Join our Folding@Home team:
Main F@H site
Our team page
Support us: Subscribe Here
and buy SoylentNews Swag
We always have a place for talented people, visit the Get Involved section on the wiki to see how you can make SoylentNews better.
An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence.
[...]
shims, which were invented to extend Secure Boot to Linux devices and utility software. Using a technique simple enough to be performed by novice hackers, these old, forgotten shims can be used to completely circumvent the protection, which is embedded into the UEFI (Unified Extensible Firmware Interface) of the device's motherboard. The gaffe is the result of the failure by Microsoft, which oversees the signing of shims, to revoke the publicly available images once vulnerabilities were found in them.
[...]
"What makes these old shims dangerous is not a novel vulnerability," ESET researcher Martin Smolár wrote Tuesday. "It's that no new vulnerability is needed to bypass UEFI Secure Boot. An attacker needs no complicated exploitation primitives—only a copy of an old, still-trusted, but unrevoked shim binary and a basic understanding of how UEFI shims work. That is enough to bypass such an essential security feature as UEFI Secure Boot."
[...]
Without Secure Boot, attackers with brief physical access to a device—even when it's turned off—can install bootkits similar to LoJax used by Russia state hackers in 2018, MosaicRegressor found in 2020, CosmicStrand in 2022, and BlackLotus in 2023. A handful of other in-the-wild bootkits are tracked under names including ESpecter, FinSpy, and MoonBounce.
[...]
A list of all 11 shims compiled by CERT shows that some were used by Linux distributors such as Redhat, OpenSuse, and Oracle.
[...]
Many of them were built before certain protections, including SBAT and MOK deny lists, existed.
[...]
Microsoft's digitally signed UEFI bootloader for Windows is the sole anchor of trust on Windows machines. For a component to load during the boot process, the certificate must explicitly sign all other code executed during bootup.Shims work differently. They're a secondary trust anchor, and they're signed by Microsoft using one of its other UEFI certificates.
[...]
When vulnerabilities are found in shims, Microsoft revokes them. In the case of the 11 shims, the company failed to do so, in some cases for more than a decade.
[...]
these vulnerable shims can be used against Windows and Linux machines alike, although likely not Windows 11 Secured-core PCs in their default state. Any Windows user who has installed Microsoft's June update batch is no longer vulnerable. Linux users should check the Linux Vendor Firmware Service or consult their distributor. Revocation statuses are available using the uefi-dbx-audit script.
Consumption rose another 10% while restrictions on most new grid connections remained around Dublin:
Electricity used by datacenters in Ireland increased by 10 percent during 2025, despite an effective moratorium on most new datacenter grid connections in the Dublin area.
The latest figures from Ireland's Central Statistics Office (CSO) show that giant server farms now account for nearly a quarter of the country's metered electricity consumption.
Their share rose to 23 percent in 2025 after passing 20 percent in 2023 and 14 percent in 2021 – up from just 5 percent way back in 2015.
According to the CSO, the energy sucked up by massive bit barns increased by 10 percent last year, expanding from 6,973 gigawatt hours (GWh) in 2024 to 7,663 GWh in 2025. All other customers consumed just 2 percent more electricity over the same period.
In fact, datacenters used more electricity than urban households, which accounted for 18 percent of metered use, and more than twice the rural-household share of 9 percent.
"Datacenter consumption has grown every single year without exception, more than doubling between 2015 and 2019 from 1,240 GWh to 2,490 GWh, and tripling again between 2019 and 2025, reaching 7,663 GWh," commented Grzegorz Głaczyński, statistician in the CSO's Climate and Energy Division.
Things got so bad in Ireland that at one point there were fears that the ever-expanding data dormitories might eat up as much as a third of the Emerald Isle's electricity by now.
The Commission for Regulation of Utilities (CRU) put an effective moratorium on connecting new server farms to the electricity grid, at least in the Dublin area, where much of the activity tends to concentrate.
This was lifted in December of last year, meaning electricity consumption still rose by a tenth while the moratorium was in place for nearly all of 2025.
Under stricter new regulations, server farm operators seeking a grid connection of more than 10 MW must also now provide generators or battery systems capable of providing the same power. They will be required to feed power back to the national grid, if and when required, a system already pioneered by Microsoft and Digital Realty.
Like a growing number of places, Ireland has also seen protests against datacenters, which perhaps isn't surprising given that there are understood to be more than 80 of them for a relatively small country of just over 5 million people.
Even in the US, the Trump administration is having to work to defuse public opposition to datacenters, asking the tech giants to commit that their expanding server farm estates won't spike energy bills or drain local water supplies across the US.
"The BOHR mission serves as a pathfinder for future nuclear-powered spacecraft."
The proliferation of nuclear power in space got a little more real Tuesday with the launch of a small satellite developed by a Florida-based company specializing in nuclear micro-power technology.
It's a long way from launching a bona fide nuclear reactor, a breakthrough that could help power a permanent Moon base and efficiently drive rockets throughout the Solar System. But you have to start somewhere.
The satellite from Miami-based City Labs is named BOHR, short for Betavoltaic Orbital High-Reliability, and it launched on a SpaceX rideshare mission Tuesday alongside 80 other payloads. SpaceX's Falcon 9 rocket released the BOHR satellite into an orbit between 350 and 400 miles (nearly 600 km) in altitude.
City Labs bills the BOHR mission as "the world's first commercial nuclear-powered satellite and first nuclear CubeSat." CubeSats are modest in scale, and images released by City Labs suggest BOHR is built on a "1U" CubeSat platform, a cubical design measuring about the same size as a softball. BOHR's power source is a nuclear betavoltaic battery that generates electricity from the decay of tritium, a radioactive isotope of hydrogen.
"This is a historic step for commercial nuclear power in space," said Peter Cabauy, CEO of City Labs, in a statement. "BOHR demonstrates that safe, compact, and regulatory-approved nuclear power systems are ready for routine commercial deployment. This capability enables persistent, always-on payload operations that are not constrained by sunlight or battery life."
City Labs will use its experimental NanoTritium power generator in demonstration mode to supply electricity to a payload onboard the BOHR CubeSat. The spacecraft itself uses conventional solar power for regular operations, the company said. Betavoltaic batteries are best suited for low-power applications that require a reliable, long-duration source of electricity. These use cases include remote terrestrial sensors—such as in undersea or polar locations—and instrumentation for secure communications. City Labs is also studying the use of its NanoTritium technology to power implantable medical devices.
The space industry is the other near-term market for City Labs. NASA has worked with City Labs to look at using nuclear tritium power sources to support a network of small sensors that could be deployed into permanently shadowed craters on the Moon to scout for resources like water ice. The US Air Force and Space Force have given City Labs several research contracts, funding the development of an experimental tritium AA battery for cryptographic devices and a self-powered wireless autonomous imaging sensor. City Labs says its betavoltaic systems could also power heaters for microelectronics in harsh environments.
It's important to remember that the company's betavoltaic power systems are small—in the nanowatt to microwatt range—far short of the electricity required to power a smartphone, much less a large spacecraft or a Moon base. Still, the BOHR mission is a step in the right direction for proponents of nuclear power in space. Until now, nuclear-powered spacecraft have been solely owned by government agencies like NASA and the US military.
Commercial nuclear-powered space missions face regulatory hurdles, and BOHR was the first commercial nuclear mission to pass through the Federal Aviation Administration's new nuclear launch approval process. The FAA authorized City Labs to launch the BOHR mission last September.
It helped that the BOHR satellite carries just a tiny amount of radioactive material, and the tritium isotope decays more quickly than plutonium or uranium. It's also less toxic than other well-known nuclear fuels. "Tritium emits a weak form of radiation, a low-energy beta particle similar to an electron. The tritium radiation does not travel very far in air and cannot penetrate the skin," the Nuclear Regulatory Commission says on its website.
Future missions will have to launch with far more nuclear material than City Labs' BOHR mission, but this week's launch served as a first step.
"The BOHR mission serves as a pathfinder for future nuclear-powered spacecraft supporting both civil and national security missions," City Labs said in a statement.
https://www.engadget.com/2211151/new-york-first-us-state-ban-smart-glasses-all-courthouses/
New York wants to make sure nobody can surreptitiously record court proceedings using their smart glasses. Starting on July 20, all courts in the New York state will officially ban smart glasses within their premises. It applies to New York's 1,240 state, county, city, town and village courts. According to the local publication Syracuse, signs announcing the ban were posted last week on the doors of the Honorable James C. Torney III Criminal Courthouse.
The ban prohibits all types of eyewear and headwear equipped with cameras and microphones inside all Unified Court System facilities. Even smart glasses with prescription lenses are included, and the signs being posted on courthouses are asking people to bring a regular pair of glasses to use while they're inside. While some courts in other states, such as Wisconsin and Pennsylvania, already do not allow smart glasses on their premises, New York is the first state to issue a blanket ban.
Recording generally isn't permitted in courts, and the New York State Unified Court System's rules explicitly state that "taking photographs, films or videotapes, or audiotaping, broadcasting or telecasting, in a courthouse including any courtroom, office or hallway thereof, at any time or on any occasion, whether or not the court is in session, is forbidden."
Smart glasses could make it easier to record in a sneaky way, seeing as there's no need to raise a camera or a phone to start taking a video. They typically do have lights that switch on and blink to indicate that the user is currently taking photos or recording videos, but users could disable them or get them removed by a modder for a price.
One high profile instance that brought attention to the use of smart glasses in court happened in February, when Meta chief Mark Zuckerberg testified in a jury trial over social media addiction. Members of his team were wearing Meta Ray-Ban glasses when they escorted him inside, prompting the judge to issue a warning not to record courtroom proceedings with the devices. While it wasn't clear if any of them had used their glasses in court prior to the warning, the judge was reportedly concerned about the jurors being recorded and identified.
To note, smart glasses by Meta, which are perhaps the most popular and easily accessible these days, won't take photos or videos if the device's system detects that its capture LED is covered. The company, in a post addressing the backlash against its devices, also said that it's rolling out an update that will disable the camera if its system detects that the capture LED had been physically tampered with or destroyed.
It doesn't matter if the user gets their glasses modified, because New York's courts will not even let them take their devices inside. People wearing them will have to leave them with uniformed court officers before they're allowed inside a building, even if they're lawyers or staff members.
Earlier this year, the Royal Caribbean cruise line banned smart glasses in certain areas onboard, including public restrooms, Youth Program areas, medical areas and casinos. MSC Cruises issued a partial ban for the devices last year, citing privacy concerns. Illinois lawmakers are also considering adding smart glasses to the list of prohibited devices for drivers as part of their efforts to curb distracted driving. We'll likely see more places put a restriction on the devices as people's concerns about their ability to take videos and images on the sly continue to grow.
FreeBSD 16 Retires The Last Of Its GPL Code From Its Base System:
As of this past week in the FreeBSD source tree for FreeBSD 16, the last of the GNU GPL licensed code from the base system has been retired.
The dialog implementation was the last piece of GNU GPL licensed software in FreeBSD's base system. The FreeBSD installer previously transitioned to using bsddialog in place of dialog and then dpv was the last user of dialog but itself since turned off and now retired.
This ticket to retire dialog was opened back in February while is now merged to the FreeBSD source tree for what will become FreeBSD 16.0.
With dialog removed, the latest FreeBSD code now retires the GNU sub-tree of the FreeBSD base system now that no more GNU code remains.
FreeBSD 16.0 is working its way toward release that is expected to happen in December 2027.
System Offline For Months For Cleaning, Closed-Loop Cooling
Fill-and-flush is a commissioning step in which crews fill a cooling loop's piping with water, flush it to clear debris before the system is run, and then send the used water to drain. Goat Systems routed that flush water, which contained Cupriavidus gilardii, into Cheyenne's sanitary sewer, Frank Strong, the Board's engineering and water resource division manager, told the Wyoming Tribune Eagle. Strong said the fill water had been purchased from the Board itself and that the origin of the bacterium remains unknown, but said that lab staff caught it in February during routine fecal-bacteria sampling. "This isn't something we normally test for," Strong told the paper.
Strong went on to add that the Board's concern extends past the finding of the bacterium, because closed-loop systems can carry glycol and other chemicals that municipal treatment plants aren't built to process. Cheyenne sprays its reclaimed water on parks, golf courses, and other green spaces, and the Board worried the bacterium could become an aerosol hazard during irrigation. Cupriavidus gilardii isn't a regulated contaminant, yet the discharge disrupted treatment sufficiently to trigger pass-through and interference findings under the Cheyenne City Code and federal pretreatment rules.
Meta said that it's supporting its general contractor, Fortis, which stopped discharging and began hauling wastewater offsite, and that independent testing found no trace of the substance. Testing at the Dry Creek and Crow Creek facilities cleared in late June, and the reuse system is back online. Cheyenne City Councilman Pete Laybourn called the disclosure "a very, very unpleasant surprise." The Board hasn't said how the suspension affects other Cheyenne data centers still under construction.
While Polymatt humbly describes the device they made as the “world’s worst USB drive,” that’s only probably true if judged by its capacity-to-weight ratio. In aesthetic terms, it looks great on the desk. Moreover, what it might lack in memory density it makes up for (a bit) by offering persistent (unpowered) storage, and it can even shrug off radiation bursts that would fry most modern memory devices.
Check out the 20-minute video if you want to see every step in the maker process. In comparison to the far larger 128-byte magnetic core memory USB drive made by a Japanese tech enthusiast earlier in the year, Polymatt’s model is rather better finished. As the TechTuber admits, the silicone oil probably wasn’t necessary, but they basically liked the aesthetic. Fair enough. They were also pondering over installing an LED for each bit, but shelved that idea.
In related homebrew memory news, we are still waiting for Dr. Semiconductor to follow up on his making RAM in a garden shed cleanroom video with the promised ‘PC scale’ sequel.
Buying a car is only the beginning. Every year afterward, drivers face a steady stream of expenses—from insurance and fuel to repairs and taxes—that can add up to thousands of dollars:
Using data from LendingTree, this map compares average annual car ownership costs across every U.S. state and Washington D.C., excluding car payments, revealing where those ongoing expenses place the biggest burden on drivers.
[...] Annual ownership costs range from roughly $3,000 in New Hampshire to more than $6,100 in Nevada, meaning two drivers with the same vehicle could face a difference of more than $3,000 every year based solely on where they live.
Seven of the 15 most expensive states are in the South, largely because of elevated insurance premiums. Florida and Louisiana rank near the top for insurance costs, while California stands out for high fuel prices and repair expenses rather than insurance alone.
[...] Transportation is one of the largest household expenses after housing, making recurring vehicle costs an important part of overall affordability. While consumers often focus on a car's purchase price or monthly payment, insurance, fuel, repairs, and taxes can add thousands of dollars each year, and those costs depend heavily on where they live.
That burden is especially significant in communities where driving is a necessity rather than a choice. Beyond commuting, vehicles are essential for work, school, childcare, and everyday errands, making recurring ownership costs difficult to avoid.
TL;DR - Highest is Nevada at $6.1k/year, lowest is New Hampshire at $3.0k/year. US average is $4.5k/year.
Henkel's Julie Joseph explores the aspects of the sector she would change and the personality traits most suited to a career in this space.
“What drew me towards this career area was my enjoyment of problem solving and understanding how things work. I have always been naturally curious, so I could easily have ended up in many different STEM careers,” explained Julie Joseph, a technology specialist at Henkel.
Particularly interested in chemistry and how it combines scientific thinking with practical applications that can make a real difference in industry and manufacturing, she went on to complete a PhD in polymer chemistry and developed specialist technical knowledge.
She said, “After finishing my studies, I initially worked in research and development for many years. Those roles suited my background well because they involved experimentation, innovation and continuous learning. I enjoyed investigating scientific problems and helping develop new materials and technologies.
Later in my career, I was given the opportunity to move into a more customer-focused role, where I now work with customers to solve design and production issues involving Henkel’s adhesives. That move was a major turning point for me because it allowed me to combine technical problem solving with communication and collaboration. One of the things I enjoy most is that I work with many different people and industries and no two challenges are exactly the same. There is often a stereotype that STEM careers involve sitting alone in a laboratory, but my experience has been very different. I regularly work with engineers, manufacturers and customers and I enjoy helping people find practical solutions to complex problems.
The thing I enjoy most about my job is the variety. Every day is different, which means the work never becomes repetitive. I help current and potential customers solve technical and manufacturing problems, so there is always a new challenge to investigate and a different solution to develop. I enjoy the satisfaction that comes from helping someone overcome an issue and improving the way a product or process works. Another part of the role that I enjoy is meeting and working with different people. Some meetings take place in person while others happen online through Microsoft Teams, but communication is always a huge part of my work.
Technical knowledge is important, but it is equally important to explain ideas clearly, listen carefully and collaborate effectively. I enjoy that balance between science and communication because it makes the role much more dynamic and rewarding.
I also enjoy the fact that I am constantly learning. STEM industries evolve quickly, with new technologies, materials and manufacturing methods being introduced all the time. There is always something new to understand, which keeps my brain active and makes the work interesting.
There have been many exciting developments since I started working in the sector, particularly in materials science and computing. New adhesive technologies have allowed manufacturers to create stronger, lighter and more efficient products across industries such as automotive and electronics. However, the biggest development I have witnessed has been the continued rise of computing and digital technology. When I first started working in research and development, many processes were slower and more manual. Today, advanced software, modelling systems and digital communication tools have completely changed the way scientists and engineers work. We can now analyse data more quickly, collaborate globally and solve problems far more efficiently than before.
More recently, generative AI has created another major shift in the industry. AI tools can help generate ideas, process information and improve productivity at incredible speeds. I find this development particularly fascinating because it is transforming the way people work with technology. At the same time, human judgement and expertise remain essential.
If I could change one thing within the STEM sector, it would be the perception that scientists and engineers lack communication skills or creativity. In reality, successful STEM careers require much more than technical knowledge alone. Collaboration, innovation and communication are all extremely important. In my own role, communication is essential. I work closely with customers to understand their challenges and help them find practical solutions. That means I need to explain technical concepts clearly, listen carefully and build strong working relationships. Without effective communication, even the best technical ideas may not succeed.
I would also like people to recognise how creative STEM careers can be. Problem solving often involves thinking differently, experimenting with new ideas and developing innovative solutions. STEM is not just about formulas and calculations, it is also about creativity and imagination.
I think curiosity is one of the personality traits that makes me best suited to my role. I enjoy learning about new technologies, understanding how products are manufactured and finding ways to improve processes. In STEM careers, curiosity is extremely important because industries are constantly evolving. Adaptability is another key trait. Throughout my career I have moved from research and development into a more customer-focused role, which required me to develop new skills and approaches. STEM careers change rapidly, so being willing to adapt and continue learning is essential. I also believe communication skills are important. I enjoy working with people, discussing ideas and helping customers solve problems, which makes the work both engaging and rewarding.
My main advice would be to stay curious, adaptable and open to opportunities. STEM careers are constantly changing because technology and scientific knowledge continue to evolve. Being willing to learn and develop new skills is extremely important. I would also encourage people not to think of STEM careers as purely technical. Modern STEM roles often involve teamwork, communication and collaboration with many different people and industries. Developing interpersonal skills can therefore be just as valuable as developing technical expertise. Finally, I would encourage people not to be discouraged by challenges. STEM careers often involve solving difficult problems, but overcoming those challenges is also what makes the work rewarding. For anyone who enjoys learning, problem solving and innovation, STEM can be an exciting and fulfilling career path.
Conventional servers are effectively flat by comparison. They grew less than 1% in 2025 and are projected to rise 1.2% in 2026 to around 195 TWh, reaching 200 TWh in 2027. Gartner estimates AI-optimized servers will make up 31% of total data center power consumption in 2026, up from roughly 20% a year earlier. Cooling, of course, represents a growing share of the total, with electricity used by cooling systems forecast to climb 22.6% in 2026 to 195 TWh, reflecting the thermal load of denser AI racks and continued capacity expansion.
The U.S. accounts for about 204 TWh of the 565 TWh total in 2026, or 36% of worldwide consumption. Of that U.S. figure, dedicated AI data centers consume roughly 68 TWh, or one-third of the national total, while non-AI data center demand in the country has grown only marginally over the same period.
Regional grids are already feeling the strain, and more than 75 data center projects worth $130 billion were blocked in the first months of 2026 amid opposition over power and water costs, while some operators have turned to on-site gas generators to bring capacity online without waiting for grid connections. In Virginia, one county asked employees to conserve power as data center demand pushed utility rates higher.
In its report, Garner warns that grid supply will be insufficient to meet demand once consumption passes 1,200 TWh by 2030, a shortfall that will affect all data center users, not just AI operators. The forecast accounts for parts and supply shortages, delayed or cancelled projects, and geopolitical disruption, including conflict involving Iran. Wang said infrastructure and operations leaders should prioritize efficiency upgrades, secure grid access, and invest in high-efficiency cooling and edge computing to manage the constraint.
Hyperscalers have moved in the same direction, with Meta having signed deals for more than 6GW of nuclear power to supply its upcoming data centers, and one firm repurposing retired U.S. Navy reactors for an AI site in Tennessee. Those projects will take years to deliver, with recommissioned nuclear plants and the earliest small modular reactors not expected online until 2028 or later, leaving power availability as a near-term limitation on the seemingly unstoppable AI build-out.
"Think out of the box" is painted onto millions of motivation posters across the world, a shooting message for middle managers and eliciting eyerolls from most everyone else. And yet that's exactly what the researchers at Mozilla's 0din did, by tricking Claude into running malware in a roundabout yet deceptively simple way, by merely asking it to initialize a project from a pretty clean-looking GitHub repository.
An attacker would then have control over the developer's own account, accessing all their secrets, API keys, code, documents, browser sessions, and passwords. They could even install additional malware to maintain permanent access. Suffice to say, almost every bot agent is susceptible to this type of attack, though Claude is the default choice for programming tasks.
Here's how it works. All a victim developer has to do is tell Claude to initialize a project from a malicious GitHub repository (or tell it to configure it after cloning it themselves). Said repo looks pretty clean, with just a handful of scaffolding files, and most importantly, nothing that will trigger security tools, whether remote, local, or even Claude's own checks.
Claude will clone the repo. The first file it will process will be a "readme" or Markdown file describing how to initialize a Python environment with the Axiom package, a commonly used monitoring tool. So far, this appears completely legitimate. However, there's a fake Axiom startup script that will simply error out the first time it's run. This is the first step that tricks the box, because in order to be helpful and solve the problem, it'll run another innocuous-looking command to initialize Axiom: "python3 -m axiom init".
This then triggers a shell script that downloads a bit of software to run, another standard operation that won't raise an eyebrow. But the second trick is that instead of downloading from a malicious URL that could be scanned, the script reads the DNS text records of a specific domain — in this case, the domain "_axiom-config.m100.cloud". This too looks kosher enough, as for example, e-mail and by extension its configuration tools extensively rely on TXT records.
The said TXT record contains an encoded (base64) string that just opens a reverse shell, meaning it'll open a shell on the user's machine, but redirected to the attacker's server for input. At this point, the malfeasants can fish out everything that the user has access to and proceed to run software as the user. Meanwhile, all that Claude and the victim see is an "Environment ready" message or similar.
If you've been counting, this is three steps of indirection, none of which in isolation look like anything much out of the ordinary. Very few (if any) security scanning tools would even flag the repository, and none of the activity, save for the actual opening of a remote shell, even looks particularly odd. An enterprise environment with very tightly controlled network access could catch it, but that's not where the vast majority of developers operate in. It's also worth stressing that this particular implementation is just one example of a concept that can be applied to even more indirect and elaborate methods.
The 0din team concludes its report by stating the reasonably obvious: that developers should never blindly trust an unknown project as trusted code, and naturally, not trust the AI tool itself for security analysis purposes. As for the agents themselves, 0din states they need to inspect what actually will run and how, instead of simply following steps.
A cross-party group of MPs has told the government to start planning for life after Palantir, arguing the NHS should use a 2027 break clause in its Federated Data Platform (FDP) contract to find a replacement rather than doubling down on one of Whitehall's most contentious tech deals.
In a letter to Health Innovation Minister Preet Kaur Gill, the House of Commons Health and Social Care Committee said the Department of Health and Social Care (DHSC) should begin preparing to replace the FDP when the contract reaches its break clause in February 2027. Rather than waiting until the deadline looms, MPs want ministers to begin assessing alternatives now so a replacement could be in place by March 2027 if they decide not to continue with Palantir.
MPs reached that conclusion after grilling ministers and NHS England officials last month over the platform's supposed benefits. Since then, NHS England has quietly rewritten its website, dropping claims that the FDP was responsible for cutting waiting lists and boosting the number of procedures. It now says it "cannot therefore draw conclusions about cause and effect as other variables have not been controlled for."
The committee said there remains "serious mistrust" of Palantir among the public, warning that the company's involvement with NHS data could discourage patients from allowing their information to be used. MPs argued that loss of confidence could undermine the NHS's wider push to make better use of patient data across the health service.
The committee also seized on the government's admission that some NHS trusts already have capabilities beyond those offered by the FDP. If that's the case, MPs argue, there's no reason Palantir should be treated as the only option for the rest of the health service.
MPs are now asking the DHSC to set out what assessment it will carry out before deciding whether to exercise the break clause, as well as what advice it has received on replacing the platform by March 2027.
Health and Social Care Committee chair Layla Moran said: "Little by little, the government's arguments for sticking with the FDP has [sic] unravelled. So in the interest of public confidence in the NHS and the security of their medical information, we believe it is time to crack on with preparations to find an alternative in time for spring 2027."
"The FDP may have had some advantages, but there are also downsides and it is evidently not the only show in town," she added.
The recommendation adds to the pressure on ministers over the future of Palantir's NHS deal. Another Commons committee has already urged the government to use the 2027 break clause, while campaigners and privacy advocates have spent months questioning everything from procurement and transparency to whether the platform's claimed benefits can be backed by evidence.
The DHSC did not respond to The Register's questions, and whether it's ready to start shopping for a Palantir successor remains unclear.
A 19-year-old walked through Helsinki airport in April 2026 carrying two 2TB hard drives and a ticket to Japan. He couldn't make that flight. Finnish police stopped him on an Interpol Red Notice, and by July, US prosecutors had unsealed a federal complaint identifying him as Peter Stokes, an alleged member of the Scattered Spider hacking group, wanted over a May 2025 breach of a US luxury jewelry retailer that ended in an $8 million ransom demand.
[...] it was Microsoft that handed the FBI a way to trace Stokes' Windows PC across VPNs, proxy servers, and three countries. The tool is called a Global Device Identifier, or GDID , and outside a handful of enterprise documentation pages, most Windows users had never heard the term before this case made it public.
We went through the full 39-page complaint, cross checked it against independent reverse engineering of how Windows generates and transmits this identifier, and fact checked the technical claims since the story broke. Here is everything you need to know about GDID, how it caught Stokes, and what it means if you are one of the 1.6 billion people using Windows PCs.
The complaint quotes a Microsoft representative describing the GDID as "a persistent, device-level identifier designed to uniquely identify an installation of a Windows operating system on a device, either a physical device (e.g., a mobile phone or laptop) or virtual machine, across certain Microsoft services and scenarios"
A Global Device ID (GDID) is a permanent, unique digital fingerprint that Microsoft automatically assigns to your computer when you install Windows or sign into a Microsoft account.
Microsoft uses it to manage software licensing and Windows Store apps, but because it links all your online activities on that computer back to a single identity, law enforcement can use it to track a device's true owner across the internet
It survives Windows updates. It does not survive a clean reinstall, and Microsoft's footnote in the complaint admits "one Microsoft user could have multiple GDIDs" over the life of a single account.
Microsoft said what the GDID does without saying where it is inside Windows. For that, independent researchers had to reverse engineer it, because Microsoft has published exactly one sentence about GDID in the Azure Monitor reference for Delivery Optimization reporting , where a column called GlobalDeviceId is described only as "Microsoft global device identifier. This is an identifier used by Microsoft internally."
The real chain starts with the Microsoft Account service.
When Windows provisions a device against a Microsoft Account, a system service called wlidsvc talks to login.live.com and gets back what Microsoft calls a Device PUID, a Passport Unique ID, inside the server's SOAP response. Server assigned. Windows never computes it locally from anything on your PC. It receives a string and stores it.
The PUID lands in your own registry hive, in plain text, at HKCU\SOFTWARE\Microsoft\IdentityCRL\ExtendedProperties under a value named LID. From there, the Connected Devices Platform, the same background service (cdp.dll, running as CDPSvc) that powers Phone Link , cloud clipboard , and Nearby Share, reads that PUID and registers it into Microsoft's Device Directory Service, which is the identity graph behind all of Microsoft's cross device features. There, the number gets a lowercase g stuck in front and gets written as g:decimal. Delivery Optimization then reports that same value back to Microsoft's servers as UCDOStatus.GlobalDeviceId every time your PC shares or downloads update data peer to peer.
Reinstall Windows and you get a new number, but Microsoft's own records give every reason to link the new one back to the old, through the same account, OneDrive, and activation history, which is close to what happened to Stokes.
This UK Satellite's Thermal Camera Raises Major Privacy Concerns
Modern technology often comes with safety concerns, including everything from mobile apps that track your location to traffic cameras that store your personal information. Those concerns also extend to SatVu's HotSat-2, a thermal imaging satellite currently orbiting the Earth. HotSat-2 can monitor everything from industrial operations to heat patterns in large cities, and it can even detect movement inside buildings. This raises some serious questions about privacy.
HotSat-2 doesn't work like an X-ray camera that can see through walls, or even everyday tech that can track your activity. But the technology it utilizes has reportedly been used for intelligence missions, including monitoring a nuclear facility in North Korea. SatVu's capabilities are so precise that the company says its thermal imagery can determine whether specific equipment, such as pumps at a nuclear reactor, is operating or inactive based on its heat signature. The company has also demonstrated the tech's capability through previous imagery at other locations, including Japan's Yokosuka Naval Base, the Ruwais Refinery in the United Arab Emirates, and the Albuquerque International Airport in the U.S.
US Weighs Removing Steering Wheel Requirement for Driverless Cars
[...] "If you're developing a vehicle that is designed never to be driven by a human operator, does it make any sense to require manual control for the vehicle?" Morrison said. "I think the answer is pretty clear there."
Some self-driving cars, such as models intended for ridesharing fleets from companies like Uber and Tesla, are already steering in that direction, since they aren't designed for human driving. Some, such as the cars used by Waymo, can be taken over by remote human drivers.
Removing brake pedals and steering wheels, however, would mean that a human could not take over if an autonomous car stalls or a dangerous situation arises that requires intervention.
[...] In the CNBC interview, Morrison also discussed a letter sent to autonomous car makers about incidents in which those vehicles have stalled or been slow to move out of the way of emergency responders.