An anonymous reader quotes a report from Wired: Earlier this month, Joseph Thacker's neighbor mentioned to him that she'd preordered a couple of stuffed dinosaur toys for her children. She'd chosen the toys, called Bondus, because they offered an AI chat feature that lets children talk to the toy like a kind of machine-learning-enabled imaginary friend. But she knew Thacker, a security researcher, had done work on AI risks for kids, and she was curious about his thoughts.

So Thacker looked into it. With just a few minutes of work, he and a web security researcher friend named Joel Margolis made a startling discovery: Bondu's web-based portal, intended to allow parents to check on their children's conversations and for Bondu's staff to monitor the products' use and performance, also let anyone with a Gmail account access transcripts of virtually every conversation Bondu's child users have ever had with the toy.

Without carrying out any actual hacking, simply by logging in with an arbitrary Google account, the two researchers immediately found themselves looking at children's private conversations, the pet names kids had given their Bondu, the likes and dislikes of the toys' toddler owners, their favorite snacks and dance moves. In total, Margolis and Thacker discovered that the data Bondu left unprotected -- accessible to anyone who logged in to the company's public-facing web console with their Google username -- included children's names, birth dates, family member names, "objectives" for the child chosen by a parent, and most disturbingly, detailed summaries and transcripts of every previous chat between the child and their Bondu, a toy practically designed to elicit intimate one-on-one conversation. More than 50,000 chat transcripts were accessible through the exposed web portal. When the researchers alerted Bondu about the findings, the company acted to take down the console within minutes and relaunched it the next day with proper authentication measures.

"We take user privacy seriously and are committed to protecting user data," Bondu CEO Fateen Anam Rafid said in his statement. "We have communicated with all active users about our security protocols and continue to strengthen our systems with new protections," as well as hiring a security firm to validate its investigation and monitor its systems in the future.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: Two security professionals who were arrested in 2019 after performing an authorized security assessment of a county courthouse in Iowa will receive $600,000 to settle a lawsuit they brought alleging wrongful arrest and defamation. The case was brought by Gary DeMercurio and Justin Wynn, two penetration testers who at the time were employed by Colorado-based security firm Coalfire Labs. The men had written authorization from the Iowa Judicial Branch to conduct "red-team" exercises, meaning attempted security breaches that mimic techniques used by criminal hackers or burglars.

The objective of such exercises is to test the resilience of existing defenses using the types of real-world attacks the defenses are designed to repel. The rules of engagement for this exercise explicitly permitted "physical attacks," including "lockpicking," against judicial branch buildings so long as they didn't cause significant damage. [...] DeMercurio and Wynn's engagement at the Dallas County Courthouse on September 11, 2019, had been routine. A little after midnight, after finding a side door to the courthouse unlocked, the men closed it and let it lock. They then slipped a makeshift tool through a crack in the door and tripped the locking mechanism. After gaining entry, the pentesters tripped an alarm alerting authorities.

Within minutes, deputies arrived and confronted the two intruders. DeMercurio and Wynn produced an authorization letter -- known as a "get out of jail free card" in pen-testing circles. After a deputy called one or more of the state court officials listed in the letter and got confirmation it was legit, the deputies said they were satisfied the men were authorized to be in the building. DeMercurio and Wynn spent the next 10 or 20 minutes telling what their attorney in a court document called "war stories" to deputies who had asked about the type of work they do. When Sheriff Leonard arrived, the tone suddenly changed. He said the Dallas County Courthouse was under his jurisdiction and he hadn't authorized any such intrusion. Leonard had the men arrested, and in the days and weeks to come, he made numerous remarks alleging the men violated the law. A couple months after the incident, he told me that surveillance video from that night showed "they were crouched down like turkeys peeking over the balcony" when deputies were responding. I published a much more detailed account of the event here. Eventually, all charges were dismissed.

Longtime Slashdot reader AmiMoJo shares a report from Reuters: Fully electric car sales in December overtook petrol for the first time in the European Union, even as policymakers proposed to loosen emissions regulations, data showed on Tuesday. U.S. battery-electric brand Tesla continued to lose market share to competitors including China's BYD and Europe's best-selling group Volkswagen, data from the European auto lobby ACEA showed.

Car sales throughout Europe sustained a sixth straight month of year-on-year growth, with overall registrations, a proxy for sales, hitting their highest volumes in five years in Europe in 2025, though they remained well below pre-pandemic levels. [...] December registrations of battery electric, plug-in hybrid and hybrid electric cars were up 51%, 36.7% and 5.8%, respectively, to account collectively for 67% of the bloc's registrations, up from 57.8% in December 2024.

An anonymous reader quotes a report from Ars Technica: The Supreme Court is taking up a case on whether Paramount violated the 1988 Video Privacy Protection Act (VPPA) by disclosing a user's viewing history to Facebook. The case, Michael Salazar v. Paramount Global, hinges on the law's definition of the word "consumer." Salazar filed a class action against Paramount in 2022, alleging that it "violated the VPPA by disclosing his personally identifiable information to Facebook without consent," Salazar's petition to the Supreme Court said. Salazar had signed up for an online newsletter through 247Sports.com, a site owned by Paramount, and had to provide his email address in the process. Salazar then used 247Sports.com to view videos while logged in to his Facebook account.

"As a result, Paramount disclosed his personally identifiable information -- including his Facebook ID and which videos he watched—to Facebook," the petition (PDF) said. "The disclosures occurred automatically because of the Facebook Pixel Paramount installed on its website. Facebook and Paramount then used this information to create and display targeted advertising, which increased their revenues." The 1988 law (PDF) defines consumer as "any renter, purchaser, or subscriber of goods or services from a video tape service provider." The phrase "video tape service provider" is defined to include providers of "prerecorded video cassette tapes or similar audio visual materials," and thus arguably applies to more than just sellers of tapes.

The legal question for the Supreme Court "is whether the phrase 'goods or services from a video tape service provider,' as used in the VPPA's definition of 'consumer,' refers to all of a video tape service provider's goods or services or only to its audiovisual goods or services," Salazar's petition said. The Supreme Court granted his petition (PDF) to hear the case in a list of orders released yesterday. [...] SCOTUSblog says that "the case will likely be scheduled for oral argument in the court's 2026-27 term," which begins in October 2026.

Microsoft has quietly suppressed an unexplained anomaly on its network that was routing traffic destined for example.com -- a domain reserved under RFC2606 specifically for testing purposes and not obtainable by any party -- to sei.co.jp, a domain belonging to Japanese electronics cable maker Sumitomo Electric.

The misconfiguration meant anyone attempting to set up an Outlook account using an example.com email address could have inadvertently sent test credentials to Sumitomo Electric's servers. Under RFC2606, example.com resolves only to IP addresses assigned to the Internet Assigned Names Authority. Microsoft confirmed it has "updated the service to no longer provide suggested server information for example.com" and said it is investigating.

Security researcher Dan Tentler of Phobos Group noted the company appears to have simply removed the problematic endpoint rather than fixing the underlying routing -- "not found" errors now appear where the JSON responses previously occurred. Tinyapps.org, which noted the behavior earlier this month, said the misconfiguration had persisted for five years. Microsoft has not explained how Sumitomo Electric's domain entered its configuration. The incident follows 2024's revelation that a forgotten test account with admin privileges enabled Russia-state hackers to monitor Microsoft executives' email for two months.

Television marks its centenary today, exactly 100 years after Scottish inventor John Logie Baird first demonstrated his electro-mechanical system to journalists and members of the Royal Institution in a cramped attic workshop above what is now Bar Italia in London's Soho.

On January 26, 1926, small groups of visitors climbed to 22 Frith Street and watched fuzzy images of a ventriloquist's dummy called Stooky Bill appear on screen, followed by each other's faces transmitted from a separate room. One visitor got too close to the spinning discs and ended up with a sliced beard. The Times published a short account two days later.

Baird had built his first transmitting equipment in Hastings in 1923 using a hatbox, tea chest, darning needles and bicycle light lenses. A 1000-volt electric shock and a displeased landlord pushed him to London, where Gordon Selfridge soon invited him to demonstrate the device during the store's Birthday Week celebrations. The building at 22 Frith Street now carries three plaques commemorating the invention.

California-based Karman Industries "says it has developed a cooling system that uses SpaceX rocket engine technology to rein in the environmental impact of data centers," reports the Los Angeles Times, "chilling them with less space, less power and no water." Karman has developed a cooling system similar to the heat pumps in the average home, except its pumps use liquid carbon dioxide as refrigerant, which is circulated using rocket engine technology rather than fans. The company's efficient pumps can reduce the space required for data center cooling equipment by 80%.

Over the years, data centers have used fans and air conditioning to blow cold air on the chips. Bigger facilities pass cold liquid through tubes near the chips to absorb the heat. This hot liquid is sent outside to a cooling yard, where sprawling networks of pipes use as much water as a city of 50,000 people to remove the heat. A 50 megawatt data center also uses enough electricity to power a mid-sized city... Cooling systems account for up to 40% of a data center's power consumption and an average midsized data center consumes more than 35,000 gallons of water per day...

U.S. data centers will consume about 8% of all electricity in the country by 2030, according to the International Energy Agency... The cooling systems are projected to use up to 33 billion gallons of water by 2028 per year... To serve this seemingly insatiable market, Karman has developed a rotating compressor that spins at 30,000 revolutions per minute — nearly 10 times faster than traditional compressors — to move heat...

About a third of Karman's 23-person team came from SpaceX or Rocket Lab, and they co-opted technologies from aerospace engineering and electric vehicles to design the mechanics for the high-speed motors. The system uses a special type of carbon dioxide under high pressure to transfer heat from the data center to the outside air. Depending on the conditions, it can do the same amount of cooling using less than half the energy. Karman's heat pump can either reject heat to air, or route it into extra cooling, or even power generation.
The company "recently raised $20 million," according to the article, "and expects to start building its first compressors in Long Beach later this year...."

The U.S. Department of Justice has opened a criminal investigation into Deel over allegations that it recruited a spy inside rival Rippling, according to documents seen by The Wall Street Journal. From the report: An Ireland-based Rippling employee, Keith O'Brien, alleged in an affidavit filed in April that Deel Chief Executive Alex Bouaziz recruited him and gave him instructions for what information to take from Rippling. O'Brien alleged that other executives were involved in the spying plot, including Bouaziz's father, who is Deel's executive chairman and chief strategy officer.

A spokeswoman for Deel said the company isn't aware of a criminal investigation but is willing to cooperate with authorities. The company has previously said: "We deny all legal wrongdoing and look forward to asserting our counterclaims." Unsealed court documents allege that an entity tied to Deel transferred $6,000 to an account owned by the wife of Chief Operating Officer Dan Westgarth, and that the same amount was forwarded from the account to O'Brien seconds later.

An anonymous reader quotes a report from TechCrunch: Meta's Oversight Board is tackling a case focused on Meta's ability to permanently disable user accounts. Permanent bans are a drastic action, locking people out of their profiles, memories, friend connections, and, in the case of creators and businesses, their ability to market and communicate with fans and customers. This is the first time in the organization's five-year history as an oversight body that permanent account bans have been a subject of the Oversight Board's focus, the organization notes.

The case being reviewed isn't exactly one of an everyday user. Instead, the case involves a high-profile Instagram user who repeatedly violated Meta's Community Standards by posting visual threats of violence against a female journalist, anti-gay slurs against politicians, content depicting a sex act, allegations of misconduct against minorities, and more. The account had not accumulated enough strikes to be automatically disabled, but Meta made the decision to permanently ban the account. The Board's materials didn't name the account in question, but its recommendations could impact others who post content that targets public figures with abuse, harassment, and threats, as well as users who have their accounts permanently banned without receiving transparent explanations.

Meta referred this specific case to the Board, which included five posts made in the year before the account was permanently disabled. The Board says it's looking for input about several key issues: how permanent bans can be processed fairly, the effectiveness of its current tools to protect public figures and journalists from repeated abuse and threats of violence, the challenges of identifying off-platform content, whether punitive measures effectively shape online behaviors, and best practices for transparent reporting on account enforcement decisions. [...] Whether the Oversight Board has any real sway to address issues on Meta's platform continues to be debated, of course. [...] After the Oversight Board issues its policy recommendations to Meta, the company has 60 days to respond. The Board is also soliciting public comments on this topic. The report notes that Meta's Oversight Board is able to overturn individual moderation decisions and offer recommendations, but largely sidelined from major policy shifts driven by Mark Zuckerberg.

An anonymous reader quotes a report from the Electronic Frontier Foundation (EFF): Lawmakers in Washington are once again focusing on kids, screens, and mental health. But according to Congress, Big Tech is somehow both the problem and the solution. The Senate Commerce Committee held a hearing [Friday] on "examining the effect of technology on America's youth." Witnesses warned about "addictive" online content, mental health, and kids spending too much time buried in screen. At the center of the debate is a bill from Sens. Ted Cruz (R-TX) and Brian Schatz (D-HI) called the Kids Off Social Media Act (KOSMA), which they say will protect children and "empower parents."

That's a reasonable goal, especially at a time when many parents feel overwhelmed and nervous about how much time their kids spend on screens. But while the bill's press release contains soothing language, KOSMA doesn't actually give parents more control. Instead of respecting how most parents guide their kids towards healthy and educational content, KOSMA hands the control panel to Big Tech. That's right -- this bill would take power away from parents, and hand it over to the companies that lawmakers say are the problem. [...] This bill doesn't just set an age rule. It creates a legal duty for platforms to police families. Section 103(b) of the bill is blunt: if a platform knows a user is under 13, it "shall terminate any existing account or profile" belonging to that user. And "knows" doesn't just mean someone admits their age. The bill defines knowledge to include what is "fairly implied on the basis of objective circumstances" -- in other words, what a reasonable person would conclude from how the account is being used. The reality of how services would comply with KOSMA is clear: rather than risk liability for how they should have known a user was under 13, they will require all users to prove their age to ensure that they block anyone under 13.

KOSMA contains no exceptions for parental consent, for family accounts, or for educational or supervised use. The vast majority of people policed by this bill won't be kids sneaking around -- it will be minors who are following their parents' guidance, and the parents themselves. Imagine a child using their parent's YouTube account to watch science videos about how a volcano works. If they were to leave a comment saying, "Cool video -- I'll show this to my 6th grade teacher!" and YouTube becomes aware of the comment, the platform now has clear signals that a child is using that account. It doesn't matter whether the parent gave permission. Under KOSMA, the company is legally required to act. To avoid violating KOSMA, it would likely lock, suspend, or terminate the account, or demand proof it belongs to an adult. That proof would likely mean asking for a scan of a government ID, biometric data, or some other form of intrusive verification, all to keep what is essentially a "family" account from being shut down.

Violations of KOSMA are enforced by the FTC and state attorneys general. That's more than enough legal risk to make platforms err on the side of cutting people off. Platforms have no way to remove "just the kid" from a shared account. Their tools are blunt: freeze it, verify it, or delete it. Which means that even when a parent has explicitly approved and supervised their child's use, KOSMA forces Big Tech to override that family decision. [...] These companies don't know your family or your rules. They only know what their algorithms infer. Under KOSMA, those inferences carry the force of law. Rather than parents or teachers, decisions about who can be online, and for what purpose, will be made by corporate compliance teams and automated detection systems.

Netflix has begun asking filmmakers to adjust their storytelling approach to account for viewers who are scrolling through their phones while watching, according to Matt Damon. The traditional action movie formula involves three major set pieces distributed across the first, second, and third acts. Netflix now wants a large action sequence in the opening five minutes to hook viewers.

The streamer has also suggested that filmmakers reiterate plot points "three or four times in the dialogue" to accommodate distracted audiences, he said. "It's going to really start to infringe on how we're telling these stories," Damon said.

An anonymous reader quotes a report from TechCrunch: Last week, Nicholas Moore, 24, a resident of Springfield, Tennessee, pleaded guilty to repeatedly hacking into the U.S. Supreme Court's electronic document filing system. At the time, there were no details about the specifics of the hacking crimes Moore was admitting to. On Friday, a newly filled document -- first spotted by Court Watch's Seamus Hughes -- revealed more details about Moore's hacks. Per the filing, Moore hacked not only into the Supreme Court systems, but also the network of AmeriCorps, a government agency that runs stipend volunteer programs, and the systems of the Department of Veterans Affairs, which provides healthcare and welfare to military veterans.

Moore accessed those systems using stolen credentials of users who were authorized to access them. Once he gained access to those victims' accounts, Moore accessed and stole their personal data and posted some online to his Instagram account: @ihackthegovernment. In the case of the Supreme Court victim, identified as GS, Moore posted their name and "current and past electronic filing records." [...] According to the court document, Moore faces a maximum sentence of one year in prison and a maximum fine of $100,000.

Verizon is offering affected customers a $20 account credit following a nationwide network outage on Wednesday that left users across the US unable to connect, forcing phones into SOS mode for roughly ten hours before the carrier restored service around 10:15PM ET.

Customers will receive a text message when the credit becomes available and can redeem it through the myVerizon app by clicking "Take action."

Salesforce CEO Marc Benioff said this week that his company's software engineering headcount has remained "mostly flat" over the past year as internal AI tools have delivered substantial productivity gains.

Speaking on TBPN, Benioff said he has about 15,000 engineers who are "more productive than ever." The company has redirected its hiring efforts toward sales and customer engagement roles, hiring 20% more account executives this year as it pushes its Agentforce agentic AI service.

Human salespeople remain essential for explaining the "intricacies and nuances" of agentic AI to skeptical enterprise customers, he argued. Other parts of the business have seen deeper cuts. In a separate appearance on The Logan Bartlett Show, Benioff said that Salesforce had reduced its customer support workforce by roughly 50%.

An anonymous reader quotes a report from The Verge: Betterment, a financial app, sent a sketchy-looking notification on Friday asking users to send $10,000 to Bitcoin and Ethereum crypto wallets and promising to "triple your crypto," according to a thread on Reddit. The Betterment account says in an X thread that this was an "unauthorized message" that was sent via a "third-party system." TechCrunch has since confirmed that an undisclosed number of Betterment's customers have had their personal information accessed. "The company said customer names, email and postal addresses, phone numbers, and dates of birth were compromised in the attack," reports TechCrunch.

Betterment said it detected the attack on the same day and "immediately revoked the unauthorized access and launched a comprehensive investigation, which is ongoing." The fintech firm also said it has reached out to the customers targeted by the hackers and "advised them to disregard the message."

"Our ongoing investigation has continued to demonstrate that no customer accounts were accessed and that no passwords or other log-in credentials were compromised," Betterment wrote in the email.

Bloomberg reports on Amazon listings "automatically generated by an experimental AI tool" for stores that don't sell on Amazon.

Bloomberg notes that the listings "didn't always correspond to the correct product", leaving the stores to handle the complaints from angry customers: Between the Christmas and New Year holidays, small shop owners and artisans who had found their products listed on Amazon took to social media to compare notes and warn their peers... In interviews, six small shop owners said they found themselves unwittingly selling their products on Amazon's digital marketplace. Some, especially those who deliberately avoided Amazon, said they should have been asked for their consent. Others said it was ironic that Amazon was scouring the web for products with AI tools despite suing Perplexity AI Inc.for using similar technology to buy products on Amazon... Some retailers say the listings displayed the wrong product image or mistakenly showed wholesale pricing. Users of Shopify Inc.'s e-commerce tools said the system flagged Amazon's automated purchases as potentially fraudulent...

In a statement, Amazon spokesperson Maxine Tagay said sellers are free to opt out. Two Amazon initiatives — Shop Direct, which links out to make purchases on other retailers' sites, and Buy For Me, which duplicates listings and handles purchases without leaving Amazon — "are programs we're testing that help customers discover brands and products not currently sold in Amazon's store, while helping businessesâreach new customers and drive incremental sales," she said in an emailed statement. "We have received positive feedback on these programs." Tagay didn't say why the sellers were enrolled without notifying them. She added that the Buy For Me selection features more than 500,000 items, up from about 65,000 at launch in April.
The article includes quotes from the owners of affected businesses.

• A one-person company complained that "If suddenly there were 100 orders, I couldn't necessarily manage. When someone takes your proprietary, copyrighted works, I should be asked about that. This is my business. It's not their business."

• One business owner said "I just don't want my products on there... It's like if Airbnb showed up and tried to put your house on the market without your permission."

• One business owner complained "When things started to go wrong, there was no system set up by Amazon to resolve it. It's just 'We set this up for you, you should be grateful, you fix it.'" One Amazon representative even suggested they try opening a $39-a-month Amazon seller account.

joshuark shares a report from Business Insider: Jason Lemkin, known to some as the Godfather of SaaS, says the time has come to push the limits of AI in the workplace. Lemkin, the founder of SaaStr, the world's largest community of business-to-business founders. In a recent podcast Lemkin said that this means he will stop hiring humans in his sales department. SaaStr is going all in for AI agents, which are commonly defined as virtual assistants that can complete tasks autonomously. They break down problems, outline plans, and take action without being prompted by a user. He said the company now has 20 AI agents automating tasks once handled by a team of 10 sales development representatives and account executives. That move to AI was rapid from an entirely human workforce.

During the SaaStr Annual a yearly gathering of over 10,000 founders, executives, and VCs, two of its high-paid sales representatives abruptly quit. Lemkin said he turned to Amelia Lerutte, SaaStr's chief AI officer, and said, "We're done with hiring humans in sales. We're going to push the limits with agents." Lemkin's calculus was that it just wasn't worth the cost of hiring another junior sales representative for a $150,000 a year position who would eventually quit, when he could use a loyal AI agent instead.

[...] Lemkin said SaaStr is training its agents on its best humans. "Train an agent with your best person, and best script, then that agent can start to become a version of your best salesperson," he said. Lemkin said that the net productivity of agents is about the same as humans. However, he said, agents are more efficient and can scale -- just like software. Many companies are experimenting with AI agents, but risks remain. One of the big ones is the threat of data leaks and cybercrime.

An anonymous reader quotes a report from TechCrunch: Amazon's AI-powered overhaul of its digital assistant, now known as Alexa+, is coming to the web. On Monday, at the start of the Consumer Electronics Show in Las Vegas, the company announced the official launch of a new website, Alexa.com, which is now rolling out to all Alexa+ Early Access customers. The site will allow customers to use Alexa+ online, much as you can do today with other AI chatbots such as ChatGPT or Google's Gemini.

[...] Related to this expansion, Amazon is updating its Alexa mobile app, which will now offer a more "agent-forward" experience. Or, in other words, it's putting a chatbot-style interface on the app's homepage, making it seem more like a typical AI chatbot. (While you could chat with Alexa before in the app, the focus is now on the chatting -- while the other features take a back seat.) On the Alexa.com website, customers can use Alexa+ for common tasks -- for instance, exploring complex topics, creating content, and making trip itineraries. However, Amazon aims to differentiate its assistant from others by focusing on families and their needs in the home.

[...] The Alexa.com website features a navigation sidebar for quicker access to your most-used Alexa features, so you can pick up where you left off on tasks like setting the thermostat, checking your calendar for appointments, reviewing shopping lists, and more. In addition, Amazon aims to convince customers to share their personal documents, emails, and calendar access with Alexa+, so its AI can become a sort of hub to manage the goings-on at home, from kids' school holidays and soccer schedules to doctor's appointments and other things families need to remember -- like when the dog got its last rabies shot, or what day the neighbor's backyard BBQ is taking place. "Seventy-six percent of what customers are using Alexa+ for no other AI can do," says Daniel Rausch, VP of Alexa and Echo at Amazon.

"Ninety-seven percent of Alexa devices support Alexa+, and we see now in adoption from customers that they're using Alexa across all those many years and many generations of devices," Rausch adds. "We support all of Alexa's original capabilities, the tens of thousands of services and devices that Alexa was integrated with already are carried forward to the Alexa+ experience."

The report notes that Alexa.com will initially only be available to Early Access customers who sign in with their Amazon account.

"Microsoft is hoping that Windows can once again serve as the platform where it all takes off," reports GeekWire: A new framework called Agent Launchers, introduced in December as a preview in the latest Windows Insider build, lets developers register agents directly with the operating system. They can describe an agent through what's known as a manifest, which then lets the agent show up in the Windows taskbar, inside Microsoft Copilot, and across other apps... "We are now entering a phase where we build rich scaffolds that orchestrate multiple models and agents; account for memory and entitlements; enable rich and safe tools use," Microsoft CEO Satya Nadella wrote in a blog post this week looking ahead to 2026. "This is the engineering sophistication we must continue to build to get value out of AI in the real world...." [The article notes Google's Gemini and Anthropic's Claude will also offer desktop-style agentsthrough browsers and native apps, while Amazon is developing "frontier agents" for automating business processes in the cloud.]

But Microsoft's Windows team is betting that agents tightly linked to the operating system will win out over ones that merely run on top of it, just as a new class of Windows apps replaced a patchwork of DOS programs in the early days of the graphical operating system. Microsoft 365 Copilot is using the Agent Launchers framework for first-party agents like Analyst, which helps users dig into data, and Researcher, which builds detailed reports. Software developers will be able to register their own agents when an app is installed, or on the fly based on things like whether a user is signed in or paying for a subscription...

Agents are meant to maintain this context across apps, ask follow-up questions, and take actions on a user's behalf. That requires a different level of trust than Windows has ever had to manage, which is already raising difficult questions for the company. Microsoft acknowledges that agents introduce unique security risks. In a support document, the company warned that malicious content embedded in files or interface elements could override an agent's instructions — potentially leading to stolen data or malware installation. To address this, Microsoft says it has built a security framework that runs agents in their own contained workspace, with a dedicated user account that has limited access to user folders. The idea is to create a boundary between the agent and what the rest of the system can access. The agentic features are off by default, and Microsoft is advising users to "understand the security implications of enabling an agent on your computer" before turning them on...

There is a business reality driving all of this. In Microsoft's most recent fiscal year, Windows and Devices generated $17.3 billion in revenue — essentially flat for the past three years. That's less than Gaming ($23.5 billion) and LinkedIn ($17.8 billion), and a fraction of the $98 billion in revenue from Azure and cloud services or the nearly $88 billion from Microsoft 365 commercial.

An anonymous reader shared this report from Electrek: Tesla has released a new video showing a Tesla Semi truck charging at a massive 1.2 megawatts (MW), finally giving us a clear look at the charging speeds that will enable long-haul electric trucking...
>
Tesla claimed the Semi would be able to charge 70% of its range in 30 minutes. For a truck with a 500-mile range and an estimated battery pack of around 800-900 kWh, that requires an incredibly high power output, well beyond the 250 kW or even 350 kW we see on passenger EVs in North America. Today, the official Tesla Semi account on X released a video showing exactly that. In the video, Tesla engineers are seen monitoring a charging session where the power output climbs to a peak of 1.2 MW (1,206 kW).

This is consistent with the capabilities Tesla announced for its new V4 Cabinet architecture earlier this year. The V4 cabinets are designed to support 400V-1000V vehicle architectures and can deliver up to 500 kW for cars (like the Cybertruck) and up to 1.2 MW for the Semi. There is some information missing from the video. For example, we don't see the state-of-charge of the truck, so we don't at what battery percentage Tesla Semi can achieve and maintain this charge rate. Peak speed is one thing, but sustaining that power without overheating the pack or the cable is the real challenge. The liquid-cooled charging cable and the immersion-cooled connector (part of the Megawatt Charging System or a high-power proprietary Tesla solution, though Tesla has been leaning toward MCS compatibility) seem to be doing their job....

This comes just as Tesla is gearing up for volume production of the Semi at its new factory expansion near Gigafactory Nevada. The automaker is targeting a start of production in the first half of 2026 and a ramp up to volume production in the second half.