In October cryptologist/CS professor Daniel J. Bernstein alleged that America's National Security Agency (and its UK counterpart GCHQ) were attempting to influence NIST to adopt weaker post-quantum cryptography standards without a "hybrid" approach that would've also included pre-quantum ECC.

Bernstein is of the opinion that "Given how many post-quantum proposals have been broken and the continuing flood of side-channel attacks, any competent engineering evaluation will conclude that the best way to deploy post-quantum [PQ] encryption for TLS, and for the Internet more broadly, is as double encryption: post-quantum cryptography on top of ECC." But he says he's seen it playing out differently: By 2013, NSA had a quarter-billion-dollar-a-year budget to "covertly influence and/or overtly leverage" systems to "make the systems in question exploitable"; in particular, to "influence policies, standards and specification for commercial public key technologies". NSA is quietly using stronger cryptography for the data it cares about, but meanwhile is spending money to promote a market for weakened cryptography, the same way that it successfully created decades of security failures by building up the market for, e.g., 40-bit RC4 and 512-bit RSA and Dual EC. I looked concretely at what was happening in IETF's TLS working group, compared to the consensus requirements for standards-development organizations. I reviewed how a call for "adoption" of an NSA-driven specification produced a variety of objections that weren't handled properly. ("Adoption" is a preliminary step before IETF standardization....) On 5 November 2025, the chairs issued "last call" for objections to publication of the document. The deadline for input is "2025-11-26", this coming Wednesday.
Bernstein also shares concerns about how the Internet Engineering Task Force is handling the discussion, and argues that the document is even "out of scope" for the IETF TLS working group This document doesn't serve any of the official goals in the TLS working group charter. Most importantly, this document is directly contrary to the "improve security" goal, so it would violate the charter even if it contributed to another goal... Half of the PQ proposals submitted to NIST in 2017 have been broken already... often with attacks having sufficiently low cost to demonstrate on readily available computer equipment. Further PQ software has been broken by implementation issues such as side-channel attacks.
He's also concerned about how that discussion is being handled: On 17 October 2025, they posted a "Notice of Moderation for Postings by D. J. Bernstein" saying that they would "moderate the postings of D. J. Bernstein for 30 days due to disruptive behavior effective immediately" and specifically that my postings "will be held for moderation and after confirmation by the TLS Chairs of being on topic and not disruptive, will be released to the list"...

I didn't send anything to the IETF TLS mailing list for 30 days after that. Yesterday [November 22nd] I finished writing up my new objection and sent that in. And, gee, after more than 24 hours it still hasn't appeared... Presumably the chairs "forgot" to flip the censorship button off after 30 days.
Thanks to alanw (Slashdot reader #1,822) for spotting the blog posts.

Wikipedia on Monday laid out a simple plan to ensure its website continues to be supported in the AI era, despite its declining traffic. From a report: In a blog post, the Wikimedia Foundation, the organization that runs the popular online encyclopedia, called on AI developers to use its content "responsibly" by ensuring its contributions are properly attributed and that content is accessed through its paid product, the Wikimedia Enterprise platform.

The opt-in, paid product allows companies to use Wikipedia's content at scale without "severely taxing Wikipedia's servers," the Wikimedia Foundation blog post explains. In addition, the product's paid nature allows AI companies to support the organization's nonprofit mission. While the post doesn't go so far as to threaten penalties or any sort of legal action for use of its material through scraping, Wikipedia recently noted that AI bots had been scraping its website while trying to appear human.

"Snippets of proprietary or copyleft reciprocal code can enter AI-generated outputs, contaminating codebases with material that developers can't realistically audit or license properly."

That's the warning from Sean O'Brien, who founded the Yale Privacy Lab at Yale Law School. ZDNet reports: Open software has always counted on its code being regularly replenished. As part of the process of using it, users modify it to improve it. They add features and help to guarantee usability across generations of technology. At the same time, users improve security and patch holes that might put everyone at risk. But O'Brien says, "When generative AI systems ingest thousands of FOSS projects and regurgitate fragments without any provenance, the cycle of reciprocity collapses. The generated snippet appears originless, stripped of its license, author, and context." This means the developer downstream can't meaningfully comply with reciprocal licensing terms because the output cuts the human link between coder and code. Even if an engineer suspects that a block of AI-generated code originated under an open source license, there's no feasible way to identify the source project. The training data has been abstracted into billions of statistical weights, the legal equivalent of a black hole.

The result is what O'Brien calls "license amnesia." He says, "Code floats free of its social contract and developers can't give back because they don't know where to send their contributions...."

"Once AI training sets subsume the collective work of decades of open collaboration, the global commons idea, substantiated into repos and code all over the world, risks becoming a nonrenewable resource, mined and never replenished," says O'Brien. "The damage isn't limited to legal uncertainty. If FOSS projects can't rely upon the energy and labor of contributors to help them fix and improve their code, let alone patch security issues, fundamentally important components of the software the world relies upon are at risk."

O'Brien says, "The commons was never just about free code. It was about freedom to build together." That freedom, and the critical infrastructure that underlies almost all of modern society, is at risk because attribution, ownership, and reciprocity are blurred when AIs siphon up everything on the Internet and launder it (the analogy of money laundering is apt), so that all that code's provenance is obscured.

A network of classified Starshield satellites built by SpaceX for the U.S. government is transmitting signals on radio frequencies reserved for Earth-to-space commands. According to NPR, it may violate international standards. From the report: Satellites associated with the Starshield satellite network appear to be transmitting to the Earth's surface on frequencies normally used for doing the exact opposite: sending commands from Earth to satellites in space. The use of those frequencies to "downlink" data runs counter to standards set by the International Telecommunication Union, a United Nations agency that seeks to coordinate the use of radio spectrum globally.

Starshield's unusual transmissions have the potential to interfere with other scientific and commercial satellites, warns Scott Tilley, an amateur satellite tracker in Canada who first spotted the signals. "Nearby satellites could receive radio-frequency interference and could perhaps not respond properly to commands -- or ignore commands -- from Earth," he told NPR.

Outside experts agree there's the potential for radio interference. "I think it is definitely happening," said Kevin Gifford, a computer science professor at the University of Colorado, Boulder who specializes in radio interference from spacecraft. But he said the issue of whether the interference is truly disruptive remains unresolved. [...] Tilley says he's detected signals from 170 of the Starshield satellites so far. All appear in the 2025-2110 MHz range, though the precise frequencies of the signals move around.

"It's not just you: Flatpak flat-out doesn't work in the new Ubuntu 25.10 release," writes the blog OMG Ubuntu: While Flatpak itself can be installed using apt, trying to install Flatpaks with Flatpak from the command-line throws a "could not unmount revokefs-fuse filesystem" error, followed by "Child process exited with code 1". For those who've installed the Ubuntu 'Questing Quokka' and wanted to kit it out with their favourite software from Flathub, it's a frustrating road bump.

AppArmor, the tool that enforces Ubuntu's security policies for apps, is causing the issue. According to the bug report on Launchpad, the AppArmor profile for fusermount3 lacks the privileges it needs to work properly in Ubuntu 25.10. Fusermount3 is a tool Flatpak relies on to mount and unmount filesystems... This is a bug and it is being worked on. Although there's no timeframe for a fix, it is marked as critical, so will be prioritised.
The bug was reported in early September, but not fixed in time for this week's Ubuntu 25.10 release, reports Phoronix: Only [Friday] an updated AppArmor was pushed to the "questing-proposed" archive for testing. Since then... a number of users have reported that the updated AppArmor from the proposed archive will fix the Flatpak issues being observed. From all the reports so far it looks like that proposed update is in good shape for restoring Flatpak support on Ubuntu 25.10. The Ubuntu team is considering pushing out this update sooner than the typical seven day testing period given the severity of the issue.
More details from WebProNews: Industry insiders point out that AppArmor, Ubuntu's mandatory access control system, was tightened in this release to enhance security... This isn't the first time AppArmor has caused friction; similar issues plagued Telegram Flatpak apps in Ubuntu 24.04 LTS earlier this year, as noted in coverage from OMG Ubuntu.

A now-fixed security flaw in India's income tax e-filing portal exposed millions of taxpayers' personal and financial data due to a basic IDOR vulnerability that let users view others' records by swapping PAN numbers. "The exposed data included full names, home addresses, email addresses, dates of birth, phone numbers, and bank account details of people who pay taxes on their income in India," reports TechCrunch. "The data also exposed citizens' Aadhaar number, a unique government-issued identifier used as proof of identity and for accessing government services." From the report: The researchers found that when they signed into the portal using their Permanent Account Number (PAN), an official document issued by the Indian income tax department, they could view anyone else's sensitive financial data by swapping out their PAN for another PAN in the network request as the web page loads. This could be done using publicly available tools like Postman or Burp Suite (or using the web browser's in-built developer tools) and with knowledge of someone else's PAN, the researchers told TechCrunch.

The bug was exploitable by anyone who was logged-in to the tax portal because the Indian income tax department's back-end servers were not properly checking who was allowed to access a person's sensitive data. This class of vulnerability is known as an insecure direct object reference, or IDOR, a common and simple flaw that governments have warned is easy to exploit and can result in large-scale data breaches.

"This is an extremely low-hanging thing, but one that has a very severe consequence," the researchers told TechCrunch. In addition to the data of individuals, the researchers said that the bug also exposed data associated with companies who were registered with the e-Filing portal. [...] It remains unclear how long the vulnerability has existed or whether any malicious actors have accessed the exposed data.

An anonymous reader quotes a report from TechCrunch: A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make by providing call recordings that help train, improve, and test AI models. But now Neon has gone offline, at least for now, after a security flaw allowed anyone to access the phone numbers, call recordings, and transcripts of any other user, TechCrunch can now report.

TechCrunch discovered the security flaw during a short test of the app on Thursday. We alerted the app's founder, Alex Kiam (who previously did not respond to a request for comment about the app), to the flaw soon after our discovery. Kiam told TechCrunch later Thursday that he took down the app's servers and began notifying users about pausing the app, but fell short of informing his users about the security lapse. The Neon app stopped functioning soon after we contacted Kiam. TechCrunch found that the app's backend services didn't properly restrict access, allowing any logged-in user to request and receive data belong to other users. This included call transcripts, raw call recordings, and sensitive metadata, including phone numbers, the date/time of calls, and their durations.

The pressure is mounting on business leaders to harness AI to make work faster, cheaper, and more efficient. That may thrill investors, but for employees, it could mean fewer jobs around the world. From a report: At the $320 billion software giant SAP, there will likely be a need for fewer engineers to deliver the same -- or even greater -- output, according to the company's CFO Dominik Asam.

"There's more automation, simply," Asam told Business Insider. "There are certain tasks which are automated and for the same volume of output we can afford to have less people." As a C-suite exec at Europe's most valuable software company, Asam cautioned that this reality will only come true if the corporate world implements the technology properly. After all, a recent MIT study found that 95% of generative AI pilots have not met the mark. "I will be brutal. And I also say this internally. For SAP and any other software company, AI is a great catalyst. It can be either great or catastrophe," Asam warned. "It will be great if you do it well, if you are able to implement it and do it faster than others. If you are left behind, you will have a problem for sure. We work day and night to not fall behind."

America's Federal Trade Commission is investigating whether Amazon and Google misled advertisers placing ads on their websites, reports Bloomberg, and specifically whether the two companies "properly disclosed the terms and pricing for ads." The FTC is seeking details about Amazon's auctions and whether it disclosed "reserve pricing" for some search ads — price floors that advertisers must meet before they can buy an ad, the people said. Separately, the FTC is examining practices by Google, including its internal pricing process and whether it increased the cost of ads in ways that weren't disclosed to advertisers, the people said...

According to one of the people, the FTC's latest investigation emerged from its earlier antitrust case. In that complaint, the agency alleges that Amazon litters its marketplace with irrelevant results for search queries, making it harder for shoppers to find what they are looking for and more expensive for sellers to use the platform. The practice effectively forces sellers to buy ads to make their product appear in response to consumer searches.

They stole a woman's phone in Barcelona. Unfortunately, her husband was security consultant/penetration tester Martin Vigo, reports Spain's newspaper El Pais.

"His weeks-long investigation coincided with a massive two-year police operation between 2022 and 2024 in six countries where 17 people were arrested: Spain, Argentina, Colombia, Chile, Ecuador, and Peru...." In Vigo's case, the phone was locked and the "Find my iPhone" feature was activated... Once stolen, the phones are likely wrapped in aluminum foil to prevent the GPS from tracking their movements. "Then they go to a safe house where they are gathered together and shipped on pallets outside of Spain, to Morocco or China." This international step is vital to prevent the phone from being blocked if the thieves try to use it again. Carriers in several European countries share lists of the IMEIs (unique numbers for each device) of stolen devices so they can't be used. But Morocco, for example, doesn't share these lists. There, the phone can be reconnected...

With hundreds or thousands of stored phones, another path begins: "They try to get the PIN," says Vigo. Why the PIN? Because with the PIN, you can change the Apple password and access the device's content. The gang had created a system to send thousands of text messages like the one Vigo received. To know who to target with the bait message, the police say, "the organization performed social profiling of the victims, since, in many cases, in addition to the phone, they also had the victim's personal belongings, such as their ID." This is how they obtained the phone numbers to send the malicious SMS...

Each victim received a unique link, and the server knew which victim clicked it... With the first click, the attackers would redirect the user to a website they believed was credible, such as Apple's real iCloud site... [T]he next day you receive another text message, and you click on it, more confidently. However, that link no longer redirects you to the real Apple website, but to a flawless copy created by the criminals: that's where they ask for your PIN, and without thinking, full of hope, you enter it... "The PIN is more powerful than your fingerprint or face. With it, you can delete the victim's biometric information and add your own to access banking apps that are validated this way," says Vigo. Apple Wallet asks you to re-authenticate, and then everything is accessible...

In the press release on the case, the police explained that the gang allegedly used a total of 5,300 fake websites and illegally unlocked around 1.3 million high-end devices, about 30,000 of them in Spain.
Vigo tells El Pais that if the PIN doesn't unlock the device, the criminal gang then sends it to China to be "dismantled and then sent back to Europe for resale. The devices are increasingly valuable because they have more advanced chips, better cameras, and more expensive materials."

To render the phone untraceable in China, "they change certain components and the IMEI. It requires a certain level of sophistication: opening the phone, changing the chip..."

U.S. officials issued an advisory warning that foreign-made solar-powered highway infrastructure may contain hidden radios embedded in inverters and batteries. Reuters reports: The advisory, disseminated late last month by the U.S. Department of Transportation's Federal Highway Administration, comes amid escalating government action over the presence of Chinese technology in America's transportation infrastructure. The four-page security note, a copy of which was reviewed by Reuters, said that undocumented cellular radios had been discovered "in certain foreign-manufactured power inverters and BMS," referring to battery management systems.

The note, which has not previously been reported, did not specify where the products containing undocumented equipment had been imported from, but many inverters are made in China. There is increasing concern from U.S. officials that the devices, along with the electronic systems that manage rechargeable batteries, could be seeded with rogue communications components that would allow them to be remotely tampered with on Beijing's orders. [...]

The August 20 advisory said the devices were used to power a range of U.S. highway infrastructure, including signs, traffic cameras, weather stations, solar-powered visitor areas and warehouses, and electric vehicle chargers. The risks it cited included simultaneous outages and surreptitious theft of data. The alert suggested that relevant authorities inventory inverters across the U.S. highway system, scan devices with spectrum analysis technology to detect any unexpected communications, disable or remove any undocumented radios, and make sure their networks were properly segmented.

A research team just discovered older mice have more of the protein FTL1 in their hippocampus, reports ScienceAlert. The hippocampus is the region of the brain involved in memory and learning. And the researchers' paper says their new data raises "the exciting possibility that the beneficial effects of targeting neuronal ferritin light chain 1 (FTL1) at old age may extend more broadly, beyond cognitive aging, to neurodegenerative disease conditions in older people." FTL1 is known to be related to storing iron in the body, but hasn't come up in relation to brain aging before... To test its involvement after their initial findings, the researchers used genetic editing to overexpress the protein in young mice, and reduce its level in old mice. The results were clear: the younger mice showed signs of impaired memory and learning abilities, as if they were getting old before their time, while in the older mice there were signs of restored cognitive function — some of the brain aging was effectively reversed...

"It is truly a reversal of impairments," says biomedical scientist Saul Villeda, from the University of California, San Francisco. "It's much more than merely delaying or preventing symptoms." Further tests on cells in petri dishes showed how FTL1 stopped neurons from growing properly, with neural wires lacking the branching structures that typically provide links between nerve cells and improve brain connectivity...

"We're seeing more opportunities to alleviate the worst consequences of old age," says Villeda. "It's a hopeful time to be working on the biology of aging."
The research was led by a team from the University of California, San Francisco — and published in Nature Aging..

Nepal's government said Thursday it is blocking most social media platforms including Facebook, X and YouTube because the companies failed to comply with regulations that required them to register with the government. From a report: Nepal's Minister for Communication and Information Prithvi Subba Gurung said about two dozen social network platforms that are widely used in Nepal were repeatedly given notices to come forward and register their companies officially in the country. The platforms would be blocked immediately, he said.

TikTok, Viber and three other social media platforms would be allowed to operate in Nepal because they have registered with the government. Nepal government have been asking the companies to appoint a liaison office or point in the country. It has brought a bill in parliament that aims to ensure that social platforms are properly managed, responsible and accountable.

samleecole shares a report from 404 Media: An app developer has jailbroken Echelon exercise bikes to restore functionality that the company put behind a paywall last month, but copyright laws prevent him from being allowed to legally release it. Last month, Peloton competitor Echelon pushed a firmware update to its exercise equipment that forces its machines to connect to the company's servers in order to work properly. Echelon was popular in part because it was possible to connect Echelon bikes, treadmills, and rowing machines to free or cheap third-party apps and collect information like pedaling power, distance traveled, and other basic functionality that one might want from a piece of exercise equipment. With the new firmware update, the machines work only with constant internet access and getting anything beyond extremely basic functionality requires an Echelon subscription, which can cost hundreds of dollars a year.

App engineer Ricky Witherspoon, who makes an app called SyncSpin that used to work with Echelon bikes, told 404 Media that he successfully restored offline functionality to Echelon equipment and won the Fulu Foundation bounty. But he and the foundation said that he cannot open source or release it because doing so would run afoul of Section 1201 of the Digital Millennium Copyright Act, the wide-ranging copyright law that in part governs reverse engineering. There are various exemptions to Section 1201, but most of them allow for jailbreaks like the one Witherspoon developed to only be used for personal use. [...] "I don't feel like going down a legal rabbit hole, so for now it's just about spreading awareness that this is possible, and that there's another example of egregious behavior from a company like this [...] if one day releasing this was made legal, I would absolutely open source this. I can legally talk about how I did this to a certain degree, and if someone else wants to do this, they can open source it if they want to."

A widely used Node.js utility called fast-glob, relied on by thousands of projectsâ"including over 30 U.S. Department of Defense systems -- is maintained solely by a Russian developer linked to Yandex. While there's no evidence of malicious activity, cybersecurity experts warn that the lack of oversight in such critical open-source projects leaves them vulnerable to potential exploitation by state-backed actors. The Register reports: US cybersecurity firm Hunted Labs reported the revelations on Wednesday. The utility in question is fast-glob, which is used to find files and folders that match specific patterns. Its maintainer goes by the handle "mrmlnc", and the Github profile associated with that handle identifies its owner as a Yandex developer named Denis Malinochkin living in a suburb of Moscow. A website associated with that handle also identifies its owner as the same person, as Hunted Labs pointed out.

Hunted Labs told us that it didn't speak to Malinochkin prior to publication of its report today, and that it found no ties between him and any threat actor. According to Hunted Labs, fast-glob is downloaded more than 79 million times a week and is currently used by more than 5,000 public projects in addition to the DoD systems and Node.js container images that include it. That's not to mention private projects that might use it, meaning that the actual number of at-risk projects could be far greater.

While fast-glob has no known CVEs, the utility has deep access to systems that use it, potentially giving Russia a number of attack vectors to exploit. Fast-glob could attack filesystems directly to expose and steal info, launch a DoS or glob-injection attack, include a kill switch to stop downstream software from functioning properly, or inject additional malware, a list Hunted Labs said is hardly exhaustive. [...] Hunted Labs cofounder Haden Smith told The Register that the ties are cause for concern. "Every piece of code written by Russians isn't automatically suspect, but popular packages with no external oversight are ripe for the taking by state or state-backed actors looking to further their aims," Smith told us in an email. "As a whole, the open source community should be paying more attention to this risk and mitigating it." [...]

Hunted Labs said that the simplest solution for the thousands of projects using fast-glob would be for Malinochkin to add additional maintainers and enhance project oversight, as the only other alternative would be for anyone using it to find a suitable replacement. "Open source software doesn't need a CVE to be dangerous," Hunted Labs said of the matter. "It only needs access, obscurity, and complacency," something we've noted before is an ongoing problem for open source projects. This serves as another powerful reminder that knowing who writes your code is just as critical as understanding what the code does," Hunted Labs concluded.

Amazon is facing a proposed class action lawsuit alleging it misleads customers by advertising digital movies and TV shows as "purchases," when in reality buyers only receive revocable licenses that can disappear if Amazon loses distribution rights. From the Hollywood Reporter: On Friday, a proposed class action was filed in Washington federal court against Amazon over a "bait and switch" in which the company allegedly misleads consumers into believing they've purchased content when they're only getting a license to watch, which can be revoked at any time. [...] The lawsuit accuses Amazon, which didn't respond to a request for comment, of misrepresenting the nature of movie and TV transactions during the purchase process. On its website and platform, the company tells consumers they can "buy" a movie. But hidden in a footnote on the confirmation page is fine print that says, "You receive a license to the video and you agree to our terms," the complaint says.

The issue is already before a court. In a 2020 lawsuit alleging unfair competition and false advertising over the practice, Amazon maintained that its use of the word "buy" for digital content isn't deceptive because consumers understand their purchases are subject to licenses. Quoting Webster's Dictionary, it said that the term means "rights to the use or services of payment" rather than perpetual ownership and that its disclosures properly warn people that they may lose access. The court ultimately rebuffed Amazon's bid to dismiss the lawsuit outside of a claim alleging a violation of Washington's unjust enrichment law.

An anonymous reader quotes a report from Ars Technica: As banks around the world prepare to replace many thousands of workers with AI, Australia's biggest bank is scrambling to rehire 45 workers after allegedly lying about chatbots besting staff by handling higher call volumes. In a statement Thursday flagged by Bloomberg, Australia's main financial services union, the Finance Sector Union (FSU), claimed a "massive win" for 45 union members whom the Commonwealth Bank of Australia (CBA) had replaced with an AI-powered "voice bot."

The FSU noted that some of these workers had been with CBA for decades. Those workers in particular were shocked when CBA announced last month that their jobs had become redundant. At that time, CBA claimed that launching the chatbot supposedly "led to a reduction in call volumes" by 2,000 a week, FSU said. But "this was an outright lie," fired workers told FSU. Instead, call volumes had been increasing at the time they were dismissed, with CBA supposedly "scrambling" -- offering staff overtime and redirecting management to join workers answering phones to keep up.

To uncover the truth, FSU escalated the dispute to a fair work tribunal, where the union accused CBA of failing to explain how workers' roles were ruled redundant. The union also alleged that CBA was hiring for similar roles in India, Bloomberg noted, which made it appear that CBA had perhaps used the chatbot to cover up a shady pivot to outsource jobs. While the dispute was being weighed, CBA admitted that "they didn't properly consider that an increase in calls" happening while staff was being fired "would continue over a number of months," FSU said. "This error meant the roles were not redundant," CBA confirmed at the tribunal. Now, CBA has apologized to the fired workers. A spokesperson told Bloomberg that they can choose to come back to their prior roles, seek another position, or leave the firm with an exit payment. "We have apologized to the employees concerned and acknowledge we should have been more thorough in our assessment of the roles required," CBA's spokesperson told Bloomberg.

The FSU said that "the damage has already been done." These employees "have had to endure the stress and worry of facing redundancy" and were "suddenly confronted with the prospect of being unable to pay their bills." FSU warned that CBA's flip-flopping on AI serves as a "stark reminder to all of us that we can never trust employers to do the right thing by workers, and change can happen at any time and impact any one of us."

Pebble has unveiled the final design of its rebooted Pebble Time 2 smartwatch, featuring a stainless steel body, color accents, knurled buttons, a flat glass display, customizable RGB backlight, and a built-in compass. 9to5Google reports: In a new episode of his podcast "Tick Talk," original Pebble founder Eric Migicovsky discusses the progress being made on the revival. This time around, the main topic is Pebble Time 2 and its "final design," which sees a considerable redesign compared to what was shown off earlier this year. The new look has some added curves, color accents, knurled buttons, and a stunning overall look.

It'll be available in black and silver colors, as opposed to the black and white previously shown off. In between the metal portions of the build, a polycarbonate layer will allow the radios to work properly, while also adding a blue or red accent to the design. Apparently, there are four total color options on the table, but they're not final just yet. Anyone who has placed a pre-order will get the choice of what color they want.

The new Pebble Time 2 will be made from stainless steel, in particular the same steel material that the original Pebble Steel was built from. It also has transitioned to a flat glass panel versus the curved finish that was used on prior Pebble watches, lessening reflections. The backlight on this model is also more advanced, with an RGB LED that allows the user to control the backlight color so it's not always "blue-ish." Migicovsky says that this will allow the color temperature to change through the day. The Pebble Time 2 is available to pre-order for $225.

South Korea postponed a decision for the second time this year on Friday regarding Google's request to export detailed mapping data to overseas servers, which would enable full Google Maps functionality in the country. The inter-agency committee extended the deadline from August to October to allow further review of security concerns and consultations with industry stakeholders.

South Korea remains one of only a handful of countries alongside China and North Korea where Google Maps fails to function properly, unable to provide directions despite displaying landmarks and businesses. Tourism complaints increased 71% last year, with Google Maps accounting for 30% of all app-related grievances, while local industry groups representing 2,600 companies report 90% opposition to Google's request due to fears of market domination by the US tech company.

The Government Accountability Office has issued reports criticizing the Department of Homeland Security, Environmental Protection Agency, and General Services Administration for failing to implement critical IT and cybersecurity recommendations.

DHS leads with 43 unresolved recommendations dating to 2018, including seven priority matters. The EPA has 11 outstanding items, including failures to submit FedRAMP documentation and conduct organization-wide cybersecurity risk assessments. GSA has four pending recommendations.

All three agencies failed to properly log cybersecurity events and conduct required annual IT portfolio reviews. The DHS' HART biometric program remains behind schedule without proper cost accounting or privacy controls, with all nine 2023 recommendations still open.