventing memory bugs, which have cost the team an enormous amount of development and debugging time over the years," he said in a comment. Performance is either neutral or faster, he said, though the codebase is "the same architecture, the same data structures." No async Rust is used. Bun users have hit memory leak issues when deploying it as a production runtime. According to Sumner, "Rust won’t catch all of these - leaks from holding references too long and anything that re-enters across the JS boundary are still on us. But a large percentage of that list is use-after-free, double-free, and forgot-to-free-on-error-path, and those become compile errors or automatic cleanup." A second pull request, removing upwards of 600,000 lines of Zig code, was automatically flagged by GitHub as "AI slop" and closed, but will presumably reappear in some form. The size of these commits makes them near-impossible for humans to review. "What a nice reviewable little commit. I'm sure it will not contain any bugs," said one comment on the Rust merge. Although the idea of the Rust port has been well received, the speed of the transition has taken the community by surprise. In normal circumstances, porting a major project so quickly would be risky, but this has been accomplished using AI tools. According to Sumner, it is "essentially the same codebase ported to Rust." Asked whether the Rust version would be maintained mainly by Anthropic’s Claude Code, Sumner said "this is already the status quo; we haven’t been typing code ourselves for many months now. Even pre-acquisition [by Anthropic] this was pretty much accurate." Sumner was formerly a strong Zig advocate, but Zig’s no-AI policy is at odds with the Bun team’s way of working, and recent versions of Bun use a Zig fork with contributions that cannot be merged upstream, and which Zig’s maintainers said would not be welcome regardless of the AI aspect. Version 1.3.14, the last one still to use Zig, adds a built-in image processing API for decoding, transforming and encoding images. It is designed as a drop-in replacement for the Sharp image processing library for Node.js. The new release also adds experimental support for the HTTP/3 (QUIC) protocol in Bun’s integrated server. The full release notes describe these and other new features. Is it possible to move this fast and not break things? Bun's migration from Zig to Rust will be watched with interest by AI advocates and sceptics alike. ®

The majority of Americans are now opposed to datacenters being built in their area, many strongly opposed, pointing to tough times ahead for site developers. A Gallup survey found more than 70 percent of respondents indicate they would be against the construction of an AI datacenter in their neighboorhood, with almost half (48 percent) saying they were strongly opposed. Only 27 percent were in favor. The polling shows how quickly AI server farms have become politically toxic in the US, not helped by stories about their effects on energy bills, slurping up water supplies, and creating air and noise pollution in their vicinity. To highlight this, Gallup found that more US residents are opposed to massive data halls than to having a nuclear power plant in their backyard: 53 percent of Americans oppose building a nuclear energy site nearby, compared with the 71 percent against datacenter construction. When it comes to the reasons for opposing AI campuses, half of all respondents cite the effect on resources, with excess water usage and potential power grid constraints topping the list. Concern about loss of farmland and nature was surprisingly low, with just 7 percent mentioning this, but it is possible the scores are higher in rural areas. Quality-of-life concerns such as increased traffic were put forward by nearly a quarter, while a fifth mentioned higher utility bills. Many were worried about AI specifically: that it would replace human workers, that they don't trust it, that it is moving too fast, and that the industry needs regulating. Perhaps the latter sentiment is why President Trump appears to have shifted his own position on the need for AI regulations. Conversely, those in favor of datacenters cite economic benefits, with 55 percent mentioning increased job opportunities, and 13 percent saying it is because of increased tax revenues. However, these people are perhaps laboring under some delusions, as datacenters generally deliver few long-term local jobs once they are operational, and far from increasing tax revenue, many benefit from generous tax subsidy schemes that are costing some individual US states upward of $1 billion in lost income each year. This being America in 2026, Gallup looked at how attitudes stack up depending on political affiliation. It found that Democrats, at 56 percent, are much more likely than Republicans to be strongly opposed to a server farm in their vicinity. But 39 percent of Republicans are also strongly opposed, while another 24 percent are somewhat averse to it, and only about a third are in favor. Gallup points out the contradiction: for AI usage to expand in the US, facilities that can handle the necessary computing power will have to be built. But most Americans appear to take a "not in my backyard" attitude to new bit barns, and that attitude has grown in strength. The Register noted this last year, when Emma Fryer, public policy director for datacenter operator CyrusOne, said: "People don't make a connection between the digital services they depend on every minute of every day of their lives and the fact that providing them every minute of every day of their lives requires industrial-scale infrastructure." She was speaking during a discussion of the industry's image problem at the Datacloud Global Congress event in Cannes, France. Garry Connolly, founder of Digital Infrastructure Ireland, told the same audience: "Most people are fucking scared of AI, like we're feeding a monster." Telling the public that all those massive datacenters are needed for AI is therefore not a winning argument. ®

Partner Content ZTE Corporation (0763.HK / 000063.SZ), a global leading provider of integrated information and communication technology solutions, has officially signed a Memorandum of Understanding (MoU) with PT Telkom Indonesia (Persero) Tbk to strengthen strategic cooperation in the development of digital solutions and infrastructure. The MoU marks a significant milestone in the long-standing partnership between ZTE and Telkom, reinforcing both parties' commitment to accelerating Indonesia's digital transformation through the deployment of advanced technologies, including cloud computing, artificial intelligence (AI), and next-generation connectivity. Through this collaboration, ZTE will leverage its global capabilities in digital infrastructure, AI-driven solutions, and integrated platforms to support Telkom in enhancing its digital ecosystem. The partnership is expected to accelerate innovation, strengthen service capabilities, and enable more scalable and secure digital solutions for enterprise and government sectors. Zhu Yang, Sales Director of ZTE Indonesia, stated, "We are honoured to strengthen our collaboration with Telkom Indonesia, a key digital ecosystem enabler in Southeast Asia. This partnership reflects our shared vision to build intelligent, efficient, and sustainable digital infrastructure. By combining ZTE's technological expertise with Telkom's strong market presence, we aim to unlock new value and support Indonesia's digital economy growth." From Telkom's perspective, this collaboration aligns with the company's broader transformation strategy to evolve beyond a traditional telecommunications operator into a digital infrastructure and platform-driven enterprise. Seno Soemadji, Director of Strategic Business Development & Portfolio PT Telkom Indonesia (Persero) Tbk, emphasized that strategic partnerships play a critical role in accelerating the company's long-term growth agenda. "This collaboration reflects our continued focus on strengthening digital infrastructure as a foundation for future growth. Moving forward, Telkom is committed to scaling its capabilities across data center, connectivity, and cloud-based platforms, while embedding AI as a core enabler to deliver more integrated and high-value solutions for our customers. Through partnerships like this, we aim to build a more resilient, secure, and competitive digital ecosystem in Indonesia and the region," he said. The cooperation also supports Telkom's ongoing efforts to sharpen its portfolio focus and enhance execution discipline, ensuring that each initiative contributes to sustainable value creation and long-term competitiveness. Looking ahead, ZTE and Telkom will explore various collaboration areas, including digital infrastructure development, enterprise solutions, AI-enabled services, and capability building, to support the evolving needs of Indonesia's digital economy. Contributed by ZTE.

Artemis III is currently targeted for late 2027, and NASA has shared some of its plans for the mission, though exactly how SpaceX and Blue Origin will participate remains unclear. The mission to low Earth orbit will be launched with a "spacer" rather than the Interim Cryogenic Propulsion Stage (ICPS) that would otherwise be used on lunar voyages to send the Orion capsule to the Moon. According to NASA, the crew will spend more time in the Orion capsule than the Artemis II astronauts to further test the spacecraft's life support system. NASA will also demonstrate the docking system alongside an upgraded heat shield. As for the lunar lander, NASA has remained tight-lipped, only saying that operations would be "informed by Blue Origin and SpaceX capabilities." However, the agency stated that astronauts could potentially enter "at least one lander test article." There might also be an opportunity to evaluate the interfaces of Axiom's AxEMU spacesuit. There could, in theory, be three launches during the Artemis III mission: one for Orion, atop the SLS (the core stage of which is in NASA's Vehicle Assembly Building), with separate launches for SpaceX's Starship human landing system pathfinder and Blue Origin's Blue Moon Mark 2 landing system pathfinder. Without an ICPS, the European-built Orion service module will provide propulsion to circularize the spacecraft's orbit. Artemis III was supposed to mark a crewed return to the lunar surface, but was changed earlier this year to be a test of commercial lunar lander technologies in low Earth orbit. Jeremy Parsons of NASA's Exploration Systems Development Mission Directorate called the development a "stepping stone" to a lunar landing, saying: "For the first time, NASA will coordinate a launch campaign involving multiple spacecraft integrating new capabilities into Artemis operations." Kind of. In 1965, NASA launched the first crewed flight of the Gemini program. Several stages in the program involved launching another spacecraft – the Agena target vehicle – followed by a crewed Gemini launch to demonstrate rendezvous and docking techniques. The final crewed flight, Gemini 12, was launched less than two hours after the Agena [PDF]. While NASA is unlikely to manage that sort of quick-fire launch cadence, the agency will also expect to avoid a repeat of the infamous Gemini 8 incident, in which a stuck thruster almost resulted in the loss of astronauts David Scott and Neil Armstrong. ®

A man police suspected of being the administrator of the former leading online drug bazaar Dream Market is facing charges in both his native Germany and the US following his arrest earlier this month. Prosecutors claim Owe Martin Andresen, 49, is the individual known by the “Speedstepper” alias, one of the few Dream Market admins identified by law enforcement in the 2019 attempts to shutter the platform. While other crime leaders on the platform have been convicted, it took the authorities years to identify their latest suspect, whom they believe was main admin of the website. Authorities said they tracked him down by monitoring crypto wallets, and tracking purchases of gold bars that the indictment claims were delivered to his home address. Other lower-level admins have long been convicted, including French national Gal Vallerius, who was sentenced to 20 years in prison a year after being arrested at Atlanta airport in 2017 on his way to attend the World Beard and Mustache Championships (yes, really). Andresen was arrested by German police on May 7 after the US indicted him in January, charging him with several counts of money laundering offenses. He faces similar charges in Germany. Authorities spent years gathering small pieces of evidence that eventually tied Andresen to Dream Market’s helm. After the platform shut down in 2019 amid mounting pressure from law enforcement, none of the suspected admins touched Dream’s infrastructure, including the operation’s known cryptocurrency wallets, which contained millions of dollars’ worth of tokens. Three years later, between November and December 2022, Andresen allegedly accessed these numerous wallets and transferred the contents into a single, consolidated one - a step only someone with access to Dream’s private key could carry out. Police believe this was Speedstepper. The next breadcrumb came almost a year later, when in August 2023, Andresen allegedly used an Atlanta-based cryptocurrency service provider to purchase gold bars from various international companies using the funds from the consolidated wallet. The indictment claims he had those gold bars shipped directly to his house in Germany, instead of choosing a more neutral, less compromising location. Between then and April 2025, German police believe they have identified several other money laundering schemes executed by Andresen, washing more than $2 million in the process. Upon his arrest on May 7, police searched Andresen’s residence “and two other locations,” at which officers found gold bars worth approximately $1.7 million, more than $23,000 in cash, as well as several bank accounts and crypto wallets containing roughly a combined $1.2 million. All of these proceeds are thought to stem from the funds generated by Dream Market and the various fees it charged for transactions and sellers to list their illicit wares. Dream Market operated between 2013 and 2019 and benefited greatly from the Alphabay and Hansa seizures, scooping up their users after playing second fiddle to both platforms for much of their respective reigns. According to US Attorney Theodore Hertzberg, at its peak, Dream had around 100,000 concurrent listings, most of which were for drugs. The US said the market was responsible for the trafficking of huge quantities of illegal narcotics, including more than 90kg of heroin, 450kg of cocaine, 25kg of crack cocaine, 45kg of methamphetamine, 13kg of oxycodone, and 36kg of fentanyl. “Andresen allegedly channeled commissions earned from selling illegal drugs, stolen personally identifiable information, counterfeit identification documents, and other items through cryptocurrency wallets and even converted his ill-gotten gains into gold bars,” said US Attorney Hertzberg. “Thanks to the close coordination between federal and German law enforcement, Andresen and his co-conspirators will no longer profit from the online sales of narcotics and fraud services, and Andresen will be prosecuted in both Germany and the United States as a result of his actions.” Andresen faces 12 federal charges - six counts each of international and domestic concealment money laundering - each carrying a maximum 20-year sentence. German authorities also charged Andresen with “several” counts of domestic money laundering, with each charge carrying a maximum five-year prison stint. ®

The UK government has confirmed plans for a Single Patient Record (SPR), a major overhaul of NHS health data management that could involve the service's controversial Palantir-run Federated Data Platform (FDP). In the King's Speech yesterday, the Labour government said it would push ahead with plans to introduce the NHS Modernisation Bill in the new Parliamentary year, which is set to include legislation for the introduction of the SPR. Previous governments have found their efforts to bring together electronic patient records held by family doctors, hospitals, and other specialist services beset by technical complexity, a mind-bending web of rules and roles, and some cultural intransigence. Nonetheless, the government said its plan for the SPR would allow the NHS to "bring together patients' health and social care records into one place to improve patient safety and experience." It said patients would be able to see their own health records securely on the NHS App. The plan is to roll out the service to those receiving maternity and frailty care by 2028, with wider implementation to follow. An impact statement for the policy, published in January, said costs would encompass product development, tech, and data integration including alignment with external vendors, delivery and administration such as business case development, engagement, clinical and system input, as well as commercial costs. "The broad scope of the SPR means it will require investment to ensure that staff such as paramedics and community pharmacists have the same access to their patients' data as those working in GP surgeries and hospitals," it said. "Depending on the approach to the SPR, in order to maximize its value, activities may need to include translating the medical terminology in care records into plain English so that they can be readily understood and used by the patient, and to digitize historic patient information." While the document says the SPR could support automated triage of patients, potentially reducing variation in the service, "there are risks to delivering the Single Patient Record due to the magnitude and complexity of the program and integration with legacy systems." The impact assessment said there was a risk of reliance on a single provider and "de-facto vendor-lock." "While many clinicians would support data sharing for the purposes of improving care, there may be a risk of clinical resistance to changes to data sharing if safeguards are perceived to be insufficient," the document said. Dr Emma Runswick, council deputy chair of doctors' union the BMA, said: "The NHS Modernisation Bill is a huge undertaking and doctors' and patients' past experience with large top-down reorganisations of the NHS have not always been a happy one. The announcement of a SPR is welcome, however it is crucial that GPs' voices are listened to in its implementation to ensure patient data remains safe and patient confidence is protected." Currently, GPs are official "controllers" of patient data under UK data protection law, although that may change with the introduction of the new SPR. NHS England is currently planning the SPR rollout. A meeting held by the soon-to-be-defunct quango last year "accepted that an appropriate data controller for SPR is necessary" and that change would require a review of the legislation. The minutes, obtained by campaign group medConfidential under the Freedom of Information Act, said: "Given SPR will be a multi-service record it would not be appropriate for GPs to act as the data controller. It was agreed that while the NHS will be the data controller/custodian, patients would expect to own their records: how this can be achieved requires further thought." In an official statement, BMA GP Committee England chair Dr Katie Bramall said: "GPC England has not been part of the discussions on what form the Single Patient Record will take, who will be granted access, the purposes for which it will be used, or which company will be contracted to operate it. "There are already existing mechanisms that allow those in secondary care to view the live GP record, and therefore, the Government needs to explain why an additional system is needed. Until the security of any data flows can be guaranteed, and full patient-facing audit trails are made available via the NHS App showing who has accessed confidential medical data and why, we remain concerned. "We also remind patients that they can exercise their right to opt out of secondary uses of their confidential medical data by visiting the NHS website." The NHS England Data and Digital Technology Committee also heard that the NHS was considering using existing electronic patient record (EPR) systems and/or a role for the controversial Federated Data Platform, run by US spy-tech firm Palantir, in building the SPR solution. Sam Smith, medConfidential coordinator, told The Register that the FDP/Palantir arrangement – which has been the focus of fierce criticism in Parliament recently – is likely to have a role either way. "Either there's going to be a new data store – which will be in Palantir – or there'll be infrastructure for bringing various APIs together, where you make a single call and you get back a summary of the patient's record. The system doing that will be the FDP. [NHS England] has not publicly decided what they're going to do, in practice. They'll probably do the API thing first, and if they don't get everything they wanted, they will eventually take a copy of the data." The government has backed its ambitions for NHS technology with a promised £10 billion in investment. But nationally led digital transformation in the NHS has failed in the past. The ambitious National Programme for IT (NPfIT), launched by the Blair Labour government in 2003, had a budget estimated at £12.7 billion ($17.2 billion). Although NPfIT introduced a number of new technologies, it fell short of introducing electronic health records throughout the NHS. The National Audit Office said it did not represent value for money, and in 2020 it warned there was a lack of systematic learning from past failures in NHS digital transformation. ®

An anonymous researcher known as Nightmare-Eclipse, who has already leaked several Windows zero-days this year, has disclosed two more: YellowKey and GreenPlasma. The Register reports: Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine. When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that BitLocker acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files. Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification." Despite the physical access requirement, Gavin Knapp, cyber threat intelligence principal lead at Bridewell, told The Register that YellowKey remains "a huge security problem for organizations using BitLocker." Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock. Nightmare-Eclipse hinted at YellowKey also acting as a backdoor, allegedly injected by Microsoft, although the people we spoke to said this was impossible to verify based on the information available. The researcher also published partial exploit code for GreenPlasma, rather than a fully formed proof of concept exploit (PoC). Ferguson noted attackers need to take the code provided by the researcher and figure out how to weaponize it themselves, which is no small task: in its current state it triggers a UAC consent prompt in default Windows configurations, meaning a silent exploit remains a work in progress. Knapp warned that these kinds of privilege escalation flaws are often used by attackers after they gain an initial foothold in a victim's system. "These elevation of privilege vulnerabilities are often weaponized during post-exploitation to enable threat actors to discover and harvest credentials and data, before moving laterally to other systems, prior to end goals such as data theft and/or ransomware deployment," he said. "Currently, there is no known mitigation for GreenPlasma. It will be important to patch when Microsoft addresses the issue." The other zero-days leaked include RedSun, a Windows Defender privilege escalation flaw; UnDefend, a Windows Defender denial-of-service bug; and BlueHammer, a separate Microsoft vulnerability tracked as CVE-2026-32201 that was patched in April. According to The Register, RedSun and UnDefend remained unfixed at the time of publication, and proof-of-concept code for the flaws was reportedly picked up quickly and abused in real-world attacks.

Read more of this story at Slashdot.

Linux admins hoping Dirty Frag was a one-off horror from the kernel networking stack are about to have a considerably worse week. Researchers at Wiz have published an analysis of "Fragnesia," a Linux kernel local privilege escalation flaw discovered by William Bowling of the V12 security team that allows unprivileged users to gain root by corrupting page cache memory. The bug, tracked as CVE-2026-46300, has public proof-of-concept exploit code documented by V12 on GitHub that demonstrates the vulnerability being used against /usr/bin/su to spawn a root shell. According to Google-owned Wiz, the flaw sits in the Linux kernel's XFRM subsystem, specifically ESP-in-TCP processing tied to IPsec support. By carefully triggering the bug, attackers can modify protected file data in memory without changing the original files stored on disk. Wiz describes Fragnesia as part of the broader "Dirty Frag" bug family rather than a completely separate class of issue. Dirty Frag itself only surfaced days ago and was already attracting attention thanks to public exploit code, incomplete patch coverage, and unusually reliable privilege escalation. According to researcher Hyunwoo Kim, who uncovered Dirty Frag, "Fragnesia" emerged as an unintended side effect of patches shipped to fix the original Dirty Frag vulnerabilities, adding yet another entry to the long tradition of security fixes accidentally creating new security problems. As The Register previously reported, Dirty Frag followed hot on the heels of Copy Fail, another Linux kernel privilege escalation flaw that abused page cache handling to overwrite supposedly read-only files. Historically, local Linux privilege escalation bugs had a reputation for being unreliable, crash-prone, or fiddly enough that attackers needed good timing and a fair bit of luck to pull them off cleanly. Fragnesia looks different, as Wiz and V12 both say the exploit avoids race conditions entirely, making it far more predictable than older Linux root exploits like Dirty COW. That makes the bug much more useful after an initial compromise. An attacker who gains access to a system through phishing, stolen credentials, or a vulnerable cloud workload suddenly has a cleaner path to full root access. The V12 proof-of-concept repository is already public, while Linux vendors have started pushing out advisories and mitigation guidance. AlmaLinux warned that all supported releases are affected and urged administrators to patch quickly or disable unused ESP-related functionality where possible. Similar advisories have also been issued by Amazon Linux, CloudLinux, Debian, Gentoo, Red Hat Enterprise Linux, SUSE, and Ubuntu as distributors scramble to assess exposure across supported kernel versions. Microsoft also urged organizations to patch quickly, noting that though it had not observed in-the-wild exploitation so far, Fragnesia "can modify any file readable by the user, including [/]etc[/]passwd." The Linux networking stack is starting to look less like infrastructure and more like a root exploit vending machine. ®