news aggregator

An anonymous reader quotes a report from the Guardian: Walking into Mexico City's sprawling central Zocalo is a dizzying experience. At one end of the plaza, the capital's cathedral, with its soaring spires, slumps in one direction. An attached church, known as the Metropolitan Sanctuary, tilts in the other. The nearby National Palace also seems off-kilter. The teetering of many of the capital's historic buildings is the most visible sign of a phenomenon that has been ongoing for more than a century: Mexico City is sinking at an alarming rate. Now, the metropolis's descent is being tracked in real time thanks to one of the most powerful radar systems ever launched into space. Known as Nisar, the satellite can detect minute changes in Earth's surface, even through thick vegetation or cloud cover. "Nisar takes radar imaging observations of Earth to the next level," said Marin Govorcin, a scientist at Nasa's jet propulsion laboratory. "Nisar will see any change big or small that happens on Earth from week to week. No other imaging mission can claim this." Though not the first time that Mexico City's sinking has been observed from space, the Nisar mission has provided a greater sense of how far the sinking spreads and how it changes across different types of land than any other space-based sensor. It has also been able to penetrate areas on the outskirts of the city that were previously challenging to study because of the complex terrain. The implications of the imagery extend far beyond the Mexican capital. "This study of Mexico City speaks to the realm of possibilities that will open up thanks to the Nisar system," said Dario Solano-Rojas, an engineer at the National Autonomous University of Mexico (Unam). "And not just for sinking cities but also for studying volcanoes, for studying the deformation associated with earthquakes, for studying landslides." According to Nasa, the technology is also capable of monitoring the climate crisis, glacier sliding, agricultural productivity, soil moisture, forestry, coastal flooding and more. The Nisar system found that some parts of the city are dropping by more than 2cm a month. "First documented in 1925, the city's sinking is a result of centuries of exploitation of the groundwater," the report says. "Because Mexico City and its surrounds were built on an ancient lake bed, the soil beneath the city is extremely soft. When water is pumped out of the aquifer below, this clay-like earth compacts, resulting in a city that is quietly sinking." The crisis is also self-reinforcing: as the city sinks, aging pipes crack and leak, causing Mexico City to lose an estimated 40% of its water, even as drought and climate change make supplies more fragile.

Read more of this story at Slashdot.

This week was the best of times for Akamai and the worst of times for Cloudflare. On the same evening, content delivery network mainstay Cloudflare announced it was cutting about a fifth of its staff in a realignment around AI, its competitor Akamai announced a seven-year, $1.8 billion deal with a leading LLM provider that Bloomberg identified as Anthropic. Akamai CEO Tom Leighton said this was the largest deal in the company’s history and that it came after another large, unidentified frontier-model developer signed a $200 million deal last quarter. “These leaders in AI have chosen Akamai because their AI workloads need the scale, performance and reliability that our cloud platform provides,” he said during the company’s first quarter earnings call on Thursday. Akamai, which has 4,300 locations in 700 cities across 130 countries, won the deal against stiff competition from hyperscalers and neoclouds. He said Akamai’s ability to manage and scale complex distributed systems, as well as its low latency, tipped the scales in its favor. Given the supply chain constraints in datacenter space, especially as it relates to memory costs and the infrastructure needed inside of large datacenter buildouts, one analyst asked if Akamai planned any increase to its capital expenditures this year to pay for it. Akamai executive vice president and CFO Ed McGowan said that was not likely. “We’ve been able to get the supply chain ready. We anticipate receiving all the goods that we need to deliver this services over the next seven years within the next 12 months,” he said. “Now there’s always potential for slippage and delays, but we have mechanisms in our contracts to deal with, if, in say six months from now, prices were to go up. So we’ve taken that into consideration.” McGowan said it is a consumption-based contract over seven years, so as soon as Akamai ramps the necessary capacity, it will start taking revenue, which he expects to begin happening later this year. Winning this deal and ones like it has been Akamai’s goal in the AI era, Leighton said. “This has been the strategy all along. So we’re very pleased to be executing against it,” he said. “The goal has been to be deploying a distributed inference platform, distributed compute platform that would be desired by enterprises across the spectrum … The platform is to a point where we can do that, and I think you'll see more of this going forward.” On the same day, across the country, Cloudflare was spelling out the bad news to its employees that it planned to cut the workforce by 1,100, roughly 20 percent. Cloudflare co-founders Matthew Prince and Michelle Zatlyn said it was not about cutting costs, but about building a company that meets the AI moment. “We have to be intentional in how we architect our company for the agentic AI era in order to supercharge the value we deliver to our customers and to honor our mission to help build a better Internet for everyone, everywhere,” they wrote in a blog post. Cloudflare’s revenues grew 34 percent year over year to reach $639.8 million in the first quarter. It posted a net loss of $22.9 million. It expects to pay up to $150 million in severance and benefit payments related to the layoffs. While Akamai’s stock price surged 26 percent on Friday, Cloudflare dropped 23 percent. With a market cap of over $69 billion, Cloudflare still has more than three times Akamai’s market cap. ®

Longtime Slashdot reader cellocgw writes: Hiding inside another layoff report, Fidelity is reorganizing: "The changes are aimed at moving the teams away from an 'agile' makeup -- comprising smaller, siloed squads -- and toward larger teams built to move faster on projects." OMG, as they say: "Sudden outbreak of common sense." According to the Boston Globe, Fidelity is cutting about 1,000 jobs even as it plans to hire roughly 5,300 new workers, many of them early-career engineers. Half of the 3,300 new workers hired this year "will be in tech or product-related roles," the report says, noting that "about 2,000 of those jobs are currently open, and 400 of them are in tech/product-delivery." "The company also plans to add almost 2,000 new early-career workers, with the goal of making the tech and product-delivery teams more hands-on. In all, that means roughly 5,300 new jobs in the pipeline for Fidelity." The company says AI isn't driving the shift; as cellocgw noted, it's about moving toward larger teams that Fidelity says can move faster on priority projects. The financial services firm also reported a strong 2025 under CEO Abigail Johnson, with managed assets rising 19% from 2024 to $7.1 trillion and revenue climbing 15% to $37.7 billion. "Throughout the company's history, our investments in technology have fueled our growth and customer service capabilities," Johnson wrote in a letter (PDF) included in the company's annual report. "We will continue to prioritize technology initiatives that help us advance digital capabilities, simplify our technology ecosystem, and protect the firm and our customers."

Read more of this story at Slashdot.

BrianFagioli writes: Micron says it is now shipping the world's highest-capacity commercially available SSD, and the numbers are honestly hard to wrap your head around. The new Micron 6600 ION packs 245TB into a single drive and is aimed squarely at AI infrastructure, hyperscalers, and cloud providers dealing with exploding data growth. According to the company, the SSD can reduce rack counts by 82 percent compared to HDD deployments offering similar raw capacity, while also cutting power usage and cooling requirements. Micron says the drive tops out at roughly 30W, which it claims is about half the power draw of comparable hard drive setups. The announcement also feels like another warning sign for spinning disks in the enterprise. Hard drives still dominate bulk storage because of lower cost per terabyte, but SSD capacities keep climbing into territory that used to belong exclusively to HDDs. Micron is also touting major performance gains, claiming up to 84 times better energy efficiency for AI workloads and dramatically lower latency versus HDD-based systems. While nobody is dropping one of these into a home NAS anytime soon, the idea of a quarter petabyte on a single SSD no longer sounds like science fiction.

Read more of this story at Slashdot.

It's getting more expensive to use the latest models. OpenAI last month bumped the version number of its GPT model family to 5.5, and per-token prices rose too, in some cases doubling compared to its predecessor. For 1 million tokens, GPT-5.5 is priced at $5 (input), $0.50 (cached input), and $30 (output). Its predecessor GPT-5.4 charges $2.50 (input), $0.25 (cached input), and $15 (output) per 1 million tokens. The AI biz claims that the cost increase is offset to some extent by token processing efficiency – delivering better results using fewer tokens. "While GPT‑5.5 is priced higher than GPT‑5.4, it is both more intelligent and much more token efficient," the company said during the rollout. But the cost is still going up, more than efficiency improvements are reducing costs. According to an analysis conducted by OpenRouter, GPT-5.5 is anywhere from 50 percent more expensive to nearly twice as expensive, depending on prompt length. "Our analysis shows that GPT-5.5 actual costs increased 49 percent to 92 percent," OpenRouter said. "Longer prompts, over 10k tokens, saw costs offset by shorter completions. Shorter prompts, under 10k, experience a higher cost increase where completions did not get shorter." That range – 49 percent to 92 percent – factors in the model's token efficiency improvements, which are more relevant for longer prompts. According to OpenRouter's measurements, GPT-5.5 generates between 19 percent and 34 percent fewer completion tokens for longer prompts (10,000 tokens and up). If reports of OpenAI's projected $14 billion loss in 2026 prove accurate, costs will have to rise much more to balance its insistent spending. But this is a problem also faced by rival Anthropic, set to lose a reported $11 billion in 2026. Anthropic's Claude Opus 4.7 arrived without a visible list price change amid claims about an improved tokenizer. The result, according to OpenRouter, is potential savings for shorter prompts but larger bills for longer ones. "Our study of real Opus 4.7 usage shows that actual costs increased 12–27 percent for prompts above 2K tokens when cache absorption is taken into account," the biz said. "Short prompts under 2K were the exception, where significantly shorter completions offset the tokenizer overhead entirely." Expect further price increases for premium models. ®

mrspoonsi shares a report: Dirty Frag is a vulnerability class, first discovered and reported by Hyunwoo Kim (@v4bel), that can obtain root privileges on major Linux distributions by chaining the xfrm-ESP Page-Cache Write vulnerability and the RxRPC Page-Cache Write vulnerability. Dirty Frag extends the bug class to which Dirty Pipe and Copy Fail belong. Because it is a deterministic logic bug that does not depend on a timing window, no race condition is required, the kernel does not panic when the exploit fails, and the success rate is very high. Because the embargo has been broken, no patch or CVE currently exists. "As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions, and it chains two separate vulnerabilities," Kim said. Detailed technical information can be found here. BleepingComputer notes that the two vulnerabilities chained by Dirty Frag are "now tracked under the following CVE IDs: the xfrm-ESP one was assigned CVE-2026-43284, and the RxRPC isye is now CVE-2026-43500."

Read more of this story at Slashdot.

OPINION Twice this week we've been told by our would-be tech oligarchs that people are being paid to hate them. Alex Karp said 10 percent of the world professionally hates Palantir and Kevin O’Leary said paid agitators were protesting his Utah data center. This is the familiar language we hear in politics when someone needs a ready scapegoat to explain away unpopularity. We should pay attention to this argument as it transfers from politics to technology, because it is revealing the alleged victims' intent. They have done, and are going to do, some very unpopular things and, when people push back, those complaints need to be quickly marginalized. Just like in a mob trial when the defense lawyer tells the court what the rat is getting from the government to squeal, calling people paid agitators or professional haters invites us to question their motives. Just when we are shocked by Karp's audacity, saying that he doesn't care if the Iran war is unpopular and that Palantir will support it, with the next breath, he tells us to check the pockets of the people picketing. Just when the public stirs and demands to know why a Shark Tank star wants to gobble up all the electricity and water in a state, he says the only green initiative they care about is in their wallet. It's also a dog whistle to those like-minded souls who hunger for enemies and grievance, that even a simple billionaire – doing nothing wrong other than selling software that helps the government select targets to bomb – can be picked on by people that hate America. It lets their compatriots in Podcastistan know how to feel and where to stand if they want to be on the right side of the argument. Are you pro-Iran nuclear weapons blowing up Christian orphanages? Or are you going to be nice to Alex Karp? Are you in favor of being a boss and not even looking at the electricity bill, just sliding your titanium card across the meter like a baller? Or are you going to whine that the data center uses more electricity than everything that is plugged into an electrical outlet in the state of Utah? It makes the argument simple, not for everyone, but for just enough. For the loudest, the angriest, and the most ... patriotic. As those voices rise, reason gets drowned out. The debate gets confused and crucially, people move on. At this moment, the public's attention is fractured and emotions are spent. Focusing outrage on anything complex is next to impossible when there are so many unambiguous abuses of power. All you need to do is muddy the waters a bit and let them swim away. Anyone who sticks around? They're probably getting paid to do it. Getting paid is what this is all about after all. In the last 90 days, Palantir got $858 million from working on unpopular wars with unpopular governments. I mean look, like they say, it was all done to protect the ideal of western liberal democracies, of course. Nothing says you understand the teaching of democracy better than ignoring how the public feels when the warlord is jingling his purse. Why should haters be the only ones getting paid? When we published Karp’s comments about 10 percent professionally hating Palantir, savvy readers at The Register showed they are on to the grift. “I mean, it's the wording itself — 10% “professionally” hates Palantir," wrote commenter Pulled Tea. "Could be right! Bet you many of the people who are doing the hating are dedicated, high-level amateurs." ®

An anonymous reader quotes a report from Wired: Security researcher Dor Zvi and his team at the cybersecurity firm he cofounded, RedAccess, analyzed thousands of vibe-coded web applications created using the AI software development tools Lovable, Replit, Base44, and Netlify and found more than 5,000 of them that had virtually no security or authentication of any kind. Many of these web apps allowed anyone who merely finds their web URL to access the apps and their data. Others had only trivial barriers to that access, such as requiring that a visitor sign in with any email address. Around 40 percent of the apps exposed sensitive data, Zvi says, including medical information, financial data, corporate presentations, and strategy documents, as well as detailed logs of customer conversations with chatbots. "The end result is that organizations are actually leaking private data through vibe-coding applications," says Zvi. "This is one of the biggest events ever where people are exposing corporate or other sensitive information to anyone in the world." Zvi says RedAccess' scouring for vulnerable web apps was surprisingly easy. Lovable, Replit, Base44, and Netlify all allow users to host their web apps on those AI companies' own domains, rather than the users'. So the researchers used straightforward Google and Bing searches for those AI companies' domains combined with other search terms to identify thousands of apps that had been vibe coded with the companies' tools. Of the 5,000 AI-coded apps that Zvi says were left publicly accessible to anyone who simply typed their URLs into a browser, he found close to 2,000 that, upon closer inspection, seemed to reveal private data: Screenshots of web apps he shared with WIRED -- several of which WIRED verified were still online and exposed -- showed what appeared to be a hospital's work assignments with the personally identifiable information of doctors, a company's detailed ad purchasing information, what appeared to be another firm's go-to-market strategy presentation, a retailer's full logs of its chatbot's conversations with customers, including the customers' full names and contact information, a shipping firm's cargo records, and assorted sales and financial records from a variety of other companies. In some cases, Zvi says, he found that the exposed apps would have allowed him to gain administrative privileges over systems and even remove other administrators. In the case of Lovable, Zvi says he also found numerous examples of phishing sites that impersonated major corporations, including Bank of America, Costco, FedEx, Trader Joe's, and McDonald's, that appeared to have been created with the AI coding tool and hosted on Lovable's domain. "Anyone from your company at any moment can generate an app, and this is not going through any development cycle or any security check," Zvi says. "People can just start using it in production without asking anyone. And they do."

Read more of this story at Slashdot.

The Pentagon has begun releasing new UFO/UAP files through a newly launched public website, starting with 162 documents from agencies including the FBI, State Department, NASA, and others. Officials say more files will be released on a rolling basis. The Associated Press reports: The Pentagon has begun releasing new files on UFOs, saying members of the public can draw their own conclusions on "unidentified anomalous phenomena" like an object that a drone pilot says shone a bright light in the sky and then vanished. It said in a post on X on Friday that while past administrations sought to discredit or dissuade the American people, President Donald Trump "is focused on providing maximum transparency to the public, who can ultimately make up their own minds about the information contained in these files." It said additional documents will be released on a rolling basis. Besides the Pentagon, the effort is led by the White House, the director of national intelligence, the Energy Department, NASA and the FBI. A newly unveiled website housing the documents on unidentified anomalous phenomena, or UAPs, has a decidedly retro feel, with black-and-white military imagery of flying objects displayed prominently on the page, with statements displayed in typewriter-like font. The first release includes 162 files, such as old State Department cables, FBI documents and transcripts from NASA of crewed flights into space. One document details an FBI interview with someone identified as a drone pilot who, in September 2023, reported seeing a "linear object" with a light bright enough to "see bands within the light" in the sky. "The object was visible for five to ten seconds and then the light went out and the object vanished," according to the FBI interview. Another file is a NASA photograph from the Apollo 17 mission in 1972, showing three dots in a triangular formation. The Pentagon says in an accompanying caption that "there is no consensus about the nature of the anomaly" but that a new, preliminary analysis indicated that it could be a "physical object."

Read more of this story at Slashdot.

Apple and Intel have reportedly reached a preliminary agreement (paywalled; alternative source) for Intel to manufacture some chips used in Apple devices, after more than a year of talks and pressure from the Trump administration. It's still unclear which Apple products would use Intel-made chips, but the deal would mark a major potential win for Intel's foundry ambitions and give Apple another manufacturing option beyond TSMC.

Read more of this story at Slashdot.

There’s a mysterious framework worming its way through exposed cloud instances removing all traces of TeamPCP infections, but it’s not benevolent by a long shot: Whoever is behind this bit of malware may be cleaning up who came before, but only so they can take their place. Discovered by security outfit SentinelOne’s SentinelLabs researchers and dubbed PCPJack for its habit of stealing previously compromised systems from TeamPCP, the worm was first spotted in late April hiding among a Kubernetes-focused VirusTotal hunting rule. It stood out from known cloud hacktools, said SentinelLabs, because the first action it always takes is to eliminate tools associated with TeamPCP attacks. The script didn’t stop there, though. “We initially considered that this toolset could be a researcher removing TeamPCP’s infections,” SentielLabs said. “Analysis of the later-stage payloads indicates otherwise.” “Analyzing this script led us to discover a full framework dedicated to cloud credential harvesting and propagating onto other systems, both internal and external to the victim’s environment,” SentinelLabs continued. In other words, this thing will harvest credentials from everywhere it can get its hands on, and then find new, unsecured cloud environment targets to spread itself to. TeamPCP came onto the scene late last year, and since then has made a name for itself primarily by undertaking a successful compromise of the Trivy vulnerability scanner. That act spread credential-harvesting malware which attackers then used to pivot to more valuable targets, and became one of the most notable supply chain attacks in recent memory. Unlike TeamPCP’s campaign, which relied on the spread of compromised software by human actors, this one spreads on its own accord. Infections start when already-infected systems look for exposed services, including Docker, Kubernetes, Redis, MongoDB, and RayML, as well as exposed web applications. Once it finds a vulnerable environment, it runs a shell script on the target system that sets up an environment to download additional payloads and searches for TeamPCP processes and artifacts to kill. That part of the infection downloads the worm itself, along with modules to enable lateral movement, parse credentials and encrypt them for exfiltration, and for scanning the web for new environments to infect. From there, the worm goes to work with the second module in its kit that conducts the actual credential thefts. This portion of the infection targets environment variables, config files, SSH keys, Docker secrets, Kubernetes tokens, and credentials from a list of finance, enterprise, messaging, and cloud service targets so long that we recommend taking a look at it here, or just assuming whatever you’re using is probably being targeted. SentinelLabs noted that the lack of a cryptominer in the malware package is unusual, and said the particular services it targeted suggests its goal is either conduct its own spam campaigns and financial fraud with the stolen data, or to make the data it harvests available to those planning similar crimes. The worm's practice of removing TeamPCP files could be opportunistic, or could mean there’s drama going on in the cybercrime world. “We have no evidence to suggest whether this toolset represents someone associated with the group or familiar with their activities,” SentinelLabs noted. “However, the first toolset’s focus on disabling and replacing TeamPCP’s services implies a direct focus on the threat actor’s activities rather than pure cloud attack opportunism.” Because this is a worm relying on unsecured cloud and web app instances ripe for targeting, mitigation recommendations are pretty simple: Keep your cloud platforms secure, and ensure authentication is required even for instances of things like Docker and Kubernetes that aren’t exposed to the internet. ®

A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete approximately 96 databases containing US government data. The events of the case transpired around two weeks before the twin brothers allegedly involved were fired from their jobs at a software supplier to the US government. Sohaib and Muneeb Akhter, both 34, allegedly worked together on February 1, 2025, to access the account of an unnamed individual who submitted a complaint through the Equal Employment Opportunity Commission’s public portal. According to the Justice Department, Muneeb asked Sohaib for the individual’s plaintext password. Prosecutors say Sohaib provided the credential, which Muneeb then used to gain unauthorized access to the account. Court documents do not say why the brothers wanted access to the account, but the pair were both fired on February 18, 2025, after the company, which provided software to at least 45 government agencies, learned that Sohaib had a prior felony conviction. The superseding indictment [PDF] goes on to describe the timeline of events leading up to the database manipulation. Within five minutes of being fired via remote meeting, the twins sought to inflict damage on their employer. At approximately 16:55, Sohaib tried to access the software supplier’s network but couldn’t because his VPN connection was severed and his Windows account was deactivated while he was sitting in the firing meeting. However, Muneeb allegedly still had access and told his brother the same. A minute later, at approximately 16:56, officials say Muneeb issued commands preventing other users from reading or writing to the database, before issuing a command to delete it. Over the following 56 minutes, Muneeb allegedly deleted approximately 96 databases, the indictment states, which contained data related to Freedom of Information Act matters and sensitive investigative files belonging to federal departments and agencies. One of the 96 was also described as “a DHS production database containing US government information,” hosted in the Eastern District of Virginia. After the deletions, Muneeb allegedly set about covering his tracks. According to the indictment, Muneeb queried an AI tool: “How do I clear system logs from SQL servers after deleting databases,” and later: “How do you clear all event and application logs from Microsoft Windows Server 2012.” The twins then discussed how to proceed. Sohaib allegedly stated aloud: “They’re gonna probably raid this place,” to which Muneeb replied, “I’ll clean this shit up.” Sohaib added: “We also gotta clean stuff up from the other house, man.” Per the timeline of events heard in court, Muneeb then set about copying EEOC files to a USB stick, around 1,805 of them per court documents, all while using a laptop issued by his former employer. Muneeb allegedly also stole IRS documents stored on virtual machines, including tax information and personally identifiable information belonging to at least 450 individuals. Over the following week, Muneeb unsuccessfully attempted to gain access to a DHS-owned laptop, and the twins sought the help of another unnamed individual to wipe their company-issued devices by reinstalling Windows. Finally, the court heard that Muneeb drove to Texas, transporting his personal laptop, mobile device, and a Personal Identity Verification card issued by a US government agency. They were both arrested on December 3, 2025. Muneeb Akhter has not yet been convicted. Further firearms charges Sohaib was in double trouble for not only computer fraud and password trafficking, but for possessing seven firearms, which police found in March 2025, roughly a month after his brother allegedly deleted the databases. After a search warrant was authorized, police found roughly 378 .30 caliber rounds of ammunition, as well as a selection of firearms, including M1 and M1A rifles, a Glenfield Model 60, a Ruger .22 automatic pistol, and a Colt Police .38 Special revolver, among others. Officials said Sohaib took steps to sell the guns after the search warrant was executed, which involved threatening and intimidating his domestic partner to sign transaction documents since he, a convicted felon who served prison time in 2015 for over a year, was not legally allowed to own any firearms. Sohaib, then 23, was sentenced to two years in prison and three years of supervised release after pleading guilty to accessing sensitive data, including that belonging to co-workers, acquaintances, and a former employer, held on State Department systems while he was working as a contractor. The court heard at the time that he also devised a scheme, along with Muneeb and others, to maintain perpetual access to these systems by installing “an electronic collection device inside a State Department building.” This plan failed, however, as he broke the device while trying to install it behind a wall at a State Department facility in Washington, DC. Muneeb got 39 months in prison and three years of supervised release as a result of his role in the scheme. Sohaib’s sentencing is scheduled for September 9. Muneeb’s additional charges Muneeb, who is yet to be convicted, allegedly downloaded approximately 5,400 username and password combinations from the EEOC’s servers, storing them on multiple devices and in the cloud. In hundreds of cases, according to the indictment, Muneeb successfully accessed the corresponding email accounts without authorization, and created Python scripts to determine which combinations were valid when testing against the servers of an unidentified US hotel chain. During this time, Muneeb allegedly tested the stolen username-password combinations against various companies, including other hotel chains, airlines, and financial services companies. In multiple cases where Muneeb successfully logged into these accounts, court documents state that he changed the email address associated with the account to one he controlled, keeping the victim’s name in the address. The typical format was [victim name]@wardensys.com or [victim name]@wardensystems.com. The domain belongs to a small, Virginia-based company called Warden Systems, which describes itself as an embedded systems and cybersecurity research company. The company’s Crunchbase profile lists Sohaib as vice president, and an X account bearing the name Muneeb Akhter lists itself as CEO at Warden Systems. Its website is no longer reachable, and it stopped posting to social media around 2014, a year before the pair were convicted of earlier felonies. Neither Sohaib nor Muneeb is explicitly connected to “Warden Systems” in court documents, although Muneeb is said to control both the wardensys.com and wardensystems.com domains. In at least one case involving the alleged stolen username-password combinations, prosecutors say Muneeb used one victim’s air miles balance to successfully book a flight. Muneeb faces a maximum prison sentence of 45 years, if convicted. ®

An anonymous reader quotes a report from 404 Media: Skyrocketing hard drive and storage costs caused by the AI data center boom are making it more expensive and more difficult for digital archivists, academics, Wikipedia, and hobby data hoarders to save data and archive the internet. Specific drives favored by some high profile organizations like the Internet Archive have become far more expensive or are difficult to find at all, archivists said. Over the last several months, prices for both consumer level and enterprise solid state drives, hard drives, and other types of storage have skyrocketed. As an example, a 2TB external Samsung SSD I purchased last fall for $159 now costs $575. PC Part Picker, a website that tracks the average price of different types of drives, shows a universal increase in storage prices starting in about October of last year. Prices of many of the drives it tracks have doubled or increased by more than 150 percent, and at some stores SSDs and hard drives are simply sold out. There is now even a secondary market for some SSDs, with people scalping them on eBay and elsewhere. Brewster Kahle, founder of the Internet Archive and the Wayback Machine, the most important archiving projects in the history of the internet, told 404 Media that the skyrocketing costs of storage is "a very real issue costing us time and money." "We have found that the preferred 28-30TB drives are just not available or at very high price," Kahle said. "We gather over 100 terabytes of new materials each day, and we have over 210 Petabytes of materials already archived on machines that need continuous upgrades and maintenance, so we need to constantly get new hard drives." "We are fortunate to have an active community that donates to the Archive, and we are also looking for help from hard drive manufacturers in these difficult times. We are always looking for more help," he added. "So far we have ways to work around these shortages, but it is a very real issue causing us time and money." The Wikimedia Foundation, which runs Wikipedia and various other projects, including Wikimedia Commons, an open repository of royalty free media, told 404 Media that the cost of storage has become a concern for the foundation's projects as well. "With over 65 million articles on Wikipedia alone, access to server and storage capacity is vital to us. We've certainly seen price increases since the end of 2025. These price increases are of concern to us, as with every other player in the industry. We see the primary impact in the purchase of memory and hard drives but also in terms of lead times on server deliveries and our capacity to place future orders," a Wikimedia Foundation spokesperson told us. "The Wikimedia Foundation is a non-profit, and as such how we allocate budget is very carefully considered. We maintain our own data centers to serve our users from all over the world. We're putting workarounds in place where we can, mainly involving being smart with how we prioritize investment in hardware, building in flexibility as well as extending the life of existing hardware where possible." Western Digital, one of the largest manufacturers of hard drives and other storage systems, said that it has essentially sold out of its 2026 inventory to enterprise clients, many of which run data centers. Micron, which made RAM and SSDs under the brand name Crucial, has exited the consumer market altogether because "AI-driven growth in the data center has led to a surge in demand for memory and storage. Micron has made the difficult decision to exit the Crucial consumer business in order to improve supply and support for our larger, strategic customers in faster-growing segments."

Read more of this story at Slashdot.

Longtime Slashdot reader couchslug shares a report from That Privacy Guy's Alexander Hanff: Two weeks ago I wrote about Anthropic silently registering a Native Messaging bridge in seven Chromium-based browsers on every machine where Claude Desktop was installed. The pattern was: install on user launch of product A, write configuration into the user's installs of products B, C, D, E, F, G, H without asking. Reach across vendor trust boundaries. No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually, every time Claude Desktop is launched. This week I discovered the same pattern, executed by Google. Google Chrome is reaching into users' machines and writing a 4GB on-device AI model file to disk without asking. The file is named weights.bin. It lives in OptGuideOnDeviceModel. It is the weights for Gemini Nano, Google's on-device LLM. Chrome did not ask. Chrome does not surface it. If the user deletes it, Chrome re-downloads it. The legal analysis is the same one I gave for the Anthropic case. The environmental analysis is new. At Chrome's scale, the climate bill for one model push, paid in atmospheric CO2 by the entire planet, is between six thousand and sixty thousand tons of CO2-equivalent emissions, depending on how many devices receive the push. That is the environmental cost of one company unilaterally deciding that two billion peoples' default browser will mass-distribute a 4GB binary they did not request.

Read more of this story at Slashdot.

The Iran conflict is adding to supply-chain disruption for datacenter construction projects, bumping up material costs and causing shortages due to the closure of the Strait of Hormuz. So says server hall project specialist BCS Consultancy, which claims construction firms are seeing increases of up to 20 percent in the cost of certain building materials, while in some cases, the quantity available for delivery has been reduced to a quarter of the required amount on order. The firm’s regional director Oskar Lampe says that oil-based building materials are becoming scarcer and more expensive, as about a fifth of the global supply flows through the Strait of Hormuz in the Middle East. Because producing materials such as steel, aluminum, and cement is very energy-intensive, the construction industry is starting to feel the effects of the blockade, he claims. “For datacenter construction, the key components of which consist of exactly these materials, this is a turning point,” he stated. That pressure predates the current conflict, according to IDC. Andrew Buss, senior research director at the analyst house, told The Register: “We’re hearing some reports of broader supply chain disruption and availability issues – particularly for things like high-voltage transformers and copper supply - around datacenter builds from even before the war in the Middle East and the resulting closure of the Straits of Hormuz. “So the closing of the Straits is certainly not helping, but this has been an issue for some time resulting in more frailty and susceptibility to disruption and therefore likely to have a disproportionate impact as a result of the closure.” Last month, IDC warned that IT equipment supplies are facing further volatility as the Iran war has strained global logistics through rising energy costs and freight routes being disrupted. It isn’t just bit barn projects that are suffering, of course. The wider construction industry is experiencing some of the steepest cost increases in nearly 30 years as the ongoing Iran crisis drives up the price of fuel and raw materials, according to The Guardian. These new effects come on top of existing challenges facing the datacenter construction industry, such as the availability of suitable land, getting planning permission, being able to get a grid connection for power, skills shortages and the cost of equipment. Segro, one of the UK's major commercial property developers, revealed a while back that it would invest "hundreds of millions and more" in building new server farms, except that it faced delays often running into years getting such projects wired up to the national grid. Lampe says that the current situation is unlikely to ease quickly, as it will take a while for disrupted transport routes, energy price inflation and volatile raw material markets to recover, even if the Strait of Hormuz were to reopen tomorrow. He advises development teams to follow a few measures to try and minimize the impact on their project timelines, including submitting orders for long lead items early, building clear price escalation rules into contracts, and diversifying supply chains where possible. For example, delivery times can vary between 5 and 38 months for chillers, transformers, generators and other critical plant equipment, even under normal conditions. “Those who only start the procurement process when the project plan dictates will order at a higher price and wait longer,” he notes. Also, dependence on a single supplier is a structural risk for builders even before this conflict and can seriously endanger projects. Known alternatives are needed. “For several oil-based materials, technically equivalent, non-oil-based variants exist. Potentially more expensive to procure, but available and in many cases already geared towards future sustainability requirements, which makes them the more sensible choice in the medium term anyway,” Lampe says. ®

Cloudflare plans to cut about 20% of its workforce, or more than 1,100 employees, as it restructures around an "agentic AI-first operating model." Reuters reports: Cloudflare CEO Matthew Prince and co-founder Michelle Zatlyn said in a message to employees that the company was reimagining every team and function to operate in what they described as an agentic AI era. Cloudflare said the job cuts reflect a redesign of internal processes and roles, rather than a response to employee performance or short-term cost pressures. The company added that its own use of AI has increased more than sixfold over the past three months, prompting major changes in how teams operate.

Read more of this story at Slashdot.

Administrators who want a Windows version of Raspberry Pi Connect need to register their interest, or else the Pi team might ditch the concept. Raspberry Pi Connect is a tool that lets admins remotely access a Raspberry Pi device from a web browser. It launched in 2024 as a free service for individuals and was later joined by Raspberry Pi Connect for Organizations, aimed at commercial customers with fleets of devices, costing $0.50 per device per month. $0.50 per device per month is cheap for a commercial remote access solution on Windows. In response to queries on the subject, the Raspberry Pi team made a Windows version of the service available, albeit as a highly experimental demo not intended for production, at the end of April. Gordon Hollingworth, CTO of Software at Raspberry Pi, told The Register: "The Raspberry Pi Connect daemon implementation is currently closed source, but we intend to open source it eventually so it can be added to other architectures." Hollingworth noted that the Windows version was working in early beta form, saying: "We think it may be useful for our customers to control all their devices from one place. But we are still investigating the concept and may remove this capability if there's insufficient interest." For admins managing mixed fleets of devices, it's an interesting option, though the company would face stiff competition in the Windows market if it decides to proceed. Raspberry Pi has quietly added more enterprise-friendly features over time. Tags can now be applied to devices (for example, to show their location or purpose), and it is possible to require two-factor authentication for members of Connect for Organizations. The company's computers have long been a low-cost option for businesses considering thin clients, and its most recent crop of hardware releases, such as the computer-in-a-keyboard Pi 500 and Pi 500+ devices, could replace existing desktops. Should the Windows version of Raspberry Pi Connect attract enough interest to progress beyond its early beta state, it will represent another inroad into the enterprise computing space. ®

A fresh Linux privilege escalation bug dubbed "Dirty Frag" has dropped into the wild with no patches, no CVE, and a public exploit that hands attackers root access across major distributions. Security researcher Hyunwoo Kim disclosed the local privilege escalation flaw on Friday after what he said was a broken embargo forced the issue into the open. Kim described Dirty Frag as a "universal LPE" affecting "all major distributions" and warned that it delivers the same kind of immediate root access as the recent CopyFail mess – only this time, defenders do not even have patches to throw at the problem. "As with the previous Copy Fail vulnerability, Dirty Frag likewise allows immediate root privilege escalation on all major distributions," Kim said. "Because the responsible disclosure schedule and embargo have been broken, no patches exist for any distribution." Dirty Frag works by chaining together two separate Linux kernel flaws. One sits in the xfrm-ESP subsystem and dates back to a January 2017 kernel commit, according to Kim, while the second vulnerability affects RxRPC functionality introduced in 2023. Together, the two bugs allegedly let unprivileged local users overwrite protected files in memory and claw their way to root. A long list of distributions in the firing line, according to Kim, including Ubuntu, Red Hat Enterprise Linux, CentOS Stream, Fedora, AlmaLinux, and openSUSE Tumbleweed. Separately, researchers appear to have independently reverse-engineered part of the bug chain from a publicly visible kernel fix commit before the embargo expired, adding to the disclosure mess already surrounding the flaw. One GitHub project titled "Copy Fail 2: Electric Boogaloo" claims to weaponize the ESP/xfrm side of the issue separately from Kim's full Dirty Frag chain. Kim said maintainers signed off on the disclosure of the flaw after somebody else dumped exploit details online first, collapsing the embargo before patches were finished. So now the exploit is public, the fixes are not, and Linux admins get another long week. The disclosure comes as the industry is still dealing with the fallout from CopyFail, another Linux privilege escalation bug that recently landed in CISA's Known Exploited Vulnerabilities catalog after attackers started cashing in on it in the wild. But Dirty Frag makes the recent CopyFail chaos look relatively organized. There's still no CVE, no coordinated patch rollout, and not much in the way of mitigation. Kim published a temporary workaround that disables affected ESP and RxRPC modules before clearing the system page cache. Useful, perhaps, although "turn bits of the kernel off and hope for the best" is not usually the sort of guidance admins enjoy seeing. ®

OPINION When President Donald Trump returned to power, he cast himself as the anti‑Biden on AI. First, he tore up Biden's Executive Order 14110, which had demanded "safe, secure, and trustworthy" AI. He then replaced it with his own "Removing Barriers to American Leadership in Artificial Intelligence" directive, ordering agencies to rescind or dilute rules seen as obstacles to innovation. In short, American AI vendors could do anything they wanted. That was then. This is now. While Trump has yet to issue a new AI Executive Order, we know his crew is forming an AI working group of tech execs and government officials to bring oversight to AI. Specifically, they're considering requiring all new "high‑risk" AI frontier models to undergo a formal government review before they can be used. That's going to go over well. What we do know is that National Economic Council Director Kevin Hassett has said: "We're studying possibly an executive order to give a clear roadmap to everybody about how this is gonna go, and how future AIs that also potentially create vulnerabilities should go through a process so that they’re released into the wild after they've been proven safe – just like an FDA drug." Considering that people who ignore evidence now regulate healthcare in the United States, that doesn’t fill me with much confidence. Indeed, we now know the FDA blocked the publication of studies showing that COVID-19 and shingles vaccines were safe. Are these the kinds of people we want calling the shots on AI? Be that as it may, the Trump yes-men are framing this shift as a response to escalating cybersecurity and national‑security risks rather than as a broader embrace of EU‑style AI regulation. Yes, they're looking at Anthropic's Mythos and its potential use by hackers. At the same time, they emphasize that they want to avoid "onerous" controls on everyday AI applications. Frontier models that could supercharge cyberwarfare, bio‑threats, or other strategic dangers are another matter. That's quite a change from last summer when Trump babbled: "We have to grow that [AI] baby and let that baby thrive. We can't stop it. We can't stop it with politics. We can't stop it with foolish rules and even stupid rules." Now he seems to think rules would be a good thing. Darrell West, a senior fellow at the Center for Technology Innovation at the Brookings Institution, has suggested that Trump is returning to Biden's policy. Just don't tell him that; he'll have a fit. While Trump and company are still contemplating exactly how they want to rule – sorry, regulate – AI, the Department of Commerce's Center for AI Standards and Innovation (CAISI) announced new agreements with Google DeepMind, Microsoft, and xAI. According to these new policy statements, CAISI will conduct pre-deployment evaluations and targeted research to better assess frontier AI capabilities and advance the state of AI security. CAISI director Chris Fall said: "Independent, rigorous measurement science is essential to understanding frontier AI and its national security implications." How to do this? Who will do this? What will it look like? Good question! Too bad we don’t have any answers yet. You may have noticed that Anthropic was not invited to this cozy policy get-together. Funny, that, since most observers think that Mythos was the model that broke the "do anything you want" AI camel's back in Trump's White House. That's because the months‑long feud between the administration and Anthropic is still simmering. Trump's team moved to block federal agencies from using the company's tools, and Anthropic is now challenging that policy in court. Recently, however, Trump's tone has softened. Trump told CNBC that Anthropic was "shaping up." If he can't get peace with Iran, maybe peace with Anthropic will please him. On the other hand, we also know that the Trumpies are considering forbidding companies from "interfering" with the government's use of AI models. You hear that, Anthropic? You will toe the line! Meanwhile, Gregory Falco, a Cornell assistant professor of mechanical and aerospace engineering, pointed out the obvious: "The federal government does not currently have the in-house technical expertise, infrastructure, or day-to-day insight needed to directly evaluate these systems on its own." Expertise is something Trump's cast of characters sorely lacks across any and all subjects. "At the same time," Falco continued, "a purely voluntary model of self-governance is not enough." After all, foxes are notorious guardians of chicken houses. What I think is going to happen is that AI vendors who play ball with Trump will end up "governing" AI alongside some Trump loyalists. It's going to be ugly. Some regulation is needed, but these are not the people who will do a good job of it. I won't be surprised if one of Trump's goals isn't so much to make AI safer as it is to ensure that the answers AI gives are the ones he and his regime want people to see. Today, for example, when I asked a variety of chatbots who lost the 2020 election, they all agreed Trump had lost. Funnily enough, when the Senate Judiciary Committee asked numerous Trump nominees for federal judgeships the same question, they universally refused to say he lost. For better or worse, most Americans don't pay attention to legal news. What they do, however, is ask AI chatbots for answers. Foolish of them, considering how inaccurate they can be, but there it is. If Trump's allowed to call the shots, I've little doubt that the approved bots will follow in the footsteps of his obedient judges and give the answers he wants and not the truth. ®

Meta has quietly pulled the plug on encrypted Instagram DMs, meaning private messages on one of the world’s biggest social networks are no longer especially private. The change took effect today, according to a revised Meta post first published in 2022. In a statement to The Register, Meta said the feature saw limited adoption and pointed users toward WhatsApp instead. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," the spokesperson said. "Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp." It’s quite the reversal for a corporation that spent years telling everyone that encryption was the future of online communications, even as governments pushed back against the company’s wider rollout plans. Much of that pressure centered on child protection. Campaigners and agencies, including the NSPCC UK’s National Crime Agency, argued wider encryption would make it harder to detect grooming, child abuse material, and other criminal activity taking place over private messaging services. Privacy advocates, however, say Meta has just blown a hole in one of the few genuinely private corners of the platform. The Center for Democracy & Technology said it had urged Meta to reverse the decision, alongside members of the Global Encryption Coalition Steering Committee. “Without default encryption, millions of Instagram users are left exposed to surveillance, interception, and misuse of their private communications,” the group said. “These risks fall hardest on people who rely on secure messaging for their safety, including journalists, human rights defenders, and survivors of abuse.” Swiss privacy outfit Proton also questioned what exactly happens to existing chats once encryption disappears. Because properly implemented E2EE prevents platforms from reading message contents, the company noted that Meta has not clarified whether previously encrypted conversations will remain inaccessible, get deleted, or become readable. “For Instagram, dropping E2EE is just an example of how little regard Meta has for the privacy and safety of its community,” Proton said in a blog post. Meta has become increasingly aggressive about monetizing and analyzing user interactions. Last year, the company confirmed that interactions with Meta AI tools, including those inside private conversations, could be used for ad targeting. The company has not publicly said whether ordinary Instagram messages could eventually feed into similar systems now that encryption is gone. ®