Ruby on Rails creator and Basecamp CTO David Heinemeier Hansson, makes a case for why Google shouldn't be forced to sell Chrome: First, Chrome won the browser war fair and square by building a better surfboard for the internet. This wasn't some opportune acquisition. This was the result of grand investments, great technical prowess, and markets doing what they're supposed to do: rewarding the best. Besides, we have a million alternatives. Firefox still exists, so does Safari, so does the billion Chromium-based browsers like Brave and Edge. And we finally even have new engines on the way with the Ladybird browser.

Look, Google's trillion-dollar business depends on a thriving web that can be searched by Google.com, that can be plastered in AdSense, and that now can feed the wisdom of AI. Thus, Google's incredible work to further the web isn't an act of charity, it's of economic self-interest, and that's why it works. Capitalism doesn't run on benevolence, but incentives.

We want an 800-pound gorilla in the web's corner! Because Apple would love nothing better (despite the admirable work to keep up with Chrome by Team Safari) to see the web's capacity as an application platform diminished. As would every other owner of a proprietary application platform. Microsoft fought the web tooth and nail back in the 90s because they knew that a free, open application platform would undermine lock-in -- and it did!

"Google's DeepMind UK team reportedly seeks to unionize," reports TechCrunch: Around 300 London-based members of Google's AI-focused DeepMind team are seeking to unionize with the Communication Workers Union, according to a Financial Times report that cites three people involved with the unionization effort.

These DeepMind employees are reportedly unhappy about Google's decision to remove a pledge not to use AI for weapons or surveillance from its website. They're also concerned about the company's work with the Israeli military, including a $1.2 billion cloud computing contract that has prompted protests elsewhere at Google.
At least five DeepMind employees quit, according to the report (out of a 2,000 total U.K. staff members).

"A small group of around 200 employees of Google and its parent company Alphabet previously announced that they were unionizing," the article adds, "though as a union representing just a tiny slice of the total Google workforce, it lacked the ability to collectively bargain."

"Not so long ago, working in tech meant job security, extravagant perks and a bring-your-whole-self-to-the-office ethos rare in other industries," writes the Wall Street Journal.

But now tech work "looks like a regular job," with workers "contending with the constant fear of layoffs, longer hours and an ever-growing list of responsibilities for the same pay." Now employees find themselves doing the work of multiple laid-off colleagues. Some have lost jobs only to be rehired into positions that aren't eligible for raises or stock grants. Changing jobs used to be a surefire way to secure a raise; these days, asking for more money can lead to a job offer being withdrawn.

The shift in tech has been building slowly. For years, demand for workers outstripped supply, a dynamic that peaked during the Covid-19 pandemic. Big tech companies like Meta and Salesforce admitted they brought on too many employees. The ensuing downturn included mass layoffs that started in 2022...

[S]ome longtime tech employees say they no longer recognize the companies they work for. Management has become more focused on delivering the results Wall Street expects. Revenue remains strong for tech giants, but they're pouring resources into costly AI infrastructure, putting pressure on cash flow. With the industry all grown up, a heads-down, keep-quiet mentality has taken root, workers say... Tech workers are still well-paid compared with other sectors, but currently there's a split in the industry. Those working in AI — and especially those with Ph.D.s — are seeing their compensation packages soar. But those without AI experience are finding they're better off staying where they are, because companies aren't paying what they were a few years ago.
Other excepts from the Wall Street Journal's article:

• "I'm hearing of people having 30 direct reports," says David Markley, who spent seven years at Amazon and is now an executive coach for workers at large tech companies. "It's not because the companies don't have the money. In a lot of ways, it's because of AI and the narratives out there about how collapsing the organization is better...."

• In some cases, companies post record revenue while still trimming head count.

• Google co-founder Sergey Brin told a group of employees in February that 60 hours a week was the sweet spot of productivity, in comments reported earlier by the New York Times.

• One recruiter at Meta who had been laid off by the company was rehired into her old role last year, but with a catch: She's now classified as a "short-term employee." Her contract is eligible for renewal, but she doesn't get merit pay increases, promotions or stock. The recruiter says she's responsible for a volume of work that used to be spread among several people. The company refers to being loaded with such additional responsibilities as "agility."

• More than 50,000 tech workers from over 100 companies have been laid off in 2025, according to Layoffs.fyi, a website that tracks job cuts and crowdsources lists of laid off workers...

Even before those 50,000 layoffs in 2025, Silicon Valley's Mercury News was citing some interesting statistics from economic research/consulting firm Beacon Economics. In 2020, 2021 and 2022, the San Francisco Bay Area added 74,700 tech jobs But then in 2023 and 2024 the industry had slashed even more tech jobs -- 80,200 -- for a net loss (over five years) of 5,500.

So is there really a cutback in perks and a fear of layoffs that's casting a pall over the industry? share your own thoughts and experiences in the comments. Do you agree with the picture that's being painted by the Wall Street Journal?

They told their readers that tech workers are now "just like the rest of us: miserable at work."

"4chan, down for more than a week after hackers got in through an insecure script that handled PDFs, is back online," notes BoingBoing. (They add that Thursday saw 4chan's first blog postin years — just the words "Testing testing 123 123...") But 4chan posted a much longer explanation on Friday," confirming their servers were compromised by a malicious PDF upload from "a hacker using a UK IP address," granting access to their databases and administrative dashboard.

The attacker "spent several hours exfiltrating database tables and much of 4chan's source code. When they had finished downloading what they wanted, they began to vandalize 4chan at which point moderators became aware and 4chan's servers were halted, preventing further access." While not all of our servers were breached, the most important one was, and it was due to simply not updating old operating systems and code in a timely fashion. Ultimately this problem was caused by having insufficient skilled man-hours available to update our code and infrastructure, and being starved of money for years by advertisers, payment providers, and service providers who had succumbed to external pressure campaigns. We had begun a process of speccing new servers in late 2023. As many have suspected, until that time 4chan had been running on a set of servers purchased second-hand by moot a few weeks before his final Q&A [in 2015], as prior to then we simply were not in a financial position to consider such a large purchase. Advertisers and payment providers willing to work with 4chan are rare, and are quickly pressured by activists into cancelling their services. Putting together the money for new equipment took nearly a decade...

The free time that 4chan's development team had available to dedicate to 4chan was insufficient to update our software and infrastructure fast enough, and our luck ran out. However, we have not been idle during our nearly two weeks of downtime. The server that was breached has been replaced, with the operating system and code updated to the latest versions. PDF uploads have been temporarily disabled on those boards that supported them, but they will be back in the near future. One slow but much beloved board, /f/ — Flash, will not be returning however, as there is no realistic way to prevent similar exploits using .swf files.

We are bringing on additional volunteer developers to help keep up with the workload, and our team of volunteer janitors & moderators remains united despite the grievous violations some have suffered to their personal privacy.

4chan is back. No other website can replace it, or this community. No matter how hard it is, we are not giving up.

Slashdot reader itwbennett writes: Personal health information on 4.7 million Blue Shield California subscribers was unintentionally shared between Google Analytics and Google Ads between April 2021 and January 2025 due to a misconfiguration error. Security consultant and SANS Institute instructor Brandon Evans points to two lessons to take from this debacle:

- Read the documentation of any third party service you sign up for, to understand the security and privacy controls;
- Know what data is being collected from your organization, and what you don't want shared.

"If there is a concern by the organization that Google Ads would use this information, they should really consider whether or not they should be using a platform like Google Analytics in the first place," Evans says in the article. "Because from a technical perspective, there is nothing stopping Google from sharing the information across its platform...

"Google definitely gives you a great bunch of controls, but technically speaking, that data is within the walls of that organization, and it's impossible to know from the outside how that data is being used."

Microsoft has finally released Windows Recall to the general public, nearly a year after first announcing the controversial feature. Available exclusively on Copilot+ PCs, Recall continuously captures screenshots of user activity, storing them in a searchable database with extracted text. The feature's original launch was derailed by significant security concerns, as critics noted anyone with access to a Recall database could potentially view nearly everything done on the device.

Microsoft's revamped version addresses these issues with improved security protections, better content filtering for sensitive information, and crucially, making Recall opt-in rather than opt-out. The rollout includes two additional Copilot+ features: an improved Search function with natural language understanding, and "Click to Do," which enables text copying from images and quick summarization of on-screen content.

Microsoft will remove its Maps app from the Microsoft Store in July 2025, delivering an "update" that renders the application completely nonfunctional. Following the cutoff, users won't be able to reinstall the app even if previously downloaded, according to a Microsoft support document. While the app will retain personal data like saved navigation routes and map URLs, this information will become unusable after the deprecation.

The Maps application, a remnant from the Windows Phone and Windows 10 Mobile era, will disappear completely while Bing Maps will continue functioning as a web service through bing.com/maps. Microsoft hasn't provided specific reasoning for the decision to sunset the desktop application, which has existed as an increasingly anachronistic holdover from Microsoft's abandoned mobile platform efforts.

The iconic "You Wouldn't Steal a Car" anti-piracy campaign, which dramatically equated digital piracy with physical theft, appears to have used a pirated font in its own materials. New evidence indicates the campaign utilized "XBAND Rough," a free clone of the commercial "FF Confidential" font, which requires a license.

TorrentFreak independently confirmed campaign materials from 2005 embedded the XBAND Rough font rather than the original created by Just Van Rossum in 1992. Researchers discovered the font in PDF files hosted on the campaign's official website. Van Rossum, FF Confidential's creator, called the revelation "hilarious" when informed by TorrentFreak. "I knew my font was used for the campaign and that a pirated clone named XBand-Rough existed. I did not know that the campaign used XBand-Rough," he said.

Pete Koomen, a Y Combinator partner, argues that current AI applications often fail by unnecessarily constraining their underlying models, much like early automobiles that mimicked horse-drawn carriages rather than reimagining transportation. In his detailed critique, Koomen uses Gmail's AI email draft feature as a prime example. The tool generates formal, generic emails that don't match users' actual writing styles, often producing drafts longer than what users would naturally write.

The critical flaw, according to Koomen, is that users cannot customize the system prompt -- the instructions that tell the AI how to behave. "When an LLM agent is acting on my behalf I should be allowed to teach it how to do that by editing the System Prompt," Koomen writes. Koomen suggests AI is actually better at reading and transforming text than generating it. His vision for truly useful AI email tools involves automating mundane work -- categorizing, prioritizing, and drafting contextual replies based on personalized rules -- rather than simply generating content from scratch. The essay argues that developers should build "agent builders" instead of agents, allowing users to teach AI systems their preferences and patterns.

An anonymous reader quotes a report from Cybernews: Researchers at Cybernews have uncovered a major privacy breach involving WorkComposer, a workplace surveillance app used by over 200,000 people across countless companies. The app, designed to track productivity by logging activity and snapping regular screenshots of employees' screens, left over 21 million images exposed in an unsecured Amazon S3 bucket, broadcasting how workers go about their day frame by frame. The leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain login pages, credentials, API keys, and other sensitive information that could be exploited to attack businesses worldwide. After the company was contacted, access to the unsecured database was secured. An official comment has yet to be received.

An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Quest mapping software, which is used by, among others, hunters, athletes, and Russian personnel stationed in the war zone in Ukraine. The app displays various topographical maps for use online and offline. The trojanized Alpine Quest app is being pushed on a dedicated Telegram channel and in unofficial Android app repositories. The chief selling point of the trojanized app is that it provides a free version of Alpine Quest Pro, which is usually available only to paying users.

The malicious module is named Android.Spy.1292.origin. In a blog post, researchers at Russia-based security firm Dr.Web wrote: "Because Android.Spy.1292.origin is embedded into a copy of the genuine app, it looks and operates as the original, which allows it to stay undetected and execute malicious tasks for longer periods of time. Each time it is launched, the trojan collects and sends the following data to the C&C server:

- the user's mobile phone number and their accounts;
- contacts from the phonebook;
- the current date;
- the current geolocation;
- information about the files stored on the device;
- the app's version."

If there are files of interest to the threat actors, they can update the app with a module that steals them. The threat actors behind Android.Spy.1292.origin are particularly interested in confidential documents sent over Telegram and WhatsApp. They also show interest in the file locLog, the location log created by Alpine Quest. The modular design of the app makes it possible for it to receive additional updates that expand its capabilities even further.

The European Union has announced details of new mandatory labels for smartphones and tablets sold in the bloc, which include ratings for energy efficiency, durability, and repairability. From a report: Hardware will also have to meet new "ecodesign requirements" to be sold in the EU, including a requirement to make spare parts available for repair.

The labels, which will be required for any devices that go on sale from June 20th onwards, are similar to existing ones for home appliances and TVs. They display the product's energy efficiency rating, on a scale from A to G, along with battery life, the number of charge cycles the battery is rated for, letter grades for durability and repairability, and any applicable IP rating for protection from dust and water.

BrianFagioli writes: ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called "Curing" that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Analysts at UBS and Gartner have significantly reduced their growth forecasts for global PC and smartphone markets as a result of mounting pressures from trade tariffs and broader macroeconomic uncertainties that are expected to impact consumer demand through 2026. From a report: In a pair of research reports sent to their clients on Wednesday, UBS and Gartner revised down their global PC shipments forecast for 2025 and 2026 from previous estimates of 5% and 4% growth to just 2% for both years, citing the potential impact of trade policy and macroeconomic headwinds. The investment bank and Gartner also cut their global smartphone shipment growth forecast for 2025 to 1% (1,235 million units) from 2%, while reducing its 2026 projection from 1% growth to flat at 1,235 million units.

The outlook is particularly grim for the US market, which accounts for 24% of global PC units and 31% of global PC value. UBS expects the region to be disproportionately affected by tariff measures, projecting US PC demand could decline by 1.1% in 2025 before registering a modest 0.8% recovery in 2026, significantly underperforming compared to the mid-single-digit growth forecasts for other regions.

The UN warns that scam call centers, once concentrated in Southeast Asia, are rapidly expanding worldwide like a "cancer" as organized crime groups exploit weak governance in regions like Africa, South America, the Pacific Islands, and parts of Europe. The Register reports: Previous UN reports flagged growing activity in regions like South America and the Middle East. The latest update expands that scope, citing overseas crackdowns and evidence of scam operations tied to Southeast Asian crime syndicates in Africa, South Asia, select Pacific islands, and links to related criminal services -- such as laundering and recruitment -- as far as Europe, North America, and beyond. These spillover sites, as the UN calls them, allow Asian OCGs to expand their pool of victims by hiring/trafficking locals with different language skills and "dramatically scale up profits," according to the UN's latest report [PDF].

"We are seeing a global expansion of East and Southeast Asian organized crime groups," said Benedikt Hofmann, acting regional representative for Southeast Asia and the Pacific at the UN's Office on Drugs and Crime (UNODC). "This reflects both a natural expansion as the industry grows and seeks new ways and places to do business, but also a hedging strategy against future risks should disruption continue and intensify in the region." Previously, the hotspots for this type of activity have been in places like Myanmar, Cambodia, the Philippines, and Laos since 2021 when the UN and Interpol started tracking the phenomenon.

"It spreads like a cancer," Hofmann added. "Authorities treat it in one area, but the roots never disappear; they simply migrate. This has resulted in a situation in which the region has essentially become an interconnected ecosystem, driven by sophisticated syndicates freely exploiting vulnerabilities, jeopardizing state sovereignty, and distorting and corrupting policy-making processes and other government systems and institutions." The UN said these scam gangs typically relocate to jurisdictions with weak governance, allowing them to expand operations -- and rake in between $27.4 and $36.5 billion annually, according to estimates based on labour force size and average haul per scammer.

Logitech has quietly increased prices on several flagship products by as much as 25%, according to findings (video) by YouTuber Cameron Dougherty. The MX Master 3S mouse now costs $120, up 20% from its previous $100 price point, while the MX Keys S keyboard has jumped 18% to $130. The K400 Plus Wireless Touch keyboard saw the most dramatic percentage increase, rising from $28 to $35.

These price adjustments, implemented without formal announcement, come amid ongoing tariff pressures from the Trump administration affecting PC hardware manufacturers. Chinese electronics maker Anker also recently implemented similar increases, suggesting a broader industry trend.

Researchers have uncovered a new supply chain attack called Slopsquatting, where threat actors exploit hallucinated, non-existent package names generated by AI coding tools like GPT-4 and CodeLlama. These believable yet fake packages, representing almost 20% of the samples tested, can be registered by attackers to distribute malicious code. CSO Online reports: Slopsquatting, as researchers are calling it, is a term first coined by Seth Larson, a security developer-in-residence at Python Software Foundation (PSF), for its resemblance to the typosquatting technique. Instead of relying on a user's mistake, as in typosquats, threat actors rely on an AI model's mistake. A significant number of packages, amounting to 19.7% (205,000 packages), recommended in test samples were found to be fakes. Open-source models -- like DeepSeek and WizardCoder -- hallucinated more frequently, at 21.7% on average, compared to the commercial ones (5.2%) like GPT 4. Researchers found CodeLlama ( hallucinating over a third of the outputs) to be the worst offender, and GPT-4 Turbo ( just 3.59% hallucinations) to be the best performer.

These package hallucinations are particularly dangerous as they were found to be persistent, repetitive, and believable. When researchers reran 500 prompts that had previously produced hallucinated packages, 43% of hallucinations reappeared every time in 10 successive re-runs, with 58% of them appearing in more than one run. The study concluded that this persistence indicates "that the majority of hallucinations are not just random noise, but repeatable artifacts of how the models respond to certain prompts." This increases their value to attackers, it added. Additionally, these hallucinated package names were observed to be "semantically convincing." Thirty-eight percent of them had moderate string similarity to real packages, suggesting a similar naming structure. "Only 13% of hallucinations were simple off-by-one typos," Socket added. The research can found be in a paper on arXiv.org (PDF).

With more companies requiring workers to return to an office five days a week, "Anxiety is rising for some of the millions of people who identify as neurodivergent," writes the Washington Post.

They raise the possibility that "strict office mandates have the potential to deter neurodivergent people who may approach problems differently," the article notes — affecting peoiple "whose brains function differently, such as with ADHD, autism or dyslexia." While many neurodivergent people excel in an office, others struggle with sensory issues, an inability to focus and exhaustion, workers say... About a fifth of U.S. adults self-identify as neurodivergent, with a majority saying they always or usually feel that their brain works differently, according to a recent survey by research and analytics firm YouGov. They cite issues such as starting tasks before finishing others, being overwhelmed by social situations and struggling to focus...

Some neurodivergent workers discovered success working remotely during the pandemic and don't feel comfortable disclosing their diagnoses due to fear of and prior instances of discrimination. Sometimes being one of the few remote workers makes it easier to be forgotten.... Neurodivergent workers who spoke about their office struggles say even part-time remote work can be a game changer. They also wish leaders would seek input from them and trust them to get their work done.

TechCrunch looks at Mechanize, an ambitious new startup "whose founder — and the non-profit AI research organization he founded called Epoch — is being skewered on X..." Mechanize was launched on Thursday via a post on X by its founder, famed AI researcher Tamay Besiroglu. The startup's goal, Besiroglu wrote, is "the full automation of all work" and "the full automation of the economy."

Does that mean Mechanize is working to replace every human worker with an AI agent bot? Essentially, yes. The startup wants to provide the data, evaluations, and digital environments to make worker automation of any job possible. Besiroglu even calculated Mechanize's total addressable market by aggregating all the wages humans are currently paid. "The market potential here is absurdly large: workers in the US are paid around $18 trillion per year in aggregate. For the entire world, the number is over three times greater, around $60 trillion per year," he wrote.

Besiroglu did, however, clarify to TechCrunch that "our immediate focus is indeed on white-collar work" rather than manual labor jobs that would require robotics...

Besiroglu argues to the naysayers that having agents do all the work will actually enrich humans, not impoverish them, through "explosive economic growth." He points to a paper he published on the topic. "Completely automating labor could generate vast abundance, much higher standards of living, and new goods and services that we can't even imagine today," he told TechCrunch.
TechCrunch wonders how jobless humans will produce goods — and whether wealth will simply concentrate around whoever owns the agents.

But they do concede that Besiroglu may be right that "If each human worker has a personal crew of agents which helps them produce more work, economic abundance could follow..."

"Members of the CA/Browser Forum have voted to slash cert lifespans from the current one year to 47 days," reports Computerworld, "placing an added burden on enterprise IT staff who must ensure they are updated." In a move that will likely force IT to much more aggressively use web certificate automation services, the Certification Authority Browser Forum (CA/Browser Forum), a gathering of certificate issuers and suppliers of applications that use certificates, voted [last week] to radically slash the lifespan of the certificates that verify the ownership of sites.

The approved changes, which passed overwhelmingly, will be phased in gradually through March 2029, when the certs will only last 47 days.

This controversial change has been debated extensively for more than a year. The group's argument is that this will improve web security in various ways, but some have argued that the group's members have a strong alternative incentive, as they will be the ones earning more money due to this acceleration... Although the group voted overwhelmingly to approve the change, with zero "No" votes, not every member agreed with the decision; five members abstained...

In roughly one year, on March 15, 2026, the "maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The DCV reuse period reduces to 200 days," according to the passed ballot. The next year, on March 15, 2027, the "maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days." And on March 15, 2029, "maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days."
The changes "were primarily pushed by Apple," according to the article, partly to allow more effective reactions to possible changes in cryptography.

And Apple also wrote that the shift "reduces the risk of improper validation, the scope of improper validation perpetuation, and the opportunities for misissued certificates to negatively impact the ecosystem and its relying parties."

Thanks to Slashdot reader itwbennett for sharing the news.