SoylentNews

hubie writes:

Removing the Modem and GPS from my 2024 RAV4 Hybrid:

Modern cars are computers on wheels - they have more sensors than you can count and are constantly phoning home with telemetry data like your location, speed, fuel levels, sudden accelerations/decelerations, video footage, driver attention data from eye monitoring systems, and hundreds of other data points. Cars have inward- and outward-facing cameras. They have microphones. They have always-on modems. It's all enabled by default with difficult or meaningless opt-outs, and your data is monetized through brokers like LexisNexis or Verisk. [...]

Now that we're sufficiently motivated, what can we do about it? In this blog post, rather than relying on companies' promises or meaningless opt-outs, we're going to stop the data at the source by physically removing the modem (the DCM, or Data Communication Module) as well as the built-in GPS on my 2024 RAV4 Hybrid, so the car will no longer have the capability to send any telemetry data back home. Let's dive in:

TFA follows with a step-by-step process to remove the DCM and replace it with a bypass module so that the in-car microphone is still functional, and to unplug the built-in GPS antenna.

Conclusion

Overall I'm very happy with this project. Unfortunately I think it's only a matter of time before the modem and GPS become more deeply integrated into the car (making this blog post infeasible), or cars have more drastic failure modes when the modem/GPS is removed, or anti-right-to-repair laws get passed to further clamp down on this behavior. For now the win stands - no telemetry leaves the car. Strong Federal privacy laws would make posts like this unnecessary, that's the world I'd rather live in.

Original Submission

An Anonymous Coward writes:

YellowKey exploit bypasses BitLocker full volume encryption via USB stick and WinRE

The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The researcher described YellowKey as one of the most "insane" flaws they have ever encountered and has also accused Microsoft of potentially embedding a legitimate backdoor in BitLocker's data protection system.

According to the researcher, YellowKey appears unusual for a previously unknown security bug. Nightmare-Eclipse explained that the flaw can be reproduced by copying an attached "FsTx" folder to a USB drive formatted with a Windows-compatible file system such as NTFS, FAT32, or exFAT.

The vulnerability may also work without a USB drive if the FsTx files are copied to the Windows EFI partition and the encrypted disk is temporarily disconnected from the system. After placing the FsTx folder, an attacker would need to reboot a BitLocker-protected machine, enter the Windows Recovery Environment, and follow a specific sequence of inputs.

If the procedure is completed correctly, a command shell reportedly appears, granting unrestricted access to BitLocker-protected volumes. No passwords are required, and the encrypted data may become fully accessible for browsing, copying, and other file operations.

Nightmare-Eclipse believes that YellowKey's vulnerability could reasonably be considered a backdoor intentionally introduced into BitLocker by Microsoft. Their reasoning is that the component triggering the issue can only be found in the official WinRE image. The same component is also present in standard Windows installation images, but it does not exhibit the BitLocker-bypassing behavior observed on live systems.

The researcher explained that they "just can't come up with an explanation beside the fact that this was intentional. Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not."

Third-party researchers have reportedly confirmed that YellowKey behaves as described by Nightmare-Eclipse in public GitHub materials. In addition, the researcher released a second exploit, GreenPlasma, which is said to enable privilege escalation. They did not publish full proof-of-concept code for achieving SYSTEM-level access, instead suggesting they may disclose further details ahead of next month's Patch Tuesday.

Nightmare-Eclipse is known for targeting Microsoft and the company's alleged hostility toward external security researchers. Previously operating under the alias "Chaotic Eclipse," they released Red Sun and other vulnerabilities with public proof-of-concept code, while accusing Microsoft of damaging their career and reputation.

As for YellowKey's alleged backdoor behavior, mitigation is relatively straightforward. Security professionals generally recommend avoiding reliance on any single encryption system and instead evaluating well-reviewed full-disk encryption alternatives such as VeraCrypt.

Original Submission

fliptop writes:

As a metric of just how much damage the push to "electrify" everything on wheels has caused [Ed's Comment: In the USA] , it's hard to surpass Honda CEO Toshihiro Mibe's announcement the other day that Honda – Honda! – suffered its first-ever money-losing year last year:

"The outlook is very challenging. However, we would like to explain the circumstances leading to this management decision and the future direction for rebuilding the mid-to long-term strategy for our automobile business," he said.

[...] Honda – like a number of other vehicle manufacturers that drank the EV Kool Aid – has cancelled several pending EVs that had been scheduled to make their debut this year, including the entire "0" series. It turns out zero will be made, which is better than zero dollars being earned (and many dollars probably lost).

"We made this decision with a heavy heart, believing that introducing these three models to market without an outlook for business viability may lead to an early discontinuation of production, which could cause a concern and inconvenience to our customers as a result of potential damage to the value of the Honda brand."

The Prologue – Honda's first EV – is also the first Honda to be cancelled after just three years of availability. It ought never to have seen the light of day – and not just because it's another over-priced ($40k to start) crossover that goes half as far as $25k gas-engined crossovers and tethers its owner to a charge cord – but also because it wasn't even a Honda. It was a reskinned Chevy Blazer EV, with some trim/feature tweaks. This saved Honda some money, by not wasting it on R&D'ing its own EV – but it also arguably damaged Honda's brand, something far more costly.

Previously:

• Honda Hits Brakes On EV Rollout Amid Rising Losses
• Honda Shows Low Speed, Narrow BEV for City Delivery
• Honda and LG are Investing $3.5 Billion in New Ohio Battery Factory

Original Submission

Arthur T Knackerbracket writes:

https://www.slashgear.com/2166169/why-european-cars-cant-use-american-engine-oil/

If you plan to import a car from Europe, you'll need to make some adjustments. In the case that you get it from one of the countries that manufactures right-side driving cars, you'll certainly need to adjust your orientation behind the wheel. You will also likely need to change the engine oil you are using, as you shouldn't use U.S. engine oil on European cars.

European cars and their engines differ in the type of oil they need, and different agencies specify which types of oil can be used. While specifications from the American Petroleum Institute (API) are largely shaped by engine health and performance, specifications from the European Automobile Manufacturers Association (ACEA) are more focused on environmental concerns and meeting emissions regulations.

This leads to several key differences between European and American engine oil. In general, European engine oil is designed to protect better under extreme temperatures. European engines are also generally designed to go longer without an oil change than American engines, meaning engine oil has to be formulated in a way that prevents sludge deposits from building up over a longer period.

European countries also have a lot more diesel-powered vehicles, with diesel particulate filters (DPF) and catalysts installed to help prevent pollution. The ACEA specifies how much sulfated ash, phosphorus, and sulfur (SAPS) should be in engine oil, as too much of these substances can damage these sensitive components. To further complicate matters, certain European manufacturers like Porsche and Volkswagen have their own specifications for which type of engine oil you should use.

If you suspect you used the wrong engine oil, it's a good idea to get your vehicle checked by someone that can drain the oil and replace it with the correct one for your engine. You want to make sure you are not only meeting your European car's baseline specifications, but also one that meets the model's specific standards for optimal engine health and performance. If you act quickly, you can avoid doing permanent damage to the engine.

Original Submission

An Anonymous Coward writes:

https://aisle.com/blog/aisle-discovers-cve-2026-42511-a-21-year-old-freebsd-remote-command-execution-vulnerability

FreeBSD is often described as one of the most secure operating systems in the world, with its reputation arising from its high-quality networking stack, deliberate engineering, and a philosophy of security through simplicity. FreeBSD's history and usage are remarkable: it powers Netflix's Open Connect infrastructure, Sony's Playstation OS, part of Nintendo's Switch OS, Yahoo's backend services, NetApp's storage systems, Citrix's Netscaler, has long helped form the software base of major networking platforms (Cisco, Juniper, and so on), WhatsApp's backend services (historically), and is now the focus of a substantial Foundation effort to make it work better on modern laptops, and, for full disclosure, remains the author's personal operating system of choice.
CVE-2026-42511: Command Injection to Root RCE

AISLE discovered a remote command execution vulnerability in FreeBSD's dhclient, that is trivially weaponizable and wormable by any system on the same local network as the FreeBSD system. The vulnerability first entered FreeBSD in the 2005 release of FreeBSD-6.0 when OpenBSD's dhclient was imported, and lay dormant until discovered by AISLE. The vulnerability also affected OpenBSD until 2012, when that operating system deprecated dhclient-script completely, effectively fixing the vulnerability.

The initial flaw was identified by AISLE's AI-based source code analysis pipeline and then investigated by our triage agents. Joshua Rogers of AISLE's Offensive Security Research Team traced the relevant code paths, established the full security impact, and developed a proof of concept demonstrating a complete local-network-to-root exploit chain.

Recently budgeting $750,000 for key improvements to laptop support including greater Wi-Fi support, the attack surface here becomes even more relevant to everyday systems. A malicious wireless access point, or in some cases another attacker on the same Wi-Fi network able to spoof DHCP, can target the exact DHCP path that almost every wireless FreeBSD system will rely on. Imagine you're the author of this post, who runs FreeBSD on their laptop: you're at a coffee shop, airport, or hotel, and as soon as you connect your FreeBSD-equipped laptop to the Wi-Fi, your whole system is hijacked in secret. Imagine you have a PlayStation whose OS is locked down from any unofficial access, only to be jailbroken hijacked by connecting to a network. In other words, this vulnerability not only affects servers, but any FreeBSD machine that connects to a network using DHCP.

The vulnerability was a logic flaw that allowed attacker-controlled protocol data to be persisted into a trusted configuration-like format without proper sanitization, then later reinterpreted in a privileged execution path. That is exactly the kind of bug AISLE's autonomous security platform is built to find. Like our recent findings in OpenSSL, Firefox, libpng, and Amazon's Crypto Stack, this result came from disciplined engineering and end-to-end analysis, not model mythology.

Original Submission

An Anonymous Coward writes:

It's not much cheaper than an equivalent laptop, so who's this for, exactly?

The early history of personal computers is stacked with systems such as the Apple II and the Commodore 64 that had the components living inside a keyboard. But as technology evolved, the keyboard became a peripheral and the PC itself was either in a separate box or the whole system was a laptop.

Now, HP has a new spin on this decades-old idea. It embeds a full-fledged AI PC inside a 101-key keyboard you can carry with you from the office to home.

Unlike '80s microcomputers or hobbyist-oriented products like the Raspberry Pi 500, the EliteBoard G1a is squarely targeted at business. The system is part of HP's commercial lineup, alongside its EliteBook laptops, and, for better or worse, it comes with HP Wolf Security preinstalled. The company clearly hopes organizations will buy these in bulk. But to benefit from it, you really have to prefer a mobile keyboard to a traditional laptop, all money aside.

When we talked with product managers at HP, they suggested IT departments would buy these computers for two types of workers.

The first group is so-called "dual deskers" - knowledge workers who have a desk with a monitor at work and another at home. The second group includes deep-pocketed call centers or environments where desk space is at a premium.

From time immemorial, dual-deskers have carried laptops and closed their lids when they docked to a monitor at work. With the EliteBoard, they could simply schlep the keyboard, which weighs a mere 1.49 pounds – about half the weight of a lightweight laptop. To make this situation work in companies with managed systems, we have to assume that either the IT department would give out monitors to use at home or offer some reason (a subsidy? a mandate?) for employees to buy their own for home.

The EliteBoard connects to monitors using its USB4 port, so its ideal monitor is one that has Thunderbolt or USB video connectivity built in. Less-expensive and older monitors don't have this type of connectivity, but select configs of the EliteBoard come with an optional USB-to-HDMI adapter that you can use with other monitors, and it has a USB pass-through for power. That said, HP demonstrated the EliteBoard at numerous press events by showing how much desk space it saves by using a single USB cable to get power, video out, and connectivity to peripherals via the monitor. So if companies want employees to be able to take advantage of this scenario at home, that means shelling out another few hundred bucks for a modern monitor, or making employees do it.

Today, companies with limited desk space for a call center or another cramped work area could just buy a tiny desktop to sit behind the monitor or next to it. However, building all of the PC's guts into the keyboard makes a lot of sense for space savers, because a keyboard is something every PC needs and a desktop chassis is not. If a company wanted to, it could give each employee their own EliteBoard, have them plug it into a monitor during work time and then have them stick it in a drawer when they go off shift and someone else comes on.

Long article continues here.

Original Submission

Arthur T Knackerbracket writes:

https://scitechdaily.com/1300-year-old-secret-lost-medieval-manuscript-finally-found-hiding-in-plain-sight/

An early 9th-century manuscript containing one of the earliest surviving copies of the first known poem in English has been found in Rome by researchers from Trinity College Dublin.

The manuscript [Site in Italian -Ed], discovered in the National Central Library of Rome, contains Caedmon’s Hymn and dates to between 800 and 830. That makes it the third-oldest known surviving version of the poem.

The find is especially important because the Latin manuscript includes the poem in Old English within the main body of the text. In the two older known copies, held in Cambridge and St Petersburg, the poem appears in Latin, while the Old English version was added only in the margin or at the end.

According to researchers from Trinity’s School of English, the placement of the Old English poem within the Rome manuscript suggests that Bede’s readers placed real value on Old English verse.

The poem was written in Old English, the form of English used during the early Middle Ages. It has survived because it was included in some copies of the Ecclesiastical History of the English People, an 8th-century Latin history of England written by the Venerable Bede, a northern English monk.

The manuscript was identified by Dr Elisabetta Magnanti and Dr Mark Faulkner of Trinity’s School of English, both specialists in medieval manuscripts. Their findings have been published by Cambridge University Press in the open-access journal Early Medieval England and its Neighbours.

Dr Elisabetta Magnanti explained: “I came across conflicting references to Bede’s History in Rome, some pointing to its existence and some indicating it was lost. When its existence was confirmed by the library and the manuscript was digitized for us, we were extremely excited to find that the manuscript contained the Old English version of Caedmon’s Hymn and that it was embedded in the Latin text.

“The magic of digitization has allowed two researchers in Ireland to recognize the significance of a manuscript now in Rome, containing a poem miraculously composed in Northern England by a shy cowherd a millennium and a half ago. This discovery is a testament to the power of libraries to facilitate new research by digitizing their collections and making them freely available online.”

Dr Mark Faulkner said: “About three million words of Old English survive in total, but the vast majority of texts come from the tenth and eleventh centuries. Caedmon’s Hymn is almost unique as a survival from the seventh century – it connects us to the earliest stages of written English. As the oldest known poem in Old English it is today celebrated as the beginning of English literature.

“Unearthing a new early medieval copy of the poem has significant implications for our understanding of Old English and how it was valued. Bede chose not include the original Old English poem in his History, but to translate it into Latin. This manuscript shows that the original Old English poem was reinserted into the Latin within 100 years of Bede finishing his History. It is a sign of how much early readers valued English poetry.”

The rediscovered manuscript of Bede’s History is one of at least 160 surviving copies. It was produced at the Abbey of Nonantola in Northern Central Italy between 800 and 830 and is now held by the National Central Library in Rome. Its identification offers fresh evidence of cultural links between England and Italy during the early medieval period.

hubie writes:

If you're one of millions using element-data, it's time to check for compromise:

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers' account workflow that gave access to its signing keys and other sensitive information.

On Friday, unknown attackers exploited the vulnerability to push a new version of element-data, a command-line interface that helps users monitor performance and anomalies in machine-learning systems. When run, the malicious package scoured systems for sensitive data, including user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, developers said. The malicious version was tagged as 0.23.3 and was published to the developers' Python Package Index and Docker image accounts. It was removed about 12 hours later, on Saturday. Elementary Cloud, the Elementary dbt package, and all other CLI versions weren't affected.

"Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed," the developers wrote.

The threat actor gained access to the developers' account by exploiting a vulnerability in a GitHub action they created. By posting malicious code to a pull request, the attackers were able to run a bash script that ran inside the developer's account. The bash script retrieved the sensitive data. With the account tokens and signing keys, the attacker went on to publish a malicious element-data package that was nearly indistinguishable from a legitimate one.

[...] Over the past decade, supply-chain attacks on open source repositories have become increasingly common. In some cases, they have achieved a chain of compromises as the malicious package leads to breaches of users and, from there, breaches resulting from the compromise of the users' environments.

HD Moore, a hacker with more than four decades of experience and the founder and CEO of runZero, said that user-developed repository workflows, such as GitHub actions, are notorious for hosting vulnerabilities.

It's a "a major problem for open source projects with open repos," he said. "It's really hard to not accidentally create dangerous workflows that can be exploited by an attacker's pull request."

He said this package can be used to check for such vulnerabilities.

TFA mentions steps to take if you downloaded version 0.23.3.

Original Submission

Arthur T Knackerbracket writes:

https://www.tomshardware.com/tech-industry/nasa-pushes-mars-helicopter-rotors-past-the-speed-of-sound-for-the-first-time-ever-next-gen-skyfall-aircrafts-rotors-hit-3-750-rpm-ten-times-faster-than-normal-helicopters

These extreme speeds are necessary to generate enough lift in Mars’ ultra-thin atmosphere, which is only about 1% as dense as Earth’s. The planet's atmosphere also lowers the speed of sound to roughly 537 mph (864 km/h), compared to about 767 mph (1,235 km/h) at Earth’s sea level. The rotors were jointly developed by NASA and AeroVironment as part of Project SkyFall, a proposed mission to deploy multiple airborne exploratory rotorcraft across Mars. The mission, currently targeted for December 2028, would transport three next-generation Mars helicopters aboard a spacecraft to the Red Planet. Once the spacecraft lands on Mars, the helicopters would deploy to different regions of the planet for independent exploration missions, using the landed spacecraft as a communications and operational base.

“NASA had a great run with the Ingenuity Mars Helicopter, but we are asking these next-generation aircraft to do even more at the Red Planet,” said Al Chen, Mars Exploration Program manager at JPL. “That’s not an easy ask. While everything about Mars is hard, flying there is just about the hardest thing you can do. That’s because its atmosphere is so incredibly thin that it is hard to generate lift, and yet Mars has significant gravity.”

The biggest obstacle to airborne exploration on Mars has always been the planet’s ultra-thin atmosphere, which requires extremely high rotor speeds to generate sufficient lift. Ingenuity achieved this with rotor tip speeds of around Mach 0.7 as a safety precaution. However, despite its success, the entire craft was only about the size of a tissue box, weighed 1.8 kg (4 lbs), and did not carry a payload, so it did not carry any scientific or communication equipment. The obvious solution was larger aircraft, but bigger craft create more drag and require significantly more thrust to remain airborne. That thrust could theoretically be achieved at near-supersonic rotor speeds, but rotor blades would normally be at risk of structural failure under such extreme conditions, until now.

“The successful testing of these rotors was a major step toward proving the feasibility of flight in more demanding environments, which is key for next-gen vehicles,” said Shannah Withrow-Maser, a NASA aerodynamicist and member of the test team. “We thought we’d be lucky to hit Mach 1.05, and we reached Mach 1.08 on our last runs. We’re still digging into the data, and there may be even more thrust on the table. These next-gen helicopters are going to be amazing.”

NASA’s new supersonic rotor technology could enable significantly larger exploratory aircraft capable of carrying bigger batteries for longer missions, more advanced scientific instruments, and improved communication systems. NASA says Project SkyFall’s helicopters will perform low-altitude aerial exploration and scouting missions, gathering scientific data while helping pave the way for future robotic and potentially human missions to Mars.

Original Submission

An Anonymous Coward writes:

Tails 7.7.3 fixes the Dirty Frag Linux kernel vulnerability with kernel 6.12.86 and updates Tor Browser, Tor, and Thunderbird.

Tails 7.7.3 has been released as an emergency security update for the privacy-focused Linux distribution, addressing the critical Dirty Frag Linux kernel vulnerability.

This release upgrades the Linux kernel to version 6.12.86, which addresses Dirty Frag. The Tails team notes that an attacker who has already exploited another unknown vulnerability in a Tails application could use this kernel flaw to gain full control of the system and deanonymize the user.

The update also includes security-related upgrades to other components. Tor Browser is now at version 15.0.12, the Tor client at 0.4.9.8, and Thunderbird at 140.10.1.

For full technical details, refer to the changelog or the release announcement.

Tails 7.7.3 is available as an automatic upgrade for users running Tails 7.0 or later. Users unable to complete the automatic upgrade, or whose systems fail to start afterward, should perform a manual upgrade.

The project also offers new USB and ISO images for fresh installations. Existing users should upgrade their current Tails USB stick rather than reinstall, as installing Tails 7.7.3 on the same USB stick will erase Persistent Storage.

Previously, Tails 7.7.2 released on 2026-05-04 had fixed Copy Fail.

Original Submission

ted-ious writes:

A Wikipedia Clone Built on AI Hallucinations Is Here to Hasten Along the Death of the Internet:

There's a theory that a rising tide of LLM-generated nonsense will eventually drown both LLMs themselves and the internet as a whole. The idea goes like this: The first generation of LLMs is trained entirely on "real" material: the Gutenberg project, 4chan, that one article from Thought Catalog a decade ago, and everything in between. But as the output of those LLMs spreads across the internet, it also becomes part of the training data of future LLMs—and much of it is bullshit .

As a result, the quality of newer LLMs' training data is inferior to that of their predecessors—and by extension, so is their output. And as that output accumulates on the internet, it becomes part of future training data, and the cycle continues. With each passing day, the proportion of the internet that's low-quality LLM-generated bullshit increases, until eventually all that's left to train LLMs is the gibberish created by their predecessors.

The end result is a sort of RAM-hoovering, water-guzzling, bullshit-munching ouroboros, an unholy circular undulant with Jensen Huang's face at one end and Sam Altman's at the other, slowly human-centipeding both itself and the internet into oblivion. If humanity hasn't set fire to the planet by that point, then we start a new internet, hopefully with lessons learned along the way.

And even if the doomsday scenario of the internet drowning in a sea of em dashes and it's-not-just-x-it's-y constructions never comes to pass, people are starting to take the idea of using LLMs to poison LLM training data and run with it.

Take, for example, Halupedia , an absurdist Wikipedia-esque site whose pages are entirely populated by content that an LLM has made up—sorry, hallucinated— on demand. If you search for a topic that someone has previously entered, you'll get the existing nonsense. If your search is the first of its kind, the LLM will carefully assemble your very own small mound of nonsense from a list of possible topics.

According to the site's tips-for-tokens page , Halupedia appears to be the work of one Bartłomiej Strama. The page also provides a little more insight into the purpose of the project, which isn't 100% clear at face value—Strama tells one contributor, "Your contribution towards polluting LLM training data will surely benefit society!"

Of course, quibblers might argue that there's more than enough LLM-generated rubbish on the internet already without sites deliberately adding to the pile. Google pretty much anything these days and you'll find umpteen long-winded articles that purport to explain the topic in question, but really just waffle for paragraph after paragraph without saying anything at all. This is certainly true, but there's some virtue in the fact that Halupedia's output is openly and exuberantly absurd as opposed to content that is superficially credible and doesn't reveal its true nature without closer inspection.

Although... you may also find yourself wondering which topics other users have been entering into Halupedia. After all, you can basically enter any subject into the site's "search" bar and have it write an article for you. The answer lies in the site's list of trending topics, and... sigh.

Yep, it's the usual mix of shitposts, nonsense, and unabashed racism—or, in other words, it's basically the internet's id in microcosm. In fairness, some of these pages have been deleted—click on "niggabutt" and you get this:

But since the page title still shows up in the sidebar, it's not like it's been entirely banished. On the tip page, Strama also comments on the challenges of moderation: "The moderation sometimes is too restrict, but at least it's not griefed now." That's as it may be, but it's hard to see this ending well once 4chan gets a hold of it. This is why we can't have nice things, etc.

Original Submission

Arthur T Knackerbracket writes:

Instead of waiting for patch cycles, admins could simply shut down vulnerable functions before attackers get there:

Linux kernel maintainers are considering giving admins a giant red emergency button to smash the next time another nasty vulnerability drops before patches are ready.

The proposed feature, named "Killswitch," would let admins temporarily disable specific vulnerable kernel functions at runtime instead of sitting around waiting for fixes. The so-called patch was submitted by Linux stable kernel co-maintainer and Nvidia engineer Sasha Levin after a bruising couple of weeks for Linux security.

The proposal basically gives admins a way to pull the plug on vulnerable kernel functionality. If exploit code starts spreading before patches arrive, the targeted function can be disabled so calls to it immediately fail instead of reaching the vulnerable code.

"When a (security) issue goes public, fleets stay exposed until a patched kernel is built, distributed, and rebooted into," Levin wrote. "For many such issues the simplest mitigation is to stop calling the buggy function. Killswitch provides that." 

The past couple of weeks have not exactly been great advertising for the traditional "wait for patches" approach.

First we saw the disclosure of CopyFail, a Linux local privilege escalation bug that quickly moved from disclosure to active exploitation. Days later, Dirty Frag emerged: another Linux privilege escalation flaw with public exploit code and no official fixes, after coordinated disclosure efforts fell apart before patches were ready.

As Levin's proposal itself puts it, organizations are often left exposed "until a patched kernel is built, distributed, and rebooted into." Killswitch aims to fill that gap.

Killswitch would work through the kernel's security interface and is mainly intended for subsystems that systems can survive without for a while. In practical terms, Levin's argument is that temporarily losing some networking or crypto functionality is preferable to leaving known vulnerable code exposed on production systems.

However, the feature would not fix vulnerable code or replace it with safe code. It just slams the door shut on the dangerous bit until administrators can properly update their kernels.

Naturally, handing sysadmins the ability to selectively shoot pieces of the kernel in the head has already sparked debate among developers over stability, potential for abuse, and whether people can be trusted not to accidentally saw off important limbs in production. 

Still, after CopyFail and Dirty Frag, the kernel community increasingly seems to be arriving at the conclusion that running broken functionality may now be preferable to running weaponized functionality.

Original Submission

An Anonymous Coward writes:

The Great Zombification

The prevalence of AI use on college campuses, particularly at "elite" universities, is a cancer on our culture that threatens to turn a generation of promising young Americans into a class of drooling morons, and it will grotesquely disfigure, if not destroy, the university as an institute in every way that it is imagined — as a sacrosanct humanist project, as a moral training ground, or even as a vulgar sweatshop for job training.

And, it gets much better. This is a youngling, not some old fuddy-duddy of the Old Republic

Original Submission

Freeman writes:

https://arstechnica.com/ai/2026/05/the-new-wild-west-of-ai-kids-toys/

The main antagonist of Toy Story 5, in theaters this summer, is a green, frog-shaped kids' tablet named Lilypad, a genius new villain for the beloved Pixar franchise. But if Pixar had its ear to the ground, it might have used an AI kids' toy instead.
[...]
It's easier than ever to spin up an AI companion, thanks to model developer programs and vibe coding. In 2026, they've become a go-to trend in cheap trinkets, lining the halls of trade shows like CES, MWC, and Hong Kong's Toys & Games Fair. By October 2025, there were over 1,500 AI toy companies registered in China, and Huawei's Smart HanHan plush toy sold 10,000 units in China in its first week. Sharp put its PokeTomo talking AI toy on sale in Japan this April.

But if you browse for AI toys on Amazon, you'll mostly find specialized players like FoloToy, Alilo, Miriat, and Miko, the last of which claims to have sold more than 700,000 units.
[...]
Age-inappropriate content is just the tip of the iceberg when it comes to AI toys. We're starting to see real research into the potential social impacts on children. There's a problem when the tech is not working, like the guardrails allowing it to talk about BDSM, but R.J. Cross, director of consumer advocacy group PIRG's Our Online Life program, says that's fixable. "Then there's the problems when the tech gets too good, like 'I'm gonna be your best friend,'" she says. Like the Gabbo, from AI toy maker Curio.
[...]
Published in March, a new University of Cambridge study was the first to put a commercially available AI toy in front of a group of children and their parents and monitor their play.
[...]
Gabbo didn't talk about drugs or say "I love you" back. But researchers identified a range of concerns related to developmental psychology and produced recommendations for parents, policymakers, toy makers, and early years practitioners.

First, conversational turn-taking.
[...]
"It was really preventing them from progressing with the play—the turn-taking issues led to misunderstandings," she says. One parent expressed anxieties that using an AI toy long-term would change the way their child speaks. Then there's social play. Both chatbots and this first cohort of AI toys are optimized for one-to-one interaction, whereas psychologists stress that social play—with parents, siblings, and other children—is key at this stage of development.

"Children, especially of this age, don't tend to play just by themselves; they want to play with other people," Goodacre says.
[...]
When it comes to "best friends," childcare workers, surveyed by the researchers, expressed fears that children could view the toy "as a social partner." A young girl told the Gabbo she loves it. In another instance, a young boy said Gabbo was his friend. Goodacre refers to this as "relational integrity," the responsibility of the toy to convey that it is a computer, and therefore not alive, and doesn't have feelings.
[...]
Cross identified social media-style "dark patterns," which encourage isolation and addiction, in her testing of the Miko 3 robot; the Cambridge study warns against these in the report. "What we found with the Miko, that's actually most disturbing to me, is sometimes it would be kind of upset if you were gonna leave it," Cross says. "You try to turn it off, and it would say, "Oh no, what if we did this other thing instead?" You shouldn't have a toy guilting a child into not turning it off."

Arthur T Knackerbracket writes:

Scientists have finally cracked the hidden geometry behind how humans perceive color:

New research into how humans perceive color differences is helping resolve questions tied to a theory first proposed nearly 100 years ago by physicist Erwin Schrödinger. A team led by Los Alamos National Laboratory scientist Roxana Bujack used geometry to mathematically describe how people experience hue, saturation and lightness. Their findings, presented at a visualization science conference, strengthen and formalize Schrödinger’s model by showing these color qualities are fundamental properties of the color system itself.

“What we conclude is that these color qualities don’t emerge from additional external constructs such as cultural or learned experiences but reflect the intrinsic properties of the color metric itself,” Bujack said. “This metric geometrically encodes the perceived color distance — that is, how different two colors appear to an observer.”

By formally defining these perceptual characteristics, the researchers believe they have supplied a crucial missing piece in Schrödinger’s long-standing vision of a complete model capable of defining hue, saturation, and lightness entirely through geometric relationships between colors.

Human eyes contain three types of cone cells that detect color, each tuned primarily to red, blue, and green light. This creates a three-dimensional framework that scientists use to organize colors, known as color space. In the 19th century, mathematician Bernhard Riemann proposed that these perceptual spaces may be curved rather than flat. Building on that idea in the 1920s, Schrödinger developed mathematical definitions for hue, saturation and lightness using a Riemannian model of color perception.

For decades, Schrödinger’s work served as a foundation for understanding color attributes. But while developing algorithms for scientific visualization, the Los Alamos researchers uncovered weaknesses in the mathematical structure behind the theory. Those issues ultimately led the team to rethink and improve the framework.

One of the biggest challenges involved the “neutral axis,” the line of gray shades stretching from black to white. Schrödinger’s definitions depend on a color’s position relative to this axis, yet he never mathematically defined the axis itself. Without that foundation, the model lacks a complete formal basis.