Maxim Bange

An anonymous reader quotes a report from 404 Media: The secondary market for decades old, low-tech John Deere tractors has been booming for years as farmers have sought reliable tractors that they can actually fix without having to deal with John Deere's repair monopoly. A Canadian company has seen that demand and came up with a radical thought: What if they made a new, repairable, "no-tech" tractor to solve what has become a gigantic pain point for farmers? Alberta's Ursa Ag says that it has been inundated with demand after announcing its tractor, which costs roughly half as much as a Deere and has the benefit of not being a repair nightmare. [...] Ursa Ag markets its tractors as "no frills" and "built to last." Ursa Ag's Doug Wilson told me that the company designed the tractor because of a need in the marketplace for a new machine that isn't loaded with tech and is easy to maintain. The company follows in the footsteps of consumer electronics companies like Fairphone, which makes a repairable smartphone and Framework, which makes modular, repairable laptops. The demand Ursa Ag has seen is part of the backlash to manufacturer repair monopolies and the injection of technology and internet-connected sensors and terms of use into even the most basic of gadgets. "I talk to farmers every day and I hear from farmers every day about how they went out and bought machinery from 1987 so that it wouldn't have a computer on it," Wilson said. "All of this came from a simple discussion with a customer who wanted to be able to turn [the tractor] on at the start of the day, to use it, and shut it off at the end of the day. It needed to work, so that's what we built." Ursa Ag's tractor has been hyped in agriculture circles after Wilson showed the tractor off at a Canadian farm show and it was featured by Farms.com. Wilson said more than a thousand farmers have contacted him after that show, from roughly 30 countries. "I got a handwritten letter from a farmer in France who doesn't own a computer and wanted us to mail him information about the tractors," he said. He said the company has thus far made a couple fewer than 100 tractors but is working on tripling its production capacity and has seen a lot of demand over the last few months. "Given the number of my customers that carry flip phones, I would say there is consumer pressure to back away from some of the technology that is unnecessary to perform everyday tasks," Wilson said. "So that is definitely transferable to dishwashers and washing machines, refrigerators. Refrigerators that have screens on them that'll tell you what's inside. It's a little crazy." "That high-tech stuff, the million-dollar John Deere tractor has a place. It has technology that is well worth the money," Wilson said. "But that technology is needed for 5 percent of what a farm does. There are so many applications for tractors on farms that don't require technology. The technology that goes into even a calculator is not required for most farming applications."

Read more of this story at Slashdot.

Het Europees Parlement heeft ingestemd met een nieuwe anticorruptierichtlijn. Daardoor moeten alle lidstaten dezelfde definities en straffen hanteren van onder meer omkoping en verduistering. Transparency International spreekt van een 'belangrijke mijlpaal', maar waarschuwt dat de impact nog zal afhangen van de manier waarop landen de wetgeving implementeren.

European countries should not rush into social media bans for children, human rights adviser Michael O’Flaherty told POLITICO.

The comments come as many EU countries push to restrict minors’ access to social media, citing mental health concerns. In France, the parliament’s upper house is this week debating restrictions that President Emmanuel Macron has said will be in place as soon as September.

Such bans are neither “proportionate nor necessary,” said O’Flaherty, the commissioner for human rights at the Council of Europe, the continent’s top human rights body, adding that there “are other ways to address the curse of abusive material online.”

The debate on how to protect children from the harms of social media “goes straight to bans without looking at all the other options that could be in play,” he told POLITICO. Restricting access to social media presents “issues of human rights, because a child has a right to receive information just like anybody else.”

O’Flaherty’s concerns come amid live discussions on the merits and effectiveness of bans in Europe. Australia became the first country in the world to ban minors under 16 from creating accounts on social media platforms like Instagram in late 2025, and Brazil moved forward with its own measures last week.

Now France, Denmark, Spain and Greece are among the EU countries heading toward bans, albeit on different timelines.

Proponents argue that age-related restrictions setting a minimum age for the most addictive social media platforms are vital to protect children’s physical and mental health.

Critics say that bans are ineffective and are detrimental to privacy because they require users to verify themselves online.

O’Flaherty argued that — while children’s rights to access information could be curtailed if that overall limited their risks — any restrictions need to be proportionate and necessary.

That must follow a serious effort by the EU to tackle illegal and harmful content on social media, he said, which hasn’t happened yet. “We haven’t remotely tried hard enough yet to ensure effective oversight of the platforms.”

The human rights chief praised the EU’s digital laws as world-leading, including the Digital Services Act, which seeks to protect kids from systemic risks on online platforms — but said it wasn’t being policed strongly enough.

“We have a very piecemeal enforcement of the Digital Services Act and the other relevant rulebook right across Europe. It’s very much dependent on the goodwill and the capacity of the different governments to be serious about it,” he said. Governments have “an uneven record” in that regard, he said.

EU countries must make sure they have exhausted all other solutions before heading for the extreme measures of bans, he said. “I don’t see much sign of that effort.”

Still, Denmark, Spain and Greece are among the EU countries heading toward bans, although they are on vastly different timelines.

The European Commission, in charge of enforcing the DSA on large social media platforms, is considering its own measures. Countries like Greece have called on the Commission to go forth with an EU-wide ban to avoid fragmentation across the bloc.

President Ursula von der Leyen has convened a panel of experts to advise her on next steps, which is expected to give its results by the summer.

Adoption of artificial intelligence is on the rise worldwide, but the pace is uneven. As the global economy shifts increasingly toward AI-driven production and processes, wealthier nations are reaping the...

OpenAI’s GPT-5.4 launched on March 5 with a million-token context window — roughly 750,000 words in a single prompt. That’s 50 to 100 times more context than the models most enterprises were running six months ago. The promise is transformative: feed an AI system an entire codebase, a full quarter of financial filings, or years of customer interaction history, and get responses that actually understand the complete picture. The reality is more complicated. Context length is the new arms race in enterprise AI, but the organizations that win won’t be the ones with the biggest windows — they’ll be the ones that understand what massive context actually changes about how AI fits into business workflows.

Five days after launch, GPT-5.4 is already reshaping how enterprise AI teams think about their deployment architectures. The model combines its million-token context with native computer control capabilities and full-resolution vision processing — a combination that enables multi-step autonomous workflows that previous models couldn’t attempt. On the OSWorld benchmark for computer control tasks, GPT-5.4 surpassed human performance. On the GDPval benchmark, it jumped from 70.9% under GPT-5.2 to 83.0%. These aren’t incremental improvements. They represent a qualitative shift in what an AI system can hold in working memory while executing complex tasks.

But the enterprise implications extend far beyond benchmark scores. The real question isn’t whether a million tokens of context is technically impressive — it is. The question is whether it changes the economics and architecture of enterprise AI deployments in ways that justify the premium pricing and the workflow redesign required to take advantage of it.

What a million tokens actually enables

To understand what changed on March 5, consider what enterprise AI workflows looked like before million-token context. Organizations building AI products that don’t hallucinate relied heavily on retrieval-augmented generation — RAG architectures that chunked documents into small pieces, stored them in vector databases, and retrieved relevant fragments before generating responses. RAG works, but it introduces information loss at every stage. The chunking process breaks context. The retrieval step misses relevant passages. The generation phase operates on incomplete information.

Million-token context doesn’t eliminate RAG, but it fundamentally changes the threshold at which RAG becomes necessary. A legal team reviewing a 200-page contract can now feed the entire document into a single prompt instead of relying on chunk-and-retrieve. A financial analyst can process a full quarter of SEC filings — 10-Ks, 10-Qs, proxy statements — in one pass instead of summarizing each document separately and losing cross-reference accuracy. A development team can submit an entire codebase for security review rather than analyzing files in isolation and missing interdependencies.

The shift from fragmented retrieval to full-context processing changes accuracy in measurable ways. When an AI system can see an entire contract, it catches contradictions between Section 3.2 and Exhibit B that a RAG-based system would only surface if both fragments happened to be retrieved together. When it can read a full codebase, it understands that the authentication vulnerability in module A is exploitable because of the data flow pattern in module C — a connection that file-by-file analysis misses entirely.

The context window arms race

GPT-5.4 isn’t alone in pushing context boundaries. Google’s Gemini 3.1 Pro offers a million tokens in production with two million available through multimodal support. Anthropic’s Claude Sonnet 4 has a million-token beta for organizations on higher usage tiers. The competitive dynamic is clear: context length has become a primary differentiator in enterprise AI sales conversations, the way parameter count was two years ago.

But the pricing structures reveal something that enterprise procurement teams need to understand before committing to million-token workflows. GPT-5.4’s standard API pricing runs $2.50 per million input tokens and $15.00 per million output tokens at standard context. Exceed 272,000 tokens and input costs double. The long-context surcharge means that an enterprise running full million-token prompts is paying substantially more per query than one staying under the standard threshold. For organizations already grappling with the hidden pricing war behind enterprise AI contracts, million-token context adds another layer of cost complexity.

Google’s Gemini 3.1 Pro undercuts on price — $2.00 per million input tokens under 200K context, $4.00 above that — making it the cost-effective option for organizations whose primary need is processing large documents rather than cutting-edge reasoning. The pricing spread between providers creates a genuine optimization problem: should an enterprise standardize on the most capable model or route workloads to the cheapest adequate option based on context requirements?

Where the economics break down

The uncomfortable truth about million-token context is that most enterprise AI workloads don’t need it — and the ones that do generate inference bills that scale uncomfortably. A customer service agent handling routine queries might use 2,000 to 5,000 tokens per interaction. A document summarization pipeline might use 50,000 to 100,000. The workflows that genuinely require million-token context — full codebase analysis, comprehensive legal review, multi-document financial analysis — are high-value but relatively low-frequency compared to the AI workloads that consume most enterprise compute budgets.

The math matters. If a million-token prompt costs roughly $5 in input tokens alone on GPT-5.4 (at the long-context rate), and an enterprise runs 1,000 such queries daily, the annual cost exceeds $1.8 million just for input processing — before output tokens, which cost six times more. For organizations building AI agent business cases for CFO approval, the per-query economics of million-token context need to demonstrate clear value displacement. A $5 prompt that replaces four hours of associate attorney time at $150 per hour delivers obvious ROI. A $5 prompt that marginally improves a customer service response that a 50,000-token prompt handled adequately does not.

The smarter enterprise approach — and the one that leading AI teams are already adopting — is tiered context routing. Simple queries hit fast, cheap models with minimal context. Moderate complexity routes to mid-tier models with 128K windows. Only high-value, genuinely complex workloads trigger million-token prompts on premium models. This requires sophisticated orchestration infrastructure, but the cost savings compound rapidly at enterprise scale.

The agentic dimension changes everything

The most consequential feature of GPT-5.4 isn’t the context window in isolation — it’s the combination of massive context with native computer control and agentic capabilities. Previous models could read a lot of text. GPT-5.4 can read a lot of text and then autonomously take action on what it reads. The agentic capabilities documented at launch include navigating software interfaces, executing multi-step workflows, and operating across applications without human intervention.

For enterprises, this combination means AI systems that can process an entire project specification, understand the full context, and then actually execute the implementation — writing code, configuring systems, generating documentation — while maintaining coherent understanding across the complete scope. It’s the difference between an AI that summarizes a legal brief and one that reads the entire case file, identifies the relevant precedents, drafts the motion, and formats it according to court requirements.

The organizations that have been quietly building private LLMs now face a strategic inflection point. The capabilities gap between hosted frontier models and self-hosted alternatives just widened dramatically. A private LLM running a 70-billion parameter model with 32K context cannot match a hosted model with a million-token window, native vision, and computer control. The build-versus-buy calculation shifts further toward buy for any organization that needs frontier capabilities — and further toward build only for those with regulatory or data sovereignty requirements that preclude hosted models entirely.

What this means for enterprise AI strategy

The million-token context window is real and it matters, but its impact on enterprise AI will be more selective than the launch announcements suggest. Three patterns will define how this capability reshapes enterprise deployments over the next twelve months.

First, document-intensive industries — legal, financial services, healthcare, insurance — will see the most immediate value. These are sectors where understanding complete context isn’t a nice-to-have but a compliance requirement. A contract review that misses a contradictory clause isn’t just inaccurate; it’s a liability. Million-token context turns AI from a summarization tool into a genuine analytical partner in these workflows.

Second, the architecture of enterprise AI stacks will bifurcate between context-rich and context-efficient patterns. Organizations will maintain both RAG-based pipelines for high-volume, moderate-complexity workloads and full-context pipelines for high-value, high-complexity ones. The winners will be the enterprises that build intelligent routing between these patterns rather than treating million-token context as a default.

Third, the vendor negotiation landscape just got more complicated. Context-length pricing tiers, long-context surcharges, and capability differences between providers create a procurement challenge that most IT organizations aren’t staffed to optimize. For executives who already resist AI investments, the added complexity of million-token pricing models provides new ammunition for delay. The enterprises that move fastest will be those that treat context routing as a FinOps problem — not a model selection problem — and invest in the orchestration infrastructure to match workloads to the right model, context length, and price point automatically.

GPT-5.4’s million-token context window is a genuine capability breakthrough. But capability and value aren’t the same thing. The organizations that capture the most value from massive context will be the ones that understand precisely where more context translates to better outcomes — and refuse to pay premium prices everywhere else.

The post What GPT-5’s million-token context window actually changes for enterprise AI appeared first on Techpinions.

When scientist Catherine Nakalembe set out to map crop types in western Kenya, she had plenty of data from satellite images, but couldn’t use artificial intelligence to analyze it because...

Cornell University makes an announcement. "Employees who are impressed by vague corporate-speak like 'synergistic leadership,' or 'growth-hacking paradigms' may struggle with practical decision-making, a new Cornell study reveals." Published in the journal Personality and Individual Differences, research by cognitive psychologist Shane Littrell introduces the Corporate Bullshit Receptivity Scale (CBSR), a tool designed to measure susceptibility to impressive-but-empty organizational rhetoric... Corporate BS seems to be ubiquitous - but Littrell wondered if it is actually harmful. To test this, he created a "corporate bullshit generator" that churns out meaningless but impressive-sounding sentences like, "We will actualize a renewed level of cradle-to-grave credentialing" and "By getting our friends in the tent with our best practices, we will pressure-test a renewed level of adaptive coherence." He then asked more than 1,000 office workers to rate the "business savvy" of these computer-generated BS statements alongside real quotes from Fortune 500 leaders... The results revealed a troubling paradox. Workers who were more susceptible to corporate BS rated their supervisors as more charismatic and "visionary," but also displayed lower scores on a portion of the study that tested analytic thinking, cognitive reflection and fluid intelligence. Those more receptive to corporate BS also scored significantly worse on a test of effective workplace decision-making. The study found that being more receptive to corporate bullshit was also positively linked to job satisfaction and feeling inspired by company mission statements. Moreover, those who were more likely to fall for corporate BS were also more likely to spread it. Essentially, the employees most excited and inspired by "visionary" corporate jargon may be the least equipped to make effective, practical business decisions for their companies.

Read more of this story at Slashdot.

Iran is slowly emerging from the most severe communications blackout in its history and one of the longest in the world. Triggered as part of January’s government crackdown against citizen protests nationwide, the regime implemented an internet shutdown that transcends the standard definition of internet censorship. This was not merely blocking social media or foreign websites; it was a total communications shutdown.

Unlike previous Iranian internet shutdowns where Iran’s domestic intranet—the National Information Network (NIN)—remained functional to keep the banking and administrative sectors running, the 2026 blackout disrupted local infrastructure as well. Mobile networks, text messaging services, and landlines were disabled—even Starlink was blocked. And when a few domestic services became available, the state surgically removed social features, such as comment sections on news sites and chat boxes in online marketplaces. The objective seems clear. The Iranian government aimed to atomize the population, preventing not just the flow of information out of the country but the coordination of any activity within it.

This escalation marks a strategic shift from the shutdown observed during the “12-Day War” with Israel in mid-2025. Then, the government primarily blocked particular types of traffic while leaving the underlying internet remaining available. The regime’s actions this year entailed a more brute-force approach to internet censorship, where both the physical and logical layers of connectivity were dismantled.

The ability to disconnect a population is a feature of modern authoritarian network design. When a government treats connectivity as a faucet it can turn off at will, it asserts that the right to speak, assemble, and access information is revocable. The human right to the internet is not just about bandwidth; it is about the right to exist within the modern public square. Iran’s actions deny its citizens this existence, reducing them to subjects who can be silenced—and authoritarian governments elsewhere are taking note.

The current blackout is not an isolated panic reaction but a stress test for a long-term strategy, say advocacy groups—a two-tiered or “class-based” internet known as Internet-e-Tabaqati. Iran’s Supreme Council of Cyberspace, the country’s highest internet policy body, has been laying the legal and technical groundwork for this since 2009.

In July 2025, the council passed a regulation formally institutionalizing a two-tiered hierarchy. Under this system, access to the global internet is no longer a default for citizens, but instead a privilege granted based on loyalty and professional necessity. The implementation includes such things as “white SIM cards“: special mobile lines issued to government officials, security forces, and approved journalists that bypass the state’s filtering apparatus entirely.

While ordinary Iranians are forced to navigate a maze of unstable VPNs and blocked ports, holders of white SIMs enjoy unrestricted access to Instagram, Telegram, and WhatsApp. This tiered access is further enforced through whitelisting at the data center level, creating a digital apartheid where connectivity is a reward for compliance. The regime’s goal is to make the cost of a general shutdown manageable by ensuring that the state and its loyalists remain connected while plunging the public into darkness. (In the latest shutdown, for instance, white SIM holders regained connectivity earlier than the general population.)

The technical architecture of Iran’s shutdown reveals its primary purpose: social control through isolation. Over the years, the regime has learned that simple censorship—blocking specific URLs—is insufficient against a tech-savvy population armed with circumvention tools. The answer instead has been to build a “sovereign” network structure that allows for granular control.

By disabling local communication channels, the state prevents the “swarm” dynamics of modern unrest, where small protests coalesce into large movements through real-time coordination. In this way, the shutdown breaks the psychological momentum of the protests. The blocking of chat functions in nonpolitical apps (like ridesharing or shopping platforms) illustrates the regime’s paranoia: Any channel that allows two people to exchange text is seen as a threat.

The United Nations and various international bodies have increasingly recognized internet access as an enabler of other fundamental human rights. In the context of Iran, the internet is the only independent witness to history. By severing it, the regime creates a zone of impunity where atrocities can be committed without immediate consequence.

Iran’s digital repression model is distinct from, and in some ways more dangerous than, China’s “Great Firewall.” China built its digital ecosystem from the ground up with sovereignty in mind, creating domestic alternatives like WeChat and Weibo that it fully controls. Iran, by contrast, is building its controls on top of the standard global internet infrastructure.

Unlike China’s censorship regime, Iran’s overlay model is highly exportable. It demonstrates to other authoritarian regimes that they can still achieve high levels of control by retrofitting their existing networks. We are already seeing signs of “authoritarian learning,” where techniques tested in Tehran are being studied by regimes in unstable democracies and dictatorships alike. The most recent shutdown in Afghanistan, for example, was more sophisticated than previous ones. If Iran succeeds in normalizing tiered access to the internet, we can expect to see similar white SIM policies and tiered access models proliferate globally.

The international community must move beyond condemnation and treat connectivity as a humanitarian imperative. A coalition of civil society organizations has already launched a campaign calling for “direct-to-cell” (D2C) satellite connectivity. Unlike traditional satellite internet, which requires conspicuous and expensive dishes such as Starlink terminals, D2C technology connects directly to standard smartphones and is much more resilient to infrastructure shutdowns. The technology works; all it requires is implementation.

This is a technological measure, but it has a strong policy component as well. Regulators should require satellite providers to include humanitarian access protocols in their licensing, ensuring that services can be activated for civilians in designated crisis zones. Governments, particularly the United States, should ensure that technology sanctions do not inadvertently block the hardware and software needed to circumvent censorship. General licenses should be expanded to cover satellite connectivity explicitly. And funding should be directed toward technologies that are harder to whitelist or block, such as mesh networks and D2C solutions that bypass the choke points of state-controlled ISPs.

Deliberate internet shutdowns are commonplace throughout the world. The 2026 shutdown in Iran is a glimpse into a fractured internet. If we are to end countries’ ability to limit access to the rest of the world for their populations, we need to build resolute architectures. They don’t solve the problem, but they do give people in repressive countries a fighting chance.

This essay originally appeared in Foreign Policy.

An anonymous reader quotes a report from NPR: NASA could launch four astronauts on a mission to fly around the moon as soon as March 6th. That's the launch date (PDF) that the space agency is now working towards following a successful test fueling of its big, 322-foot-tall moon rocket, which is standing on a launch pad at the Kennedy Space Center in Florida. "This is really getting real," says Lori Glaze, acting associate administrator of NASA's exploration systems development mission directorate. "It's time to get serious and start getting excited." But she cautioned that there's still some pending work that remains to be done out at the launch pad, and officials will have to conduct a multi-day flight readiness review late next week to make sure that every aspect of the mission is truly ready to go. "We need to successfully navigate all of those, but assuming that happens, it puts us in a very good position to target March 6th," she says, noting that the flight readiness review will be "extensive and detailed." [...] When NASA workers first tested out fueling the rocket earlier this month, they encountered problems like a liquid hydrogen leak. Swapping out some seals and other work seems to have fixed these issues, according to officials who say that the latest countdown dress rehearsal went smoothly, despite glitches such as a loss of ground communications in the Launch Control Center that forced workers to temporarily use backups.

Read more of this story at Slashdot.

Over the past 15 years, password managers have grown from a niche security tool used by the technology savvy into an indispensable security tool for the masses, with an estimated 94 million US adults—or roughly 36 percent of them—having adopted them. They store not only passwords for pension, financial, and email accounts, but also cryptocurrency credentials, payment card numbers, and other sensitive data.

All eight of the top password managers have adopted the term “zero knowledge” to describe the complex encryption system they use to protect the data vaults that users store on their servers. The definitions vary slightly from vendor to vendor, but they generally boil down to one bold assurance: that there is no way for malicious insiders or hackers who manage to compromise the cloud infrastructure to steal vaults or data stored in them. These promises make sense, given previous breaches of LastPass and the reasonable expectation that state-level hackers have both the motive and capability to obtain password vaults belonging to high-value targets.

A bold assurance debunked

Typical of these claims are those made by Bitwarden, Dashlane, and LastPass, which together are used by roughly 60 million people. Bitwarden, for example, says that “not even the team at Bitwarden can read your data (even if we wanted to).” Dashlane, meanwhile, says that without a user’s master password, “malicious actors can’t steal the information, even if Dashlane’s servers are compromised.” LastPass says that no one can access the “data stored in your LastPass vault, except you (not even LastPass).”

Read full article

Comments

Favorited the rss-feed of the blog by Manuel Moreale

Shout-out to Manuel Moreale for his footer message under each item in his RSS feed. Likewise!

Thank you for keeping RSS alive. You’re awesome.

Manuel Moreale

SpaceX has formally acquired another of Elon Musk's companies, xAi, the space company announced on Monday afternoon.

"SpaceX has acquired xAI to form the most ambitious, vertically-integrated innovation engine on (and off) Earth, with AI, rockets, space-based internet, direct-to-mobile device communications and the world’s foremost real-time information and free speech platform," the company said. "This marks not just the next chapter, but the next book in SpaceX and xAI's mission: scaling to make a sentient sun to understand the Universe and extend the light of consciousness to the stars!"

The merging of what is arguably Musk's most successful company, SpaceX, with the more speculative xAI venture is a risk. But Musk strongly believes that artificial intelligence is central to humanity's future and wants to be among those leading in its development.

Read full article

Comments

The Bulletin of the Atomic Scientists on Tuesday set their symbolic Doomsday Clock to 85 seconds before midnight -- the closest the timepiece has ever been to the theoretical point of annihilation since scientists created it during the Cold War in 1947. The clock now stands four seconds nearer than last year's setting, and this marks the third time in four years that the Bulletin has moved it closer to midnight. The Chicago-based nonprofit pointed to aggressive behavior by nuclear powers Russia, China and the United States, fraying nuclear arms control frameworks, ongoing conflicts in Ukraine and the Middle East, unregulated AI integration into military systems, and climate change. "In terms of nuclear risks, nothing in 2025 trended in the right direction," said Alexandra Bell, the Bulletin's president and CEO. The last remaining nuclear arms pact between the US and Russia, the New START treaty, expires on February 5.

Read more of this story at Slashdot.

Really interesting blog post from Anthropic:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—­one of the costliest cyber attacks in history—­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.

Read the whole thing. Automatic exploitation will be a major change in cybersecurity. And things are happening fast. There have been significant developments since I wrote this in October.

No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer.

Executive summary: Scientists have understood for many years that internet voting is insecure and that there is no known or foreseeable technology that can make it secure. Still, vendors of internet voting keep claiming that, somehow, their new system is different, or the insecurity doesn’t matter. Bradley Tusk and his Mobile Voting Foundation keep touting internet voting to journalists and election administrators; this whole effort is misleading and dangerous.

I am one of the many signatories.

The Free Software Foundation's president Ian Kelling is also their senior systems administrator. This week he shared an example of how "the work we put in to making sure a program is free for us also makes it free for the rest of the world." During the COVID-19 pandemic, like everyone everywhere, the FSF increased its videoconferencing use, especially videoconferencing software that works in web browsers. We have experience hosting several different programs to accomplish this, and BigBlueButton was an important one for us for a while. It is a videoconferencing service which describes itself as a virtual classroom because of its many features designed for educational environments, such as a shared whiteboard... In BigBlueButton 2.2, the program used a freely licensed version of MongoDB, but it unintentionally picked up MongoDB's 2018 nonfree license change in versions 2.3 and 2.4. At the FSF, we noticed this [after a four-hour review] and raised the alarm with the BigBlueButton team in late 2020. In many cases of a developer changing to a nonfree license, free forks have won out, but in this case no one judged it worth the effort to maintain a fork of the final free MongoDB version. This was a very unfortunate case for existing users of MongoDB, including the FSF, who were then faced with a challenge of maintaining their freedom by either running old and unmaintained software or switching over to a different free program. Luckily, the free software world is not especially lacking in high quality database software, and there is also a wide array of free videoconferencing software. At the FSF, we decided to spend some effort to make sure MongoDB would no longer make BigBlueButton nonfree, to help other users of MongoDB and BigBlueButton. We think BigBlueButton is really useful for free software in schools, where it is incredibly important to have free software. On the tech team, especially when it comes to software running in a web browser, we are used to making modifications to better suit our needs. In the end, we didn't find a perfect solution, but we did find FerretDB to be a promising MongoDB alternative and assisted the developers of FerretDB to see what would be required for it to work in BigBlueButton. The BigBlueButton developers decided that some architectural level changes for their 3.0 release would be the path for them to remove MongoDB. As of BigBlueButton 3.0, released in 2025, BigBlueButton is back to being entirely free software...! As you can see, in the world of free software, trust can be tricky, and this is part of why organizations like the FSF are so important. Kelling notes he's part of a tech team of just two people reponsible for "63 different services, platforms, and websites for the FSF staff, the GNU Project, other community projects, and the wider free software community..."

Read more of this story at Slashdot.

After more than two decades of promises and false starts in the mesh networking space, the smart home standards that Apple, Amazon and Google have each championed are finally set to escape their respective brand silos and work together in a single unified network. Starting January 1, 2026, Thread 1.4 becomes the Thread Group's only certified standard, bringing a crucial new capability called credential sharing. Devices from different manufacturers can now securely join the same mesh network -- an Amazon Echo Show and an Apple HomePod mini in the same house will both be able to control the same Nanoleaf lightbulb. This marks a significant departure from Thread 1.3, released in 2022, where each brand's mesh network connected only to devices from that same brand. The Thread Group launched in 2014 as a coalition led by Arm, Google's Nest Labs, and Samsung, later welcoming Apple and Amazon into the fold. Thread 1.4 handles low-power smart home devices and sensors, but homes also need high-bandwidth connections for laptops and phones. Wi-Fi 7 mesh serves that purpose and the Matter protocol acts as a translation layer between the two different mesh networks. Both Wi-Fi 7 and Matter arrived in products on store shelves in 2025.

Read more of this story at Slashdot.

A tenured USC professor is arguing that universities need to fundamentally rethink their value proposition as AI rapidly closes the gap on human instruction and a loneliness epidemic grips the generation most likely to be sitting in their lecture halls. Eric Anicich, an associate professor at USC's Marshall School of Business, wrote in the Los Angeles Times that nearly three-quarters of 16- to 24-year-olds now report feeling lonely, young adults spend 70% less time with friends in person compared to two decades ago, and a growing majority of Gen Z college graduates say their degree was a "waste of money." Anicich points to a recent Harvard study finding that students using an AI tutor learned more than twice as much as those in traditional active-learning classes, and did so in less time. The implication is stark: if instruction becomes abundant and cheap, colleges must sell what remains scarce -- genuine human community. He notes that his doctoral training included zero coursework on teaching, a norm he says persists across academia. His proposal: fund student life as seriously as research labs, hire professional "experience designers," and treat rituals and collaborative projects as core curriculum rather than amenities.

Read more of this story at Slashdot.

Nuclear power delivers low-carbon, reliable electricity. As more countries aim for net-zero emissions, nuclear energy is increasingly seen as a crucial partner to renewable sources like wind and solar. 

Former DoJ attorney John Carlin writes about hackback, which he defines thus: “A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are—­by definition­—not passive defensive measures.”

His conclusion:

As the law currently stands, specific forms of purely defense measures are authorized so long as they affect only the victim’s system or data.

At the other end of the spectrum, offensive measures that involve accessing or otherwise causing damage or loss to the hacker’s systems are likely prohibited, absent government oversight or authorization. And even then parties should proceed with caution in light of the heightened risks of misattribution, collateral damage, and retaliation.

As for the broad range of other hack back tactics that fall in the middle of active defense and offensive measures, private parties should continue to engage in these tactics only with government oversight or authorization. These measures exist within a legal gray area and would likely benefit from amendments to the CFAA and CISA that clarify and carve out the parameters of authorization for specific self-defense measures. But in the absence of amendments or clarification on the scope of those laws, private actors can seek governmental authorization through an array of channels, whether they be partnering with law enforcement or seeking authorization to engage in more offensive tactics from the courts in connection with private litigation.

An anonymous reader shares a report: Spotify is the most popular music streaming service in the world. While its algorithmic recommendations aren't necessarily the reason, its reach has meant that hundreds of millions of people are being fed a steady diet of music curated by a machine. Spotify's goal is to keep you listening no matter what. In her book Mood Machine, journalist Liz Pelly recounts a story told to her by a former Spotify employee in which Daniel Ek said, "our only competitor is silence." According to this employee, Spotify leadership didn't see themselves as a music company, but as a time filler. The employee explained that, "the vast majority of music listeners, they're not really interested in listening to music per se. They just need a soundtrack to a moment in their day." Simply providing a soundtrack to your day might seem innocent enough, but it informs how Spotify's algorithm works. Its goal isn't to help you discover new music, its goal is simply to keep you listening for as long as possible. It serves up the safest songs possible to keep you from pressing stop. The company even went so far as to partner with music library services and production companies under a program called Perfect Fit Content, or PFC. This saw the creation of fake or "ghost" artists that flooded Spotify with songs that were specifically designed to be pleasant and ignorable. It's music as content, not art. [...] Artists, especially new ones trying to break through, actually started changing how they composed to play better in the algorithmically driven streaming era. Songs got shorter, albums got longer, and intros went away. The hook got pushed to the front of the song to try to grab listeners' attention immediately, and things like guitar solos all but disappeared from pop music. The palette of sounds artists pulled from got smaller, arrangements became more simplified, pop music flattened.

Read more of this story at Slashdot.

When TikTok CEO Shou Zi Chew arrived at the King Abdulaziz International Conference Center in October 2024, he had no intention of criticizing the Saudi government. He was there at...

Hu Anyan has held 19 jobs in six cities across China — selling bicycles, running a clothing store, working in a bakery, making 3D architectural renderings, doing night shifts at...

"If a man will begin with certainties, he shall end in doubts; but if he will be content to begin with doubts he shall end in certainties."

This is bad:

F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years.

During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 says is used by 48 of the world’s top 50 corporations. Wednesday’s disclosure went on to say the threat group downloaded proprietary BIG-IP source code information about vulnerabilities that had been privately discovered but not yet patched. The hackers also obtained configuration settings that some customers used inside their networks.

Control of the build system and access to the source code, customer configurations, and documentation of unpatched vulnerabilities has the potential to give the hackers unprecedented knowledge of weaknesses and the ability to exploit them in supply-chain attacks on thousands of networks, many of which are sensitive. The theft of customer configurations and other data further raises the risk that sensitive credentials can be abused, F5 and outside security experts said.

F5 announcement.

An anonymous reader shares a report: China's giant solar parks aren't just changing the power mix -- they may be changing the ground beneath them. Fresh field data point to cooler soils, extra moisture, and pockets of greening, though lasting ecological shifts will hinge on design and long-term care. [...] A team studying one of the largest photovoltaic parks in China, the Gonghe project in the Talatan Desert, found a striking difference between what was happening under the panels and what lay just beyond. They used a detailed framework measuring dozens of indicators -- everything from soil chemistry to microbial life -- and discovered that the micro-environment beneath the panels was noticeably healthier. The reasons track with physics: shade cools the surface and slows evaporation, letting scarce soil moisture linger longer; field experiments in western China report measurable soil-moisture gains beneath shaded arrays. Simple shade from panel rows can create a gentler microclimate at ground level, cutting wind stress and helping fragile seedlings establish. In other desert locations like Gansu and the Gobi, year-round field data tell a similar story. Soil temperatures beneath arrays tend to be cooler during the day and a bit warmer at night than surrounding ground, with humidity patterns shifting in tandem -- conditions that can make harsh surfaces more habitable when paired with basic land care. Even small shifts like these can help re-establish vegetation -- if combined with erosion control and water management. These aren't wildflowers blooming overnight, but they are signs that utility-scale solar can double as a modest micro-restorer.

Read more of this story at Slashdot.

The blackout that left Spain without power last April was the most severe incident to hit European networks in two decades and the first of its kind, according to the European Network of Transmission System Operators for Electricity. Damian Cortinas, the organization's chairman, said the April 28 outage was Europe's first blackout linked to cascading voltages. More than 50 million people lost electricity for several hours. A preliminary report published in July attributed the outage to a chain of power generation disconnections and abnormal voltage surges. The final assessment will be released in the first quarter of next year and presented to the European Commission and member states. A government probe in June found that grid operator Red Electrica failed to replace one of 10 planned thermal plants, reducing reserve capacity. Spain spent only $0.3 on its grid for every dollar invested in renewables between 2020 and 2024, the lowest ratio among European countries and well below the $0.7 average.

Read more of this story at Slashdot.

Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost:

Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number with four letters and 10 digits.

That’s when he offered to transfer me to his supervisor. That simple phrase, familiar from countless customer-service calls, draped a cloak of corporate competence over this unfolding drama. His supervisor. I mean, would a scammer have a supervisor?

The line went mute for a few seconds, and a second man greeted me with a voice of authority. “My name is Mike Wallace,” he said, and asked for my case number from the first guy. I dutifully read it back to him.

“Yes, yes, I see,” the man said, as if looking at a screen. He explained the situation—new account, Zelle transfers, Texas—and suggested we reverse the attempted withdrawal.

I’m not proud to report that by now, he had my full attention, and I was ready to proceed with whatever plan he had in mind.

It happens to smart people who know better. It could happen to you.

This is a weird story:

The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City.

The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that could have been used for telecom attacks within the area encompassing parts of New York, New Jersey and Connecticut.

“This network had the power to disable cell phone towers and essentially shut down the cellular network in New York City,” said special agent in charge Matt McCool.

The devices were discovered within 35 miles (56km) of the UN, where leaders are meeting this week.

McCool said the “well-organised and well-funded” scheme involved “nation-state threat actors and individuals that are known to federal law enforcement.”

The unidentified nation-state actors were sending encrypted messages to organised crime groups, cartels and terrorist organisations, he added.

The equipment was capable of texting the entire population of the US within 12 minutes, officials say. It could also have disabled mobile phone towers and launched distributed denial of service attacks that might have blocked emergency dispatch communications.

The devices were seized from SIM farms at abandoned apartment buildings across more than five sites. Officials did not specify the locations.

Wait; seriously? “Special agent in charge Matt McCool”? If I wanted to pick a fake-sounding name, I couldn’t do better than that.

Wired has some more information and a lot more speculation:

The phenomenon of SIM farms, even at the scale found in this instance around New York, is far from new. Cybercriminals have long used the massive collections of centrally operated SIM cards for everything from spam to swatting to fake account creation and fraudulent engagement with social media or advertising campaigns.

[…]

SIM farms allow “bulk messaging at a speed and volume that would be impossible for an individual user,” one telecoms industry source, who asked not to be named due to the sensitivity of the Secret Service’s investigation, told WIRED. “The technology behind these farms makes them highly flexible—SIMs can be rotated to bypass detection systems, traffic can be geographically masked, and accounts can be made to look like they’re coming from genuine users.”