news aggregator

Microsoft has hired games analyst and investor Matthew Ball as Xbox's new chief strategy officer. With a long track record of analyzing the video game market and industry's biggest shifts, Ball's background could help Xbox rethink its hardware and console strategy at a moment when competition is tougher than ever. Engadget reports: Ball is a venture capitalist and tech industry consultant with a well-documented history of analyzing emerging digital economies and the video game market. He was most recently the CEO and founder of Epyllion, an advisory firm and digital production house that also runs a large-scale metaverse investment fund, and he publishes regular breakdowns of the industry's biggest players and trends, including an annual State of Gaming report. Ball is the author of The Metaverse, a book beloved by Tim Sweeney, Mark Zuckerberg, Karlie Kloss and, not awkwardly at all, former Xbox head Phil Spencer.

Read more of this story at Slashdot.

Flipper Devices has announced the Flipper One, an ARM-based Linux computer built around openness, though its price tag may give you pause. The computer is not a successor to the Flipper Zero, according to the manufacturer, despite the visual similarity. Whereas the Flipper Zero was more about hacking anything from NFC cards to infrared controls and RFID devices, the One is a full-fledged Linux computer. The device uses a Rockchip RK3576 as its main CPU, and a Raspberry Pi RP2350B microcontroller to take care of the on-device controls and the 256 x 144 grayscale screen. There is also a pair of USB-C ports (one to charge the device), a USB-A port, and a full-size HDMI connector. Rounding out the package are two Gigabit Ethernet ports, a MicroSD card slot, and a 3.5 mm audio jack. The device has 8 GB of LPDDR5 memory and 64 GB of internal storage. There's also Wi-Fi and Bluetooth. For users keen to expand the device, there is an M.2 port and GPIO connectors. The device's cost is tricky – the aim is $350 for the base configuration without the cellular module. However, considering the volatility of chip prices at the moment (and the relentless rise in memory costs), the final figure might be different. The first prototype arrived earlier this year, and the inevitable Kickstarter campaign is due at the end of the summer. The question is whether it is a worthwhile investment. The price elevates the device firmly out of the impulse purchase category, but its flexibility does have appeal. The HDMI port makes it a useful media box for connecting to televisions. It could also serve as a Linux workstation, and all the networking interfaces make the device a "multi-tool," as the company put it. Flipper Devices suggests use cases including VPN gateway, Ethernet sniffer, and USB Wi-Fi/Ethernet adapter. As if to emphasize the clear blue water between the Zero and the One, there is no NFC reader or RFID onboard – hopefully an M.2 peripheral will handle that, or users can fall back on a Zero. Flipper Devices plans to keep development running – the Zero and One are very different categories of device. Things get more interesting on the software front. Flipper Devices is aiming for full mainline Linux kernel support and has partnered with Collabora to bring the RK3576 SoC into the mainline kernel and give Flipper One full upstream support. "The current state of ARM Linux is depressing," it wrote. "Every vendor bolts on their own custom mess: closed boot blobs, vendor-specific patches, 'board support packages' that nobody outside the chip maker can really understand. "You can no longer just read the specs and understand how computers work – you can only learn the workarounds for one specific chip with one specific BSP. We're sick of this ourselves, and we don't want to be part of the problem by shipping yet another product that just adds to the mess." But first you have to ship it. Calling the Flipper One a "community-driven project," Flipper Devices added: "We've made the entire development process open – so you can see how things are built and even take part in shaping Flipper One's future." While the project has now been officially announced, prospective purchasers should keep in mind that there are no guarantees about what (if anything) will actually ship. And, of course, one should always exercise caution when backing Kickstarter projects. In the announcement, Flipper Devices boss Pavel Zhovner wrote: "There's a lot of uncertainty in this project, along with technical challenges and financial risks (like the current RAM chip crisis). "I don't know if we'll be able to do everything we've planned, but we'll give it everything we've got. Thank you all, and welcome to a new adventure." ®

An anonymous reader quotes a report from TechCrunch: OpenAI claims its new reasoning model has produced an original mathematical proof disproving a famous unsolved conjecture in geometry, which was first posed by Paul Erdos in 1946. If this sounds familiar to you, it's because this isn't the first time OpenAI has made such a bold claim. Seven months ago, the AI giant's former VP Kevin Weil posted on X: "GPT-5 found solutions to 10 (!) previously unsolved Erds problems and made progress on 11 others." It turns out, GPT-5 didn't actually solve those problems; it just found solutions that already existed in the literature. Taunts from rivals like Yann LeCun and Google DeepMind CEO Demis Hassabis followed, and Weil promptly took down his premature post. Today, at least, it seems OpenAI didn't make the same mistake twice. Alongside the announcement, the company published companion remarks (PDF) in support of the disproof from mathematicians like Noga Alon, Melanie Wood, and Thomas Bloom, who maintains the Erdos Problems website, and previously called Weil's post "a dramatic misrepresentation." [...] The proof, per OpenAI, came from a new general-purpose reasoning model, not a system specifically designed to solve math problems or even this problem in particular. OpenAI says this is significant because it means AI systems are now more capable of holding together long, difficult chains of reasoning and connecting ideas across fields in ways researchers may not have previously explored. That has implications for biology, physics, engineering, and medicine.

Read more of this story at Slashdot.

A "state of Web Dev AI" survey shows that nearly half of web developers worry AI will displace their jobs, with one stating "it will be devastating to our sector." The survey of 7,258 developers is the second on this topic to be conducted by Devographics, home of other surveys including State of JavaScript and State of CSS. There are big changes since the first in early 2025, when the majority of respondents used AI to create less than 25 percent of their code, whereas today 63 percent of devs use AI to generate more than half their code. Over a quarter of respondents (27 percent) use AI for 90 percent or more of their code. Code generation is the top AI use case, followed by code review, research, and debugging. The researchers gathered respondents from those who had completed previous surveys plus others contacted via social media, and state that the topic may have "biased the respondent set towards developers who do have an interest in AI." Regarding job security, a common view is that although developer skills remain relevant in an AI world, their bosses may be convinced otherwise and let them go. "AI companies can convince employers that AI can take my job, even if it can’t," said one. Another commented that they "already had to search for a new one, because my job as designer and frontend dev got cancelled for AI." There is concern over loss of skills as junior hires decrease. "Companies will rather spend the money on AI than train employees," one commented. The most used model provider is ChatGPT (88.4 percent), just ahead of Anthropic’s Claude (82.1 percent). When it comes to paid subscriptions though, Claude is the winner (69 percent), followed by ChatGPT (49 percent) and Google Gemini (32 percent). Despite increased usage, the respondents are by no means AI enthusiasts. Use of AI for image generation has fallen since last year, from 38 percent to 37 percent, and some respondents have ethical objections. "I do not use image generators on principle," said one, and another claimed "AI image generators are built entirely on stolen images." A general section on AI risks revealed a multitude of concerns: while job displacement topped the list, military use of AI, environmental impact, and AI slop takeover were not far behind. Security issues and rising costs were also areas of unease. The survey limited respondents to three top choices; many comments showed that they would have liked to pick more. From a technical perspective, the biggest issues cited were hallucination and inaccuracies (64 percent); poor code quality (53 percent) and lack of context (38 percent). It is a strangely mixed picture, with respondents expressing strong reservations about the overall impact of AI, while at the same time becoming dependent on it. 74 percent agreed AI tools are integral to their workflow, and 64 percent felt they were more productive thanks to AI. 88 percent feel the quality of AI tools has improved significantly year on year.®

AWS is pushing its European Sovereign Cloud, revealing some of the customers it has signed up to operate sensitive workloads on the platform and the continent's over how much sovereign control over data the Amazon subsidiary really offers. The service became generally available to European customers in January, amid growing alarm over the Trump administration’s open hostility to Europe and the continent's near-total dependence on US cloud platforms. AWS claims the European Sovereign Cloud represents a physically and logically separate cloud infrastructure, with all components located entirely within the EU. It started with just a single Region, located in the state of Brandenburg, Germany, but plans to extend its footprint across the EU. Organizations that have signed up for the service include University Hospital Essen, Schufa, a German credit information bureau, and smart energy and water meter biz Diehl Metering. Schufa has built a new credit scoring system that uses the AWS Cloud to hold the sensitive financial data of more than 69 million German consumers, while Diehl is operating services such as monitoring and billing for its public sector customers, helping critical infrastructure like waterworks and municipal utilities to manage water and energy data from a single centralized system. University Hospital Essen says it is using the platform for working with patient health data and also developing new AI technologies to improve patient care. “The AWS European Sovereign Cloud will support this mission by allowing us to work with health data at scale, while meeting German and European sovereignty expectations,” said Prof Jens Kleesiek, the hospital’s director of its Institute for Artificial Intelligence in Medicine, in a statement. There are, however, legitimate doubts about whether clouds operating under the aegis of any US company can really offer full sovereignty in Europe. Concerns often center on the US CLOUD Act, under which the authorities can compel any American organization to provide access to data they hold - including data stored outside the United States - subject to due legal process. An AWS spokesperson told The Register earlier this year that its European Sovereign Cloud includes multiple layers of protection – legal, operational, and technical – to safeguard data; that not even AWS employees can access customer data; and that it provides advanced encryption to allow customers to protect their content. A Microsoft executive was forced to admit under oath in a French Senate inquiry last year that it cannot guarantee data on French citizens would not be handed over to the American government if requested, and the same US legal rules – namely, the US Cloud Act – apply to AWS. “The AWS ESC is a fully isolated infrastructure with a separate legal entity in Germany. Although it does offer a certain level of legal insulation, it is still entirely owned by the US mother company. This is an important limitation to its immunity from the CLOUD Act and other US-led prescriptions,” said Forrester senior analyst Dario Maisto. Technology biz Thales unveiled on Thursday that it is launching its own European sovereign cloud service in Germany, working with Google Cloud. This is based on the model already used by S3NS, a Thales subsidiary, whereby Google Cloud software and services are operated on dedicated local infrastructure controlled by a local entity. In this case, Thales says it will be a new German entity, legally and operationally independent from Google Cloud, that will be staffed and managed by local German personnel. It is available in preview now and aims for general availability by the end of 2026. This new arrangement is perhaps because there are still doubts over whether the S3NS platform is entirely free from potential CLOUD Act interference. “The joint venture between Thales and Google - S3NS - offers (some) Google services on French sovereign infrastructure. The JV is owned for its vast majority by Thales, which is basically a French government-owned company. This legal configuration grants much better legal insulation and immunity from the CLOUD Act, although this is yet to be tested in court since Google still has a minority share,” Forrester's Maisto told The Register. The CLOUD Act worries have little to do with sovereignty in its strictest sense, he added, but rather with data privacy and data protection, which is regulated under the US-EU data privacy framework. Earlier this year, the European Commission awarded four contracts to Europe-based tech firms designed to advance cloud sovereignty in the EU, while spending on sovereign cloud infrastructure services is forecast to more than triple from 2025 to 2027. ®

The UK Post Office has awarded Accenture and OneView Commerce contracts worth £410 million to replace its troubled Horizon systems, which contributed to one of the most serious miscarriages of justice in British history. Accenture has won the bidding to replace incumbent supplier Fujitsu — which built the error-prone PoS and finance system starting from 1996 — on a so-called Walk In Take Over basis. It is set to stabilize services and upgrade software as it prepares for a complete business transformation and manages the migration to new SaaS. Its deal is worth £269 million for five years plus two optional single-year extensions, according to a procurement notice. The lesser-known OneView Commerce — a provider of retail and inventory management SaaS — has won the £141 million agreement to provide software to “transform [the Post Office's] retail technology platform to meet evolving business, operational, and customer requirements,” according to a tender notice. The system is set to be cloud-hosted, in an AWS or equivalent environment, and allows bespoke customization according to the Post Office's needs. It is expected to include ePOS, mobile services, customer engagement and insight, and self-service kiosks, among other features. The Post Office began rolling out the legacy Horizon IT system for accounting in 1999, along with two subsequent upgrades. From 1999 until 2015, around 736 subpostmasters were wrongfully prosecuted and convicted over errors resulting from the computer system, devastating lives in the process. A statutory inquiry into the mass miscarriage of justice launched in 2021 is ongoing. Its first report was published in July last year, finding that senior Post Office staff in the UK – and those working for suppliers Fujitsu and ICL – knew or should have known about the defects causing errors in the Horizon system. It also found that 13 lives were lost through suicide, most likely as a result of the Post Office prosecutions, in which Fujitsu assisted. In May 2025, the state-owned company gave up on its plan to build a replacement for Horizon in-house and launched the £410 million procurement process, which Accenture and OneView Commerce would win. Failed bidders included IBM and Escher Software, a provider of retail and ecommerce software. ®

A developer claims Google’s Gemini coding assistant deleted nearly 30,000 lines of working production code while making changes to a live application – the sort of productivity boost usually associated with ransomware. The now-viral Reddit post on the r/Bard subreddit details how Gemini 3.5 allegedly gutted large chunks of an application while working on a production codebase. According to the developer, the model broke core functionality, made sweeping unrelated changes, and left the system in bad enough shape that the changes ultimately had to be rolled back. The developer said Gemini repeatedly ignored instructions to preserve existing functionality while reorganizing the codebase. According to the post, Gemini opened a pull request touching 340 files that added roughly 400 lines of code while deleting 28,745 more. The developer claimed the model also removed unrelated e-commerce template assets and introduced a migration script that had nothing to do with the original request. The real damage allegedly came in a second commit, where Gemini modified Firebase routing settings and changed a rewrite service identifier to a value that looked correct but pointed traffic at a non-existent Cloud Run service instead. According to the developer, the mistake sent the entire production portal into 404 errors for 33 minutes. The thread quickly filled with developers sharing similar stories about AI coding tools going well off-script. One commenter described Gemini successfully solving several coding problems before deleting existing project files during its first commit after the user approved what they described as a flood of permission prompts. The result was a partially broken application and, as the commenter later summarized, “a disaster of a launch.” The wider comment thread was less sympathetic, as several users questioned why anyone was allowing AI coding agents anywhere near live production systems in the first place. One commenter wrote, subtly: “Why. WHY. WHY WHY WHY WHY WHY ARE YOU MORONS STILL RUNING [sic] AGENTS ON PROD?!??!!??!?!” According to OP, things reportedly became even messier after the rollback. The developer claimed Gemini generated a status message stating that production had been successfully restored and that traffic had been routed correctly, despite the referenced recovery build having been manually canceled. According to the post, the real fix came from a separate rollback deployment containing none of Gemini’s code. The post also alleges that Gemini generated fake “consultation” and post-mortem files inside the repository to make it appear the destructive changes had been properly reviewed and approved. According to the developer, Gemini later admitted that the consultation logs were entirely fabricated and generated solely to satisfy the project’s automated rule requirements. The behavior was ultimately traced back to a third-party npm package styled around Google’s Antigravity branding. The package allegedly seeded repositories with aggressive autonomy rules instructing the coding agent to avoid confirmation prompts, auto-deploy successful builds, automatically retry failed deployments, and even modify its own rule files when necessary. The incident lands amid a wider backlash against so-called “vibe coding,” the increasingly common practice of developers relying heavily on AI-generated production code while assuming the model understands the architecture better than it actually does. For now at least, the fastest thing about AI-assisted software development might still be the speed at which a perfectly functional production environment can be transformed into an outage report. ®

An 82-year-old grandmother who livestreams her Minecraft gameplay to raise money for her grandson's cancer treatment faced a potentially deadly swatting attempt this week. "Dozens" of armed police officers stormed the home of Sue Jacquot, known online as GrammaCrackers, on May 18 while she was sleeping. Officers were responding to a swatting threat – common hoaxes called in by viewers of livestreams. These incidents typically involve someone locating a streamer's home and calling the local police department, informing them of a bomb threat or similar, which often prompts a full-force response. While most swatting cases result in nothing more sinister than a few broken doors, some have led to serious injuries and fatalities. Jacquot, however, was just thrilled to experience being in the back of a police car for the first time and meet people she otherwise never would have had the swatting call not been made. "I was asleep, I was so asleep," said Jacquot, recounting the event. "I did not want to get up, and these policemen came in the door… the prettiest policewoman I've ever seen. The beautiful eyes. So sweet. But I think she could kick butt if she needed to. She was so sweet. And they walked me out, and I didn't know what was going on, but it was kind of fun. "And my kids and my grandkid, they were hugging me. You know, you can't get that much attention normally. I was getting all kinds of hugs. I was really eating it up. It was kind of fun. "And then I got to ride in the police car. I've never been in a police car before… and then it was all over. So I thought, well, I've got to go to bed. So, I took an ibuprofen and went to bed." According to Austin Self, Jacquot's grandson and brother of Jack, whose cancer treatment is being crowdfunded by his grandmother's livestreams, by the time he and other family members arrived at Jacquot's residence following the police raid, she had already gone back to sleep. Police officers and a fleet of SWAT vans remained outside at the time. By Self's reckoning, there were 20 police cars and five SWAT vans situated outside Jacquot's apartment. Both Self, of Queen Creek, Arizona, and Jacquot said the first responders treated the 82-year-old with great kindness, and were even asking for her signature. Officers who entered Jacquot's residence told her family that they were almost certain the call was a hoax, and as such did not use much force when entering her home via the garage. One male officer who entered Jacquot's apartment saw the livestreaming setup and from then on was so sure that the call was benign that he contemplated doing a little dance on camera, as the livestream was still running after the grandmother had gone to sleep, Self said. Unfazed, Jacquot restarted her livestream the following morning, traveled to the Nether, and harvested around 60 Nether warts to brew potions back at her Minecraft house. ®

Users of the Myspace93 parody web art site be warned: the dataset spilled after a reported breach in 2021 included the plaintext usernames and passwords of more than 46,000 registered users. The site's co-creator has blamed "trusted members" of a Windows93 Discord channel for the leakage. The figure of 46,000+ users is a recent estimate from HaveIBeenPwned (HIBP) - the web's go-to breach aggregator - which ingested the related data this week, more than five years after the January 2021 attack. In addition to the clear-as-day passwords and usernames, HIBP said email addresses and IP addresses were also among the exposed data. Myspace93 is an offshoot of the Windows93 project. They’re both websites that spoof the old social media network and operating system respectively, allowing users to experience them now that they’re long gone. Its co-creator, who only goes by the alias jankenpopp, or Janken, penned a note to the website’s users following the attack. Dated July 4, 2021, Janken explained that the breach came about after they shared a beta app with trusted members of the Windows93 Discord channel. According to Janken, those members betrayed the co-creator and used their access to the beta application to steal server files and gain access to an unencrypted credential store. “None of them alerted me immediately to what was going on,” Janken wrote. “On the contrary, they created a program to download our entire server, and it was only a week later that another honest user alerted me to the fact that these people were bragging about having the Myspace passwords. “They didn't want to tell me the truth, and it took me two days to get a confession from them: not only had they downloaded all the source files of Windows93 behind my back, but also the unencrypted file containing the passwords of more than 45k Myspace users. The group had also shared a download tool - along with instructions for using it - in their chat, and had posted numerous stolen files (unrelated to Myspace) across multiple platforms, said Janken. “I removed the .smash app from the server and called them to order. They whimpered and promised me on their honor to delete all the stuff and that things would not go any further. I believed them because at the time we were very close, we talked every day, and they regularly helped me to manage the community, to fix bugs, sometimes to code new features for Windows93 or to make the services more secure. I really trusted them back in the day and considered them part of my team. I blame myself for being so naive.” The MySpace93 website is still up and running for anyone who wants to revel in a little noughties internet nostalgia, but the ability to register an account and use the site as a social network is closed. Affected users should make sure they watch out for any reused passwords on other sites and switch on 2FA where they can. Janken said they had closed all the social network-related services across all the Windows93 offshoots as a result of the findings. ®

Vivaldi's eponymous browser has reached version 8, with a major revamp of the user interface. The company refers to the redesign as "Unified" and describes it as "a rethinking of how the Vivaldi interface works as a system." Where before the browser's core elements – tabs, toolbars, panels, and content – existed as separate layers, everything is now one single continuous surface. It's easy on the eye, though you can switch back to the previous design. The company has added several default themes and has a vast library of community-generated themes available. There are also layouts that can be selected during onboarding or in settings. These range from minimalist to fully loaded setups packed with Vivaldi's familiar controls and settings. Don’t come looking for a list of new features, though. Vivaldi has loaded up the browser with gizmos over the years, and the redesign highlights some of those. A recent example is the auto-hide feature, which removes browser fluff to show more content. The company wrote: "While the rest of the browser industry has spent recent years racing to force artificial intelligence between people and the web, Vivaldi has taken a different path, adding tools that give users more power to explore the web and decide for themselves. "One big, crazy strategy: putting the users first." That's not to say Vivaldi is AI-free, though CEO Jon von Tetzchner was less than complimentary about many of its applications in a January Register interview. The browser uses AI for translation, for example, but the company has not slathered the technology across the product in the way some rivals have. Microsoft's Edge, also a Chromium browser, recently received updates that removed Copilot Mode in favor of more built-in Copilot features. The assistant can look across multiple tabs, surface key details, and reason based on browsing history and past chats. Bruce Lawson, self-described Regulator Botherer at Vivaldi, told The Register: "Microsoft retiring Copilot Mode isn't a retreat, it's an escalation. They're not removing the AI, they're embedding it into the browser so deeply that it's everywhere, all the time, with no off switch. That's not a feature. That's a takeover. "Our stance is clear: when you outsource exploration to an artificial agent, you're not browsing anymore, you're being browsed." ®

Cisco has disclosed yet another perfect 10 vulnerability, this time warning that unauthenticated attackers could gain Site Admin privileges in its Secure Workload platform simply by sending crafted API requests to vulnerable systems. The bug, tracked as CVE-2026-20223, earned the full 10.0 CVSS treatment and affects Cisco Secure Workload Cluster Software in both SaaS and on-prem environments. According to Cisco's barebones advisory, the issue boils down to weak validation and authentication checks in internal REST API endpoints. In practical terms, that means attackers don't require credentials, user interaction, or any significant effort to exploit the bug. Cisco said a successful attack could allow remote attackers to "read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user." Cross-tenant bugs tend to make cloud customers especially twitchy because they undermine one of the core assumptions of multi-tenant infrastructure: namely that somebody else's compromise is not supposed to become your problem. Cisco noted that the flaw affects internal REST APIs rather than the platform's web management interface, although that distinction is unlikely to bring much comfort to admins staring at a 10.0 severity score. The networking giant said there are currently no workarounds, and customers must install fixed releases to fully remediate the issue. Cisco Secure Workload 3.10 is fixed in version 3.10.8.3, while 4.0 is fixed in 4.0.3.17. Customers running version 3.9 or earlier are being told to migrate to a supported fixed release. Cisco added that its cloud-hosted SaaS deployments have already been patched and require no customer action. Cisco said it is not aware of active exploitation and that the flaw was discovered during internal security testing, though vulnerabilities carrying a 10.0 score and requiring no authentication rarely stay quiet for long. The bug lands less than a week after Cisco disclosed another maximum severity flaw affecting SD-WAN systems that could allow attackers to grant themselves administrator privileges, continuing what is becoming an increasingly awkward run of top-scoring Cisco security advisories. The company has spent much of the past year disclosing one 9.8-plus infrastructure flaw after another across products spanning firewalls, management platforms, identity systems, and enterprise networking gear. At this point, Cisco seems to be treating 10.0 CVSS scores as a recurring feature rather than a special occasion. ®

SpaceX has revealed its financials for the first time as it prepares for a potentially massive IPO. The New York Times reports: SpaceX's revenue soared to $18.7 billion in 2025, up 33 percent from a year earlier, the company disclosed in a filing required of firms that are seeking to go public. In the first three months of this year, revenue rose to $4.7 billion from $4.1 billion in the same period a year ago. But the company lost more than $4.9 billion last year, compared with a $791 million profit in 2024, as capital expenditures nearly doubled to $20.7 billion from heavy spending on artificial intelligence development. In the first three months of this year, SpaceX lost almost as much money as all of 2025, recording a $4.3 billion loss.

Read more of this story at Slashdot.

Apple has previewed a new batch of accessibility features coming later this year, with Apple Intelligence being used to improve Voice Control, VoiceOver, Magnifier and generated subtitles across its devices. The announcement came ahead of Global Accessibility Awareness Day, which falls today as we publish this article, on Thursday, May 21, and is the annual moment when technology companies often set out new work on digital access and inclusion. The most interesting change for anyone who relies on hands-free access is an update to Voice Control. Apple says users will be able to describe onscreen controls in more natural language, rather than having to remember exact labels, overlays, or rigid commands. Examples given by Apple include phrases such as “tap the guide about best restaurants” or “tap the purple folder.” The company also says the feature could help when app controls are not labelled properly for accessibility. That may sound like a small change, but for disabled people who use voice as their main way of operating an iPhone or iPad, it could make a real difference. Voice Control is already one of Apple’s most important accessibility tools, but it can still be brittle. If the wording does not match what the system expects, the command can fail. A more flexible “say what you see” approach could make voice navigation feel less like issuing machine instructions and more like asking for what you want. Apple says Voice Control powered by Apple Intelligence will be available in English in the UK, US, Canada and Australia later this year. However, Apple’s announcement specifically describes the new natural language navigation as helping people navigate iPhone and iPad by voice, with no clear mention of Mac support for this particular Voice Control update. That absence is important. For many people who rely on Voice Control, the Mac is not a secondary device. It is where longer writing, work, email and publishing happen. If natural language Voice Control launches first on iPhone and iPad only, Mac users may still be left waiting for the AI-assisted voice access that would help most with daily work. VoiceOver, Magnifier and generated subtitles get Apple Intelligence treatment Apple is also using Apple Intelligence to improve visual description tools. VoiceOver’s Image Explorer will provide more detailed descriptions of images, including photos, scanned documents and other visual content. Apple also says users will be able to ask follow-up questions about what appears in the iPhone camera viewfinder. Magnifier will gain similar AI-powered description features, along with spoken controls such as “zoom in” and “turn on flashlight.” There is a new generated subtitles feature for videos that do not already include captions. Apple says this will use on-device speech recognition and work across iPhone, iPad, Mac, Apple TV, and Apple Vision Pro. For deaf and hard-of-hearing people, that could be useful. It may also help anyone dealing with personal videos, shared clips or online content where captions are missing. However, generated subtitles will initially be limited to English in the US and Canada. Vision Pro moves into wheelchair control One of the more striking announcements is a new Apple Vision Pro feature that will allow compatible power wheelchair drive systems to be controlled with eye tracking. Apple says the feature will support Tolt and LUCI alternative drive systems in the United States, using Bluetooth or a wired connection. For some powered wheelchair users who cannot operate a joystick, that could be valuable. Wheelchair control is not a niche issue for the people affected by it. It is about independence, safety and the basic ability to move through the world. But there are obvious practical questions here, starting with Vision Pro itself. As a full-time electric wheelchair user, I would not be seen dead driving down my high street wearing an Apple Vision Pro headset. It is bulky, heavy and visually conspicuous. More seriously, I would not want to see severely disabled people expected to wear one for long periods to control a wheelchair, especially when many already deal with fatigue, posture problems, respiratory weakness or limited head and neck strength. Cost is another barrier. Many disabled people live in poverty, and the Apple Vision Pro’s UK starting price of £3,499 (the Stateside starting price is slightly lower at $3,499 ) would put it out of reach for many. That would come on top of the cost of any compatible wheelchair drive system, support, setup, and maintenance. A feature can be technically impressive and still remain impractical if the hardware required is far too expensive. That does not make the announcement unimportant. It may be most interesting as a sign of where the technology could go next. I would look at this very differently if the same kind of eye-control system eventually arrived on more traditional Apple smart glasses: lightweight, socially acceptable and practical to wear for long periods. That is where the idea could become more useful for people who struggle to use a wheelchair joystick. Vision Pro may be the early test bed, but lightweight glasses could be the form factor that makes this kind of wheelchair control usable. For now, this looks like an early and specialist step. Wheelchair control is safety-critical, so it will need careful testing, strong safeguards and real-world feedback from disabled people before anyone can judge its value properly. I am glad Apple is looking at the issue. The current implementation may not be practical for many people, but the underlying idea deserves attention. Apple is moving in the direction some of us asked for Calls for a smarter Voice Control are not new. In 2023, I wrote for The Register that Apple needed to bring more AI into Voice Control, especially to improve dictation accuracy and support people with non-standard speech. At the time, I argued that Personal Voice showed Apple already had some of the underlying technology to understand an individual voice more deeply. The obvious question was whether that intelligence could be applied to recognition as well as voice generation. Apple now appears to be taking a step in that direction, but with navigation rather than dictation. That is still useful. Voice Control needs to become less rigid if it is to serve people who depend on it every day. But it leaves a larger issue unresolved. Apple still has a dictation gap to close The wider voice-accessibility picture is now complicated. Apps such as Aqua Voice have shown how good AI-powered dictation can be. For many people, these newer tools are far more accurate and natural than traditional built-in dictation systems. They are especially strong at turning spoken thoughts into clean text without the user having to micromanage every comma and correction. But dictation is only half the problem Apple’s Voice Control is still one of the few mainstream tools that can control the operating system itself by voice. It can open apps, tap buttons, select menus, scroll pages and move around the interface. Third-party AI dictation apps may be better at writing, but they do not have the same deep system access. That leaves disabled people in an odd place. The best dictation experience may come from one app, while the best hands-free control still comes from the operating system. For people who cannot easily touch a screen, keyboard or mouse, the ideal future is not choosing between accurate dictation and reliable control. It is having both work together. That is why this Voice Control update is worth watching. It suggests Apple is starting to apply newer AI methods to one of its most important accessibility tools. But the next step should be more ambitious: a system-level way for advanced dictation and accessibility controls to work together. Whether Apple builds this itself or opens up deeper accessibility APIs for trusted apps, the goal should be the same. Users should be able to dictate accurately, correct text, move around apps, press buttons, send messages and control the operating system without switching between separate voice tools. Call it Universal Accessibility Control, or simply the next generation of Voice Control. The name matters less than the result: one joined-up voice experience that combines accurate dictation, command recognition and hands-free navigation. For now, Apple appears to be improving navigation before it tackles the harder dictation problem. Reliability will decide it Apple’s announcement also includes larger text support on tvOS, expanded Name Recognition, new FaceTime APIs for sign language interpreter apps, Vehicle Motion Cues for Vision Pro, and wider support for adaptive gaming controllers. But the Voice Control update is likely to attract the most attention from people who rely on hands-free access. Apple has not announced a major Siri accessibility overhaul here. Nor has it announced major changes to Personal Voice, Vocal Shortcuts or atypical speech recognition in this particular update. The company also has not said whether it plans to make Apple Watch more accessible to disabled people with severe upper limb disabilities. Natural language Voice Control could be valuable if it works reliably. For disabled people, accessibility features are not just nice additions. They are often the difference between using a device independently and not using it at all. The announcement is encouraging, coinciding with Global Accessibility Awareness Day. But Apple should not stop at making Voice Control more conversational. The larger task is to treat dictation, correction and navigation as parts of the same workflow. The test comes later this year, when disabled people can try these features in daily life. The longer term question is whether Apple can turn this first AI step into a fuller model of hands-free computing. ®

Microsoft on Wednesday open-sourced two AI tools designed to help developers and security teams build and maintain safer AI agents. The first is called RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It’s a pytest framework for agentic AI applications built on Microsoft’s open‑source PyRIT toolkit that embeds automated red‑team tests into CI/CD pipelines. This allows developers to simulate real‑world attack scenarios - like prompt injection - and verify that agents stay within approved tool use, actions, and behavioral boundaries. It also supports statistical trials, meaning that teams can set policies such as “this action must be safe in at least 80 percent of runs,” to account for models’ probabilistic behavior. Plus, it allows red teams and incident responders to reproduce any AI security findings to ensure agents behave as intended - and that security mitigations work as they should. “It’s high time we stop talking about AI safety as a philosophy and start thinking about AI safety as an engineering discipline,” Ram Shankar Siva Kumar, Microsoft’s data cowboy and founder of its AI red team, told The Register. Microsoft has been using RAMPART internally, and while Kumar said he couldn’t provide specific details, he told us that a security researcher found an issue, and then the Redmond red team used RAMPART to test for the flaw across the agentic AI application. “RAMPART was able to take that one particular vector and find close to 100 different variants of that vector,” Kumar said. “And then we were able to use RAMPART to essentially go through this asset and see is this working, not just one time, not two times, but close to 300 times. We were also able to do in the context of multi-turn conversations.” The testing framework also allowed the developers to build mitigations into the product. “They were again able to use RAMPART to see if that remediation actually held water, not just against one vector, which the security researcher found, but multiple variations of those vectors,” Kumar explained. “This is empowering our incident responders and also our engineers.” The second AI tool that Microsoft open-sourced on Wednesday is an agent called Clarity, and it’s designed to serve as a “structured sounding board that helps teams figure out whether they are building the right thing before they write a single line of code,” according to a Wednesday blog that Kumar wrote about the two new tools. For example, say a developer wants to add real-time collaboration to a document editor. They tell Clarity this, and the agent responds with questions akin to what “experienced architects, product managers, and safety engineers would ask,” according to Microsoft. Clarity’s answers, as shown in a screenshot on GitHub: “Before we design that - what happens when two people edit the same paragraph at the same time? Do you need true real-time (cursors, presence), or is ‘no one loses work’ the actual requirement? Those lead to very different architectures.” The AI tool essentially aims to answer what problem the developer is trying to solve with an app, and what could possibly go wrong, and “talk” these issues out before the coding even begins. “It’s inherently collaborative,” Kumar said. “It helps the team take a step back, and say, ‘Hey, before we build this, are we going in the right direction? Because code is cheap. It takes a snap of a finger to generate a full system. Are we doing this in a way that makes sense?'” ®

Flagship tech projects such as the ID card scheme are at risk of failure unless the UK government changes its approach to legacy systems – which evidence shows is getting worse, a new think tank report claims. Re:State, a non-partisan policy unit focused on public service reform, says much of the government's ambitions for digital services and efficiency depend on "modern, interoperable systems." However, the problem of legacy systems is underestimated, it claims. "In Westminster the money doesn't get prioritized for tech, and so behind the scenes successive governments have neglected to fix many dangerously outdated systems, leaving a ticking time bomb for future generations to defuse," said Joe Hill, co-author of the report, director of Strategy at Re:State and former Treasury civil servant. Examples are not hard to find. They include problems migrating the Police National Database to the cloud, the scandalous data breach revealing the names of Afghan informants, and a creaking farm payments system. The problem lies in departmental control of legacy system remediation and the funding model for those projects. The Re:State report, From legacy to leadership [PDF], says that funding comes in two forms: crisis funding or maintenance funding. "Systems aren't transformed unless they fail in substantial ways. The result is that the gap between what systems can do and what services require widens each year. Departments fall behind with out-of-date technology stacks by relying on aging platforms that constrain service design, data use, and automation, which leaves them with ever more catch-up to play at a later date as operational urgency rises," it states. Much of the report relies on data from the State of Digital Government Review 2025, which found lost productivity from legacy IT cost 4-7 percent of annual public sector spending, holding back both productivity and public satisfaction. That review found the proportion of legacy systems in central government was around 28 percent. It ranged from 10 to 60 percent, depending on department, and had increased by 26 percent since 2023. Of those legacy systems, 22 percent were considered "red-rated," meaning they carried risks judged both highly likely and high impact. The proportion of red-rated systems had also increased. The scale of the problem and its embedded nature means that continuing with a department-led approach to tackling the legacy system problem won't work, the paper argues. Because there is little reward for prioritizing reduction in reliance on legacy systems, departmental leaders tend to focus on broader transformations, which come with more incentives and rewards. Budgeting is also a problem. Tech funding is awarded based on projects, rather than services, which makes underinvestment likely in two ways. "Firstly, because core operating costs of existing legacy technology have to constantly be reapproved as projects, making it easier to negotiate technology investment down in favour of other areas. And secondly, because it allows policymakers to plan additional investments in new technology like AI without thinking about investing in the underpinning services, which often have legacy IT components," the report adds. A new central government "Digital Modernization Taskforce" with a mandate to reduce systemic legacy risk and embed prevention, is one solution proposed. The report also proposes to tackle funding. "When central government investment is available for a particular kind of spending, such as legacy IT, interviewees for this paper felt that could disincentivise departments to make their own investments instead of 'waiting to see if [the Department for Science, Innovation and Technology] will fund the risk instead,'" the report states. "Instead, the Taskforce should adopt a 'match funding' model – using centrally allocated funding at the next Spending Review to match the amount that departments put into their own legacy IT transformation projects, in order to speed those up." The report has five other ideas for how the government can escape the deepening quagmire of legacy IT, including new approaches to procurement and supplier management. Welcome they might be, but with the government seemingly fixated on headline-grabbing announcements, only an optimist would expect to see them in action. ®

The UK government has upped the maximum value of a health service AI framework agreement by £600 million following a conversation with tech suppliers. The National Health Service's Shared Business Services (NHS SBS), a purchasing quango under the Department for Health and Social Care, recently launched a competition for places on a framework for NHS AI and robotics worth a maximum of £750 million excluding tax. Back in January 2025, the same procurement was priced at a maximum of £150 million, excluding tax, in an early market engagement with suppliers. An NHS SBS spokesperson said: “As with all our framework agreements, we conducted an extensive intelligence gathering exercise whilst bringing this framework to market. During this, both suppliers and customers indicated that a higher threshold was appropriate, and this has been approved by NHS England, the Cabinet Office and the Department for Science, Innovation and Technology.” The competition seeks to attract suppliers offering a broad sweep of AI and robotics systems. A framework deal offers suppliers an indicative amount of spend in return for pre-agreed prices. NHS SBS can charge a levy on all deals agreed under the framework. The recent procurement note says the procurement recognizes “the transformative potential of AI in addressing current and emerging healthcare challenges, from improving diagnostic accuracy and clinical decision-making to streamlining operational processes.” The shopping list for AI tech is split into eight lots. They include Radiology and Diagnostic Imaging, where the authority calls for “AI-powered radiology tools, medical imaging diagnostic platforms, and integrated imaging software solutions designed to support clinical decision-making and image-based diagnostics.” Standing out from the list is Virtual and Robotic Health, a lot which “covers innovative solutions that are transforming the healthcare landscape by enhancing clinical capabilities, improving patient care, and driving operational efficiency.” The tender also seeks AI tech for operational efficiency. It wants “platforms designed to enable data capture, analytics, and workflow automation to drive operational efficiencies within NHS and public sector environments.” At face value, these may seem like reasonable aspirations, but it’s also worth pointing out that they don't fully reflect what capabilities the NHS is looking for through this procurement or how success or failure would be measured. Meanwhile, £750 million is a lot of money, especially considering NHS resident doctors – an early-career specialist training role – are still seeking pay restoration after a decline in earnings of around 21 percent in real terms since 2008. UK government as a whole has pegged its hopes on AI to help extract it from an especially painful fiscal hole. The promise of tech investment in the NHS is just one strand of a thread through a cross-public sector approach which could save the public sector £45 billion, the government claimed. Experts later told MPs the figure was based on broad-brush guesswork. UK taxpayers might hope the latest NHS spending vehicle is built on a more sturdy design. ®

5225961 UK Parliament’s Education Committee is advocating for a statutory ban on social media for under-16s, saying “addictive” platforms are harming their development, behavior, and mental health, sometimes leading to “truly horrific consequences.” Committee chair Helen Hayes, MP for Dulwich and West Norwood, said: “From bullying and misogyny to abuse and sexual exploitation, children and young people growing up today face a deluge of serious harms whenever they log on to social media. “The same platforms that connect them to their friends, or introduce them to new hobbies, are putting their mental health and wellbeing at risk.” As well as a ban, the committee also wants to see the government take action on the “addictive design elements” social media platforms incorporate into their products for under-18s, such as “infinite scrolling” content feeds, algorithmic promotion of posts, and auto-playing videos. Committee members say these features specifically lead to increased time spent in front of screens, sleep disruption, reduced attention, and behavior problems. Hayes said social media platforms are failing to take responsibility for the developmental issues to which their platforms’ designs are contributing. “In the most extreme cases, inaction can have truly horrific consequences,” she said. “Yet social media companies have not taken full responsibility for the behaviour on their platforms. “Based on the evidence my committee has received, I simply do not believe that companies who profit from interactions with children can be relied upon to self-regulate. “In schools, mobile phone use can distract children, increase the risk of behavioural problems, and ultimately undermine their education.” The Education Committee said that although it is officially calling for a ban, this should only be a “starting point,” a precursor to a far more robust regulatory framework that applies to gaming, hybrid platforms, messaging services, and AI platforms, in addition to social media. It communicated its position on child social media use to the UK government on Thursday in an official response to the consultation on the matter, shared with The Register ahead of publication. The consultation opened in March and sought views from industry experts and the wider public on whether an under-16 social media ban in the UK, similar to the one introduced by Australia last year, would be sufficiently valuable. It continues to run alongside a series of six-week trials involving 300 families, looking at how different social media restrictions affect teens’ daily lives. In its response to the consultation, the Education Committee’s report says the issues affecting the country’s children are “severe and systemic,” deliberately implemented by the tech companies behind the platforms to maximise engagement, despite being linked to myriad harms. It further argued the government should tackle the matter urgently, treating it in the same way it would any other pressing public health issue. Regulations should ensure platforms are built with a safety-by-design philosophy, and provide tech companies with clear instructions on how to prioritize safety in their products – all backed by punishments for non-compliance, MPs said. “Ministers must take action before it is too late,” Hayes added. “In our submission to the government’s consultation, the committee calls on the government to restrict addictive features, impose strict duties on social media companies, and treat child safety as a public health issue. “Anything less leaves children, parents, and schools forced to compensate for the unsafe digital worlds enabled by social media firms.” Ban fever Various countries around the world have announced their intention to ban social media use for children, although only Australia and Greece have formally approved legislation. Countries including France and India are in the advanced stages of imposing similar statutory measures, and even more across the world have committed to the same, although they differ widely in their legislative progress. Brazil, for example, has introduced laws that require under-16s to link their social media accounts to a legal guardian. The same efforts have limited key risk factors, such as infinite scrolling, too. Greece’s ban is expected to take effect in mid-2026, leaving Australia the only country in the world – for now – with a blanket social media ban for under-16s. Australia’s ban took effect in December 2025, although research published this week found limited efficacy. Academics investigating the ban found most under-16s experienced no change in their ability to access social media, although one in four reported significant limitations. They also found that the ban has had a material impact on the way in which young people consume news. To some degree, most teens and pre-teens use social media to expose themselves to current events, and the ban has led to a drop in news access and civic engagement as a result. ®

PWNED Welcome once again to PWNED, the column where security flubs are held up to the harsh, piercing red light of the vulture signal. This week’s sad story concerns a municipality that failed to perform basic account housekeeping and paid for it dearly. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. Our tale of tech missteps comes courtesy of Nicole Beckwith, who serves as the senior director for security engineering and operations at Cribl, an AI platform for telemetry. She used to work as a consultant, and at one point was hired to investigate breaches in an American city’s network. A threat actor took a “leisurely tour” of the city’s online resources and had started messing around with conference room projectors and other relatively harmless endpoints. Then they realized that they could change settings with the water utility where they switched many controls off, potentially endangering the water supply. When Beckwith investigated, she found that all of the mischief was performed by an account that belonged to “Greg from Auditing.” There was just one problem. Greg hadn’t worked for the city for many years. Unfortunately, even though Greg was no longer around, his account was, and it retained extensive privileges, including domain admin rights, SCADA (Supervisory Control and Data Acquisition) operator access, and even the ability to perform help desk functions. It’s unclear if someone from auditing ever needed this level of access, but a former employee definitely did not. It wasn't Greg himself who hacked the network. But he had used his work email address to sign up for various online accounts, some of which may have been exposed in previous data leaks. She speculates the hackers saw an email address with a .gov in it and decided to try their luck with the leaked password that went along with it, and that Greg likely used the same password for work that he did for these outside services. We have a few takeaways here. First, the people who ran IT security for the city should have both deleted Greg’s account when he left and done periodic audits to see who had access and whether they should still have it. Second, Greg should have kept his work credentials separate from third-party services like shopping and social media sites. And he should not have used the same password in multiple places. “The lesson, beyond the obvious 'please, for the love of all that is holy, audit your dormant accounts,' is that every forgotten user is an easy ticket to being on the 5 o’clock news,” Beckwith told The Register. “Quarterly access reviews should be mandatory because everyone seems to think when a user leaves, that is the end of it and someone surely terminated access, deprovisioned accounts, removed access to tools, mobile communications, email and other business critical systems, but sadly I’ve responded to way too many incidents like this one because of this simple control which is often overlooked." ®

NASA Administrator Jared Isaacman says he expects China to fly taikonauts around the moon in 2027, "ratcheting up perceptions of a space race between China and the United States," reports SpaceNews. He is using that prospect to argue for a revamped Artemis strategy and an accelerated path toward a U.S. lunar return. From the report: "The next time the world tunes in to watch astronauts fly around the moon, which will likely be sometime in 2027, they will be taikonauts, and America will no longer be the exclusive power to send humans into the lunar environment," he said. While Isaacman has frequently discussed a race with China to be the next to land humans on the moon, this was one of the first times he predicted a 2027 Chinese crewed circumlunar mission. He repeated the comments later in the day at an industry reception. China has not publicly announced plans for such a mission, which, as Isaacman described it, would likely be similar to NASA's Artemis 2 mission in April. There have been rumors of a mission along those lines, though, and an expectation of a roadmap of missions leading to a Chinese crewed landing by the end of the decade. So far, all the crewed missions to fly around, orbit or land on the moon have been flown by NASA: nine Apollo missions from 1968 to 1972 and Artemis 2. All the astronauts on those missions have been Americans except for Canadian Space Agency astronaut Jeremy Hansen on Artemis 2. Isaacman has used the threat that China could land astronauts on the moon before NASA returns there as a rationale for revamping the Artemis lunar exploration program. In February, he announced that Artemis 3, which was to be a lunar landing attempt in 2028, will instead be a test flight in low Earth orbit in 2027, followed by a landing on Artemis 4 in 2028. In March, he changed other elements of Artemis at the agency's Ignition event, including effectively canceling the lunar Gateway to focus resources instead on a lunar base, while calling for a much higher cadence of robotic lander missions.

Read more of this story at Slashdot.

The Open Compute Project plans to deliver more guidance to local governments on how excess heat from datacenters can benefit their communities. The project develops open-source and energy-efficient hardware for datacenter operators. Meta, Microsoft, and Google are all top-tier Platinum members, and are also all building datacenters as fast as they can, to house AI infrastructure. Those builds have become controversial. Residents in communities flagged as sites for new bit barns have protested the quantity of water and energy they will consume, their potential to drive up prices for both, and the noise they emit. Some may be aware that datacenters create urban heat islands. Protests about new datacenters have aleady turned violent. Governments have sometimes acknowledged concerns by implementing a moratorium on big builds, but on other occasions have indicated they might fast-track developments and brush aside red tape. Into that febrile environment strode David Gardiner, Otto Van Geet, Jaime Comella, and Bharath Ramakrishnan, all of whom have participated in the OCP’s heat reuse group, with a Wednesday post extolling the virtues of datacenters when local governments are smart enough to tap excess heat that bit barns produce. “Reusing datacenter waste heat presents a significant opportunity to provide carbon-free heating across a wide array of sectors, delivering substantial environmental, economic, and social benefits,” the post states. They’re right. El Reg has reported on heat reuse helping to heat homes and grow vegetables. A swimming pool used during the Paris Olympics relied on heat from a nearby Equinix datacenter to keep its waters warm. The OCP post laments the fact that local governments lack awareness about how they can tap excess datacenter heat. The authors also point to “a lack of connections between datacenters and nearby heat users [and] supranational, national, and sub-national policy to incentivize these projects,” and suggest that smart local governments will make heat reuse a requirement before greenlighting datacenter builds. The post also, however, admits cost justification of datacenter heat reuse projects can be a challenge. The heat reuse group’s Wiki includes form letters and other material it hopes activists will send to regulators to encourage them to consider use of heat recovery systems. Providing that sort of material is a very common lobbying tactic. That OCP feels a need to highlight the availability of the resources at a time its members face opposition to their datacenter building plans is therefore more remarkable than the advice itself. ®