NASA Administrator Jared Isaacman, who was confirmed by the Senate just last week after a turbulent nomination process that stretched across most of 2025, said Friday that the United States will return to the moon within President Donald Trump's second term. Isaacman made the comments during an interview on CNBC, calling Trump's recommitment to lunar exploration key to unlocking what he described as an "orbital economy." He said: "We want to have that opportunity to explore and realize the scientific, economic and national security potential on the moon," he said.

The potential opportunities include establishing space data centers and infrastructure on the moon, as well as mining Helium-3, a rare gas embedded in the lunar surface that could serve as fuel for fusion power. NASA is currently working on its Artemis campaign alongside SpaceX, Blue Origin, and Boeing. Trump's One Big Beautiful Bill Act allocated $9.9 billion to the agency earlier this year.

The Artemis II mission, NASA's first crewed test flight using the Space Launch System rocket and Orion spacecraft, is expected to launch in the near future. SpaceX is contracted to build the lunar landing system for the subsequent Artemis III mission. Isaacman was first nominated by Trump in December 2024 but had his nomination pulled in May over unspecified "prior associations." Trump renominated him in November.

An anonymous reader shares a report: A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'. BleepingComputer has found that multiple MAS users began reporting on Reddit yesterday that they received pop-up warnings on their systems about a Cosmali Loader infection.

Based on the reports, attackers have set up a look-alike domain, "get[dot]activate[dot]win," which closely resembles the legitimate one listed in the official MAS activation instructions, "get[dot]activated[dot]win." Given that the difference between the two is a single character ("d"), the attackers bet on users mistyping the domain.

The Trump administration has announced it would replace the lottery programme used to grant H-1B visas for skilled foreign workers with a system that prioritises higher-paid individuals. From a report: The Department of Homeland Security said it would begin to implement a "weighted" selection process to give an advantage to higher-skilled and higher-paid applicants from February, according to a statement posted on its website. Matthew Tragesser, Citizenship and Immigration Services spokesperson, said: "The existing random selection process of H-1B registrations was exploited and abused by US employers who were primarily seeking to import foreign workers at lower wages than they would pay American workers."

The move is the latest in a broad crackdown on US immigration by President Donald Trump, who has dramatically stepped up deportations of immigrants and sent enforcement agents into cities across the country to carry out arrests. The change also follows moves earlier this year to curb the number of applicants for the H-1B visa, which is popular among technology and professional services companies, including charging an additional $100,000 fee.

Beryl Howell, a federal judge on the US District Court for the District of Columbia, late on Tuesday ruled the White House could move forward with the application charge after the US Chamber of Commerce had sued in October to block the six-figure fee.

An anonymous reader quotes a report from TechCrunch: Across Uzbekistan, a network of about a hundred banks of high-resolution roadside cameras continuously scan vehicles' license plates and their occupants, sometimes thousands a day, looking for potential traffic violations. Cars running red lights, drivers not wearing their seatbelts, and unlicensed vehicles driving at night, to name a few. The driver of one of the most surveilled vehicles in the system was tracked over six months as he traveled between the eastern city of Chirchiq, through the capital Tashkent, and in the nearby settlement of Eshonguzar, often multiple times a week. We know this because the country's sprawling license plate-tracking surveillance system has been left exposed to the internet.

Security researcher Anurag Sen, who discovered the security lapse, found the license plate surveillance system exposed online without a password, allowing anyone access to the data within. It's not clear how long the surveillance system has been public, but artifacts from the system show that its database was set up in September 2024, and traffic monitoring began in mid-2025. The exposure offers a rare glimpse into how such national license plate surveillance systems work, the data they collect, and how they can be used to track the whereabouts of any one of the millions of people across an entire country. The lapse also reveals the security and privacy risks associated with the mass monitoring of vehicles and their owners, at a time when the United States is building up its nationwide array of license plate readers, many of which are provided by surveillance giant Flock.

An anonymous reader quotes a report from MarketWatch: ServiceNow announced a deal to acquire cybersecurity company Armis on Tuesday, marking a new milestone in the software giant's artificial-intelligence business strategy. The $7.75 billion all-cash transaction is part of ServiceNow's goal of advancing governance and trust in autonomous AI agents, and the company's largest transaction to date. "The acquisition of Armis will extend and enhance ServiceNow's Security, Risk, and [Operational Technology] portfolios in critical and fast-growing areas of cybersecurity and drive increased AI adoption by strengthening trust across businesses' connected environments," the company wrote in a press release.

While ServiceNow built its foundation IT service management products, the company has positioned itself as an "AI control tower" that orchestrates workflows across HR, customer service and security operations. Organizations today are operating in increasingly complex environments, with assets spanning from laptops and servers to smart grid devices, Gina Mastantuono, chief financial officer of ServiceNow, told MarketWatch on Tuesday. "But at the same time, cyber threats are becoming more sophisticated and more complex," she added.

ServiceNow's Security and Risk business crossed $1 billion in annual contract value earlier this year, and the Armis acquisition is expected to triple ServiceNow's market opportunity in the sector. Armis currently has over $340 million in annual recurring revenue, with growth exceeding 50% year-over-year, according to the press release. The Armis acquisition would allow ServiceNow to create an "end-to-end proactive cybersecurity exposure and operations stack that enables enterprises to see, decide and act across a business' entire technology footprint," Mastantuono said.

An anonymous reader shares a report: It's been more than eight years since Amazon bought Whole Foods, but the two companies still haven't aligned their setup for the Microsoft software their employees use. That disconnect was flagged in an 8-week Deloitte review of Whole Foods' use of Microsoft 365 apps earlier this year, according to an internal document obtained by Business Insider. Deloitte found that Whole Foods relies on "fragmented" Microsoft toolsets, has loose security and data-retention practices, and employs a complex user-management setup -- all of which contribute to inefficiencies and lower productivity when working with Amazon employees.

The consulting firm recommended a 24-month integration plan that would first move Whole Foods' corporate employees onto Amazon's backend system, followed by its frontline workers. The phased approach would ensure a "smooth transition for users and minimal disruption to business processes," while generating cost savings, the document said. The review, completed in May, highlights Amazon's ongoing challenges in integrating Whole Foods. Since acquiring the chain in 2017, the company has struggled to scale the business and integrate operations, resulting in frequent reorganizations and shifting strategic priorities.

Australia is on track for a significant expansion of desalination capacity -- converting seawater to freshwater -- to meet the needs of a swelling population at a time of declining average rainfall. From a report: The world's driest inhabited continent is projected to build or expand 11 desalination plants worth more than A$23 billion ($15 billion) over the next 10 years, according to a research report by Dominic McNally at Oxford Economics.

"Our population growth forecasts imply an additional 190GL/year in household water demand across major cities by 2035, while the booming data center industry also threatens to rapidly expand urban water use," he said. "This growing demand coincides with falling average rainfall in major population centers, increasing the vulnerability of existing infrastructure." Water construction activity slowed after 2010 as a severe drought receded. However, recent dry periods have reignited interest in water security and coincide with a new boom in water infrastructure investment, including desalination, McNally said.

The FCC has banned approval of new foreign-made drones and components, citing "an unacceptable risk" to national security. The move will most heavily impact DJI but it "does not affect drones or drone components that are currently sold in the United States." Reuters reports: The tech was placed on the commission's "Covered List," barring DJI and other foreign drone manufacturers from receiving the FCC's approval to sell new drone models for import or sale in the U.S. In Monday's announcement, the agency said that the move "will reduce the risk of direct [drone] attacks and disruptions, unauthorized surveillance, sensitive data exfiltration and other [drone] threats to the homeland."

FCC Chair Brendan Carr said in a statement that while drones offer the potential to boost public safety and the U.S.' posture on global innovation, "criminals, terrorists and hostile foreign actors have intensified their weaponization of these technologies, creating new and serious threats to our homeland."

The ruling comes as China hawks in Congress amplify warnings about the security risks of drones made by DJI, which accounts for more than 90% of the global market share. But efforts to crack down on Capitol Hill have been met with some pushback due to the potential impacts of curbing the drone usage on U.S. businesses and law enforcement. A wide variety of sectors, including construction, energy, agriculture and mining companies, as well as local police and fire departments across the country, deploy DJI-made drones.

An anonymous reader quotes a report from the Associated Press: With just three days to go before Christmas, a cyberattack knocked France's national postal service offline Monday, blocking and delaying package deliveries and online payments. The timing was miserable for millions of people at the height of the Christmas season, as frazzled postal workers fended off frustrated customers. No one immediately claimed responsibility, but suspicions abounded.

What the postal service La Poste called a ''major network incident'' remained unresolved by Monday evening, more than eight hours after it was first reported. For a company that delivered 2.6 billion packages last year and employs more than 200,000 people, that's a big hit. La Poste said in a statement that a distributed denial of service incident, or DDoS, "rendered its online services inaccessible." It said the incident had no impact on customer data, but disrupted package delivery. Letters, including holiday greeting cards, could still be mailed and delivered. But transactions requiring tracking or access to the postal service internal computer systems were impossible.

The cyberattack also hurt online banking. Customers of the company's banking arm, La Banque Postale, were blocked from using the application to approve payments or conduct other banking services. The bank redirected approvals to text messages instead. "Our teams are mobilized to resolve the situation quickly," the bank said in messages posted on social networks. The disruption came a week after France's government was targeted by a cyberattack that targeted the Interior Ministry, in charge of national security.

An anonymous reader quotes a report from Ars Technica: On Monday, the US Department of the Interior announced that it was pausing the leases on all five offshore wind sites currently under construction in the US. The move comes despite the fact that these projects already have installed significant hardware in the water and on land; one of them is nearly complete. In what appears to be an attempt to avoid legal scrutiny, the Interior is blaming the decisions on a classified report from the Department of Defense.

The second Trump administration announced its animosity toward offshore wind power literally on day one, issuing an executive order on inauguration day that called for a temporary halt to issuing permits for new projects pending a re-evaluation. Earlier this month, however, a judge vacated that executive order, noting that the government has shown no indication that it was even attempting to start the re-evaluation it said was needed. But a number of projects have gone through the entire permitting process, and construction has started. Before today, the administration had attempted to stop these in an erratic, halting manner. Empire Wind, an 800 MW farm being built off New York, was stopped by the Department of the Interior, which alleged that it had been rushed through permitting. That hold was lifted following lobbying and negotiations by New York and the project developer Orsted, and the Department of the Interior never revealed why it changed its mind. When the Interior Department blocked a second Orsted project, Revolution Wind offshore of southern New England, the company took the government to court and won a ruling that let it continue construction.

Today's announcement targets those and three other projects. Interior says it is pausing the permits for all five, which are the only projects currently under construction. It claims that offshore wind creates "national security risks" that were revealed in a recent analysis performed by the Department of Defense, which apparently neglected to identify these issues during the evaluations it did while the projects were first permitted. What are these risks? The Interior Department is being extremely coy. It notes that offshore wind turbines can interfere with radar sensing, but that's been known for a while. In announcing the decision, Interior Secretary Doug Burgum also noted "the rapid evolution of the relevant adversary technologies." But the announcement says that the Defense Department analysis is classified, meaning nobody is likely to know what the actual reason is -- presuming one exists. The classification will also make it far more challenging to contest this decision in court.

A group of activists has scraped Spotify's entire library, accessing 256 million rows of track metadata and 86 million audio files totaling roughly 300TB of data. The metadata has been released via Anna's Archive, a search engine for "shadow libraries" that previously focused on books.

Spotify described the activists as "anti-copyright extremists who've previously pirated content from YouTube and other platforms" and confirmed it is actively investigating the incident. The activists claim this represents "the world's first 'preservation archive' for music which is fully open" and covers "around 99.6% of listens."

They appear to have used Spotify's public web API to scrape the metadata and circumvented DRM to access audio files. Spotify insists that this is not a security breach affecting user data. Though the more pressing concern for the music industry may be AI training rather than pirate streaming services -- similar YouTube datasets have reportedly been used by unlicensed generative AI music services.

Tuesday the White House faces a deadline to decide "whether Chinese drone maker DJI Technologies poses a national security threat," reports Bloomberg. But their article notes it's "a decision with the potential to ground thousands of machines deployed by police and fire departments across the US."

One person making the case against the drones is Mike Nathe, a North Dakota Republican state representative described by the Post as "at the forefront of a nationwide campaign sounding alarms about the Made-in-China aircraft." Nathe tells them that "People do not realize the security issue with these drones, the amount of information that's being funneled back to China on a daily basis." The president already signed anexecutive orderin June targeting "foreign control or exploitation" of America's drone supply chain. That came after Congress mandated a review to determine whether DJI deserves inclusion in a federal register of companies believed to endanger national security. If DJI doesn't get a clean bill of health for Christmas, it could join Huawei Technologies Co. Ltd. and ZTE Corp.on that Federal Communications Commission list. The designation would give the Trump administration authority to prevent new domestic sales or even impose a flight ban, affecting public agencies from New York to North Dakota to Nevada...

The fleet used by public safety agencies nationwide exceeds about 25,000 aircraft, said Chris Fink, founder of Unmanned Vehicle Technologies LLC, a Fayetteville, Arkansas-based firm that advises law-enforcement clients. The overwhelming majority of those drones — called uncrewed aerial vehicles, or UAVs, in industry parlance — comes from China, said Jon Beal, president of theLaw Enforcement Drone Association, a training and advocacy group that counts DJI and some US competitors as corporate sponsors...

Currently, at least half a dozen states havetargeted DJIand other Chinese-manufactured drones, including restrictions in Arkansas, Mississippi and Tennessee. A Nevada law prohibiting public agencies from using Chinese drones took effect in January... Legislators also took up the cause in Connecticut, which passed a law this year preventing public offices from using Chinese drones. Supporters said they're worried about these eyes in the skies being used for spying. "We're kind of sitting ducks," said Bob Duff, the Democratic majority leader in the state senate who promoted the legislation. "They are designed to infiltrate systems even when the users don't think that they will."
One North Dakota sheriff's department complains U.S.-made drones are "at least double and triple the price out of the gate," according to the article, which adds that public safety officials "say it's difficult to find domestic alternatives that match DJI in price and performance."

And DJI "wants an extension on the security review," according to the article, "saying Tuesday is too soon to make a conclusion."

An anonymous reader shared this report from the site It's FOSS: Linux gives you plenty of ways to install software: native distro packages, Flatpak, Snap, AppImage, source builds, even curl-piped installers. The catch is that each one solves a different problem, yet none of them fully eliminates the "works here, breaks there" reality across all distros. Package Forge (PkgForge) is a new project with a narrower mission: deliver truly distro-independent portable applications that run the same way across systems....

It's not a new packaging format in and of itself, nor is it trying to replace AppImages. Instead, it's an ecosystem that publishes portable packages and static binaries in curated repositories, paired with a package manager designed to install and manage them. One of the ways PkgForge stands out from some portable app efforts on Linux is its focus on accessible documentation and a security-minded distribution model. The project primarily delivers prebuilt binary packages, keeps transparent build logs, and relies on checksum verification. This helps reduce the spread of ad-hoc install scripts and the need for local compilation, which has long been a common pattern when downloading Linux software directly (and still is for many projects today).

To make life easier for the end-user, the project maintains its own frontend, called Soar... which you can use like an additional package manager, and let it handle installation, updates, and system integration. It also allows you to search for apps and utilities without having to dig through the repos online. Alternatively, you can search the PkgForge repos manually, and download and manage individual portable packages on your own. This is preferable if you're building a portable toolkit on a USB drive, testing a single app temporarily, or simply want full control over where files live...

Even if it doesn't replace Flatpak, Snap, or AppImage, it helps give definition to what a more flexible, truly distro-independent future for portable Linux apps could look like.

"In the lead up to its Switch 2 console release, Nintendo updated its user agreement," writes the Free Software Foundation, warning that Nintendo now claims "broad authority to make consoles owned by its customers permanently unusable."

"Under Nintendo's most aggressive digital restrictions management (DRM) update to date, game console owners are now required to give Nintendo the unilateral right to revoke access to games, security updates, and the Internet, at its sole discretion." The new agreement states: "You acknowledge that if you fail to comply with [Nintendo's restrictions], Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part...."

There are probably other reasons that Nintendo has and will justify bricking game consoles, but here are some that we have seen reported:

— "Tampering" with hardware or software in pretty much any way;
— Attempting to play a back-up game;
— Playing a "used" game; or
— Use of a third-party game or accessory...


Nintendo's promise to block a user from using their game console isn't just an empty threat: it has already been wielded against many users. For example, within a month of the Switch 2's release, one user unknowingly purchased an open-box return that had been bricked, and despite functional hardware, it was unusable for many games. In another case, a user installing updates for game cartridges purchased via a digital marketplace had their console disabled. Though it's unclear exactly why they were banned, it's possible that the cartridge's previous owner made a copy and an online DRM check determined that the current and previous owner's use were both "fraudulent." The user only had their console released through appealing to Nintendo directly and providing evidence of their purchase, a laborious process.

Nintendo's new console banning spree is just one instance of the threat that nonfree software and DRM pose to users. DRM is but one injustice posed by nonfree software, and the target of the FSF's Defective by Design campaign. Like with all software, users ought to be able to freely copy, study, and modify the programs running on their devices. Proprietary software developers actively oppose and antagonize their users. In the case of Nintendo, this means punishing legitimate users and burdening them with proving that their use is "acceptable." Console users shouldn't have to tread so carefully with a console that they own, and should they misstep, beg Nintendo to allow them to use their consoles again.

One developer tells MIT Technology Review that AI tools weaken the coding instincts he used to have. And beyond that, "It's just not fun sitting there with my work being done for me."

But is AI making coders faster? "After speaking to more than 30 developers, technology executives, analysts, and researchers, MIT Technology Review found that the picture is not as straightforward as it might seem..." For some developers on the front lines, initial enthusiasm is waning as they bump up against the technology's limitations. And as a growing body of research suggests that the claimed productivity gains may be illusory, some are questioning whether the emperor is wearing any clothes.... Data from the developer analytics firm GitClear shows that most engineers are producing roughly 10% more durable code — code that isn't deleted or rewritten within weeks — since 2022, likely thanks to AI. But that gain has come with sharp declines in several measures of code quality. Stack Overflow's survey also found trust and positive sentiment toward AI tools falling significantly for the first time. And most provocatively, a July study by the nonprofit research organization Model Evaluation & Threat Research (METR) showed that while experienced developers believed AI made them 20% faster, objective tests showed they were actually 19% slower...

Developers interviewed by MIT Technology Review generally agree on where AI tools excel: producing "boilerplate code" (reusable chunks of code repeated in multiple places with little modification), writing tests, fixing bugs, and explaining unfamiliar code to new developers. Several noted that AI helps overcome the "blank page problem" by offering an imperfect first stab to get a developer's creative juices flowing. It can also let nontechnical colleagues quickly prototype software features, easing the load on already overworked engineers. These tasks can be tedious, and developers are typically glad to hand them off. But they represent only a small part of an experienced engineer's workload. For the more complex problems where engineers really earn their bread, many developers told MIT Technology Review, the tools face significant hurdles...

The models also just get things wrong. Like all LLMs, coding models are prone to "hallucinating" — it's an issue built into how they work. But because the code they output looks so polished, errors can be difficult to detect, says James Liu, director of software engineering at the advertising technology company Mediaocean. Put all these flaws together, and using these tools can feel a lot like pulling a lever on a one-armed bandit. "Some projects you get a 20x improvement in terms of speed or efficiency," says Liu. "On other things, it just falls flat on its face, and you spend all this time trying to coax it into granting you the wish that you wanted and it's just not going to..." There are also more specific security concerns, she says. Researchers have discovered a worrying class of hallucinations where models reference nonexistent software packages in their code. Attackers can exploit this by creating packages with those names that harbor vulnerabilities, which the model or developer may then unwittingly incorporate into software.
Other key points from the article:

• LLMs can only hold limited amounts of information in context windows, so "they struggle to parse large code bases and are prone to forgetting what they're doing on longer tasks."

• "While an LLM-generated response to a problem may work in isolation, software is made up of hundreds of interconnected modules. If these aren't built with consideration for other parts of the software, it can quickly lead to a tangled, inconsistent code base that's hard for humans to parse and, more important, to maintain."

• "Accumulating technical debt is inevitable in most projects, but AI tools make it much easier for time-pressured engineers to cut corners, says GitClear's Harding. And GitClear's data suggests this is happening at scale..."

• "As models improve, the code they produce is becoming increasingly verbose and complex, says Tariq Shaukat, CEO of Sonar, which makes tools for checking code quality. This is driving down the number of obvious bugs and security vulnerabilities, he says, but at the cost of increasing the number of 'code smells' — harder-to-pinpoint flaws that lead to maintenance problems and technical debt."

Yet the article cites a recent Stanford University study that found employment among software developers aged 22 to 25 dropped nearly 20% between 2022 and 2025, "coinciding with the rise of AI-powered coding tools."

The story is part of MIT Technology Review's new Hype Correction series of articles about AI.

"Yet another distro is making the move to the KDE Plasma desktop," writes Linux magazine.

"Parrot OS, a security-focused Linux distribution, is migrating from MATE to KDE Plasma, starting with version 7.0, now available in beta." Based on Debian 13, Parrot OS's goal is a shift toward "modernization, focusing on clearing technical debt and future-proofing the system." One big under-the-hood change is that the/tmpdirectory is now automatically mounted astmpfs(in RAM), as opposed to the physical drive. By making this change, Parrot OS enjoys improved performance and reduces wear on SSDs. This shift also means that all data in/tmpis lost during a reboot.
ParrotOS senior systems engineer Dario Camonita explains the change in a blog post, calling it "not only aesthetic, but also in terms of usability and greater consistency with our future goals..."

"While MATE will continue to be supported by us as long as upstream development continues, We have noticed and observed the continuous improvements made by the KDE team..."

And elsewhere Linux Magazine notes two other distros are embracing the desktop Enlightenment: For years, Bodhi Linux was one of the very few distributions that used anything based on Enlightenment. That period of loneliness is officially over, withMX Mokshaand AV Linux 25. MX Moksha doesn't replace the original MX Linux. Instead, it will serve as an "official spin" of the distribution...

The Enlightenment desktop (and subsequently Moksha) was developed with systemd in mind, so MX Moksha uses systemd. If you're not a fan of systemd, MX Moksha is not for you. MX Moksha is lighter than MX Linux, so it will perform better on older machines. It also uses the Liquorix kernel for lower latency. AV Linux has been released with the Xfce and LXDE desktops at different times and has only recently opted to make the switch to Enlightenment.

An anonymous reader quotes a report from Search Engine Land: Google said today that it is suing SerpApi, accusing the company of bypassing security protections to scrape, harvest, and resell copyrighted content from Google Search results. The allegations: Google said SerpApi:

-Circumvented Google's security measures and industry-standard crawling controls.
-Ignored website directives that specify whether content can be accessed.
-Used cloaking, rotating bot identities, and large bot networks to scrape content at scale.
-Took licensed content from Search features, including images and real-time data, and resold it for profit.

What Google is saying. "Stealthy scrapers like SerpApi override [crawling] directives and give sites no choice at all," Google wrote, calling the alleged scraping "brazen" and "unlawful." Google said SerpApi's activity "increased dramatically over the past year." [...] If Google wins, reliable SERP data could become harder to get, more expensive, or both -- especially for teams that rely on tools powered by services like SerpApi. As AI already reduces clicks and transparency, Google now appears intent on making it even harder for brands to understand how Search works, how they appear in results, and how to measure success.

Airbus is preparing to tender a major contract to move mission-critical systems like ERP, manufacturing, and aircraft design data onto a digitally sovereign European cloud, citing national security concerns and fears around U.S. extraterritorial laws like the CLOUD Act. "I need a sovereign cloud because part of the information is extremely sensitive from a national and European perspective," Catherine Jestin, Airbus's executive vice president of digital, told The Register. "We want to ensure this information remains under European control." The Register reports: The driver is access to new software. Vendors like SAP are developing innovations exclusively in the cloud, pushing customers toward platforms like S/4HANA. The request for proposals launches in early January, with a decision expected before summer. The contract -- understood to be worth more than 50 million euros -- will be long term (up to ten years), with price predictability over the period. [...] Jestin is waiting for European regulators to clarify whether Airbus would truly be "immune to extraterritorial laws" -- and whether services could be interrupted.

The concern isn't theoretical. Chief Prosecutor of the International Criminal Court (ICC) Karim Khan reportedly lost access to his Microsoft email after Trump sanctioned him for criticizing Israeli PM Benjamin Netanyahu, though Microsoft denies suspending ICC services. Beyond US complications, Jestin questions whether European cloud providers have sufficient scale. "If you asked me today if we'll find a solution, I'd say 80/20."

TikTok's owner ByteDance has signed a deal creating a U.S.-focused joint venture majority-owned by American and global investors, allowing the app to avoid a U.S. ban while ByteDance retains a minority stake. The BBC reports: Half of the joint venture will be owned by a group of investors including Oracle, Silver Lake and the Emirati investment firm MGX, according to a memo sent by chief executive Shou Zi Chew. The deal, which is set to close on January 22, would end years of efforts by Washington to force ByteDance to sell its US operations over national security concerns. It is in-line with a deal unveiled in September, when US President Donald Trump delayed the enforcement of a law that would ban the app unless it was sold.

TikTok said in the memo that the deal would enable "over 170 million Americans to continue discovering a world of endless possibilities as part of a vital global community." Under the agreement, ByteDance will retain 19.9% of the business, while Oracle, Silver Lake and Abu Dhabi-based MGX will hold 15% each. Another 30.1% will be held by affiliates of existing ByteDance investors, according to the memo.

An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections.

In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM.

The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars.

The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.