AI

Cursor AI's Own Support Bot Hallucinated Its Usage Policy (theregister.com) 9

Cursor AI users recently encountered an ironic AI failure when the platform's support bot falsely claimed a non-existent login restriction policy. Co-founder Michael Truell apologized for the issue, clarified that no such policy exists, and attributed the mishap to AI hallucination and a session management bug. The Register reports: Users of the Cursor editor, designed to generate and fix source code in response to user prompts, have sometimes been booted from the software when trying to use the app in multiple sessions on different machines. Some folks who inquired about the inability to maintain multiple logins for the subscription service across different machines received a reply from the company's support email indicating this was expected behavior. But the person on the other end of that email wasn't a person at all, but an AI support bot. And it evidently made that policy up.

In an effort to placate annoyed users this week, Michael Truell co-founder of Cursor creator Anysphere, published a note to Reddit to apologize for the snafu. "Hey! We have no such policy," he wrote. "You're of course free to use Cursor on multiple machines. Unfortunately, this is an incorrect response from a front-line AI support bot. We did roll out a change to improve the security of sessions, and we're investigating to see if it caused any problems with session invalidation." Truell added that Cursor provides an interface for viewing active sessions in its settings and apologized for the confusion.

In a post to the Hacker News discussion of the SNAFU, Truell again apologized and acknowledged that something had gone wrong. "We've already begun investigating, and some very early results: Any AI responses used for email support are now clearly labeled as such. We use AI-assisted responses as the first filter for email support." He said the developer who raised this issue had been refunded. The session logout issue, now fixed, appears to have been the result of a race condition that arises on slow connections and spawns unwanted sessions.

AI

Can You Run the Llama 2 LLM on DOS? (yeokhengmeng.com) 26

Slashdot reader yeokm1 is the Singapore-based embedded security researcher whose side projects include installing Linux on a 1993 PC and building a ChatGPT client for MS-DOS.

He's now sharing his latest project — installing Llama 2 on DOS: Conventional wisdom states that running LLMs locally will require computers with high performance specifications especially GPUs with lots of VRAM. But is this actually true?

Thanks to an open-source llama2.c project [original created by Andrej Karpathy], I ported it to work so vintage machines running DOS can actually inference with Llama 2 LLM models. Of course there are severe limitations but the results will surprise you.

"Everything is open sourced with the executable available here," according to the blog post. (They even addressed an early "gotcha" with DOS filenames being limited to eight characters.)

"As expected, the more modern the system, the faster the inference speed..." it adds. "Still, I'm amazed what can still be accomplished with vintage systems."
Encryption

CA/Browser Forum Votes for 47-Day Cert Durations By 2029 (computerworld.com) 114

"Members of the CA/Browser Forum have voted to slash cert lifespans from the current one year to 47 days," reports Computerworld, "placing an added burden on enterprise IT staff who must ensure they are updated." In a move that will likely force IT to much more aggressively use web certificate automation services, the Certification Authority Browser Forum (CA/Browser Forum), a gathering of certificate issuers and suppliers of applications that use certificates, voted [last week] to radically slash the lifespan of the certificates that verify the ownership of sites.

The approved changes, which passed overwhelmingly, will be phased in gradually through March 2029, when the certs will only last 47 days.

This controversial change has been debated extensively for more than a year. The group's argument is that this will improve web security in various ways, but some have argued that the group's members have a strong alternative incentive, as they will be the ones earning more money due to this acceleration... Although the group voted overwhelmingly to approve the change, with zero "No" votes, not every member agreed with the decision; five members abstained...

In roughly one year, on March 15, 2026, the "maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The DCV reuse period reduces to 200 days," according to the passed ballot. The next year, on March 15, 2027, the "maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days." And on March 15, 2029, "maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days."

The changes "were primarily pushed by Apple," according to the article, partly to allow more effective reactions to possible changes in cryptography.

And Apple also wrote that the shift "reduces the risk of improper validation, the scope of improper validation perpetuation, and the opportunities for misissued certificates to negatively impact the ecosystem and its relying parties."

Thanks to Slashdot reader itwbennett for sharing the news.
AI

Study Finds 50% of Workers Use Unapproved AI Tools 18

An anonymous reader quotes a report from SecurityWeek: An October 2024 study by Software AG suggests that half of all employees are Shadow AI users, and most of them wouldn't stop even if it was banned. The problem is the ease of access to AI tools, and a work environment that increasingly advocates the use of AI to improve corporate efficiency. It is little wonder that employees seek their own AI tools to improve their personal efficiency and maximize the potential for promotion. It is frictionless, says Michael Marriott, VP of marketing at Harmonic Security. 'Using AI at work feels like second nature for many knowledge workers now. Whether it's summarizing meeting notes, drafting customer emails, exploring code, or creating content, employees are moving fast.' If the official tools aren't easy to access or if they feel too locked down, they'll use whatever's available which is often via an open tab on their browser.

There is almost also never any malicious intent (absent, perhaps, the mistaken employment of rogue North Korean IT workers); merely a desire to do and be better. If this involves using unsanctioned AI tools, employees will likely not disclose their actions. The reasons may be complex but combine elements of a reluctance to admit that their efficiency is AI assisted rather than natural, and knowledge that use of personal shadow AI might be discouraged. The result is that enterprises often have little knowledge of the extent of Shadow IT, nor the risks it may present.
According to an analysis from Harmonic, ChatGPT is the dominant gen-AI model used by employees, with 45% of data prompts originating from personal accounts (such as Gmail). Image files accounted for 68.3%. The report also notes that 7% of empmloyees were using Chinese AI models like DeepSeek, Baidu Chat and Qwen.

"Overall, there has been a slight reduction in sensitive prompt frequency from Q4 2024 (down from 8.5% to 6.7% in Q1 2025)," reports SecurityWeek. "However, there has been a shift in the risk categories that are potentially exposed. Customer data (down from 45.8% to 27.8%), employee data (from 26.8% to 14.3%) and security (6.9% to 2.1%) have all reduced. Conversely, legal and financial data (up from 14.9% to 30.8%) and sensitive code (5.6% to 10.1%) have both increased. PII is a new category introduced in Q1 2025 and was tracked at 14.9%."
AI

AI Support Bot Invents Nonexistent Policy (arstechnica.com) 50

An AI support bot for the code editor Cursor invented a nonexistent subscription policy, triggering user cancellations and public backlash this week. When developer "BrokenToasterOven" complained about being logged out when switching between devices, the company's AI agent "Sam" falsely claimed this was intentional: "Cursor is designed to work with one device per subscription as a core security feature."

Users took the fabricated policy as official, with several announcing subscription cancellations on Reddit. "I literally just cancelled my sub," wrote the original poster, adding that their workplace was "purging it completely." Cursor representatives scrambled to correct the misinformation: "Hey! We have no such policy. You're of course free to use Cursor on multiple machines." Cofounder Michael Truell later apologized, explaining that a backend security change had unintentionally created login problems.
Nintendo

How Nintendo's Legal Team Destroyed Atari Games Through Courtroom Strategy (mit.edu) 40

Nintendo's lawyers systematically dismantled Atari Games in a landmark 1989 legal battle that reshaped the gaming industry, killing off the Tengen brand until its surprise resurrection recently.

When Atari Games (operating as Tengen) attempted to circumvent Nintendo's control by reverse-engineering the NES security system, Nintendo's legal team discovered a fatal flaw in their rival's approach: Atari had fraudulently obtained Nintendo's proprietary code from the Copyright Office by falsely claiming they were defendants in a nonexistent lawsuit.

Though courts ultimately established that reverse engineering was legal under fair use principles, Atari's deception proved catastrophic. The judge invoked the centuries-old "unclean hands" doctrine, ruling that Atari could not claim fair use protection after approaching the court in bad faith.

"As a result of its lawyers' filthy hands, Atari was barred from manufacturing games for the NES. Nintendo, with its stronger legal team, subsequently 'bled Atari to death,'" writes tech industry attorney Julien Mailland. The court ordered the recall of Tengen's "Tetris" version, now a rare collector's item.

After a 30-year absence, Tengen Games returned in July 2024 with "Zed and Zee" for the NES, finally achieving what its predecessor was legally prohibited from doing.
AI

OpenAI Debuts Codex CLI, an Open Source Coding Tool For Terminals (techcrunch.com) 9

OpenAI has released Codex CLI, an open-source coding agent that runs locally in users' terminal software. Announced alongside the company's new o3 and o4-mini models, Codex CLI directly connects OpenAI's AI systems with local code and computing tasks, enabling them to write and manipulate code on users' machines.

The lightweight tool allows developers to leverage multimodal reasoning capabilities by passing screenshots or sketches to the model while providing access to local code repositories. Unlike more ambitious future plans for an "agentic software engineer" that could potentially build entire applications from descriptions, Codex CLI focuses specifically on integrating AI models with command-line interfaces.

To accelerate adoption, OpenAI is distributing $1 million in API credits through a grant program, offering $25,000 blocks to selected projects. While the tool expands AI's role in programming workflows, it comes with inherent risks -- studies show AI coding models frequently fail to fix security vulnerabilities and sometimes introduce new bugs, particularly concerning when given system-level access.
Security

CISA Extends Funding To Ensure 'No Lapse in Critical CVE Services' 19

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.
The Internet

4chan Has Been Down Since Monday Night After 'Pretty Comprehensive Own' (arstechnica.com) 69

4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.
China

China Outs US Hackers for Attack, a New Frontier in Spy Games (bloomberg.com) 32

China's outing of alleged US National Security Agency hackers marks a major escalation in the ongoing tit-for-tat between Chinese and American intelligence agencies, according to analysts. From a report: Chinese authorities Tuesday said three NSA employees hacked the Asian Winter Games held this year in Harbin, accusing them of targeting systems that held vast amounts of personal information on people involved in the event. The hacks "severely endangered the security of China's critical information infrastructure, national defense, finance, society, production, as well as citizens' personal information," Chinese foreign ministry spokesman Lin Jian told reporters.

While the US has repeatedly published names of alleged Chinese hackers and filed criminal charges against them, China has historically refrained from making similar accusations against American spies. Rafe Pilling, director of threat intelligence at the cyber firm Sophos' Secureworks unit, said the development may signal a broader policy change from Chinese security agencies, with allegations of US cyberattacks becoming more specific and timely. "This is an escalation in China's experimentation with 'name and shame' policies for the alleged perpetrators of cyberattacks, mirroring US pursuit of a similar policy for a number of years now," said Pilling.

Privacy

Hertz Says Customers' Personal Data, Driver's Licenses Stolen In Data Breach (techcrunch.com) 30

An anonymous reader quotes a report from TechCrunch: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver's licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz's websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be "inaccurate to say millions" of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

EU

EU Issues US-bound Staff With Burner Phones Over Spying Fears (ft.com) 70

The European Commission is issuing burner phones and basic laptops to some US-bound staff to avoid the risk of espionage [non-paywalled source], a measure traditionally reserved for trips to China. Financial Times: Commissioners and senior officials travelling to the IMF and World Bank spring meetings next week have been given the new guidance, according to four people familiar with the situation. They said the measures replicate those used on trips to Ukraine and China, where standard IT kit cannot be brought into the countries for fear of Russian or Chinese surveillance.

"They are worried about the US getting into the commission systems," said one official. The treatment of the US as a potential security risk highlights how relations have deteriorated since the return of Donald Trump as US president in January. Trump has accused the EU of having been set up to "screw the US" and announced 20 per cent so-called reciprocal tariffs on the bloc's exports, which he later halved for a 90-day period.

At the same time, he has made overtures to Russia, pressured Ukraine to hand over control over its assets by temporarily suspending military aid and has threatened to withdraw security guarantees from Europe, spurring a continent-wide rearmament effort. "The transatlantic alliance is over," said a fifth EU official.

Encryption

The EFF's 'Certbot' Now Supports Six-Day Certs (eff.org) 95

10 years ago "certificate authorities normally issued certificate lifetimes lasting a year or more," remembers a new blog post Thursday by the EFF's engineering director. So in 2015 when the free cert authority Let's Encrypt first started issuing 90-day TLS certificates for websites, "it was considered a bold move, that helped push the ecosystem towards shorter certificate life times."

And then this January Let's Encrypt announced new six-day certificates...

This week saw a related announcement from the EFF engineering director. More than 31 million web sites maintain their HTTPS certificates using the EFF's Certbot tool (which automatically fetches free HTTPS certificates forever) — and Certbot is now supporting Let's Encrypt's six-day certificates. (It's accomplished through ACME profiles with dynamic renewal at 1/3rd of lifetime left or 1/2 of lifetime left, if the lifetime is shorter than 10 days): There is debate on how short these lifetimes should be, but with ACME profiles you can have the default or "classic" Let's Encrypt experience (90 days) or start actively using other profile types through Certbot with the --preferred-profile and --required-profile flags. For six day certificates, you can choose the "shortlived" profile.
Why shorter lifetimes are better (according to the EFF's engineering director):
  • If a certificate's private key is compromised, that compromise can't last as long.
  • With shorter life spans for the certificates, automation is encouraged. Which facilitates robust security of web servers.
  • Certificate revocation is historically flaky. Lifetimes 10 days and under prevent the need to invoke the revocation process and deal with continued usage of a compromised key.

United States

Trump Denies Tariff 'Exception' for Electronics, Promises New Electronics Tariffs Soon (go.com) 230

Late Friday news broke that U.S. President Trump's new tariffs included exemptions for smartphones, computer monitors, semiconductors, and other electronics. But Sunday morning America's commerce secretary insisted "a special-focus type of tariff" was coming for those products, reports ABC News. President Trump "is saying they're exempt from the reciprocal tariffs," the commerce secretary told an interviewer, "but they're included in the semiconductor tariffs, which are coming in probably a month or two.... This is not like a permanent sort of exemption."

The Wall Street Journal notes that Sunday the president himself posted on social media that "NOBODY is getting 'off the hook' for the unfair Trade Balances, and Non Monetary Tariff Barriers... There was no Tariff 'exception' announced on Friday. These products are subject to the existing 20% Fentanyl Tariffs, and they are just moving to a different Tariff 'bucket.'"

"The administration is expected to take the first step toward enacting the new tariffs as soon as next week," reports the New York Times, "opening an investigation to determine the effects of semiconductor imports on national security."

More from ABC News: Commerce Secretary Howard Lutnick said Sunday that the administration's decision Friday night to exempt a range of electronic devices from tariffs implemented earlier this month was only a temporary reprieve.. Lutnick said on "This Week" that the White House will implement "a tariff model in order to encourage" the semiconductor industry, as well as the pharmaceutical industry, to move its business to the United States. "We can't be beholden and rely upon foreign countries for fundamental things that we need," he said.... "These are things that are national security that we need to be made in America."
United States

FSF Urges US Government to Adopt Free-as-in-Freedom Tax Filing Software (fsf.org) 123

"A modern free society has an obligation to offer electronic tax filing that respects user freedom," says a Free Software Foundation blog post, "and the United States is not excluded from this responsibility."

"Governments, and/or the companies that they partner with, are responsible for providing free as in freedom software for necessary operations, and tax filing is no exception." For many years now, a large portion of [U.S.] taxpayers have filed their taxes electronically through proprietary programs like TurboTax. Millions of taxpayers are led to believe that they have no other option than to use nonfree software or Service as a Software Substitute (SaaSS), giving up their freedom as well as their most private financial information to a third-party company, in order to file their taxes...

While the options for taxpayers have improved slightly with the IRS's implementation of the IRS Direct File program [in 25 states], this program unfortunately does require users to hand over their freedom when filing taxes.... Taxpayers shouldn't have to use a program that violates their individual freedoms to file legally required taxes. While Direct File is a step in the right direction as the program isn't in the hands of a third-party entity, it is still nonfree software. Because Direct File is a US government-operated program, and ongoing in the process of being deployed to twenty-five states, it's not too late to call on the IRS to make Direct File free software.

In the meantime, if you need to file US taxes and are yet to file, we suggest filing your taxes in a way that respects your user freedom as much as possible, such as through mailing tax forms. Like with other government interactions that snatch away user freedom, choose the path that most respects your freedom.

Free-as-in-freedom software would decrease the chance of user lock-in, the FSF points out. But they list several other advantages, including:
  • Repairability: With free software, there is no uncertain wait period or reliance on a proprietary provider to make any needed bug or security fixes.
  • Transparency: Unless you can check what a program really does (or ask someone in the free software community to check for you), there is no way to know that the program isn't doing things you don't consent to it doing.
  • Cybersecurity: While free software isn't inherently more secure than nonfree software, it does have a tendency to be more secure because many developers can continuously improve the program and search for errors that can be exploited. With proprietary programs like TurboTax, taxpayers and the U.S. government are dependent on TurboTax to protect the sensitive financial and personal information of millions with few (if any) outside checks and balances...
  • Taxpayer dollars spent should actually benefit the taxpayers: Taxpayer dollars should not be used to fund third-party programs that seek to control users and force them to use their programs through lobbying....

"We don't have to accept this unjust reality: we can work for a better future, together," the blog post concludes (offering a "sample message" U.S. taxpayers could send to IRS Commissioner Danny Werfel).

"Take action today and help make electronic tax filing free as in freedom for everyone."


China

WSJ Says China 'Acknowledged Its Role in U.S. Infrastructure Hacks' (msn.com) 48

Here's an update from the Wall Street Journal about a "widespread series of alarming cyberattacks on U.S. infrastructure."

China was behind it, "Chinese officials acknowledged in a secret December meeting... according to people familiar with the matter..." The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said... U.S. officials went public last year with unusually dire warnings about the uncovered Volt Typhoon effort. They publicly attributed it to Beijing trying to get a foothold in U.S. computer networks so its army could quickly detonate damaging cyberattacks during a future conflict. [American officials at the meeting perceived the remarks as "intended to scare the U.S. from involving itself if a conflict erupts in the Taiwan Strait."]

The Chinese official's remarks at the December meeting were indirect and somewhat ambiguous, but most of the American delegation in the room interpreted it as a tacit admission and a warning to the U.S. about Taiwan, a former U.S. official familiar with the meeting said... In a statement, the State Department didn't comment on the meeting but said the U.S. had made clear to Beijing it will "take actions in response to Chinese malicious cyber activity," describing the hacking as "some of the gravest and most persistent threats to U.S. national security...."

A Chinese official would likely only acknowledge the intrusions even in a private setting if instructed to do so by the top levels of Xi's government, said Dakota Cary, a China expert at the cybersecurity firm SentinelOne. The tacit admission is significant, he said, because it may reflect a view in Beijing that the likeliest military conflict with the U.S. would be over Taiwan and that a more direct signal about the stakes of involvement needed to be sent to the Trump administration. "China wants U.S. officials to know that, yes, they do have this capability, and they are willing to use it," Cary said.

The article notes that top U.S. officials have said America's Defense Department "will pursue more offensive cyber strikes against China."

But it adds that the administration "also plans to dismiss hundreds of cybersecurity workers in sweeping job cuts and last week fired the director of the National Security Agency and his deputy, fanning concerns from some intelligence officials and lawmakers that the government would be weakened in defending against the attacks."
AI

AI Industry Tells US Congress: 'We Need Energy' (msn.com) 98

The Washington Post reports: The United States urgently needs more energy to fuel an artificial intelligence race with China that the country can't afford to lose, industry leaders told lawmakers at a House hearing on Wednesday. "We need energy in all forms," said Eric Schmidt, former CEO of Google, who now leads the Special Competitive Studies Project, a think tank focused on technology and security. "Renewable, nonrenewable, whatever. It needs to be there, and it needs to be there quickly." It was a nearly unanimous sentiment at the four-hour-plus hearing of the House Energy and Commerce Committee, which revealed bipartisan support for ramping up U.S. energy production to meet skyrocketing demand for energy-thirsty AI data centers.

The hearing showed how the country's AI policy priorities have changed under President Donald Trump. President Joe Biden's wide-ranging 2023 executive order on AI had sought to balance the technology's potential rewards with the risks it poses to workers, civil rights and national security. Trump rescinded that order within days of taking office, saying its "onerous" requirements would "threaten American technological leadership...." [Data center power consumption] is already straining power grids, as residential consumers compete with data centers that can use as much electricity as an entire city. And those energy demands are projected to grow dramatically in the coming years... [Former Google CEO Eric] Schmidt, whom the committee's Republicans called as a witness on Wednesday, told [committee chairman Brett] Guthrie that winning the AI race is too important to let environmental considerations get in the way...

Once the United States beats China to develop superintelligence, Schmidt said, AI will solve the climate crisis. And if it doesn't, he went on, China will become the world's sole superpower. (Schmidt's view that AI will become superintelligent within a decade is controversial among experts, some of whom predict the technology will remain limited by fundamental shortcomings in its ability to plan and reason.)

The industry's wish list also included "light touch" federal regulation, high-skill immigration and continued subsidies for chip development. Alexandr Wang, the young billionaire CEO of San Francisco-based Scale AI, said a growing patchwork of state privacy laws is hampering AI companies' access to the data needed to train their models. He called for a federal privacy law that would preempt state regulations and prioritize innovation.

Some committee Democrats argued that cuts to scientific research and renewable energy will actually hamper America's AI competitiveness, according to the article. " But few questioned the premise that the U.S. is locked in an existential struggle with China for AI supremacy.

"That stark outlook has nearly coalesced into a consensus on Capitol Hill since China's DeepSeek chatbot stunned the AI industry with its reasoning skills earlier this year."
Linux

Fedora Targets 99% Package Reproducibility by October (lwn.net) 26

Fedora has proposed a major change for its upcoming version 43 release that aims to achieve 99% package reproducibility, addressing growing concerns about supply-chain security. According to the change proposal announced March 31, Fedora has already reached 90% reproducibility through infrastructure changes including "clamping" file modification times and implementing a Rust-based "add-determinism" tool that standardizes metadata. The remaining 10% will require individual package maintainer involvement, treating reproducibility failures as bugs.

The effort will use a public instance of rebuilderd to independently verify that binary packages can be reproduced from source code. Unlike Debian's bit-by-bit reproducibility definition, Fedora allows differences in package signatures and some metadata while requiring identical payloads. The initiative follows similar efforts by Debian and openSUSE, and comes amid heightened focus on supply-chain security after the recent XZ backdoor incident.
Network

Wi-Fi Giant TP-Link's US Future Hinges on Its Claimed Split From China (bloomberg.com) 41

The ubiquitous but often overlooked Wi-Fi router lies at the heart of one of Washington's biggest national security dilemmas -- and a rift between two brothers on opposite sides of the Pacific. From a report: US investigators are probing the China ties of TP-Link, the new American incarnation of a consumer Wi-Fi behemoth, following its rapid growth and a spate of cyber attacks by Chinese state-sponsored actors targeting many router brands. The inquiry is testing whether TP-Link's corporate makeover represents enough of a divorce from China to spare it from a ban in a crucial market.

While TP-Link's recent restructuring split the company into separate US- and China-headquartered businesses, a Bloomberg News investigation found that the resulting American venture still has substantial operations in mainland China. If US officials conclude TP-Link's China connections pose an "unacceptable risk," they could use a powerful new authority to ban the company from the US. Such an outcome could also unravel plans by the owner of its US business, Jeffrey Chao, to start fresh in California following an estrangement from his older brother, who started the router business with him in Shenzhen nearly three decades ago.

In an interview -- the first Jeffrey Chao said he has ever given -- he told Bloomberg he's quitting China. He opened a new headquarters in Irvine last year and said he will invest $700 million in the US to build a factory and jumpstart research and development on highly secure routers while awaiting the green card he said he applied for in January. He has also traded his perch in a Hong Kong skyscraper for a 1980s-era split-level near his office, joined a neighborhood evangelical church, and is now eyeing a Cadillac Escalade for road trips, he said, burnishing his American credentials. "I know the current relationship between the US and China is complex," Chao said in the interview last month. "I have chosen the US."

Microsoft

Microsoft is About To Launch Recall For Real This Time 55

Microsoft is starting to gradually roll out a preview of Recall, its feature that captures screenshots of what you do on a Copilot Plus PC to find again later, to Windows Insiders. From a report: This new rollout could indicate that Microsoft is finally getting close to launching Recall more widely. Microsoft originally intended to launch Recall alongside Copilot Plus PCs last June, but the feature was delayed following concerns raised by security experts. The company then planned to launch it in October, but that got pushed as well so that the company could deliver "a secure and trusted experience."

Slashdot Top Deals