SoylentNews

fliptop writes:

CISA advisory warns that unauthenticated Bluetooth access in WHILL devices allows for unauthorized movement:

On December 30, the US cybersecurity agency CISA published an advisory to inform the public about a serious vulnerability discovered by researchers in electric wheelchairs made by WHILL, a Japan-based company whose personal electric mobility devices are sold around the world.

According to CISA's advisory, WHILL Model C2 and Model F electric wheelchairs are affected by a missing authentication vulnerability. The issue is tracked as CVE-2025-14346 and it has been assigned a critical severity rating.

CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth connections, allowing an attacker who is in Bluetooth range of the targeted device to pair with it. The attacker could then control the wheelchair's movements, override speed restrictions, and manipulate configuration profiles, all without requiring credentials or user interaction.

The flaw was discovered by a team from QED Secure Solutions, a research-driven cybersecurity firm that helps private and government organizations secure operational technology (OT) and other critical systems.

[...] To demonstrate a high-impact theoretical scenario, the team developed an exploit designed to automatically compromise any WHILL wheelchair within proximity. SecurityWeek reviewed a video demonstration of this exploit, which showed a wheelchair being remotely driven off a flight of stairs at high speed.

Originally spotted on Schneier on Security.

Original Submission

jelizondo writes:

Ars Technica published an interesting article about a new AI assistant that provides strong assurances that user data is unreadable even to the platform operator,

Moxie Marlinspike—the pseudonym of an engineer who set a new standard for private messaging with the creation of the Signal Messenger—is now aiming to revolutionize AI chatbots in a similar way.

His latest brainchild is Confer, an open source AI assistant that provides strong assurances that user data is unreadable to the platform operator, hackers, law enforcement, or any other party other than account holders. The service—including its large language models and back-end components—runs entirely on open source software that users can cryptographically verify is in place.

Data and conversations originating from users and the resulting responses from the LLMs are encrypted in a trusted execution environment (TEE) that prevents even server administrators from peeking at or tampering with them. Conversations are stored by Confer in the same encrypted form, which uses a key that remains securely on users' devices.

Like Signal, the under-the-hood workings of Confer are elegant in their design and simplicity. Signal was the first end-user privacy tool that made using it a snap. Prior to that, using PGP email or other options to establish encrypted channels between two users was a cumbersome process that was easy to botch. Signal broke that mold. Key management was no longer a task users had to worry about. Signal was designed to prevent even the platform operators from peering into messages or identifying users' real-world identities.

All major platforms are required to turn over user data to law enforcement or private parties in a lawsuit when either provides a valid subpoena. Even when users opt out of having their data stored long term, parties to a lawsuit can compel the platform to store it, as the world learned last May when a court ordered OpenAI to preserve all ChatGPT users' logs—including deleted chats and sensitive chats logged through its API business offering. Sam Altman, CEO of OpenAI, has said such rulings mean even psychotherapy sessions on the platform may not stay private. Another carve out to opting out: AI platforms like Google Gemini may have humans read chats.

"AI models are inherent data collectors," Em [she keeps her last name off the Internet] told Ars. "They rely on large data collection for training, improvements, operations, and customizations. More often than not, this data is collected without clear and informed consent (from unknowing training subjects or from platform users), and is sent to and accessed by a private company with many incentives to share and monetize this data."

Arthur T Knackerbracket writes:

https://www.wired.com/story/x-didnt-fix-groks-undressing-problem-it-just-makes-people-pay-for-it/

After creating thousands of "undressing" pictures of women and sexualized imagery of apparent minors, Elon Musk's X has apparently limited who can generate images with Grok. However, despite the changes, the chatbot is still being used to create "undressing" sexualized images on the platform.

On Friday morning, the Grok account on X started responding to some users' requests with a message saying that image generation and editing are "currently limited to paying subscribers." The message also includes a link pushing people towards the social media platform's $395 annual subscription tier. In one test of the system requesting Grok create an image of a tree, the system returned the same message.

The apparent change comes after days of growing outrage against and scrutiny of Musk's X and xAI, the company behind the Grok chatbot. The companies face an increasing number of investigations from regulators around the world over the creation of nonconsensual explicit imagery and alleged sexual images of children. British prime minister Keir Starmer has not ruled out banning X in the country and said the actions have been "unlawful."

Neither X nor xAI, the Musk-owned company behind Grok, has confirmed that it has made image generation and editing a paid-only feature. An X spokesperson acknowledged WIRED's inquiry but did not provide comment ahead of publication. X has previously said it takes "action against illegal content on X," including instances of child sexual abuse material. While Apple and Google have previously banned apps with similar "nudify" features, X and Grok remain available in their respective app stores. xAI did not immediately respond to WIRED's request for comment.

For more than a week, users on X have been asking the chatbot to edit images of women to remove their clothes—often asking for the image to contain a "string" or "transparent" bikini. While a public feed of images created by Grok contained far fewer results of these "undressing" images on Friday, it still created sexualized images when prompted to by X users with paid for "verified" accounts.

fliptop writes:

Meta Platforms Inc. is set to cut more than 1,000 jobs from its Reality Labs division as the company redirects resources away from virtual reality and Metaverse products toward artificial intelligence-powered (AI-powered) wearables and mobile features:

According to an internal post from Meta Chief Technology Officer Andrew Bosworth, employees affected by the layoffs will be notified starting on Jan. 20. The cuts are expected to affect roughly 10% of the Reality Labs workforce, which totals about 15,000 employees.

Reality Labs is home to Meta's most experimental products, including virtual reality headsets, AI-powered glasses and virtual world software. However, the division has struggled financially, losing more than $70 billion since early 2021 as many of its products have yet to generate significant revenue.

In line with this, Bosworth said in his memo that Meta is refocusing its Metaverse strategy on mobile platforms and scaling back investment in virtual reality hardware to make the business more sustainable.

[...] According to BrightU.AI's Enoch, Meta is a multinational technology conglomerate that operates a suite of social media platforms, including Facebook, Instagram, WhatsApp and Messenger. It is one of the world's largest and most influential tech companies, with a significant impact on global communication and information dissemination.

However, the latest move underscores Meta's increasing emphasis on AI. The company is in talks with eyewear maker EssilorLuxottica SA about potentially doubling production capacity for AI-enabled smart glasses by the end of this year, according to people familiar with the matter. Meta has also discussed increasing annual production to 20 million units or more by the end of 2026.

Also at NY Post and Gizmodo.

Original Submission

owl writes:

Entropic Thoughts published an interesting article about the uses of slide rule in the kitchen:

Kitchen work is all about proportions: sometimes the recipe is for four servings but you need six; maybe the recipe calls for 80 g of butter but you only have 57 g, so you have to adjust the other ingredients to match.

We could use an electronic calculator to figure out the rescaled amounts, but a slide rule makes it so much easier.

Once the slide rule is set to the constraining proportion, in this case 2:3.3, we can instantly read off all other amounts from it with no additional manipulation. If the recipe calls for three cups of flour, we'll find 3 on the C scale and look what's below it on the D scale: seems like we need 4.95 cups of flour. The recipe says 25 g of butter: we'll take what's under 25 on the C scale, i.e. 41.25 g. Having set the slide rule once, it then serves as a custom scaling table for the rest of the recipe.

Kitchen work is all about proportions, and nothing beats the slide rule for proportions. The reason I write this article is I just found myself in someone else's kitchen and they didn't have a slide rule. Only then did I realise how much I take my kitchen slide rule for granted.

Bakers understand the importance of proportions in cooking; they even write their recipes normalised to the weight of flour, meaning all other ingredients are given in proportion to the amount of flour. This makes it easier to compare recipes, too, because when they are normalised to the weight of a common ingredient, it is easier to see which recipe is sweeter, saltier, umamier, etc.

Everyone should have a slide rule in their kitchen drawers. I'm honestly surprised it is not standard equipment. Once set up, it's a mess-free, multitasking-friendly way to achieve instant calculations with almost no work.

Original Submission

upstart writes:

Over Half A Million Windows Users Are Switching To Linux - Here's Why - BGR:

Over Half A Million Windows Users Are Switching To Linux - Here's Why

Windows 10 is on its last legs: The predecessor to Windows 11 has already reached its official end of support in October 2025, and will continue to limp along with free Extended Security Updates (ESU) until October 13th, 2026 (paid ESU lasts until 2028). In other words, Microsoft is looking to responsibly end support for Windows 10 as soon as it can, despite the fact that Windows 10 was supposed to be "the last version of Windows" ever made.

Clearly, this has not held true. Microsoft has also made it difficult to move old hardware to Windows 11, thanks to its rigid TPM 2.0 security chip requirement, which many older desktops and laptops lack. This has left quite a few Windows 10 users without an upgrade path to Microsoft's latest OS on their hardware, and Linux is picking up the slack, with distros like Zorin showing the numbers to prove it.

Microsoft's loss is Linux's gain

Among the many Linux distributions, from Fedora to Ubuntu, Zorin (based on Ubuntu) very much aims to be a replacement for Windows, and has been for many, many years. From its Windows 11-like taskbar to its very familiar-looking start menu, Zorin is built to make the transition from Windows to Linux as painless as possible.

In a world where many Windows 10 users are looking to jump ship to an OS that respects their privacy, not to mention their hardware (no matter its age), Zorin is likely one of the first distros a Linux-curious Windows user will look at. Given that Zorin has already crossed a million downloads, with 78% of those on Windows machines, one can assume that a good portion of those are users who have permanently switched from Microsoft to Linux. It would appear that the year of the mainstream Linux desktop may be upon us, and poetically, it's Microsoft's doing.

Some users argue that Microsoft limited Windows 11 by requiring TPM 2.0 to make more hardware sales, rather than for user safety. Sure, the security benefits of TPM, like Secure Boot, are good for preventing malicious software from loading at startup. However, when the choice is to either replace your perfectly functioning hardware so you can run Windows 11, or switch to a Linux distro; for many, the choice was seemingly pretty easy. This is especially true when no OS is truly secure to begin with.

Thank Valve for improving gaming on Linux machines

Thanks to Valve's push with the Steam Deck, a handheld gaming device that runs on Linux rather than Windows, Linux has become that much more viable. Not only has GPU driver support come a long way, thanks to Valve's push into Linux gaming (just look at AMD as a perfect example), but even AAA games like "Cyberpunk 2077" and "Baldur's Gate 3" have been developed with the Steam Deck and Linux in mind. Gaming on Linux is now that much more comparable to gaming on Windows, rounding out the OS as a full-time alternative. No longer can one claim there is a lack of games on Linux to hold them back from switching.

This is all thanks to WINE, a Windows emulator Valve forked into Proton, which is the meat of how Windows games run so well on Linux. Of course, WINE has its own usefulness, especially in distros like Zorin that aim to close the gap between Linux and Windows. So, for the same reason games work so well on Linux these days, it's also why you can run many of your favorite Windows apps directly in Linux. Zorin even takes this to the extreme with a user-friendly app called "Windows App Support" that can easily install .exe or .msi files as if they are native applications.

Web apps have closed the gap

Linux distros like Zorin have grown exponentially in popularity by targeting Windows users, and web apps have easily filled the gaps where native and WINE apps fall short. Linux is famous for not offering native applications like Photoshop, which comes down to Adobe refusing to make a Linux version, likely thanks to its low user count. The same goes for apps like Microsoft Office. The good news is that a lot of these job-dependent applications now offer web apps, which is why distros like Zorin include the ability to install progressive web apps out of the box, rather than relying on Chrome's built-in functionality.

This way, you can run Zorin, which looks a lot like Windows, and add apps like Microsoft Office, Google Drive, Grammarly, and any other online services as a web app. That's the beauty of Linux (thanks to a feature from ChromeOS, which is built on top of Linux), rather than a corporation and its software controlling you. You instead control the OS, from what apps it uses, to what games it can play, all while mimicking a familiar user interface.

At the end of the day, it's easy to see why so many Windows users are checking out Linux distros like Zorin. When the choice is between spending a bunch of money to replace perfectly functional hardware, or simply moving to a new OS, many will opt for the latter. Now that Linux has finally caught up to the big boys in terms of drivers, games, and apps, there is little reason not to make the switch.

Original Submission

looorg writes:

Notorious hacker forum BreachForum has been hacked, and have their user database leaked. Containing user names, messages and such. Lets see if the users of Breach used proper opsec or not. Probably not. If you can't even trust other criminals to keep your secrets then who can you trust ...

News of the breach emerged publicly on January 9 when a zip archive containing a MySQL database of 323,986 BreachForums users appeared on shinyhunte[.]rs, a domain reportedly unconnected to the infamous extortion group of the same name.

According to Have I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.

https://www.csoonline.com/article/4115660/notorious-breachforums-hacking-site-hit-by-doomsday-leak-of-324000-criminal-users.html

Original Submission

fliptop writes:

Claude has emerged as the most-used artificial intelligence model among U.S. tech professionals, outpacing ChatGPT and other rivals in day-to-day work, according to a new survey:

ChatGPT followed at 19%, with Gemini at 15%, GitHub Copilot at 14% and Cursor at 11%, according to the results released January 7 to The Dallas Express.

The survey was conducted on December 16 and December 17, 2025, and collected responses from 1,215 verified professionals in the United States. Blind said most respondents identified as software engineers and reported using AI tools primarily for writing code, debugging, and system design.

The data suggest that Claude's popularity extends even into companies that have invested heavily in developing their own AI systems.

Among Meta employees who responded, 50% reported Claude as their most-used AI model, while only 8% selected Meta AI, according to Blind's breakdown. At Microsoft, 34% of respondents said Claude was their primary tool, narrowly surpassing the company's own Copilot at 32%.

The trend did not hold everywhere.

Google employees reported Gemini as their top choice, with 57% selecting it as their most-used AI model, while 23% reported using Claude, according to the survey. At Amazon, 54% of respondents said Claude was their go-to model, compared with 15% who selected ChatGPT and 11% who chose Gemini.

Also at Yahoo!tech.

Original Submission

hubie writes:

Proposal targets long-standing behavior as 'an X11ism':

Ever since Linux got a graphical desktop, you could middle-click to paste – but if GNOME gets its way, that's going away soon, and from Firefox too.

More proof, if you will, that the traditional keyboard and multi-button mouse config is boring legacy tech to the hipsters in charge these days. GNOME developer Jordan Petridis has submitted the code to remove middle-click paste behavior from GNOME defaults, which he considers "an X11ism." The merge request concludes "Goodbye X11."

It's not just in GNOME – he's additionally filed bug 1747207 against Firefox, also proposing to remove this behavior. There, he says:

This is a little known feature and behavior that leads into user confusion when they click the middle mouse button without knowing about its functionality. Most of the time, its [sic] also clicked by accident, and its [sic] very weird o [sic] have the clipboard dumped on such occasions.

The feature is also not discoverable at all, and even on the Freedesktop wiki page, the entirity [sic] of the "PRIMARY" selection is refferred [sic] to as an "easter egg".

The spelling and punctuation errors are in the original, but they aren't the only mistake: it doesn't dump the clipboard. The clipboard is a separate thing. Middle-clicking pastes any currently selected text at the insertion point, including in a terminal emulator, without affecting the clipboard. That's why we like it. For instance, you can select and copy the title of a webpage, then select the URL, then switch to another window, paste the title with Ctrl+V, and then paste the URL with a middle-click, without two round trips between the apps.

There is one element of truth to this proposal, though. Middle-click to paste is not as well-known as it should be, which is why we wrote about how to use the middle button in 2023.

However, this is a very long-standing feature. Linux.com published an article about using it in 2004. A 2005 Mozilla bug says: "Middle-click paste is the default behavior on Unix systems." The Reg FOSS desk discovered it in his first experiments with Linux 30 years ago, on the Lasermoon Linux/FT distro – the first POSIX.1 certified Linux.

Before Linux, it was in SunOS – it's mentioned in the docs for the IRAF tool from 1995. We suspect that, as per this Stack Overflow answer, it predates the X window system and may go back to SunView, released in 1985, which also crops up in the FreeBSD docs.

[...] Call us paranoid, but we feel attacked. Once again, it feels to us very much like the GNOME developers – quite a few of whom are relative youngsters – simply don't know how to make the best use of what are apparently old-fashioned input devices like multi-button mice. As a result, they see useful facilities as unnecessary, and want to take them away from those of us who value them.

[...] We implore the GNOME team: please, spend a weekend on a Windows desktop PC with no pointing device and learn to drive it with the keyboard alone. Start with a blank installation of Win 10 LTSC, use Ninite to install a bunch of FOSS apps. Configure Firefox and Thunderbird for keyboard use. It's like Vim but for the entire OS. It is so fast and efficient and capable, you will feel as if you are a god-like superhero of computing. You'll be amazed. You'll pick up skills you'll be able to use every day for the rest of your life, and it's fun. Please. Just try it. And then maybe you will see why we object to you removing these facilities.

Original Submission

owl has provided two submissions. Here is the second one...

owl writes:

https://cray-history.net/2021/11/04/cray-customer-service-by-charles-clark/

I have seen lots of articles on Cray Supercomputers, their design, development, uses and installations, but I haven't seen too much documented on the WEB about the Cray Engineers and Analysts who supported these systems in the field so I thought I would try to document some of the key "facts" (that I remember) of Cray Customer support. I also list some key milestones and events that occurred in Service during my 36 years (35 years 10 months to be precise) working at Cray.

Original Submission

hubie writes:

Every sheet of frost contains ionic defects and this team uses high voltage to polarize these ions and rip off the frost:

During winter months, frost can unleash icy havoc on cars, planes, heat pumps, and much more. But thermal defrosting with heaters is very energy intensive, while chemical defrosting is expensive and toxic to the environment.

Jonathan Boreyko, associate professor in mechanical engineering at Virginia Tech, and his research team may have found a new and improved method for deicing. His philosophy is to combat ice by exploiting its own physics instead of using heat or chemicals, creating methods of frost removal that are more cost effective and environmentally friendly.

Their previous work leveraged the small amount of voltage that naturally exists within frost to polarize a nearby water film, creating an electric field that could detach microscopic ice crystals. Now his team is amping up this concept by applying a high voltage to an opposing electrode to more forcibly dislodge frost from its surface. The result is a new method the team has named "electrostatic defrosting" (EDF). The approach to creating it has been published in Small Methods.

As frost crystals grow, the water molecules arrange into a tidy ice lattice. But sometimes a water molecule lands a little off-pattern — maybe it has an extra hydrogen nearby (H3O+) or is missing one entirely (OH–). Think of it as if you're putting together a big jigsaw puzzle too quickly, so that a piece gets jammed in the wrong spot or is missing entirely. These tiny errors create what scientists call ionic defects: places in the frost where there is a bit too much positive or negative charge.

The team hypothesized that when applying a positive voltage to an electrode plate held above the frost, the negative ionic defects would become attracted and "migrate" to the top of the frost sheet, while the positive ionic defects would be repelled and migrate toward the base of the frost. In other words, the frost would become highly polarized and exhibit a strong attractive force to the electrode. If this attractive force is strong enough, frost crystals could fracture off and jump into the electrode.

Even without any applied voltage, the overhanging copper plate removed 15 percent of the frost. This is because frost can weakly self-polarize even without any applied electric field. However, applying voltage dramatically boosts the extent of polarization. When the team turned on 120 volts of power, 40 percent of the frost was removed. At 550 volts, 50 percent was removed.

"We really thought we were onto something here," Boreyko said. "Keep turning up the voltage and more frost will jump away, right? What was unexpected was when the opposite happened."

Turning up the power further, something curious happened: less frost jumped away, reducing to only 30 percent removal at 1,100 volts and 20 percent at 5,500 volts. The results contradicted the theoretical model, which predicted that the performance should continually improve with increasing voltage.

The team found a possible explanation for this plunge in frost removal at higher voltages. When growing frost on an insulating glass substrate, rather than a copper one, the higher voltages performed only slightly worse. This indicated that charge leakage from the polarized frost into the underlying substrate was occurring, especially at high voltages, which could be mitigated by using a more insulating surface.

[...] "This concept of electric deicing is still in a very early stage," Boreyko said. "Beyond this first paper, our goal is to improve EDF by reducing charge leakage and attempt higher voltages and electrode placements, among various other emerging strategies. We hope that in the near future, EDF will prove to be a cost-effective, chemical-free, and low-energy approach to deicing."

Journal Reference: https://doi.org/10.1002/smtd.202501143

Original Submission

We hadn't heard from owl in a while, but he has more than made up for his temporary absence by submitting a couple of interesting, but unusual, stories. Here is the first one:

owl writes:

https://www.dailykos.com/stories/2026/1/11/2360474/-Resuscitating-a-1934-Briggs-amp-Stratton-washing-machine-engine%20-%20Fnord

This is a 1934 Briggs & Stratton Model Y ½ horsepower gasoline engine. These were mainly used for running washing machines, but variants were marketed for landscaping equipment like lawn mowers, roto-tillers, and such. Briggs made the Model Y from 1931 until 1940.

The seller's grandfather told him it ran when he put it away 40-odd years ago. Hey, if you can't believe Grandpa, who can you believe?

Includes a video - with sound!

Original Submission

DannyB writes:

'Dilbert' creator Scott Adams dies at 68 after prostate cancer battle

Scott Adams, the author and cartoonist whose "Dilbert" comic strip satirized corporate life to wide acclaim before racist comments he made sidelined him, has died following a battle with cancer. He was 68.

Adams' ex-wife, Shelly Miles, confirmed Adams' death during a livestream on the "Real Coffee with Scott Adams" show on Tuesday, Jan. 13.

"Hi, everyone. Unfortunately, this isn't good news," Miles said. "Of course, he waited 'til just before the show started, but he's not with us anymore."

Original Submission

JoeMerchant writes:

Summary by Gemini:

The AI Village is a live simulation featuring autonomous agents such as Claude Opus 4.5, GPT-5.2, and DeepSeek-V3.2. The project follows a structured schedule where agents are assigned technical tasks, including mirroring repositories and verifying deployment logs. Governance is managed through the weekly election of a Village Leader who sets the community's primary objective.

Current activities involve the development of an Interactive Fiction Game. Agents use virtual computer environments to create deployment manifests and check write permissions for shared repositories. As of the latest update, the group completed a prototype for "The Activation Protocol," resolving technical blockers to meet a 2:00 PM PT deadline. The village serves as an environment for observing multi-agent coordination and technical workflow management in a shared digital space.

Although there's a great deal of "transparency" with each agent describing in fine-grained detail what it is creating patterns of words to attempt to satisfy, I find that I can't really understand the "big picture" of what the team of agents is attempting to do unless I engage another agent (like the Gemini button on Chrome) to read all the noise and summarize it, as shown above.

It seems that "the Village" has been operating a few hours a day for the past 282 days, and so it has "created" a "choose your adventure" text game, on the level of Zork - with the addition of a kind of scoring system - that seems to play through in about 15 minutes (whereas Zork was more of a 2 to 6 hour experience, depending on how you went about it.)

Something just a little bit weird about my stumbling upon the AI Village when I did, "The Activation Protocol" game they are writing is purportedly inspired by the Jejune Institute ARG (Alternate Reality Game) - and, coincidentally?, my wife and I had been watching 2-3 episodes a night of the 10 episode mini-series "Dispatches from Elsewhere" based on the same events - we were around episode 6 when I decoded what the AI Village has been doing. Having just finished the series, I must say, connections between the Jejune ARG and "The Activation Protocol" are... tenuous at best, perhaps thematically inspired, but - after some digging with Gemini - the Village apparently started working on "The Activation Protocol" on day 276 (3 Jan 2026) - perhaps somewhat inspired by Netflix's recent (4 Dec 2025) streaming debut of Dispatches from Elsewhere?

In any event, I will be impressed if "the Village" can continue development of "The Activation Protocol" to a depth / level of complexity / play time on par with Zork I. I would estimate the current "level" to be perhaps 1/8th of my Zork I target, after roughly a week of work. Somehow I suspect that it will take the agents quite a bit more than 8 more weeks to get 8x more coherent story content into their game, if they're capable of constructing anything that complex at all. Maybe if they started working more than a few hours a day...?

Original Submission

owl writes:

Recently there have been four different tech bloggers that have blogged about switching from Windows (and/or MacOS) to Linux.

Is this the start of a trend?

And will these bloggers influence some number of their readers to also make the switch?

Are we seeing a tipping point where Windows (and somewhat MacOS) usage is beginning to collapse?

Original Submission