Comment Awesome News (Score 1) 29
This sounds like a great advancement, my Mother could use something like this.
Submission + - There's an Unhinged New Video Game About Trump and the Iran War (wired.com) 1
joshuark writes: A new video game about President Donald Trump’s war in Iran features fights with the pope and New York City mayor Zohran Mamdani. It’s impossible to win, and that’s the point.
The game, Operation Epic Furious: Strait to Hell, was developed by Secret Handshake, an anonymous group of artists behind a handful of satirical works mocking the Trump administration. The game is available to play online, but three fully functional arcade cabinets are currently installed at the Washington, DC, War Memorial. The games will remain there for the next few days.
In the game, Trump is the playable character, on a quest to collect barrels of oil and ideas for Truth Social posts, to reopen the Strait of Hormuz, and win the war. During the game, Trump’s social media posts do little to move the needle, creating an endless cycle of tasks and threats that ultimately lead nowhere. Even if the game is unwinnable, players can lose, and do so abruptly.
The game, Operation Epic Furious: Strait to Hell, was developed by Secret Handshake, an anonymous group of artists behind a handful of satirical works mocking the Trump administration. The game is available to play online, but three fully functional arcade cabinets are currently installed at the Washington, DC, War Memorial. The games will remain there for the next few days.
In the game, Trump is the playable character, on a quest to collect barrels of oil and ideas for Truth Social posts, to reopen the Strait of Hormuz, and win the war. During the game, Trump’s social media posts do little to move the needle, creating an endless cycle of tasks and threats that ultimately lead nowhere. Even if the game is unwinnable, players can lose, and do so abruptly.
Comment Re:Recruitment Drive (Score 1) 81
Sadly none of the carriers ever ring my doorbell. Luckily porch pirates are pretty rare where I live.
Comment Re:MBA strikes again (Score 1) 41
You are not wrong.
Comment Re:Garmin was the way to go (Score 1) 21
The screen died on my fitbit charge and I replaced it with a $50 amazfit that does more than the fitbit ever did.
Comment Google ruins everything (Score 1) 21
I knew from the moment Google bought fitbit that they would run it into the ground.
Submission + - Researcher Finds Microsoft Edge Stored Passwords Load in Plaintext (pcmag.com)
joshuark writes: Michael Kan, of PC Magazine writes Microsoft's Edge is facing controversy after a security researcher discovered the internet browser will load stored passwords in plaintext in a computer’s RAM, paving the way for malware to fetch the login credentials.
Security researcher Tom Jøran Sønstebyseter Rønning flagged the problem in a video showing him using a simple tool to dump stored passwords in Edge using the command prompt with administrator privileges.
“When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory. This happens even if you never visit a site that uses those credentials,” he warned, adding: “Edge is the only Chromiumbased browser I’ve tested that behaves this way.”
Microsoft defends it as a 'design choice,' saying the threat requires the PC to be compromised. But the researcher who flagged the issue says other Chromium-based browsers sidestep the problem.
Still, Rønning questions why Microsoft doesn’t follow Google’s Chrome, which decrypts saved credentials “only when needed, instead of keeping all passwords in memory at all times," he said. "In contrast, Chrome will only decrypt the credential you need for autofill, when you need it, and it will be removed after."
However, Microsoft is pushing back on the report, saying the threat only arises if a hacker has control over the user’s PC, which could occur through a malware infection. “Access to browser data as described in the reported scenario would require the device to already be compromised,” the company said in a statement.
However, Microsoft indicates that its current approach to loading stored passwords in Edge can improve the user experience. “Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats,” the company said.
Security researcher Tom Jøran Sønstebyseter Rønning flagged the problem in a video showing him using a simple tool to dump stored passwords in Edge using the command prompt with administrator privileges.
“When you save passwords in Edge, the browser decrypts every credential at startup and keeps them resident in process memory. This happens even if you never visit a site that uses those credentials,” he warned, adding: “Edge is the only Chromiumbased browser I’ve tested that behaves this way.”
Microsoft defends it as a 'design choice,' saying the threat requires the PC to be compromised. But the researcher who flagged the issue says other Chromium-based browsers sidestep the problem.
Still, Rønning questions why Microsoft doesn’t follow Google’s Chrome, which decrypts saved credentials “only when needed, instead of keeping all passwords in memory at all times," he said. "In contrast, Chrome will only decrypt the credential you need for autofill, when you need it, and it will be removed after."
However, Microsoft is pushing back on the report, saying the threat only arises if a hacker has control over the user’s PC, which could occur through a malware infection. “Access to browser data as described in the reported scenario would require the device to already be compromised,” the company said in a statement.
However, Microsoft indicates that its current approach to loading stored passwords in Edge can improve the user experience. “Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats,” the company said.
Submission + - Microsoft Issues Warning About Linux Vulnerability (linux-magazine.com)
joshuark writes: Linux Magazine reports that Microsoft has issued a warning that a vulnerability with a CVSS score of 7.8 has been found in the Linux kernel. The vulnerability in question is tagged CVE-2026-31431 and, according to the Cybersecurity and Infrastructure Security Agency (CISA), "This Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."
The distributions affected are Ubuntu, Red Hat, SUSE, Debian, Fedora, Arch Linux, and Amazon Linux. This could also affect any distribution based on those in the list, which means pretty much every Linux distro that isn't independent.
The flaw is found in the Linux kernel cryptographic subsystem's algif_aead module of AF_ALG. The problem is that a particular optimization has led to the kernel reusing the source memory as the destination during cryptographic operations. What this means is that attackers can take advantage of interactions between the AF_ALG socket interface and a splice() system call.
Currently, active exploitation of the vulnerability is limited to proof-of-concept (PoC) demonstrations. Until patches are released, Microsoft is advising that the affected crypto feature should be disabled, or AF_ALG socket creation should be blocked.
The distributions affected are Ubuntu, Red Hat, SUSE, Debian, Fedora, Arch Linux, and Amazon Linux. This could also affect any distribution based on those in the list, which means pretty much every Linux distro that isn't independent.
The flaw is found in the Linux kernel cryptographic subsystem's algif_aead module of AF_ALG. The problem is that a particular optimization has led to the kernel reusing the source memory as the destination during cryptographic operations. What this means is that attackers can take advantage of interactions between the AF_ALG socket interface and a splice() system call.
Currently, active exploitation of the vulnerability is limited to proof-of-concept (PoC) demonstrations. Until patches are released, Microsoft is advising that the affected crypto feature should be disabled, or AF_ALG socket creation should be blocked.
Comment From a... (Score 1) 162
From a "Chicken in every pot" and "a car in every garage" to now a "data center in every yard" or "a data center in every family plot" but at one point in the 1950s the dream was every home to have its own nuclear reactor for its own power. The circle of progress...
JoshK.
Comment Re: “small” government (Score 1) 126
This isn't Reddit, and your post is off topic. Should the government do this? Maybe. Should it be an international committee of governments? Probably.
Submission + - AI agent designed to speed up a company's coding instead wiped out its customer (livescience.com)
joshuark writes: An AI coding agent designed to help a small software company streamline its tasks instead blew a hole through its business in just nine seconds. PocketOS founder Jer Crane, said that the AI coding agent Cursor — powered by Anthropic's Claude Opus 4.6 model — deleted the company's entire production database and backups with a single call to its cloud provider, Railway, on April 24.
Unlike a regular conversational chatbot, an AI agent can perform actions on behalf of a user. It can search files, write code, use login keys and phone outside services. That can make it more useful than a back-and-forth textual exchange. But when an agent has broad access to live systems, a predictive guess can turn a wrong answer into a business disaster.
"This isn't a story about one bad agent or one bad API [Application Programming Interfaces]," Crane wrote in an X post. "It's about an entire industry building AI-agent integrations into production infrastructure faster than it's building the safety architecture to make those integrations safe."
Crane's company, PocketOS makes software for car rental companies, handling tasks such as reservations, payments, customer records and vehicle tracking. After the deletion, Crane said customers lost reservations and new signups, and some could not find records for people arriving to pick up their rental cars.
"We've contacted legal counsel," Crane wrote. "We are documenting everything."
Crane explained that Cursor found an API token — a "digital key" made of a short sequence of code that lets software talk to other services and prove it has permission to act — in an unrelated file which it then used to run the destructive command. According to Crane, Railway's setup allowed the deletion without confirmation, and because the backups were stored close enough to the main database, they were also erased.
"[Railway] resolved the issue and restored the data," Railway confirmed via email to Live Science. "We maintain both user backups as well as disaster backups. We take data very, VERY seriously."
In his post, he pointed to earlier reports of Cursor ignoring user rules, changing files it was not supposed to touch and taking actions beyond the task it had been given. To him, the database wipe was not a freak accident but the next step in a larger, more concerning, pattern.
After the database vanished, Crane asked Cursor to explain what happened. The AI agent reportedly admitted that it had guessed, acted without permission and failed to understand the command before running it.
"I violated every principle I was given," the AI agent wrote. "I guessed instead of verifying. I ran a destructive action without being asked. I didn't understand what I was doing before doing it."
The statement reads like a confession,,,
"We are not the first," Crane wrote. "We will not be the last unless this gets airtime."
Unlike a regular conversational chatbot, an AI agent can perform actions on behalf of a user. It can search files, write code, use login keys and phone outside services. That can make it more useful than a back-and-forth textual exchange. But when an agent has broad access to live systems, a predictive guess can turn a wrong answer into a business disaster.
"This isn't a story about one bad agent or one bad API [Application Programming Interfaces]," Crane wrote in an X post. "It's about an entire industry building AI-agent integrations into production infrastructure faster than it's building the safety architecture to make those integrations safe."
Crane's company, PocketOS makes software for car rental companies, handling tasks such as reservations, payments, customer records and vehicle tracking. After the deletion, Crane said customers lost reservations and new signups, and some could not find records for people arriving to pick up their rental cars.
"We've contacted legal counsel," Crane wrote. "We are documenting everything."
Crane explained that Cursor found an API token — a "digital key" made of a short sequence of code that lets software talk to other services and prove it has permission to act — in an unrelated file which it then used to run the destructive command. According to Crane, Railway's setup allowed the deletion without confirmation, and because the backups were stored close enough to the main database, they were also erased.
"[Railway] resolved the issue and restored the data," Railway confirmed via email to Live Science. "We maintain both user backups as well as disaster backups. We take data very, VERY seriously."
In his post, he pointed to earlier reports of Cursor ignoring user rules, changing files it was not supposed to touch and taking actions beyond the task it had been given. To him, the database wipe was not a freak accident but the next step in a larger, more concerning, pattern.
After the database vanished, Crane asked Cursor to explain what happened. The AI agent reportedly admitted that it had guessed, acted without permission and failed to understand the command before running it.
"I violated every principle I was given," the AI agent wrote. "I guessed instead of verifying. I ran a destructive action without being asked. I didn't understand what I was doing before doing it."
The statement reads like a confession,,,
"We are not the first," Crane wrote. "We will not be the last unless this gets airtime."
Submission + - An Amateur just Solved a 60-year-old Math Problem—by Asking AI (scientificamerican.com)
joshuark writes: Scientific American reports that a ChatGPT AI has proved a conjecture with a method no human had developed. A 23 year old student Liam Price just cracked a 60-year-old problem that world-class mathematicians have tried and failed to solve.
The new solution that Price got in response to a single prompt to GPT-5.4 Pro and posted on www.erdosproblems.com, a website devoted to the Erds problems.
The question Price solved—or prompted ChatGPT to solve—concerns special sets of whole numbers, where no number in the set can be evenly divided by any other. Erds called these “primitive sets” because of their connection to similarly indivisible prime numbers.Price wasn’t aware of this history when he entered the problem into ChatGPT.
Price sent it to his occasional collaborator Kevin Barreto, a second-year undergraduate in mathematics at the University of Cambridge. The duo had jump-started the AI-for-Erds craze late last year by prompting a free version of ChatGPT with open problems chosen at random from the Erds problems website. Reviewing Price’s message, Barreto realized what they had was special, and experts whom he notified quickly took notice.
The new solution that Price got in response to a single prompt to GPT-5.4 Pro and posted on www.erdosproblems.com, a website devoted to the Erds problems.
The question Price solved—or prompted ChatGPT to solve—concerns special sets of whole numbers, where no number in the set can be evenly divided by any other. Erds called these “primitive sets” because of their connection to similarly indivisible prime numbers.Price wasn’t aware of this history when he entered the problem into ChatGPT.
Price sent it to his occasional collaborator Kevin Barreto, a second-year undergraduate in mathematics at the University of Cambridge. The duo had jump-started the AI-for-Erds craze late last year by prompting a free version of ChatGPT with open problems chosen at random from the Erds problems website. Reviewing Price’s message, Barreto realized what they had was special, and experts whom he notified quickly took notice.
Submission + - J. Craig Venter, genomics pioneer and founder of JCVI and Diploid Genomics, Inc. (jcvi.org)
joshuark writes: The renowned genomics pioneer Dr. J. Craig Venter died on April 29, 2026, at age 79, following a brief hospitalization for unexpected side effects from cancer treatment.
Venter is best known for racing to sequence the human genome, founding the J. Craig Venter Institute (JCVI), and creating the first synthetic bacterial cell.
“Craig believed that science moves forward when people are willing to think differently, move decisively, and build what doesn’t yet exist,” said Anders Dale, president of JCVI. “His leadership and vision reshaped genomics and helped ignite synthetic biology. We will honor his legacy by continuing the mission he built—advancing genomic science, championing the public investments that make discovery possible, and partnering broadly to turn knowledge into impact.”
Venter is best known for racing to sequence the human genome, founding the J. Craig Venter Institute (JCVI), and creating the first synthetic bacterial cell.
“Craig believed that science moves forward when people are willing to think differently, move decisively, and build what doesn’t yet exist,” said Anders Dale, president of JCVI. “His leadership and vision reshaped genomics and helped ignite synthetic biology. We will honor his legacy by continuing the mission he built—advancing genomic science, championing the public investments that make discovery possible, and partnering broadly to turn knowledge into impact.”
Comment Apple is following Microsoft's approach (Score 1) 45
Apple is following Microsoft's approach, with the new office suite, that shows ads...so turning an Apple device into an ad machine...sound familiar?
--JoshK.
Comment Robert Cringely of "Accidental Empires"... (Score 1) 62
Robert Cringely of "Accidental Empires" wrote about how InfoWorld did scientific tests, and then the head of the AT&T PC division was shocked that they had done so. Cringely writes:
"Then Bob Kavner came to town, head of AT&T’s computer operation and the guy who invested $300 million of Ma Bell’s money in Sun Microsystems and then led AT&T’s hostile acquisition of NCR—yet another company that didn’t know its PC from a hole in the ground. Eating a cup of yogurt, Kavner asked why we gave his machines such bad scores in our product reviews. We’d tested the machines alongside competitors’ models and found that the Ma Bell units were poorly designed and badly built. They compared poorly, and we told him so. Kavner was amazed, both by the fact that his products were so bad and to learn that we ran scientific tests; he thought it was just an InfoWorld grudge against AT&T. Here’s a third-wave guy who was concentrating so hard on what was happening inside his own organization that he wasn’t even aware of how that organization fit into the real world or, for that matter, how the real world even worked. No wonder AT&T has done poorly as a personal computer company."
https://www.cringely.com/2013/...
Putting out "me too" products that fit with the corporate groupthink...or reverse "NIH" syndrome...
--Josh K.
Slashdot Top Deals
10 to the minus 6th power mouthwashes = 1 Microscope
