A former Minnesota waitress unknowingly helped North Korean workers steal $17.1 million in wages from over 300 American companies through an elaborate remote work scheme, federal prosecutors said this week. Christina Chapman operated a "laptop farm" from her home, managing dozens of computers that allowed North Koreans using stolen U.S. identities to work as legitimate tech employees.

The FBI estimates this broader infiltration involves thousands of North Korean workers generating hundreds of millions annually for the sanctions-hit regime. Chapman, recruited via LinkedIn in 2020 to serve as "the U.S. face" for overseas IT workers, handled logistics including receiving company laptops, installing remote access software, and processing falsified employment documents.

The North Korean workers accessed the devices daily from overseas, with some maintaining jobs for months or years at major American corporations. Chapman earned just under $177,000 before the FBI raided her Arizona operation in October 2023, seizing over 90 computers. She pleaded guilty in February to wire fraud, identity theft, and money laundering charges, facing up to nine years in prison at her July sentencing.

A German court has sentenced two former Volkswagen executives to prison and handed suspended sentences to two others for their roles in the Dieselgate emissions scandal, marking the conclusion of a nearly four-year fraud trial. Politico reports: The former head of diesel development was sentenced to four and a half years in prison, and the head of drive train electronics to two years and seven months by the court in Braunschweig, German news agency dpa reported. Two others received suspended sentences of 15 months and 10 months. The scandal began in September 2015 when the U.S. Environmental Protection Agency issued a notice of violation. saying that the company had rigged engine control software that let the cars pass emissions tests while they emitted far more pollution in actual driving.

The company has paid more than $33 billion in fines and compensation to vehicle owners. Two VW managers received prison sentence in the U.S. The former head of the company's Audi division, Rupert Stadler, was given a suspended sentence of 21 months and a fine of 1.1 million euros ($1.25 million). The sentence is still subject to appeal. Missing from the trial, which lasted almost four years, was former CEO Martin Winterkorn. Proceedings against him have been suspended because of health issues, and it's not clear when he might go on trial. Winterkorn has denied wrongdoing. Further proceedings are open against 31 other suspects in Germany.

OnePlus is replacing its iconic Alert Slider with a new customizable "Plus Key" on the upcoming OnePlus 13s, which launches the new AI Plus Mind feature that lets users capture and search content found on screen. This update is part of a broader AI push for its devices that includes tools like AI VoiceScribe for call summaries, AI Translation for multi-modal language support, and AI Best Face 2.0 for photo corrections. Engadget reports: What AI Plus Mind does is save relevant content to a dedicated Mind Space, where users can browse various information that they've saved. Users can then search for the detail they want to find using natural language queries. Both the Plus Key and the AI Plus Mind will debut on the OnePlus 13s in Asia. AI Plus Mind will roll out to the rest of the OnePlus 13 Series devices through a future software update, while all future OnePlus phone will come with the new physical key. Notably, the new button and feature bear similarities to Nothing's physical Essential Key that can also save information inside the Essential Space app. Nothing was founded by Carl Pei who co-founded OnePlus.

An anonymous reader quotes a report : Washington is joining a growing list of states trying to tear down barriers for consumers who want to repair their electronics rather than buy new ones. Gov. Bob Ferguson last week signed the state's new "Right to Repair" policy, House Bill 1483, into law. It was a yearslong effort to get the law approved. "This is a win for every person in Washington state," said the bill's prime sponsor, Rep. Mia Gregerson, D-SeaTac.

In 2021, the Federal Trade Commission reported that consumers with broken electronics don't have much choice but to replace them because repairs require specialized tools, unique parts and inaccessible proprietary software. And those restrictions, the FTC found, disproportionately burden communities of color and low-income communities. Some companies engage in a practice called "parts pairing" that can make replacing parts of a device impossible. Washington's new law would largely outlaw this tactic.

Starting Jan. 1, 2026, the law will require manufacturers to make tools, parts and documentation needed for diagnostics and maintenance available to independent repair businesses. The requirement applies to digital electronics, like computers, cellphones and appliances, sold in Washington after July 1, 2021. Manufacturers won't be able to use parts that inhibit repairs. The state attorney general's office could enforce violations of the new law under the Consumer Protection Act.

Texas Governor Greg Abbott signed an online child safety bill, bucking a lobbying push from big tech companies that included a personal phone call from from Apple CEO Tim Cook. From a report: The measure requires app stores to verify users' ages and secure parental approval before minors can download most apps or make in-app purchases. The bill drew fire from app store operators such as Google and Apple, which has argued that the legislation threatens the privacy of all users.

The bill was a big enough priority for Apple that Cook called Abbott to emphasize the company's opposition to it, said a person familiar with their discussion, which was first reported by the Wall Street Journal.

An anonymous reader shares a report: Russian President Vladimir Putin said on Monday that foreign service providers like Microsoft and Zoom that act against Russian interests should be "throttled." Putin said it was important for Russia to develop domestic software solutions.

Amazon software engineers are reporting that AI tools are transforming their jobs into something resembling the company's warehouse work, with managers pushing faster output and tighter deadlines while teams shrink in size, according to the New York Times.

Three Amazon engineers told the New York Times that the company has raised productivity goals over the past year and expects developers to use AI assistants that suggest code snippets or generate entire program sections. One engineer said his team was cut roughly in half but still expected to produce the same amount of code by relying on AI tools.

The shift mirrors historical workplace changes during industrialization, the Times argues, where technology didn't eliminate jobs but made them more routine and fast-paced. Engineers describe feeling like "bystanders in their own jobs" as they spend more time reviewing AI-generated code rather than writing it themselves. Tasks that once took weeks now must be completed in days, with less time for meetings and collaborative problem-solving, according to the engineers.

31 years ago FreeBSD was first released. But here in 2025, searches for the Unix-like FreeBSD OS keep increasing on Google, notes the official FreeBSD blog — and it's at least a two-year trend. Yet after talking to some businesses using (or interested in using) FreeBSD, they sometimes found that because FreeBSD isn't talked about as much, "people think it's dying. This is a clear example of the availability heuristic. The availability heuristic is a fascinating mental shortcut. It's how product names become verbs and household names. To 'Google' [search], to 'Hoover' [vacuum], to 'Zoom' [video meeting]. They reached a certain tipping point that there was no need to do any more thinking. One just googles , or zooms .

These days, building internet services doesn't require much thought about the underlying systems. With containers and cloud platforms, development has moved far from the hardware. Operating systems aren't top of mind — so people default to what's familiar. And when they do think about the OS, it's usually Linux. But sitting there, quietly powering masses of the internet, without saying boo to a goose, is FreeBSD. And the companies using it? They're not talking about it. Why? Because they don't have to. The simple fact that dawned on me is FreeBSD's gift to us all, yet Achilles heel to itself, is its license.

Unlike the GPL, which requires you to share derivative works, the BSD license doesn't. You can take FreeBSD code, build on it, and never give anything back. This makes it a great foundation for products — but it also means there's little reason for companies to return their contributions... [W]e'd like to appeal to companies using FreeBSD. Talk to us about your use case... We, the FreeBSD Foundation, can be the glue between industry and software and hardware vendors alike.

In the meantime, stay tuned to this blog and the YouTube channel. We have some fantastic content coming up, featuring solutions built on top of FreeBSD and showcasing modern laptops for daily use.

AI's downside for software engineers for now seems to be a change in the quality of their work," reports the New York Times. "Some say it is becoming more routine, less thoughtful and, crucially, much faster paced... The new approach to coding at many companies has, in effect, eliminated much of the time the developer spends reflecting on his or her work."

And Amazon CEO Andy Jassy even recently told shareholders Amazon would "change the norms" for programming by how they used AI. Those changing norms have not always been eagerly embraced. Three Amazon engineers said managers had increasingly pushed them to use AI in their work over the past year. The engineers said the company had raised output goals [which affect performance reviews] and had become less forgiving about deadlines. It has even encouraged coders to gin up new AI productivity tools at an upcoming hackathon, an internal coding competition. One Amazon engineer said his team was roughly half the size it was last year, but it was expected to produce roughly the same amount of code by using AI.

Other tech companies are moving in the same direction. In a memo to employees in April, the CEO of Shopify, a company that helps entrepreneurs build and manage e-commerce websites, announced that "AI usage is now a baseline expectation" and that the company would "add AI usage questions" to performance reviews. Google recently told employees that it would soon hold a companywide hackathon in which one category would be creating AI tools that could "enhance their overall daily productivity," according to an internal announcement. Winning teams will receive $10,000.

The shift has not been all negative for workers. At Amazon and other companies, managers argue that AI can relieve employees of tedious tasks and enable them to perform more interesting work. Jassy wrote last year that the company had saved "the equivalent of 4,500 developer-years" by using AI to do the thankless work of upgrading old software... As at Microsoft, many Amazon engineers use an AI assistant that suggests lines of code. But the company has more recently rolled out AI tools that can generate large portions of a program on its own. One engineer called the tools "scarily good." The engineers said that many colleagues have been reluctant to use these new tools because they require a lot of double-checking and because the engineers want more control.

"It's more fun to write code than to read code," said Simon Willison, an AI fan who is a longtime programmer and blogger, channelling the objections of other programmers. "If you're told you have to do a code review, it's never a fun part of the job. When you're working with these tools, it's most of the job."
"This shift from writing to reading code can make engineers feel like bystanders in their own jobs," the article points out (adding "The automation of coding has special resonance for Amazon engineers, who have watched their blue-collar counterparts undergo a similar transition..."

"While there is no rush to form a union for coders at Amazon, such a move would not be unheard of. When General Motors workers went on strike in 1936 to demand recognition of their union, the United Auto Workers, it was the dreaded speedup that spurred them on."

"Do we need publicly-owned social networks to escape Silicon Valley?" asks an opinion piece in Spain's El Pais newspaper.

It argues it's necessary because social media platforms "have consolidated themselves as quasi-monopolies, with a business model that consists of violating our privacy in search of data to sell ads..." Among the proposals and alternatives to these platforms, the idea of public social media networks has often been mentioned. Imagine, for example, a Twitter for the European Union, or a Facebook managed by media outlets like the BBC. In February, Spanish Prime Minister Pedro Sánchez called for "the development of our own browsers, European public and private social networks and messaging services that use transparent protocols." Former Spanish prime minister José Luis Rodríguez Zapatero — who governed from 2004 until 2011 — and the left-wing Sumar bloc in the Spanish Parliament have also proposed this. And, back in 2021, former British Labour Party leader Jeremy Corbyn made a similar suggestion.

At first glance, this may seem like a good idea: a public platform wouldn't require algorithms — which are designed to stimulate addiction and confrontation — nor would it have to collect private information to sell ads. Such a platform could even facilitate public conversations, as pointed out by James Muldoon, a professor at Essex Business School and author of Platform Socialism: How to Reclaim our Digital Future from Big Tech (2022)... This could be an alternative that would contribute to platform pluralism and ensure we're not dependent on a handful of billionaires. This is especially important at a time when we're increasingly aware that technology isn't neutral and that private platforms respond to both economic and political interests.
There's other possibilities. Further down they write that "it makes much more sense for the state to invest in, or collaborate with, decentralized social media networks based on free and interoperable software" that "allow for the portability of information and content." They even spoke to Cory Doctorow, who they say "proposes that the state cooperate with the software systems, developers, or servers for existing open-source platforms, such as the U.S. network Bluesky or the German firm Mastodon." (Doctorow adds that reclaiming digital independence "is incredibly important, it's incredibly difficult, and it's incredibly urgent."

The article also acknowledges the option of "legislative initiatives — such as antitrust laws, or even stricter regulations than those imposed in Europe — that limit or prevent surveillance capitalism." (Though they also figures showing U.S. tech giants have one of the largest lobbying groups in the EU, with Meta being the top spender...)

A year ago, the original creator of SerenityOS posted that "for the past two years, I've been almost entirely focused on Ladybird, a new web browser that started as a simple HTML viewer for SerenityOS." So it became a stand-alone project that "aims to render the modern web with good performance, stability and security." And they're also building a new web engine.

"We are building a brand-new browser from scratch, backed by a non-profit..." says Ladybird's official web site, adding that they're driven "by a web standards first approach." They promise it will be truly independent, with "no code from other browsers" (and no "default search engine" deals).

"We are targeting Summer 2026 for a first Alpha version on Linux and macOS. This will be aimed at developers and early adopters." More from the Ladybird FAQ: We currently have 7 paid full-time engineers working on Ladybird. There is also a large community of volunteer contributors... The focus of the Ladybird project is to build a new browser engine from the ground up. We don't use code from Blink, WebKit, Gecko, or any other browser engine...

For historical reasons, the browser uses various libraries from the SerenityOS project, which has a strong culture of writing everything from scratch. Now that Ladybird has forked from SerenityOS, it is no longer bound by this culture, and we will be making use of 3rd party libraries for common functionality (e.g image/audio/video formats, encryption, graphics, etc.) We are already using some of the same 3rd party libraries that other browsers use, but we will never adopt another browser engine instead of building our own...

We don't have anyone actively working on Windows support, and there are considerable changes required to make it work well outside a Unix-like environment. We would like to do Windows eventually, but it's not a priority at the moment.
"Ladybird's founder Andreas Kling has a solid background in WebKit-based C++ development with both Apple and Nokia,," writes software developer/author David Eastman: "You are likely reading this on a browser that is slightly faster because of my work," he wrote on his blog's introduction page. After leaving Apple, clearly burnt out, Kling found himself in need of something to healthily occupy his time. He could have chosen to learn needlepoint, but instead he opted to build his own operating system, called Serenity. Ladybird is a web project spin-off from this, to which Kling now devotes his time...

[B]eyond the extensive open source politics, the main reason for supporting other independent browser projects is to maintain diverse alternatives — to prevent the web platform from being entirely captured by one company. This is where Ladybird comes in. It doesn't have any commercial foundation and it doesn't seem to be waiting to grab a commercial opportunity. It has a range of sponsors, some of which might be strategic (for example, Shopify), but most are goodwill or alignment-led. If you sponsor Ladybird, it will put your logo on its webpage and say thank you. That's it. This might seem uncontroversial, but other nonprofit organisations also give board seats to high-paying sponsors. Ladybird explicitly refuses to do this...

The Acid3 Browser test (which has nothing whatsoever to do with ACID compliance in databases) is an old method of checking compliance with web standards, but vendors can still check how their products do against a battery of tests. They check compliance for the DOM2, CSS3, HTML4 and the other standards that make sure that webpages work in a predictable way. If I point my Chrome browser on my MacBook to http://acid3.acidtests.org/, it gets 94/100. Safari does a bit better, getting to 97/100. Ladybird reportedly passes all 100 tests.
"All the code is hosted on GitHub," says the Ladybird home page. "Clone it, build it, and join our Discord if you want to collaborate on it!"

Doom: The Dark Ages just launched on May 15. But it's already received "difficulty" balance changes "that have made the demons of Hell even more dangerous than ever," writes Windows Central: According to DOOM's official website Slayer's Club, these balance adjustments are focused on making the game harder, as players have been leaving feedback saying it felt too easy even on Nightmare Mode. As a result, enemies now hit harder, health and armor item pick-ups drop less often, and certain enemies punish you more severely for mistiming the parry mechanic.
It reached three million players in just five days, which was seven times faster than 2020's Doom: Eternal," reports Wccftech (though according to analytics firm Ampere Analysis (via The Game Business), more than two million of those three million launch players were playing on Xbox, while only 500K were playing on PS5.") "id Software proves it can still reinvent the wheel," according to one reviewer, "shaking up numerous aspects of gameplay, exchanging elaborate platforming for brutal on-the-ground action, as well as the ability to soar on a dragon's back or stomp around in a giant mech."

And the New York Times says the game "effectively reinvents the hellish shooter with a revamped movement system and deepened lore" in the medieval goth-themed game... Double jumping and dashing are ditched and replaced with an emphasis on raw power and slow, strategic melee combat. Doom Slayer's arsenal features a brand-new tool, the powerful Shield Saw, which Id Software made a point to showcase across its "Stand and Fight" trailers and advertisements. Used for absorbing damage at the expense of speed, the saw also allows players to bash enemies from afar and close the gap on chasms too wide to jump across. While previous titles allowed players to quickly worm their way through bullet hell, The Dark Ages expects you to meet foes head on. "If you were an F-22 fighter jet in Doom Eternal, this time around we wanted you to feel like an Abrams tank," Hugo Martin, the game's creative director, has told journalists.

And Doom Slayer's beefy durability and unstoppable nature does make the gameplay a refreshing experience. The badassery is somehow ratcheted to new heights with the inclusion of a fully controllable mech, which has only a handful of attacks at its disposal, and actual dragons. Flight in a Doom game is entirely surprising and fluid, and the dragons feel relatively easy to maneuver through tight spots. They can also engage in combat more deliberately with the use of dodges and mounted cannons...

One of my favorite additions is the skullcrusher pulverizer. Equal parts heinous nutcracker and demonic woodchipper, the gun lodges skulls into a grinder and sends shards of bones flying at enemies. The animation is both goofy and satisfying.
Another special Times article notes that Doom's fans "resurrect the original game over and over again on progressively stranger pieces of hardware: a Mazda Miata, a NordicTrack treadmill, a French pharmacy sign." But what many hard-core tech hobbyists want to know is whether you can play it on a pregnancy test. The answer: positively yes. And for the first time, even New York Times readers can play Doom within The Times's site [after creating a free account]...

None of this happened by accident, of course. Ports were not incidental to Doom's development. They were a core consideration. "Doom was developed in a really unique way that lent a high degree of portability to its code base," said John Romero, who programmed the game with John Carmack. (In our interview, he then reminisced about operating systems for the next 14 minutes.) Id had developed Wolfenstein 3D, the Nazi-killing predecessor to Doom, on PCs. To build Doom, Carmack and Romero used NeXT, the hardware and software company founded by Steve Jobs after his ouster from Apple in 1985. NeXT computers were powerful, selling for about $25,000 apiece in today's dollars. And any game designed on that system would require porting to the more humdrum PCs encountered by consumers at computer labs or office jobs.

This turned out to be advantageous because Carmack had a special aptitude for ports. All of Id's founders met as colleagues at Softdisk, which had hired Carmack because of his ability to spin off multiple versions of a single game. The group decided to strike out on its own after Carmack created a near-perfect replica of the first level of Super Mario Bros. 3 — Nintendo's best-selling platformer — on a PC. It was a wonder of software engineering that compensated for limited processing power with clever workarounds. "This is the thing that everyone has," Romero said of PCs. "The fact that we could figure out how to make it become a game console was world changing...."

Romero founded a series of game studios after leaving Id in 1996 and is working on a new first-person shooter, the genre he and Carmack practically invented. He has no illusions about how it may stack up. "I absolutely accept that Doom is the best game I'll ever make that has that kind of a reach," he said. "At some point you make the best thing." Thirty years on, people are still making it.
And in related news, PC Gamer reports... As part of a new "FPS Fridays" series on Twitch, legendary shooter designer John Romero streamed New Blood's 2018 hit, Dusk, one of the first and most influential indie "boomer shooters" in the genre's recent revitalization. The short of it? Romero seems to have had a blast.

It's like "a USB-C port for AI applications..." according to the official documentation for MCP — "a standardized way to connect AI models to different data sources and tools."

And now Microsoft has "revealed plans to make MCP a native component of Windows," reports DevClass.com, "despite concerns over the security of the fast-expanding MCP ecosystem." In the context of Windows, it is easy to see the value of a standardised means of automating both built-in and third-party applications. A single prompt might, for example, fire off a workflow which queries data, uses it to create an Excel spreadsheet complete with a suitable chart, and then emails it to selected colleagues. Microsoft is preparing the ground for this by previewing new Windows features.

— First, there will be a local MCP registry which enables discovery of installed MCP servers.

— Second, built-in MCP servers will expose system functions including the file system, windowing, and the Windows Subsystem for Linux.

— Third, a new type of API called App Actions enables third-party applications to expose actions appropriate to each application, which will also be available as MCP servers so that these actions can be performed by AI agents. According to Microsoft, "developers will be able to consume actions developed by other relevant apps," enabling app-to-app automation as well as use by AI agents.

MCP servers are a powerful concept but vulnerable to misuse. Microsoft corporate VP David Weston noted seven vectors of attack, including cross-prompt injection where malicious content overrides agent instructions, authentication gaps because "MCP's current standards for authentication are immature and inconsistently adopted," credential leakage, tool poisoning from "unvetted MCP servers," lack of containment, limited security review in MCP servers, supply chain risks from rogue MCP servers, and command injection from improperly validated inputs. According to Weston, "security is our top priority as we expand MCP capabilities."
Security controls planned by Microsoft (according to the article):

• A proxy to mediate all MCP client-server interactions. This will enable centralized enforcement of policies and consent, as well as auditing and a hook for security software to monitor actions.
• A baseline security level for MCP servers to be allowed into the Windows MCP registry. This will include code-signing, security testing of exposed interfaces, and declaration of what privileges are required.
• Runtime isolation through what Weston called "isolation and granular permissions."

MCP was introduced by Anthropic just 6 months ago, the article notes, but Microsoft has now joined the official MCP steering committee, "and is collaborating with Anthropic and others on an updated authorization specification as well as a future public registry service for MCP servers."

"In large, companies failed to self-regulate," writes long-time Slashdot reader BrendaEM: They have not been respected the individual's right to privacy. In software and web interfaces, companies have buried their privacy setting so deep that they cannot be found in a reasonable amount of time, or an unreasonable amount of steps are needed to attempt to retain data. These companies have taken away the individual's right to privacy --by default.

Are laws needed that protect a person's privacy by default--unless specific steps are taken by that user/purchaser to relinquish it? Should the wording of the explanation be so written that the contract is brief, explaining the forfeiture of the privacy, and where that data might be going? Should a company selling a product be required to state before purchase which rights need to be dismissed for its use? Should a legal owner who purchased a product expect it to stop functioning--only because a newer user contract is not agreed to?
Share your own thoughts and experiences in the comments. What's your ideal privacy policy?

And do we need opt-out-by-defaut privacy laws?

Richard Speed writes via The Register: It was 30 years ago when the first public release of the Java programming language introduced the world to Write Once, Run Anywhere -- and showed devs something cuddlier than C and C++. Originally called "Oak," Java was designed in the early 1990s by James Gosling at Sun Microsystems. Initially aimed at digital devices, its focus soon shifted to another platform that was pretty new at the time -- the World Wide Web.

The language, which has some similarities to C and C++, usually compiles to a bytecode that can, in theory, run on any Java Virtual Machine (JVM). The intention was to allow programmers to Write Once Run Anywhere (WORA) although subtle differences in JVM implementations meant that dream didn't always play out in reality. This reporter once worked with a witty colleague who described the system as Write Once Test Everywhere, as yet another unexpected wrinkle in a JVM caused their application to behave unpredictably. However, the language soon became wildly popular, rapidly becoming the backbone of many enterprises. [...]

However, the platform's ubiquity has meant that alternatives exist to Oracle Java, and the language's popularity is undiminished by so-called "predatory licensing tactics." Over 30 years, Java has moved from an upstart new language to something enterprises have come to depend on. Yes, it may not have the shiny baubles demanded by the AI applications of today, but it continues to be the foundation for much of today's modern software development. A thriving ecosystem and a vast community of enthusiasts mean that Java remains more than relevant as it heads into its fourth decade.

Harvard University's Galileo Project is using AI to automate the search for unidentified anomalous phenomena, marking a significant shift in how academics approach what was once considered fringe research. The project operates a Massachusetts observatory equipped with infrared cameras, acoustic sensors, and radio-frequency analyzers that continuously scan the sky for unusual objects.

Researchers Laura Domine and Richard Cloete are training machine learning algorithms to recognize all normal aerial phenomena -- planes, birds, drones, weather balloons -- so the system can flag genuine anomalies for human analysis. The team uses computer vision software called YOLO (You Only Look Once) and has generated hundreds of thousands of synthetic images to train their models, though the software currently identifies only 36% of aircraft captured by infrared cameras.

The Pentagon is pursuing parallel efforts through its All-domain Anomaly Resolution Office, which has examined over 1,800 UAP reports and identified 50 to 60 cases as "true anomalies" that government scientists cannot explain. AARO has developed its own sensor suite called Gremlin, using similar technology to Harvard's observatory. Both programs represent the growing legitimization of UAP research following 2017 Defense Department disclosures about military encounters with unexplained aerial phenomena.

The Internet Archive has begun livestreaming its microfiche digitization center on YouTube, showcasing the real-time preservation of fragile film cards into searchable public documents. The work is part of Democracy's Library, a global initiative to digitize and share millions of government records. 9to5Mac reports: The livestream was brought to life by Sophia Tung, who previously gained attention for her viral robotaxi depot stream. Her new video explains how and why this new livestream project came together [...].

The livestream features five scanning stations at work, with one shown in close-up as operators digitize microfiche cards in real time. Each card holds up to 100 pages of public records. High-resolution cameras capture the images, software stitches and crops the pages, and the results are made text-searchable and freely accessible through Democracy's Library. Live scanning takes place Monday through Friday, 7:30 a.m. to 3:30 p.m. PT, excluding U.S. holidays, with a second shift expected to begin soon.

Nvidia is facing backlash for allegedly manipulating the review process of its GeForce RTX 5060 GPU by withholding drivers, selectively granting early access to favorable reviewers, and pressuring media to present the card in a positive light. As The Verge's Sean Hollister writes, the debacle "should be a wake-up call for gamers and reviewers." Here's an excerpt from the report: Nvidia has gone too far. This week, the company reportedly attempted to delay, derail, and manipulate reviews of its $299 GeForce RTX 5060 graphics card, which would normally be its bestselling GPU of the generation. Nvidia has repeatedly and publicly said the budget 60-series cards are its most popular, and this year it reportedly tried to ensure it by withholding access and pressuring reviewers to paint them in the best light possible.

Nvidia might have wanted to prevent a repeat of 2022, when it launched this card's predecessor. Those reviews were harsh. The 4060 was called a "slap in the face to gamers" and a "wet fart of a GPU." I had guessed the 5060 was headed for the same fate after seeing how reviewers handled the 5080, which similarly showcased how little Nvidia's hardware has improved year over year and relies on software to make up the gaps. But Nvidia had other plans. Here are the tactics that Nvidia reportedly just used to throw us off the 5060's true scent, as individually described by GamersNexus, VideoCardz, Hardware Unboxed, GameStar.de, Digital Foundry, and more:

- Nvidia decided to launch its RTX 5060 on May 19th, when most reviewers would be at Computex in Taipei, Taiwan, rather than at their test beds at home.
- Even if reviewers already had a GPU in hand before then, Nvidia cut off most reviewers' ability to test the RTX 5060 before May 19th by refusing to provide drivers until the card went on sale. (Gaming GPUs don't really work without them.)
- And yet Nvidia allowed specific, cherry-picked reviewers to have early drivers anyhow if they agreed to a borderline unethical deal: they could only test five specific games, at 1080p resolution, with fixed graphics settings, against two weaker GPUs (the 3060 and 2060 Super) where the new card would be sure to win.
- In some cases, Nvidia threatened to withhold future access unless reviewers published apples-to-oranges benchmark charts showing how the RTX 5060's "fake frames" MFG tech can produce more frames than earlier GPUs without it.

Some reviewers apparently took Nvidia up on that proposition, leading to day-one "previews" where the charts looked positively stacked in the 5060's favor [...]. But the reality, according to reviews that have since hit the web, is that the RTX 5060 often fails to beat a four-year-old RTX 3060 Ti, frequently fails to beat a four-year-old 3070, and can sometimes get upstaged by Intel's cheaper $250 B580. And yet, the 5060's lackluster improvements are overshadowed by a juicier story: inexplicably, Nvidia decided to threaten GamersNexus' future access over its GPU coverage. Yes, the same GamersNexus that's developed a staunch reputation for defending consumers from predatory behavior, and just last month published a report on "GPU shrinkflation" that accused Nvidia of misleading marketing. Bad move! [...]

Nvidia is within its rights to withhold access, of course. Nvidia doesn't have to send out graphics cards or grant interviews. It'll only do it if it's good for business. But the unspoken covenant of product reviews is that the press, as a whole, gets a chance to warn the public if a movie, video game, or GPU is not worth their money. It works both ways: the media also gets the chance to warn that a product is so good you might want to line up in advance. That unspoken rule is what Nvidia is trampling here.

An anonymous reader quotes a report from Ars Technica: Researchers have found malicious software that received more than 6,000 downloads from the NPM repository over a two-year span, in yet another discovery showing the hidden threats users of such open source archives face. Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems, Kush Pandya, a researcher at security firm Socket, reported Thursday. The packages have been available for download for more than two years and accrued roughly 6,200 downloads over that time.

"What makes this campaign particularly concerning is the diversity of attack vectors -- from subtle data corruption to aggressive system shutdowns and file deletion," Pandya wrote. "The packages were designed to target different parts of the JavaScript ecosystem with varied tactics." [...] Some of the payloads were limited to detonate only on specific dates in 2023, but in some cases a phase that was scheduled to begin in July of that year was given no termination date. Pandya said that means the threat remains persistent, although in an email he also wrote: "Since all activation dates have passed (June 2023-August 2024), any developer following normal package usage today would immediately trigger destructive payloads including system shutdowns, file deletion, and JavaScript prototype corruption." The list of malicious packages included js-bomb, js-hood, vite-plugin-bomb-extend, vite-plugin-bomb, vite-plugin-react-extend, vite-plugin-vue-extend, vue-plugin-bomb, and quill-image-downloader.

Broadcom has upped VMware licensing costs by between eight to 15 times since it took over the organization, and a lack of alternatives in the tech industry means trade and end customers have no choice but to play ball. From a report: This is the according to the European Cloud Competition Observatory (ECCO), an independent body formed by customer organizations, and CISPE -- a trade association of 37 cloud providers in the region -- to monitor the behavior of software vendors accused of abusing their monopoly position. The report also calls for regulatory intervention. The current subscription model "creates a material risk for the company and their shareholders should Regulators investigate and challenge the legality of such model," the report adds.