Attackers briefly hijacked part of CPUID's backend and swapped legitimate download links on its site with malware-laced ones. "The issue hit tools like HWMonitor and CPU-Z, with users on Reddit and elsewhere starting to notice something wasn't right when installers tripped antivirus alerts or showed up under odd names," reports The Register. From the report: CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. "Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between April 9 and April 10, causing the main website to randomly display malicious links (our signed original files were not compromised)," one of the site's owners said in a post on X. "The breach was found and has since been fixed."

The files themselves appear to have been left alone and remain properly signed, so it doesn't seem like anyone got into the build process. Instead, the problem sat in front of that, in how downloads were being served. For anyone who hit the site during that stretch, though, that distinction offers little comfort. If the link you clicked had been swapped out, you were pulling whatever it pointed to, whether you realized it or not.

An anonymous reader quotes a report from Ars Technica: Apple earned the lowest grades in a report on laptop and smartphone repairability released today by the consumer advocacy group Public Interest Research Group (PIRG) Education Fund. The report, which looks at how easy devices are to disassemble and how easy it is to find repairability information, gave Apple a C-minus in laptop repairability and a D-minus in cell phone repairability. For its "Failing the Fix (2026): Grading laptop and cell phone companies on the fixability of their products" report, PIRG analyzed the 10 newest laptops and phones that were available via manufacturers' French website in January. [...] Apple leads the list of laptop repairability losers, largely due to it having low disassembly scores. Apple, along with Dell and Samsung, also lost a full point for being members of TechNet and the CTA. Lenovo had the second-worst grade with a C-minus. Like Apple, Lenovo had low disassembly scores.

It also lost 0.5 points for failing to properly post PDFs explaining the French repair scores for some of its newest laptops sold in the region, as required in France. This is especially noteworthy because Lenovo got an F in last year's report for missing this information on at least 12 laptops. At the time, Lenovo director of communications David Hamilton provided a statement to Ars saying that the missing information was "due to a backend web compatibility issue that temporarily prevented the display of repairability scores on our Lenovo France website" that was "widely resolved." However, it appears that over a year later, Lenovo still isn't providing sufficient information to meet France's requirements

"While Lenovo has improved somewhat with their compliance with French consumer law by providing more repair score PDFs on their website, we urge the company to resolve this multi-year issue," this year's report says. PIRG's report concluded that "laptops are pretty stagnant in terms of repairability" across many of the eight most popular laptop brands in the US. However, Proctor noted to Ars that consumers' access to parts, tools, and information that vendors have has improved, but improvements around ease of disassembly "take longer to realize." He also praised vendors' efforts to release more repairable designs, such as Apple's MacBook Neo. For its repairability index, PIRG weighed physical ease of disassembly most heavily, while also considering the availability of repair documentation, spare parts, spare-parts affordability, and other product-specific criteria. It then adjusted company grades by deducting points for membership in trade groups that oppose right-to-repair laws and adding small bonuses for manufacturers that supported right-to-repair legislation.

Acer stood out as the only laptop vendor that avoided the 0.5-point trade-group penalty, since it was not listed as a member of TechNet or the Consumer Technology Association.

Artemis II has broken the Apollo 13 record for the farthest distance humans have ever traveled from Earth. NASA reports: The Artemis II crew of NASA astronauts Reid Wiseman, Victor Glover, and Christina Koch, along with CSA (Canadian Space Agency) astronaut Jeremy Hansen have set the record for the farthest distance from Earth traveled by a human mission, surpassing the Apollo 13 record of 248,655 miles set in 1970.

NASA Flight Director Brandon Lloyd, Capsule Communicator Amy Dill, and Command and Handling Data Officer Brandon Borter also marked a lighthearted milestone today by emailing the crew what is now assumed to be the longest person-to-person message ever sent in human history. After breaking the record for human spaceflight, crew also took a moment to provisionally name a couple of craters on the Moon, noting they were able to see them with their naked eye.

Just northwest of Orientale basin highlighted above is a crater they would like to name Integrity after their spacecraft and this historic mission. Just northeast of Integrity, on the near and far side boundary, and sometimes visible from Earth, the crew suggested Carroll crater in honor of Reid Wiseman's late wife, Carroll Taylor Wiseman. After this mission is complete, the crater name proposals will be formally submitted to the International Astronomical Union, the organization that governs the naming of celestial bodies and their surface features. On April 1, NASA successfully launched humanity's first crewed trip around the Moon in more than 50 years. A couple of days into the mission, attention turned to a more mundane problem when reports said the astronauts had access to "two Microsoft Outlooks" and neither was working properly. By April 4, the crew had passed 100,000 miles from Earth as they continued deeper into space, and by April 6, they had entered the Moon's gravitational pull and caught their first views of the lunar far side.

Linux kernel maintainer Greg Kroah-Hartman tells The Register that AI-driven code review has "really jumped" for Linux. "There must have been some inflection point somewhere with the tools..." "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now...."

For now, AI is showing up more as a reviewer and assistant than as a full author of Linux kernel code, but that line is starting to blur. Kroah-Hartman has already done his own experiments with AI-generated patches. "I did a really stupid prompt," he recounted. "I said, 'Give me this,' and it spit out 60: 'Here's 60 problems I found, and here's the fixes for them.' About one-third were wrong, but they still pointed out a relatively real problem, and two-thirds of the patches were right." Mind you, those working patches still needed human cleanup, better changelogs, and integration work, but they were far from useless. "The tools are good," he said. "We can't ignore this stuff. It's coming up, and it's getting better...." [H]e said that for "simple little error conditions, properly detecting error conditions," AI could already generate dozens of usable patches today.

The sudden increase in AI-generated reports and AI-assisted work has also spurred a parallel push to build AI into the kernel's own review infrastructure. A key piece of that is Sashiko, a tool originally developed at Google and now donated to the Linux Foundation.
Kroah-Hartman said some patches are being generated with AI now. "You have a little co-develop tag for that now. We're seeing some things for some new features, but we're seeing AI mostly being used in the review."

An anonymous reader quotes a report from Ars Technica: Prospective Vizio TV buyers should know there's a good chance the set won't work properly without a Walmart account. In an attempt to better serve advertisers, Walmart, which bought Vizio in December 2024, announced this week that select newly purchased Vizio TVs now require a Walmart account for setup and accessing smart TV features. Since 2024, Vizio TVs have required a Vizio account, which a Vizio OS website says is necessary for accessing "exclusive offers, subscription management, and tailored support." Accounts are also central to Vizio's business, which is largely driven by ads and tracking tied to its OS.

A Walmart spokesperson confirmed to Ars Technica that Walmart accounts will be mandatory on "select new Vizio OS TVs" for owners to complete onboarding and to use smart TV features. The representative added: "Customers who already have an existing Vizio account are being given the option to merge their Vizio account with their Walmart account. Customers with an existing Vizio account can opt out by deleting their Vizio account." The representative wouldn't confirm which TV models are affected. Walmart's representative said the Walmart account integration is "designed to respect consumer choice and privacy, with data used in aggregated, permissioned, and compliant ways" but didn't specify how.

An anonymous reader quotes a report from Ars Technica: A new hacking group has been rampaging the Internet in a persistent campaign that spreads a self-propagating and never-before-seen backdoor -- and curiously a data wiper that targets Iranian machines. The group, tracked under the name TeamPCP, first gained visibility in December, when researchers from security firm Flare observed it unleashing a worm that targeted cloud-hosted platforms that weren't properly secured. The objective was to build a distributed proxy and scanning infrastructure and then use it to compromise servers for exfiltrating data, deploying ransomware, conducting extortion, and mining cryptocurrency. The group is notable for its skill in large-scale automation and integration of well-known attack techniques.

More recently, TeamPCP has waged a relentless campaign that uses continuously evolving malware to bring ever more systems under its control. Late last week, it compromised virtually all versions of the widely used Trivy vulnerability scanner in a supply-chain attack after gaining privileged access to the GitHub account of Aqua Security, the Trivy creator. Over the weekend, researchers said they observed TeamPCP spreading potent malware that was also worm-enabled, meaning it had the potential to spread to new machines automatically, with no interaction required of victims behind the keyboard. [...]

As the weekend progressed, CanisterWorm [as Aikido has named the malware] was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there's no indication yet that the worm caused actual damage to Iranian machines, but that there was "clear potential for large-scale impact if it achieves active spread." It's unclear what the motive is for TeamPCP. Aikido researcher Charlie Eriksen wrote: "While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal."

This week the Python Software Foundation explained how they keep Python secure. A new blog post recognizes the volunteers and paid Python Software Foundation staff on the Python Security Response Team (PSRT), who "triage and coordinate vulnerability reports and remediations keeping all Python users safe." Just last year the PSRT published 16 vulnerability advisories for CPython and pip, the most in a single year to date! And the PSRT usually can't do this work alone, PSRT coordinators are encouraged to involve maintainers and experts on the projects and submodules. By involving the experts directly in the remediation process ensures fixes adhere to existing API conventions and threat-models, are maintainable long-term, and have minimal impact on existing use-cases. Sometimes the PSRT even coordinates with other open source projects to avoid catching the Python ecosystem off-guard by publishing a vulnerability advisory that affects multiple other projects. The most recent example of this is PyPI's ZIP archive differential attack mitigation.

This work deserves recognition and celebration just like contributions to source code and documentation. [Security Developer-in-Residence Seth Larson and PSF Infrastructure Engineer Jacob Coffee] are developing further improvements to workflows involving "GitHub Security Advisories" to record the reporter, coordinator, and remediation developers and reviewers to CVE and OSV records to properly thank everyone involved in the otherwise private contribution to open source projects.

Installing Linux on a MacBook Air "turned out to be a very underwhelming experience," according to the tech news site MakeUseOf: The thing about Apple silicon Macs is that it's not as simple as downloading an AArch64 ISO of your favorite distro and installing it. Yes, the M-series chips are ARM-based, but that doesn't automatically make the whole system compatible in the same way most traditional x86 PCs are. Pretty much everything in modern MacBooks is custom. The boot process isn't standard UEFI like on most PCs. Apple has its own boot chain called iBoot. The same goes for other things, like the GPU, power management, USB controllers, and pretty much every other hardware component. It is as proprietary as it gets.

This is exactly what the team behind Asahi Linux has been working toward. Their entire goal has been to make Linux properly usable on M-series Macs by building the missing pieces from the ground up. I first tried it back in 2023, when the project was still tied to Arch Linux and decided to give it a try again in 2026. These days, though, the main release is called Fedora Asahi Remix, which, as the name suggests, is built on Fedora rather than Arch...
For Linux on Apple Silicon, the article lists three major disappointments:

• "External monitors don't work unless your MacBook has a built-in HDMI port."

• "Linux just doesn't feel fully ready for ARM yet. A lot of applications still aren't compiled for ARM, so software support ends up being very hit or miss." (And even most of the apps tested with FEX "either didn't run properly or weren't stable enough to rely on.")

• Asahi "refused to connect to my phone's hotspot," they write (adding "No, it wasn't an iPhone").

Microsoft is planning to bring smartphone-style app permission prompts to Windows 11, requiring apps to get explicit user consent before they can access sensitive resources like the file system, camera and microphone. The company's Windows Platform engineer Logan Iyer said the move was prompted by applications increasingly overriding user settings, installing unwanted software, and modifying core Windows experiences without permission.

A separate initiative called Windows Baseline Security Mode will enforce runtime integrity safeguards by default, allowing only properly signed apps, services, and drivers to run. Both changes will roll out in phases as part of Microsoft's Secure Future Initiative, which the company launched in November 2023 after a federal review board called its security culture "inadequate."

Los Angeles is moving to ban single-use printer cartridges that can't be refilled or taken back for recycling. Tom's Hardware reports: Printer cartridges are usually built with a combination of plastic, metal, and chemicals that makes them hard to easily dispose. They can be treated as hazardous waste by the city, but even then it would take them hundreds of years to actually disintegrate at a waste site. Since they're designed to be thrown away in the first place, the real solution is to target the root of the issue -- hence the ban.

Amazon has agreed to pay $309 million and provide additional remedies in a class-action settlement over claims that customers were wrongly denied refunds after returning items. Plaintiffs say (PDF) the deal delivers over $1 billion in total value, including more than $600 million in refunds and operational changes. Reuters reports: Amazon denied any wrongdoing in agreeing to the settlement. "Following an internal review in 2025, we identified a small subset of returns where we issued a refund without the payment completing, or where we could not verify that the correct item had been sent back to us, so no refund had been issued," an Amazon spokesperson said, adding that the company had taken steps to resolve the issue.

The lawsuit, filed in 2023, said Amazon caused "substantial unjustified monetary losses" for consumers who in some instances properly returned an item but were still charged for it. In a court filing, Amazon said customers accepted the terms of the company's return policies, including the possibility they would be recharged for failing to return the product within a specified time frame. The proposed settlement class covers U.S. purchasers of goods on Amazon from September 2017 who allegedly did not receive timely or correct refunds, or who were later charged despite returning items. Class members are expected to recover the full amount of any incorrectly denied refund or retrocharge, plus interest, the plaintiffs told the court.

An anonymous reader shares a report: Anthropic Chief Executive Dario Amodei predicted a future in which AI will spur significant economic growth -- but could lead to widespread unemployment and inequality. Amodei is both "excited and worried" about the impact of AI, he said in an interview at Davos Tuesday. "I don't think there's an awareness at all of what is coming here and the magnitude of it."

Anthropic is the developer of the popular chatbot Claude. Amodei said the government will need to play a role in navigating the massive displacement in jobs that could result from advances in AI. He said there could be a future with 5% to 10% GDP growth and 10% unemployment. "That's not a combination we've almost ever seen before," he said. "There's gonna need to be some role for government in the displacement that's this macroeconomically large."

Amodei painted a potential "nightmare" scenario that AI could bring to society if not properly checked, laying out a future in which 10 million people -- 7 million in Silicon Valley and the rest scattered elsewhere -- could "decouple" from the rest of society, enjoying as much as 50% GPD growth while others were left behind. "I think this is probably a time to worry less about disincentivizing growth and worry more about making sure that everyone gets a part of that growth," Amodei said. He noted that was "the opposite of the prevailing sentiment now," but the reality of technological change will force those ideas to change.

A recent Microsoft Patch Tuesday update has introduced a bug in Windows 11 23H2 that causes some PCs to refuse to shut down or hibernate, "no matter how many times you try," reports The Register. From the report: In a notice on its Windows release health dashboard, Microsoft confirmed that some PCs running Windows 11 23H2 might fail to power down properly after installing the latest security updates. Instead of slipping into shutdown or hibernation, affected machines stay stubbornly awake, draining batteries and ignoring shutdown like they have a mind of their own and don't want to experience temporary non-existence.

The bug appears to be tied to Secure Launch, a security feature that uses virtualization-based protections to ensure only trusted components load during boot. On systems with Secure Launch enabled, attempts to shut down, restart, or hibernate after applying the January patches may fail to complete. From the user's perspective, everything looks normal -- until the PC keeps running anyway, refusing to be denied life.

Microsoft says that entering the command "shutdown /s /t 0" at the command prompt will, in fact, force your PC to turn off, whether it wants to or not. "Until this issue is resolved, please ensure you save all your work, and shut down when you are done working on your device to avoid the device running out of power instead of hibernating," Microsoft said.

Bose is end-of-lifing its SoundTouch smart speakers but softened the blow by open-sourcing the SoundTouch API and preserving limited local features, AirPlay, and Spotify Connect. Ars Technica reports: In October, Bose announced that its SoundTouch Wi-Fi speakers and soundbars would become dumb speakers on February 18. At the time, Bose said that the speakers would only work if a device was connected via AUX, HDMI, or Bluetooth (which has higher latency than Wi-Fi). After that date, the speakers would stop receiving security and software updates and lose cloud connectivity and their companion app, the Framingham, Massachusetts-based company said. Without the app, users would no longer be able to integrate the device with music services, such as Spotify, have multiple SoundTouch devices play the same audio simultaneously, or use or edit saved presets.

The announcement frustrated some of Bose's long-time customers, some of whom own multiple SoundTouch devices that still function properly. Many questioned companies' increasingly common practice of bricking expensive products to focus on new devices or to minimize costs, or because they've gone through acquisitions or bankruptcy. SoundTouch speakers released in 2013 and 2015 with prices ranging from $399 to $1,500.

Today, Bose had better news. In an email to customers, Bose announced that AirPlay and Spotify Connect will still work with SoundTouch speakers after EoL, expanding the wireless capabilities that people will still be able to access. Additionally, SoundTouch devices that support AirPlay 2 can play the same audio simultaneously. The SoundTouch app will also live on, albeit stripped of some functionality. "On May 6, 2026, the app will update to a version that supports the functions that can operate locally without the cloud. No action will be required on your part. Opening the app will apply the update automatically," Bose said. Bose also provided instructions (PDF) for a workaround for saving presets that uses the favorites options in music service apps.

National Weather Service pulled an AI-generated forecast graphic after it hallucinated fake town names in Idaho. "The blunder -- not the first of its kind to be posted by the NWS in the past year -- comes as the agency experiments with a wide range of AI uses, from advanced forecasting to graphic design," reports the Washington Post. "Experts worry that without properly trained officials, mistakes could erode trust in the agency and the technology." From the report: At first glance, there was nothing out of the ordinary about Saturday's wind forecast for Camas Prairie, Idaho. "Hold onto your hats!" said a social media post from the local weather office in Missoula, Montana. "Orangeotild" had a 10 percent chance of high winds, while just south, "Whata Bod" would be spared larger gusts. The problem? Neither of those places exist. Nor do a handful of the other spots marked on the National Weather Service's forecast graphic, riddled with spelling and geographical errors that the agency confirmed were linked to the use of generative AI.

NWS said AI is not commonly used for public-facing content, nor is its use prohibited. The agency said it is exploring ways to employ AI to inform the public and acknowledged mistakes have been made. "Recently, a local office used AI to create a base map to display forecast information, however the map inadvertently displayed illegible city names," said NWS spokeswoman Erica Grow Cei. "The map was quickly corrected and updated social media posts were distributed."

A post with the inaccurate map was deleted Monday, the same day The Washington Post contacted officials with questions about the image. Cei added that "NWS is exploring strategic ways to continue optimizing our service delivery for Americans, including the implementation of AI where it makes sense. NWS will continue to carefully evaluate results in cases where AI is implemented to ensure accuracy and efficiency, and will discontinue use in scenarios where AI is not effective." A Nov. 25 tweet out of the Rapid City, South Dakota, office also had misspelled locations and the Google Gemini logo in its forecast. NWS did not confirm whether the Rapid City image was made with generative AI.

NASA is closing its largest research library at the Goddard Space Flight Center amid budget cuts and campus consolidation, putting tens of thousands of largely non-digitized historical and scientific documents at risk of being warehoused or discarded. The New York Times reports: Jacob Richmond, a NASA spokesman, said the agency would review the library holdings over the next 60 days and some material would be stored in a government warehouse while the rest would be tossed away. "This process is an established method that is used by federal agencies to properly dispose of federally owned property," Mr. Richmond said.

The shutdown of the library at NASA's Goddard Space Flight Center in Greenbelt, Md., is part of a larger reorganization under the Trump administration that includes the closure of 13 buildings and more than 100 science and engineering laboratories on the 1,270-acre campus by March 2026. "This is a consolidation not a closure," said NASA spokeswoman Bethany Stevens. The changes were part of a long-planned reorganization that began before the Trump administration took office, she said. She said that shutting down the facilities would save $10 million a year and avoid another $63.8 million in deferred maintenance.

Goddard is the nation's premiere spaceflight complex. Its website calls it "the largest organization of scientists, engineers, and technologists who build spacecraft, instruments, and new technology to study Earth, the Sun, our solar system, and the universe." [...] The library closure on Friday follows the shutdown of seven other NASA libraries around the country since 2022, and included three libraries this year. As of next week, only three -- at the Glenn Research Center in Cleveland, the Ames Research Center in Mountain View, Calif., and the Jet Propulsion Laboratory in Pasadena, Calif. -- will remain open.

Waymo explained this week that its self-driving car technology is already "designed to handle dark traffic signals," and successfully handled over 7,000 last Saturday during San Francisco's long power outage, properly treating those intersections as four-way stops. But while during the long outage their cars sometimes experienced a "backlog" when waiting for confirmation checks (leading them to freeze in intersections), Waymo said Tuesday they're implementing "fleet-wide updates" to provide their self-driving cars "specific power outage context, allowing it to navigate more decisively."

Ironically, two days later Waymo paused their service again in San Francisco. But this time it was due to a warning from the National Weather Service about a powerful storm bringing the possibility of flash flooding and power outages, reports CNBC. They add that Waymo "didn't immediately respond to a request for comment, or say whether regulators required its service pause on Thursday given the flash flood warnings." And they also note Waymo still faces criticism over last Saturday's incident: The former CEO of San Francisco's Municipal Transit Authority, Jeffrey Tumlin, told CNBC that regulators and robotaxi companies can take valuable lessons away from the chaos that arose with Waymo vehicles during the PG&E power outages last week. "I think we need to be asking 'what is a reasonable number of [autonomous vehicles] to have on city streets, by time of day, by geography and weather?'" Tumlin said. He also suggested regulators may want to set up a staged system that will allow autonomous vehicle companies to rapidly scale their operations, provided they meet specific tests. One of those tests, he said, would be how quickly a company can get their autonomous vehicles safely out of the way of traffic if they encounter something that is confusing like a four-way intersection with no functioning traffic lights.

Cities and regulators should also seek more data from robotaxi companies about the planned or actual performance of their vehicles during expected emergencies such as blackouts, floods or earthquakes, Tumlin said.

An astrophysicist at the University of Rochester writes that "many" of his colleagues in physics "have come to believe that a mystery is unfolding in every microbe, animal, and human." And it's a mystery that:

- "Challenges basic assumptions physicists have held for centuries"
- "May even help redefine the field for the next generation"
- "Could answer essential questions about AI."

In short, while physicists have favored a "reductionist" philosophy about the fundamental laws controlling the universe (energy, mattery, space, and time), "long-promised 'theories of everything' such as string theory, have not borne significant fruit: There are, however, ways other than reductionism to think about what's fundamental in the universe. Beginning in the 1980s, physicists (along with researchers in other fields) began developing new mathematical tools to study what's called "complexity" — systems in which the whole is far more than the sum of its parts. The end goal of reductionism was to explain everything in the universe as the result of particles and their interactions. Complexity, by contrast, recognizes that once lots of particles come together to produce macroscopic things — such as organisms — knowing everything about particles isn't enough to understand reality...

Physicists have always been good at capturing the essential aspects of a system and casting those essentials in the language of mathematics... Now those skills must be brought to bear on an age-old question that is only just getting its proper due: What is life? Using these skills, physicists — working together with representatives of all the other disciplines that make up complexity science — may crack open the question of how life formed on Earth billions of years ago and how it might have formed on the distant alien worlds we can now explore with cutting-edge telescopes. Just as important, understanding why life, as an organized system, is different at a fundamental level from all the other stuff in the universe may help astronomers design new strategies for finding it in places bearing little resemblance to Earth. Analyzing life — no matter how alien — as a self-organizing information-driven system may provide the key to detecting biosignatures on planets hundreds of light-years away.

Closer to home, studying the nature of life is likely essential to fully understanding intelligence — and building artificial versions. Throughout the current AI boom, researchers and philosophers have debated whether and when large language models might achieve general intelligence or even become conscious — or whether, in fact, some already have. The only way to properly assess such claims is to study, by any means possible, the sole agreed-upon source of general intelligence: life. Bringing the new physics of life to problems of AI may not only help researchers predict what software engineers can build; it may also reveal the limits of trying to capture life's essential character in silicon.

An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly."

The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."

The UK government plans to ban political donations made in cryptocurrency over fears of anonymity, foreign influence, and traceability issues, though the ban won't be ready in time for the upcoming elections bill. The Guardian reports: The government's ambition to ban crypto donations will be a blow to Nigel Farage's Reform UK party, which became the first to accept contributions in digital currency this year. It is believed to have received its first registrable donations in cryptocurrency this autumn and the party has set up its own crypto portal to receive contributions, saying it is subject to "enhanced" checks. Government sources have said ministers believe cryptocurrency donations to be a problem, as they are difficult to trace and could be exploited by foreign powers or criminals.

Pat McFadden, then a Cabinet Office minister, first raised the idea in July, saying: "I definitely think it is something that the Electoral Commission should be considering. I think that it's very important that we know who is providing the donation, are they properly registered, what are the bona fides of that donation." The Electoral Commission provides guidance on crypto donations but ministers accept any ban would probably have to come from the government through legislation. "Crypto donations present real risks to our democracy," said Susan Hawley, the executive director of Spotlight on Corruption. "We know that bad actors like Russia use crypto to undermine and interfere in democracies globally, while the difficulties involved in tracing the true source of transactions means that British voters may not know everyone who's funding the parties they vote for."