You can try 570 extinct operating systems at a new "virtual museum," according to a new article by ZDNet. Their reporter downloaded the ancient OS NeXTSTEP, and was "shocked" by how easy it was to run it, "and by the sheer number of operating systems to choose from." Essentially, what you do is download a zipped file, unzip it, change into the newly created directory, and run the executable. VirtualBox then opens to a Debian Linux instance, where you can select from a very long list of operating systems to run... You can run operating systems like Amiga, Apple I/II/III, Atari, Avigo, Commodore 64, Cray, DEC Alpha, Einstein, Game Boy Advance, GE 200, HP 3000, IBM 1130, iPod touch, Jupiter Ace, Lisa, Macintosh, MIPS-based SBCs, Neo, Newton, NeXT, NORC, Palm, and so many more. You can test the earliest mainframes, later mainframes and minicomputers, workstations and Unix variants, home computers, personal computer operating systems, mobile and embedded adOSes, and research-based and obscure systems. As far as Linux is concerned, you can run early Debian and its derivatives, Red Hat and its derivatives, early Slackware, and more...

There are two editions of the Virtual OS Museum: full and lite. The full edition is currently 174GB and includes everything you need to run these old-school operating systems. The full version does not require a network connection to run. The Lite version is only 14GB and requires an internet connection because it downloads the full OS image you want to use.
Gizmodo notes "this project is all the more remarkable for being the work of one man: Andrew Wartenkin, who has been collecting OS images for over two decades." Of course, Wartenkin didn't write all the emulation software himself, and he maintains a list of credits to give credit where it's due... The Museum itself runs in a virtual machine, which seems kinda fitting — it opens in a virtualized Linux installation and presents you with the full list of available operating systems.

Did you know someone has written a GUI for the Commodore 64? Neither did I! There are simulations of ancient mainframes, like the IBM 1130 (yours for the low, low price of $32,280 — or $41,230 with a disk drive — back in 1965).
There's also a YouTube channel.

Thanks to long-time Slashdot reader Z00L00Kfor sharing the news.

The Zig programming language wants to be a modern alternative to C (including better memory safety features). It's maintained by as an open-source project by a 501(c)(3) nonprofit and a network of contributors.

But Business Insider notes that Zig bans the submission of AI-assisted code: On the JetBrains podcast, Zig President Andrew Kelley called AI-assisted contributions "invariably garbage."

"People are sending us contributions that have no value whatsoever," Kelley said. "They have negative value, because they take review time away from the team...." There are more pull requests than reviewers. At the time of the recording, Kelley said that Zig had 200 open pull requests. Those AI-generated "slop contributions" slow the whole team down even more, Kelley said. "We've wasted everybody's time...."

Big Tech companies have projected lofty goals for the percentage of code that should be — and already is — written with AI. Zig doesn't have a mandate to be maximally efficient like these public companies. Instead, "mentorship" is part of its core mission, Kelley said, making AI contributions counterproductive. "We're all trying to get better at programming," Kelley said. "People who are sending AI pull requests, those people are not helping this goal."

A research team found "extensive changes" on brain scans of 13 young women taking GLP-1 drugs, reports the Washington Post: Within only a few months, the brain connections in the salience network, which helps target attention, had multiplied... ["We didn't expect to see this effect, and we really don't know what it means," said an assistant professor assisting the research.] Ozempic and other GLP-1 drugs were initially understood as a metabolism breakthrough: medicines that act like hormones to control hunger, blood sugar and weight. But as researchers probe deeper into how the drugs work, early evidence suggests that GLP-1s may also be reshaping parts of the brain.

Tens of millions of people are now taking the medications worldwide, turning what began as an obesity and diabetes treatment into what could be modern medicine's largest unplanned neuroscience experiments... Long before Oprah Winfrey and social media influencers helped popularize GLP-1 drugs, physician-scientist Lorenzo Leggio was studying them as a possible addiction treatment... Several major studies examining GLP-1 drugs on nicotine dependence, opioid- and cocaine-use disorders, gambling addiction and binge eating are also underway. "It's very exciting times, but we don't fully understand how it works," Leggio said...

As evidence has grown that inflammation, metabolism and mental health may be far more connected than scientists once believed, researchers have become intrigued by patients who say GLP-1 drugs appear to ease anxiety, compulsive thinking and emotional distress. Daniel Drucker, a University of Toronto researcher and GLP-1 drug pioneer who receives funding from several drugmakers, said researchers are investigating the medications across a variety of psychiatric and neurological conditions, though none are approved for them. "We have so many anecdotal reports: They were treated for blood sugar and then they felt much happier. Or they took one dose of the drug and their brain fog cleared," he said.
The article suggests social media complaints "raise deeper questions about what, exactly, these drugs are changing.

"If GLP-1s alter the brain systems involved in reward, craving and motivation, researchers wonder, where is the line between quieting a person's destructive impulses and reshaping personality itself?"

An anonymous reader quotes a report from Ars Technica: Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices. The technique, laid out in a research paper (PDF), exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.

The attack that FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs -- even on other browsers -- and the apps that were open on the visitor's device. FROST requires no interaction from the visitor other than opening the site hosting the attack. [...] Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that's reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor.

While each file system is sandboxed, meaning it's isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network -- a system that uses deep learning to analyze text, audio, and images -- the attacker can deduce various apps and websites open on the device. "The attacker continuously measures SSD contention by performing random reads from a large OPFS file," the researchers explained. "SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model."

An anonymous reader quotes a report from the BBC: Internet access has started to be restored in Iran after being cut off almost three months ago, the country's first vice-president has said. "The first step toward free and regulated access to cyberspace has been taken," Mohammad Reza Aref wrote on X on Tuesday. Internet monitoring groups Netblocks and Kentik reported "partial" restoration around 13:00 GMT, though the latter warned most networks were still down.

The Iranian government cut internet access following the launch of US and Israeli attacks on February 28. Officials suggested the aim was to prevent surveillance, espionage and cyber-attacks. It is one of the longest-running national internet shutdowns ever recorded worldwide. A content creator from Tehran told the BBC that he had been able to connect to the internet using his home WiFi on Tuesday. "The main point is, some of my income will come back," he said.

Netblocks said it was unclear whether the internet return would be sustained, and told the BBC it was consistent with what it had seen when previous blackouts were lifted -- where restoration could take hours. "Access is not universally back to its original state, with some regional variation," said the global internet tracker's research director Isik Mater on Tuesday. She added that there were signs of "more extensive filtering" than prior to January -- when a similar blackout was imposed during the regime's deadly crackdown on anti-government protests -- "including additional restrictions to messaging apps like WhatsApp."

"The expansion of SpaceX's Starlink network of internet relay satellites continued Monday with a Memorial Day launch from Cape Canaveral Space Force Station," reports Spaceflight Now. The mission added another 29 Starlink satellites to more than 10,000 already in low Earth orbit: This was SpaceX's 60th orbital flight of the year, consisting of 59 Falcon 9 rockets and one Falcon Heavy rocket...

Nearly 8.5 minutes after liftoff, [Falcon 9 first stage] B1078 landed on the drone ship, 'A Shortfall of Gravitas,' positioned in the Atlantic Ocean off the coast of South Carolina. This was the 151st landing for this vessel and the 614th booster landing to date for SpaceX.

Meanwhile, the second stage shut down eight minutes and 39 seconds into flight and entered a coast phase, before short second burn at T+52 minutes. The stack of Starlink satellites deployed 61 minutes and 26 seconds after launch.
On X.com SpaceX shared footage of the booster rocket landing, and a longer video showing Starship's 12th test flight Friday.

Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks.
Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," writes SecurityWeek, "while forcing a request to the IP address of another tenant on the same shared edge." The mismatch, ADAMnetworks reports, has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting...

Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.

The Free Software Foundation announced this week that "its global call for free software supporters to organize LibreLocals this May resulted in free software supporters organizing forty-six LibreLocal events on six continents thus far." (And new dates and locations are being added daily.) The FSF invited free software supporters to organize in-person community meetups in their area during May 2026, or LibreLocal month, to bring people together to swap ideas, learn from each other, and celebrate free software. People were encouraged to organize events grounded in freedom to help spread the free software philosophy.... "The success of these LibreLocals speaks to how many people globally are interested in free software and ready to build community, and it demonstrates the strength of our movement" [said FSF executive director Zoë Kooyman]. "People getting together like this also proves how computer freedom and digital rights are on people's minds. When we reject freedom-restricting software and promote software that respects user rights, it helps further so many other basic rights...."

The FSF has financially supported some of the events, but notes organizers are going above and beyond to create noteworthy events by any measure, and is impressed with the global network taking shape. "The energy we feel from all organizers is extremely motivating and we look forward to seeing LibreLocal events spread even wider over the next years! We want to support these initiatives even more, so we'll be looking to build a network of sponsors for future iterations as we work towards May 2027," says Heshan de Silva-Weeramuni, FSF program manager... William Goodspeed, the organizer behind the Beijing LibreLocal, reported that their meetup was double the size of last year's, and a number of very rich collaborative projects have emerged among the attendees.

Discussing the value of connecting people, de Silva-Weeramuni notes: "Free software supporters know that connecting with each other leads them to learn, experiment, and create great things that protect our individual and shared rights. The extraordinary contributions that free software has made to the world were born through such collaborations between like-minded people towards a freer society. This same global spirit of collectively building a better future is one of the inspiring things that we have once again seen unfold through this year's many LibreLocals."

Trump Mobile confirmed that a third-party platform exposed customers' personal data to the open internet. The data included names, email addresses, mailing addresses, phone numbers, and order IDs. TechCrunch reports: Chris Walker, a spokesperson for the Trump-branded phone maker, told TechCrunch that the company is investigating the exposure and has not found evidence that content or financial information spilled online. The company said there was no breach of Trump Mobile's network, systems, or infrastructure. Walker said that the exposure was linked to a third-party platform provider that supports "certain Trump Mobile operations." He did not name the provider.

[...] On Wednesday, two YouTubers who ordered Trump Mobile's phone said a researcher alerted them that their personal information was exposed online. The YouTubers Coffeezilla and penguinz0 said they tried to alert Trump Mobile of the exposure after the researcher also tried but to no avail. Walker said Trump Mobile is evaluating whether it needs to notify customers of the exposure of their personal data. Further reading: Trump Phones Start Shipping - But Were There Really 600,000 Preorders?

An anonymous reader quotes a report from Reuters: AT&T on Wednesday filed suit (PDF) against California officials seeking a court order declaring it does not have to continue offering traditional copper wire phone service to new customers as it vowed to spend $19 billion on modern telecom services. California requires the U.S. wireless carrier to spend $1 billion annually to maintain a century-old telephone network that few use, AT&T said, saying the network now serves just 3% of households in AT&T's California territory.

AT&T's suit named the California Public Utilities Commission and the state attorney general. AT&T said it is committing to investing $19 billion in California as it works to connect more than 4 million additional households and businesses across California by 2030 and added IP-based networks are far more reliable and efficient. AT&T also Wednesday asked the Federal Communications Commission for permission to discontinue traditional phone service in parts of California where it has faster, more reliable service available. It also filed a petition with the FCC to declare that California's rules that effectively require AT&T to power, repair and sell traditional phone service, even after the FCC has authorized the service to be phased out, are preempted by federal standards.

AT&T added that transitioning from copper will save an estimated 300 million kilowatt-hours annually by 2030 or the equivalent of eliminating emissions from 17 million gallons of gasoline. The company added that California has already suffered about 2,000 outages from copper thefts this year and it struggles to find replacement parts. The federal government and virtually all states where AT&T historically offered copper-wire service "have now eliminated outdated regulatory obstacles" allowing AT&T to begin powering down its old network and increasing its investments in modern communication technologies, the company said in its lawsuit filed in U.S. District Court in southern California.

Thousands of Chicago-area Zillow and Trulia listings disappeared after Midwest Real Estate Data cut off Zillow's access to its feed, "in the latest escalation of a legal battle with Lisle-based Midwest Real Estate Data (MRED)," reports the Chicago Sun-Times. "The fight is over MRED's private listing network, where homes for sale are shared among real estate professionals. And MRED followed through on a threat to cut Zillow's access to its listing data feed." From the report: There were nearly 5,000 Chicago homes listed on Zillow Tuesday, but as of Wednesday afternoon, that number plummeted to about 1,700. Meanwhile, other listing sites like Redfin and Realtor.com show about 5,000 to 8,000 listings in Chicago. MRED manages listings -- submitted by brokers -- throughout Illinois, as well as parts of Wisconsin and Indiana. The regional multiple listing service has more than 43,000 members and processed more than 264,000 listings worth $43 billion in 2025. The loss of listings on Zillow's websites have made a behind-the-scenes real estate industry fight public. And it now hinders some consumers in their search to buy a home, while also limiting the marketing opportunity for sellers. The legal fight is basically over who gets to control how home listings are marketed and displayed online.

Zillow recently adopted a rule saying that if a home is marketed privately, such as behind a paywall, login, or private listing network, it should not also appear on Zillow. The policy, the real estate marketplace says, is meant to discourage "pocket listings," preserve transparency, and make sure buyers can see the full market.

MRED sees it differently. It expanded its private listing network and partnered with Compass, which wants to give sellers more control over whether their homes are broadly publicized or marketed privately first. MRED argues that Zillow is violating MLS rules and licensing agreements by refusing to display certain listings, including private Compass listings. Consumers are now caught in the middle...

An anonymous reader quotes a report from Ars Technica: Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background. An attacker can use the exploit to create a connection for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks. Depending on the browser, the connections either reopen or remain open even after it or the device running it has rebooted.

The unfixed vulnerability can be exploited by any website a user visits. In effect, a compromise amounts to a limited backdoor that makes a device part of a limited botnet. The capabilities are limited to the same things a browser can do, such as visit malicious sites, provide anonymous proxy browsing by others, enable proxied DDoS attacks, and monitor user activity. Nonetheless, the exploit could allow an attacker to wrangle thousands, possibly millions, of devices into a network. Once a separate vulnerability becomes available, the attacker could use it to then compromise all those devices.

"The dangerous part here is that you can just have a lot of different browsers together that you can in the future run something on that you figure out," said Lyra Rebane, the independent researcher who discovered the vulnerability and privately reported it to Google in late 2022 in an interview. He said using the exploit code Google prematurely published would be "pretty easy," although scaling it to wrangle large numbers of devices into a single network would require more work. In the thread of Rebane's disclosure to Google, two developers said in separate responses that it was a "serious vulnerability." Its severity was rated S1, the second-highest classification.

Since its reporting 29 months ago, the vulnerability remained unknown except to Chromium developers. Then on Wednesday morning, it was published to the Chromium bug tracker. Rebane initially assumed the vulnerability was finally fixed. Shortly thereafter, he learned that, in fact, it remained unpatched. While Google removed the post, it remains available on archival sites, along with the exploit code. Google representatives didn't immediately respond to an email asking how and why it published the vulnerability and if or when a fix would become available. The exploit works by abusing Chromium's Browser Fetch API to open a service worker that remains persistently active. A malicious website can trigger it through JavaScript, creating a connection that can be used "for monitoring some aspects of a user's browser usage and as a proxy for viewing sites and launching denial-of-service attacks," reports Ars.

Depending on the browser, those connections "either reopen or remain open even after it or the device running it has rebooted," effectively turning the device into part of a "limited botnet."

The FBI is seeking up to $36 million for nationwide access to automated license plate reader (ALPRs) data, which could let it query vehicle movements across the U.S. and its territories through a commercial database. 404 Media reports: "The FBI has a crucial need for accessible LPRs to provide a diverse and reliable range of collections across the United States. This data should be available across major highways and in an array of locations for maximum usefulness to law enforcement," a statement of work, which describes what data the FBI is seeking access to, reads. ALPR cameras generally work by constantly scanning the color, brand, model, and license plate of vehicles that drive by. This creates a timestamped record of where a particular vehicle was at a specific time that law enforcement can then query, effectively letting them see exactly where someone drove across time. The technology has existed for decades, but has become more pervasive in recent years.

The FBI says it is looking for a vendor that will let it log into a Software-as-a-Service system and then query the collected ALPR data with license plate information, a description of the vehicle, a time or date, and geolocation information. The FBI says it is looking for ALPR coverage in the following areas: Eastern 48 (East of the Mississippi River); Western 48 (West of the Mississippi River); Hawaii; Puerto Rico; Alaska; and outlying areas such as Guam, the U.S. Virgin Islands, or Tribal Territories. In effect, the FBI is looking for ALPR data nationwide and even beyond. An attached price template indicates the FBI is willing to pay $6 million for each of those broad areas, bringing the total to $36 million.

The FBI says it intends to award the contract to a single vendor, but if any such vendor is unable to fulfill all of the requirements, the agency may award the contract to up to two vendors. The contract is specifically for the FBI's Directorate of Intelligence, which oversees the agency's intelligence mission. The FBI is not only a law enforcement agency, but also part of the Intelligence Community. The report notes that the contract appears aimed at vendors like Flock or Motorola Solutions, since they're some of the only companies able to provide the sort of data the FBI is seeking.

Further reading: Small Town Fights Over Flock's AI-Enhanced Network of License Plate-Reading Cameras

Meta is expected to begin cutting about 8,000 jobs this week as it pours more money into AI infrastructure and looks to "offset" other investments, with additional layoffs reportedly possible later this year. According to CNBC, the morale has worsened inside the company. "Internally, there's an emerging sense of dread across wide swaths of the company," the report says, citing current and former Meta employees. "That's in part because more cuts are expected this year, including a potential round of layoffs in August, followed by another round later in the year, some of the sources said." From the report: [...] Whatever anxiety investors are experiencing, the feelings inside the company are more intense, with some longtime staffers questioning Meta's AI pursuits under AI chief Alexandr Wang, while also weighing if now is the time to leave for opportunities at other companies in the AI race, according to current and former employees. Data aggregated by Blind, an anonymous professional network that requires users to verify their employment with a work email address, reveals some of the internal malaise. Meta's overall rating by employees on Blind has declined 25% from a peak in the second quarter of 2024 to the current period, with a 39% drop in its culture rating. In every category other than compensation, Meta has seen a ratings decline and dramatically underperforms rivals Amazon, Google and Netflix, the Blind data reveals.

The company's full-court press with AI included the recent debut of an employee tracking tool intended to collect data from staffers' actions, such as mouse movements and keystrokes on their work computers. The Model Capability Initiative, or MCI, as it's called, is part of Meta's efforts to train AI models to power digital agents that can perform various coding and white-collar tasks. Employees have characterized the data tracking tool as "dystopian," according to messages viewed by CNBC, with some workers expressing fear that personal information could be leaked. Some Meta workers have noted that their workplace computers appear slower since the company initiated the project, adding to their frustration, sources said.

Meta workers responded by creating an online petition that urges Zuckerberg and leadership to shutter the project. "Collecting and repurposing this kind of data raises serious concerns around privacy, consent, and trust in the workplace," the petition says. "It should not be the norm that companies of any size are permitted to exploit their employees by nonconsensually extracting their data for the purposes of AI training." Further reading: NYT: 'Meta's Embrace of AI Is Making Its Employees Miserable'

An anonymous reader quotes a report from the New York Times: The World Health Organization declared on Saturday that the spread of the Ebola virus in the Democratic Republic of Congo and Uganda was a global health emergency. The announcement was made a day after Africa's leading public health authority reported that an outbreak in a province in the northeast of the country was linked to dozens of suspected deaths. By Saturday, cases had also been confirmed in Kampala, the capital of Uganda, the W.H.O. said.

In Congo's Ituri province, where the outbreak was first identified, 246 suspected cases and 80 deaths attributed to the virus had been reported, although only eight cases had been definitively linked to the virus through laboratory testing. There is no approved vaccine and no therapeutics for the Bundibugyo species of Ebola behind the outbreak, according to the W.H.O. The scale of the outbreak could be far larger than has been detected and reported, the W.H.O. said in declaring a "public health emergency of international concern." It added that there were "significant uncertainties" about the precise number of people infected and the "geographic spread."

The W.H.O.'s declaration signals a public health risk requiring a coordinated international response, and is intended to prompt member countries to prepare for the virus to spread and to share vaccines, treatments and other resources needed to contain the outbreak. [...] The risk of the outbreak spreading is exacerbated by a humanitarian crisis, high population mobility and a large network of informal health care facilities in the area, the agency said. Containing an Ebola outbreak depends on the speed and scale of the public health response. The virus is transmitted through direct contact with the bodily fluids of an infected person, putting family members and caregivers at particular risk. Tracing people who may have come into contact with sufferers, isolating and treating victims promptly and safely, and burying the dead properly are all viewed as critical steps.

160 miles north of New York City, a man was convicted of manslaughter "with the help of license plate reader technology," reports a local news station. In the small town of Troy (population: 51,000), the mayor described the cameras as "a critical tool" in that investigation. But locals and city officials "have raised concerns about who can access the data collected locally, along with data security, privacy invasions and use by federal authorities, including U.S. Immigration and Customs Enforcement, reports WNYT: When Troy's contract came up for renewal, Mayor Carmella Mantello wanted to keep paying Flock and the council paused payments. The mayor then issued a public safety emergency declaration to keep the license plate readers active. The council has filed a lawsuit to overturn that..."If this illegal emergency order is left unchallenged, we give this mayor and any future mayor regardless of their political party or ideology, unchecked authority to issue an emergency declaration whenever they disagree with the council on any issue," [said Troy council president Sue Steele].
"The technology that's in place today is not the technology of six years ago," council president Steele told another local news station. "We have AI, we have rapidly changing and advancing technology. So that begs the need for regulations to protect certain data." The American Civil Liberties Union warns that Flock will use AI to let law enforcement search its trove of videos. But "Listen, if it was infringing on people's rights, people's liberties, we'd be the first to get rid of it. We have safeguards in place," [mayor] Mantello responded. Mantello noted that data captured by Troy's Flock cameras is only being shared with other local municipalities.

Steele said the data had been shared nationally until she and other elected officials raised concerns. "As far as sharing with local law enforcement, that's necessary in the normal course of investigations. The concern is what Flock does with this data: sharing it with ICE, for instance, and other nefarious outlets," Steele said.
As the debate continues over the small city's 26 Flock cameras, a columnist in Albany wrote that "it's a good thing. We should be asking questions about the growing surveillance state. We should be debating whether this is the future we want." As the American Civil Liberties Union noted, [Flock] has quietly built a broad mass-surveillance infrastructure, with cameras installed in 5,000 communities around the country, and is continually expanding how that network is used. Did we ask for that? Did we vote for it? Not really. The cameras have been installed in municipality after municipality, mostly with little discussion or controversy, which makes us like the proverbial frogs who didn't notice the water getting warmer until it was boiling. Suddenly, surveillance cameras are everywhere; we're always being watched...

[T]he City Council's Democratic majority is considering legislation that, among other steps, would require that data collected by the cameras be generally deleted after 48 hours and that the city be more transparent about how the cameras are used.
The controversy and pushback continues to draw local coverage. The mayor complains the proposed rules restricts the cameras "almost exclusively to cases involving individuals with outstanding felony arrest warrants or situations where officers can determine in advance that an incident will result in a felony charge... This is beyond reckless."

But the Albany columnist still argues many of America's Flock cameras are unnecessary and are "being installed just because... It's worth considering where this might lead and whether the future we're installing is the future we want."

Forbes describes it as "definitely already out there, and under active exploitation according to the U.S. Cybersecurity and Infrastructure Security Agency, urging all organizations to prioritize timely remediation as the attack vector poses a significant risk."

"We have issued CVE-2026-42897 to address a spoofing vulnerability affecting Exchange Outlook Web Access (OWA)," Microsoft told SecurityWeek. "We recommend customers enable EEMS to be better protected, and to follow our guidance available here." Microsoft this week patched 137 vulnerabilities with its Patch Tuesday updates and the cybersecurity industry was surprised to see that the latest updates did not address any zero-days. However, a zero-day was disclosed just 48 hours later, on May 14... described as a spoofing and XSS issue affecting Exchange Server Subscription Edition, 2016, and 2019. "Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network," Microsoft said in its advisory.

The company noted that the vulnerability affects Exchange Outlook Web Access (OWA) and an attacker can exploit it by sending a specially crafted email to the targeted user. "If the user opens the email in Outlook Web Access and certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context," Microsoft explained.
CSO Online shares more details. "Admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service." - OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client.

- Inline images might not display correctly in the recipient's OWA reading pane. As a workaround, send images as email attachments or use Outlook Desktop client...

- Admins may get a message saying "Mitigation invalid for this Exchange version." in mitigation details. This issue is cosmetic and the mitigation does apply successfully if the status is shown as "Applied". Microsoft is investigating how to address this glitch.
Forbes notes "It's been something of a rough few days for Microsoft Exchange on the security vulnerability front," since this week also saw a zero-day demonstrated at the Pwn2Own Berlin hacking event, "which has been responsibly disclosed and not released into the wild." The Berlin event got off to a flying start on May 14 as Windows 11 was hit by no less than three zero-day exploits. On day two, hacking teams were no less successful, chaining together three new vulnerabilities in Microsoft Exchange in order to achieve the holy grail of SYSTEM-level remote code execution. Such was the level of this achievement that Orange Tsai from the DEVCORE Research Team was rewarded with a $200,000 bounty payment in return for immediately handing over all the technical details to the event organizers.
"This is, in fact, good news," Forbes writes, since "full details of the vulnerabilities underlying the exploits, along with the technical nature of the exploit code itself, will be handed over to Microsoft, which will then have 90 days to provide a fix before any details are made public."

USA Today reports: Trump Mobile phones are being shipped this week, the company exclusively confirmed to USA TODAY in an email May 11.... The company's first smartphone — the T1 Phone — was originally scheduled for release in August. However, the golden gadget's release was later delayed to October before being pushed back again to this week. Now, Trump Mobile CEO Pat O'Brien told USA TODAY, pre-ordered phones will start getting sent out to customers this week... O'Brien said the company anticipates all pre-ordered phones to be delivered within the next several weeks... The company's 5G "47 Plan" is available for $47.45 a month, a nod to President Donald Trump's two presidential terms, according to the website... Customers will also have Trump(SM) displayed as the status bar in their network.
The Verge reported the phone was added last week to Google's public list of devices certified for Google Play, "usually one of the final steps before an Android phone is launched." Trump Mobile may have broken radio silence partly in response to a recent wave of media coverage alleging that buyers had received emails notifying them that their preorders had been canceled, coverage that even made it onto Stephen Colbert's The Late Show... [T]here's seemingly no evidence of the alleged cancellation emails beyond unverified social media claims. In January The Verge also questioned reports that 600,000 people preordered the Trump phone with a $100 deposit. "I can't find a shred of evidence that this figure is true," calling it "a microcosm of how the modern media landscape and AI chatbots can combine to give falsities the sheen of respectability." I first saw the figure in, of all places, the Threads feed of California governor Gavin Newsom's press office, which had shared a screenshot of a tweet of a Grok summary making the claim. Trustworthy, right? The Grok post cites "reports from sources like Fortune, NPR, and The Guardian" for the 600,000 preorders, but a quick search of their recent output shows no sign of the number... India's Economic Times and Hindustan Times both reported a more specific figure of 590,000 preorders, referencing an unspecified Associated Press report as the source. [The Associated Press] VP of corporate communications, Lauren Easton, confirmed to me that "AP's original stories never contained such a number...."

Hindustan Times writer Shamik Banerjee called the citation "a typo," and told me that the figure was in fact taken from The Times of India. The Times of India story, which is bylined only to the newspaper's lifestyle desk, is more transparent in its sourcing: a viral post by a meme account... It's been covered by multiple publications, now presented as fact on MSN.com and tech site Phone Arena. And that coverage has helped it to filter into the chatbots and not just Grok — Gemini and ChatGPT were both happy to confirm to me that 600,000 T1 Phones have been ordered so far, the former falsely attributing the number to the Associated Press, and the latter to Phone Arena.

As for how many Trump Phone preorders have actually been placed? No one outside the company knows.

What's going on with the U.S. job market? "The economy is growing. Unemployment is low," notes the Washington Post. "And yet, for millions of workers, finding a job has become harder than at almost any other point in decades," with the hiring rate "well below pre-pandemic levels for more than a year."

Part of the problem? "Of the net 369,000 positions added across the entire economy since the start of 2025, health care alone accounted for nearly 800,000 — meaning every other sector, taken together, shed jobs." By the end of 2025 nearly half of college graduates ages 22 to 27 were working at jobs that didn't require a degree, according to stats from New York's Federal Reserve Bank. The headline unemployment rate, at 4.2%, looks healthy. But that figure has been buoyed by a shrinking labor force: Fewer people are actively looking for work, which keeps the rate down even as hiring slows...

[Some large tech companies] are trying to recalibrate after their hiring sprees of 2021 and 2022, when many had raised pay, offered flexible schedules and signed people quickly... Higher interest rates have also made expansion more expensive, pushing many firms to invest in technology rather than headcount. Another reason hiring has slowed is uncertainty about AI. Even though the technology has not yet replaced large numbers of workers, it is already shaping how companies think about hiring. "I don't think this is AI displacement," said Ben Zweig, chief executive of Revelio Labs, a workforce data company. "What we're seeing is anticipatory." Instead of rushing to bring on new workers, some firms are waiting to see how the technology evolves and which tasks it will eventually take over.
A 39-year-old web developer tells the Post it took 453 job applications to get a handful of interviews and two offers. And a journalism school graduate said they'd sent hundreds of job applications but most led nowhere, and they're now couch-surfing to save money.

But the problem seems even worse for young people. One 18-year-old told the Post that in a year and a half of job searching, they'd yet to even meet an employer in person. The unemployment rate for people ages 22 to 27 who recently completed college hit 5.6% in the final months of 2025 — well above the 4.2% rate for all workers, according to national data from the Federal Reserve Bank of New York... At one point last summer, new workforce entrants made up a larger share of the unemployed than at any point since the late 1980s — higher even than during the Great Recession. When hiring slows, the door closes first on those without an existing foothold. For the class of 2026, the timing could hardly be worse.

"It is getting increasingly clear that young people are being more affected by AI than older workers," Zweig said. Companies are not eliminating jobs at scale, but many are slow to hire junior workers. At the same time, older workers are staying in the labor force longer, leaving fewer openings for new arrivals. Even when jobs are available, the bar has shifted. Positions once considered entry level now often require several years of experience, technical expertise and familiarity with AI tools. With fewer openings and more applicants, companies are holding out for candidates who can do the job immediately and need little training... Employers are also looking for a different mix of skills. An analysis of millions of job postings by Indeed found that communication skills now appear in nearly 42% of all listings, while leadership skills feature in nearly a third — capabilities that are harder to prove on a résumé and harder still to demonstrate without an existing professional network. Christine Beck, a career coach who works with early-career job seekers, said employers are asking more of the people they do hire.

AT&T, Verizon, and T-Mobile have agreed in principle to form a joint venture (JV) aimed at reducing U.S. mobile dead zones through satellite connectivity, especially in rural areas and during emergencies when ground networks fail. Here are three of the customer benefits listed by the JV (as highlighted by Droid Life): Fewer coverage gaps: Will nearly eliminate dead zones in the U.S. currently without mobile service, reaching previously unserved areas.
Reliable connectivity in emergencies: Redundant connectivity will become available when existing ground-based networks are unavailable due to extreme natural disasters or other unusual disruptions.
Improved network performance: Will give customers more consistent performance and simpler access to satellite services across providers. This will speed up feature updates and improve connectivity for everyone, everywhere. "It will still take time for these improvements to be available to customers, but this all seems like a positive step," writes Droid Life's Tim Wrobel.