SoylentNews

owl writes:

https://www.allaboutcircuits.com/news/the-1n4148-the-signal-diode-that-ended-up-everywhere/

Texas Instruments announced the 1N914 silicon switching diode in 1960. Within a year of its JEDEC registration in 1961, 11 manufacturers were second-sourcing it. The 1N4148 followed in 1968 with a tighter leakage current specification aimed at military and industrial applications, and it gradually became the default part number.

Today, the 1N4148 is manufactured by Onsemi, Vishay, Nexperia, Diodes Inc., and dozens of other vendors worldwide. It ships in the original glass DO-35 axial package and in every common surface-mount form factor. No end-of-life has been announced, and none is expected; it's still the most widely produced discrete switching diode in history.

Original Submission

Arthur T Knackerbracket writes:

The reactor, from a startup called Antares, isn't ready to generate power yet:

Just over a year ago, the Trump Administration issued an executive order meant to accelerate the development of nuclear power in the US. While an entire startup ecosystem has developed around the use of different—and typically smaller—reactor designs, only one of them has been fully licensed so far, and there are no plans to actually build any instances of that design.

The executive order directed the Department of Energy to have three different reactor designs reach criticality in a bit over a year. On Thursday, a startup called Antares announced that a test reactor it had placed at the Idaho National Laboratory had reached criticality, making it the first new design to cross this threshold. Criticality means that the nuclear reactions inside the hardware had become self sustaining; it does not mean the reactor had started to generate power.

Antares is one of a number of companies that is basing its design on a new fuel system called TRISO that takes some of the complexity and safety out of the reactor design and places them in the fuel design. The fuel design is based on tiny pellets with a uranium oxide core. The pellets are surrounded by several layers of carbon that can moderate the energy of both the neutrons and lighter nuclei that are released by fission reactions. All of that is encased in a hard ceramic shell that's designed to withstand the highest temperatures that can be produced by the encased uranium.

As long as your reactor can keep the TRISO pellets contained, then there should be no risk of meltdown or even the release of the most dangerous isotopes produced from the reactions. There are still some safety concerns, as neutrons will still escape and can potentially convert some of the surrounding material into unstable isotopes. But the Antares design surrounds the TRISO with a graphite sheath, which should slow most of these neutrons down.

To mitigate non-radioactive risks, the Antares design uses sodium to take heat from the reactor to a heat exchanger. The heat is transferred to pressurized nitrogen, which then drives a turbine in a closed Brayton cycle setup.

At the moment, Antares is just testing what it calls a Mark 0 reactor, which is not connected to the power-generation portion. Instead, it's being used to validate the company's modeling of the physical conditions in its reactors and generate safety data that can be used during licensing applications. Attempts to run the entire system, including electrical generation, are expected to happen next year.

While the work was done at a Department of Energy Lab, the company is working with the Department of Defense's Project Pele program for developing a mobile nuclear reactor. The company has also received support from NASA.

Original Submission

Arthur T Knackerbracket writes:

The Claude developer is one of a trio of tech firms expected to go public this year, alongside SpaceX and OpenAI:

The artificial intelligence developer Anthropic took a tentative first step Monday toward becoming a publicly traded company, a move that would give it access to a huge pool of investors' money while opening its books.

Anthropic said Monday in an announcement that it had confidentially submitted a draft Form S-1 to the US Securities and Exchange Commission, which allows the company to go public after the SEC's review. Anthropic said it has not yet set the number of shares to be offered or what prices, and that the move will "depend on market conditions and other factors."

The Claude-maker is one of three big tech firms expected to have initial public offerings this year amid what some call an "AI gold rush." SpaceX, the Elon Musk-owned rocket company that also includes the Starlink ISP, the AI lab xAI, and the social network now known as X, filed for an IPO in May. Anthropic's major rival, ChatGPT maker OpenAI, is expected to follow suit soon.

The frenzied IPO race reflects the market's eagerness to cash in on its trillion-dollar bets, as AI companies rush to secure the massive funding needed to survive. The AI industry is capital-intensive, driven by the immense costs of maintaining the computing power required to train large language models, as well as the data centers, silicon and energy grids to keep them running. 

[...] The AI industry has been a highly speculative landscape, where valuation is determined by a company's future potential rather than current profits. An online tracker of revenue and losses found that more than twice as much money has been spent on AI development as has been made back, pointing to billions of dollars in debt. The only major company to come out ahead is Nvidia, which makes the chips at the center of the AI gold rush. 

Critics point out that AI companies have raised capital through manipulated accounting, using "annualized" revenue spikes and ignoring core costs to hide poor margins, thereby misleading investors. 

"Their valuations are, at this point, so high that it's becoming increasingly impractical to raise more capital, and their investors are likely demanding some kind of liquidity event," said Ed Zitron, author of the Where's Your Ed At newsletter and host of the Better Offline podcast. 

Arthur T Knackerbracket writes:

https://www.slashgear.com/2184041/why-jets-use-generators-instead-of-alternators/

A modern jet is an engineering marvel that's very easy to take for granted. Consider the uniquely engineered Boeing 787 Dreamliner, for instance. Step aboard this jet, and one of the things that's often just accepted without a second thought is the sheer quantity of electronics on show. First there are the visible devices like lighting, entertainment systems, and galleys to consider. Dig just below the surface, and you have the fly-by-wire systems, sensors, and the cockpit controls & instruments, each of which needs to be reliably powered. All in all, a Boeing 787 is threaded with about 57 miles of electric cabling.

All these electronics require a lot of power, the vast majority of which is supplied by the engines. However, the eagle-eyed among you will notice a big problem here — jet engines produce mechanical energy, not electrical, and something is needed to convert an engine's output into usable electrical energy.

There are several ways of converting mechanical energy into electrical power, but step aboard any modern jet, and it's going to be a generator that lets you watch the in-flight movie. While alternators are still used in smaller piston-engined aircraft, and the car in your driveway, the electrical demands of a modern jet are a different beast altogether.

Going back to the Boeing 787 and its 57 miles of wiring, the wiring schematic of this plane includes six generators, which supply power to 17 electrical substations. Modern aviation alternators are efficient, reliable, and lightweight. This begs the question, if alternators are so good, why don't jets use them? The short answer is scale. Electrically speaking, modern jets are ravenous machines — avionics, engines, climate control systems, and flight controls are all needed to keep the plane in the air and the passengers and crew comfortable. This requires far more power than a compact alternator can supply.

jelizondo writes:

CNN published a very interesting article:

German psychologist Wolfgang Köhler set up a famous experiment more than 100 years ago that changed how scientists understand animal intelligence and the power of insight — or spontaneous problem-solving.

Köhler made what he described as a playground for a group of chimpanzees with a banana hanging out of reach and various items — boxes, poles and sticks — lying around. The strewn objects offered opportunities for the animals to explore, and the food presented a challenge for them to unlock. After fruitlessly trying to snatch the banana, the chimps quickly started rearranging the items. The apes eventually stacked the boxes and easily grabbed the reward.

The experiment demonstrated that chimps were capable of insight. While most animals can do basic problem-solving, insight is a step up because it's an understanding of cause and effect that does not rely on trial and error, copying others, or previous knowledge. Scientists have observed this cognitive ability in only a handful of species: great apes, elephants and some birds. There is an ongoing scientific debate over whether even more species — invertebrates such as octopuses and certain spiders — should also join the ranks of the spontaneous problem solvers.

Now, a study published Thursday in the journal Science suggests that bumblebees possess insight. In a lab experiment, the insects were able to roll a plastic foam ball underneath an artificial blue flower, climb over the ball and use it to reach the flower, obtaining a sugary reward. "We showed for the first time that bumblebees can solve a completely novel object-manipulation task, spontaneously and without being trained to do so, or without any trial and error," said lead author Akshaye Bhambore, a doctoral researcher at the University of Oulu in Finland.

Bumblebees can use socially learned behaviors and logical reasoning to solve puzzles, previous studies have shown. In the new experiment, however, the researchers exposed the insects to the separate elements of the task but never trained them on the solution itself.

This result suggests that a tiny insect brain can support surprisingly flexible behavior, according to James Nieh, a professor in the department of ecology, behavior and evolution at the University of California San Diego, who was not involved with the study. "Bees do not normally move objects around to make platforms, so this is not a natural bumble bee behavior," he wrote in an email. "But the experiment shows that they can remember a hidden goal location and manipulate an object in relation to that goal."

This exciting new study shows that insects can learn and change their behavior in ways scientists are only just starting to understand, Natalie Hempel de Ibarra, an associate professor of neuroethology at the University of Exeter in England, said in an email. Hempel de Ibarra was not part of the research. This flexibility could shape how bees and other pollinators interact with flowers, helping them cope with challenges as environments and landscapes change, she added.

Journal Reference: Akshaye A. Bhambore et al., Spontaneous problem-solving in bumble bees, Science, 4 Jun 2026, Vol 392, Issue 6802, pp. 1046-1049 DOI: 10.1126/science.ady1618

Original Submission

Arthur T Knackerbracket writes:

China's support is greater relative to semiconductor industry revenue:

A report from the Organization for Economic Co-operation and Development (OECD) has found that semiconductor firms based in the United States received more government support than those based in any other region.

However, support for China's chip industry was larger relative to the revenue generated by Chinese semiconductor firms, reaching close to 10 percent of sales in the early 2020s.

The OECD - a forum for members espousing the market economy and democracy - said the global semiconductor market was worth $631 billion in 2024. It expected continued growth on the back of investment in datacenters, artificial intelligence, and autonomous driving. Its measure of the market includes chip design, manufacturing, testing and packaging, but not manufacturing equipment such as photolithography machines.

Firms based in the United States and Asia (eg Japan, Korea, and Taiwan) have long been the key players in the semiconductor sector, with Asia's role growing in importance as part of the supply chain was relocated there. Asia has, over the last two decades, become a global center for chip manufacturing and trade, although the United States maintains an important role in high-value segments of the supply chain, including in chip design. The sample of firms covered by the OECD MAGIC database thus includes a relatively large number of firms based in Asia and the United States, as well as large actors based in Europe, which largely serve the automotive industry. The sample is estimated to cover between 64 percent and 83 percent of global sales, depending on the year and how the sector's scope is defined.

"In absolute terms, firms based in the United States were the largest beneficiaries of government support, which notably includes the support these firms received in other jurisdictions in which they operate (eg in Asia), as well as the introduction of new subsidy programs in the United States. Subsidies to firms based in the OECD Asia-Pacific region also expanded steadily throughout the period for similar reasons. While subsidies to semiconductor manufacturers based in China have been modest in absolute terms, they represented a significant amount relative to their sales, reaching close to 10 percent of revenue in the early 2020s," the report said.

Arthur T Knackerbracket writes:

Alan Turing proposed a test for machine intelligence: could a computer convince a human it was human? We have begun conducting the same test on ourselves:

Typos are a sign of a human writer… for now

Recently, a friend told me over coffee about some disheartening feedback she had received. “They said it was good,” she said, “but that it read like it was written by AI.” Knowing her, I understood immediately what had happened. Her credibility was being questioned not because her work was poor, but because it was too good – too clear, too fluent, too polished.

The rapid acceleration of artificial intelligence tools is changing how we think about good writing. In the digital age, it is increasingly important to signal that an actual person – not a faceless large language model – is behind the words. One paradoxical way of doing this is, surprisingly, to damage the quality of your own writing.

Alan Turing even made such a suggestion in the 1950s: sprinkle in a few deliberate typographical errors to appear more convincingly human. The irony, of course, is that Turing was addressing that advice to machines.

My friend’s experience isn’t an isolated one. Writing well, once a mark of skill, has become, for a growing number of readers, reviewers and hiring managers, a source of moral suspicion. The skills we once used to signal intelligence and effort – clarity, precision, a well-turned sentence – are starting to lose their meaning.

The problem lies in our inability to easily detect AI-written content, making false positives (that is, wrongly accusing someone of using AI tools) a serious concern. Studies have shown that neither humans nor AIs can reliably distinguish between human- and machine-generated writing. When human- and AI-generated writing is intermixed, performance becomes even worse. As a result, many universities that had been using plagiarism-detection tools for AI detection have stopped due to concerns about their reliability.

Arthur T Knackerbracket writes:

But NASA's Jared Isaacman believes the launchpad, which exploded on May 28, may not be fixed until 2028:

Blue Origin may or may not have to sit out the most immediate moon-bound missions for NASA — it depends on who you ask. The agency's administrator, Jared Isaacman, told CNBC that it will "take some serious time" for Blue Origin to restore its New Glenn launchpad, which exploded on May 28, and that a 2028 timeframe is "within the realm" of possibility. However, Blue Origin's CEO believes his company can repair it much, much sooner. "We will fly again before the end of this year. Gradatim Ferociter," Dave Limp wrote on X.

If you'll recall, Blue Origin's Cape Canaveral launchpad exploded with the heavy-lift rocket while the company was conducting a hotfire test to prepare New Glenn for its fourth mission. Isaacman toured the facility, known as Launch Complex 36, on May 29 to see the damage firsthand and to talk to the team. The company had only just started testing the rocket after it was grounded by the Federal Aviation Administration (FAA), following its third mission wherein it failed to put its payload into orbit. It was given permission to launch New Glenn again after closing an investigation that found a "cryogenic leak" to be the cause of the incident.

It's still unclear what caused the explosion on May 28. Limp made the claim that New Glenn will fly again before the end of this year after Blue Origin regained access to the launchpad and was able to start its investigation. He said that the rocket's fuel tanks were in good shape and that the "support tower is damaged, but it can be repaired in place rather than torn down and replaced."

It's definitely in Blue Origin's best interests to get Launch Complex 36 repaired soon. The company is one of NASA's main launch providers for the Artemis and Moon Base programs, with New Glenn being instrumental in achieving the agency's goals. NASA even chose Blue Origin for the Moon Base I mission that's launching this fall. In addition, its fellow Jeff Bezos-owned company Amazon is depending on Blue Origin to launch Leo satellites for the broadband service that it was planning to launch later this year. New Glenn's fourth mission was supposed to carry 48 Leo satellites to orbit.

The company is developing another launchpad inside the Vandenberg Space Force Base in California, but it's far from ready. It just recently negotiated a lease for Space Launch Complex (SLC)-14 with the US government. However, it will take around two years to prepare the facility for launch, which means the Vandenberg launchpad will not be ready until 2028, as well.

Original Submission

Arthur T Knackerbracket writes:

Here's why Anthropic and OpenAI are on board with Illinois safety testing:

A few days after President Donald Trump abruptly canceled a plan that would have given the federal government power to vet frontier AI models over fears that it might hobble innovation, Illinois lawmakers passed the nation's strongest AI safety law.

On Wednesday, the Illinois legislature passed SB 315. If Illinois Governor J.B. Pritzker signs the bill into law, the largest AI firms would be required to submit public safety plans and annual reports summarizing the results of independent, third-party safety testing of their frontier models. They would also have to report any critical safety incidents to the state within 72 hours—or within 24 hours if there's potentially "an imminent risk of death or serious physical harm." And their employees will have a clear avenue for reporting emerging safety risks that companies may be tempted to downplay, with protections provided by the state's whistleblower laws.

On X, Pritzker confirmed his intent to sign, proclaiming that "Illinois is leading the nation in holding Big Tech accountable."

"I look forward to signing SB 315 and working with the legislature so that AI, when used, is used responsibly," Pritzker said.

Both OpenAI and Anthropic, whose models would be vetted by the state, supported SB 315.

OpenAI's chief of global affairs Chris Lehane told Wired that the AI firm is pushing to pass similar laws in other states in what seems like a move to avoid having to comply with a patchwork of starkly different state laws.

Anthropic's head of state and local government relations, Cesar Fernandez, told NBC News that the law's requirements mirror safety testing protocols that leading AI firms are already voluntarily doing. However, he described the landmark law as important for establishing a "baseline that every leading AI developer is expected to meet."

Reading between the lines, the companies' support suggests that the big AI firms may benefit from requirements that they can easily meet but might pose a greater challenge to smaller AI firms.

Arthur T Knackerbracket writes:

https://arstechnica.com/security/2026/06/dozens-of-red-hat-packages-backdoored-through-its-offical-npm-channel/

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It's the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that's reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

It's unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

The packages execute an obfuscated payload that can run during the npm install process, which occurs before a developer imports or actually uses the package in a production environment. Security firm Socket said an analysis of the malware revealed that it's designed to collect sensitive credentials, including GitHub action secrets, npm tokens, Kubernetes and Vault material, and credentials for other cloud services. The worm then spreads by republishing backdoored packages to third-party accounts the infected device has access to. Most, but not all, of the packages had been taken down in the hours following the incident.

"Organizations should treat any system that installed one of the affected @redhat-cloud-services package versions as potentially compromised," Socket researchers wrote. "The payload executes during npm install, before application code imports or uses the package, so exposure depends on installation or CI execution, not runtime use."

Once a system is infected, it encrypts the credentials and sends them through a web request. A fallback mechanism allows the malware to publish the encrypted data into a compromised GitHub repository, assuming it has possession of the credentials for it.

The worm, dubbed Shai-Hulud, has all the hallmarks of malware released last month as freely available open source. TeamPCP was the first group to use Shai-Hulud, and it promoted a competition that promised a $1,000 payment to the hacker who carried out the biggest supply-chain attack using the malware. TeamPCP has also been behind a rash of previous supply-chain attacks. Now that the worm is in the hands of many other threat groups, supply-chain attacks may ramp up further.

The malware devotes considerable attention to CI/CD (continuous integration/continuous delivery) systems, which allow for faster and more reliable software releases by automating the building, testing, and deploying of code changes. The malware spread in Monday's attack was published through GitHub Actions OIDC (OpenID Connect), indicating that Red Hat's CI/CD pipeline was compromised. OIDC is a security measure designed to interact with cloud services through the use of temporary credentials.

Once installed, the malware targets other organizations' CI/CD credentials. The compromise of Red Hat's GitHub Actions OIDC was very possibly the result of a previous supply-chain attack that infected an employee's machine.

Arthur T Knackerbracket writes:

https://www.theregister.com/on-prem/2026/06/01/ohio-hits-pause-on-datacenter-tax-breaks-draining-its-coffers/5249137

The US state of Ohio has suspended tax breaks for datacenters, amid claims that the policy cost the state more than $1.5 billion in revenue during in 2025 alone.

Ohio's Republican Governor Mike DeWine declared a pause in the state's server farm subsidy, directing its Tax Credit Authority to stop considering new datacenter sales tax exemption requests while officials review the industry's costs and impacts.

According to the Associated Press, the amount of money involved in Ohio's tax break has ballooned, hugely exceeding earlier estimates, while opposition to the building of giant bit barns has also grown, as in other areas of the US that have become datacenter hotspots.

Nonprofit research org Good Jobs First puts the cost of the sales tax exemption to the state at more than $1.5 billion in 2025, about 11 times the state's $136 million forecast. It cites figures from news network Signal Ohio, which found the figure had inflated from $555 million in lost revenue the previous year, which was itself four times more than the state government had forecast.

However, the pause is only on the approval of new tax exemptions – those projects in operation that have already had their tax breaks rubber-stamped will continue to feel the benefit.

The sales tax exemption granted by Ohio is understood to be generous, covering not only building supplies for construction of the data halls, but also the server racks, cooling facilities, and other infrastructure to fill them.

According to Good Jobs First, the revelation means Ohio joins the small club of US states now losing more than $1 billion annually on tax breaks for cloud-hosting campuses. The other three are Virginia – the "datacenter capital of the world" – Texas, and Georgia, where subsidies are projected to cost $2.5 billion this year.

The organization has been agitating for greater transparency in the concessions afforded to datacenter operators for some time, claiming that in many cases, schemes which were supposed to attract investment and create jobs were resulting in taxpayers helping some of the richest corporations on the planet buy servers, equipment, and power infrastructure.

Last November, it published a list of 36 states that exempt building materials and IT equipment for datacenters from sales and use taxes, yet only 5 states disclose estimated or actual total costs of those exemptions.

In April, it upped the ante by claiming that many US states and local authorities are violating generally accepted accounting principles (GAAP) by failing to disclose revenue lost to bit barn tax subsidy schemes.

One of those it pointed the finger at is Indiana, but the state has since come clean and confirmed the tax exemptions cost it $655 million annually. Most of that - $561 million - is going to Amazon

Back in Ohio, a campaign has started to get a constitutional ban on datacenters that consume more than 25 MW of power. The group behind it, Ohio Residents for Responsible Development, claims to have gathered 25,000 signatures in five weeks.

According to reports, communities in other parts of the US, including Nevada, California, and Maryland are planning to hold ballots on some form of datacenter ban in their areas as well.

Original Submission

"c0lo" writes:

The Newest Instagram "Exploit" is the Goofiest I've Seen:

Yesterday, a slew of Instagram accounts, including some high profile ones like the Obama White House account, seemingly got hacked.

Look, I'm no spring chicken. I've spent almost a decade and a half identifying vulnerabilities and exploits at unicorn scale, but this is hands down the most unserious, "almost too stupid to be true" of them all.

• Step 01: Faking the Location & Initiating Support
  All the attacker needs to kick this off is your account username. Then, they hop on a VPN or proxy close to your city so Instagram's security algorithms don't suspect a thing. (You can quite easily get this from your public profile or "About" section or a hundred other ways.) Once it looks like the request is coming from the correct region, they tell the Meta support AI that the account is hacked and ask it to send the verification codes to an arbitrary email address they control.

• Step 02: That's It
  Really, that's it. The first proper zero auth password reset I've seen in production. There appears to be no additional check as to whether the email being given is actually something the user has used before. Once the AI sends the security code to the attacker's email, the attacker passes it right back to complete the verification. The platform hands over a fresh password reset link, granting full ownership to the attacker.

Instagram's AI may or may not ask the attacker for a video selfie to prove identity. It's not particularly discerning at the moment, so something as simple as an AI animated public photo from the target's feed has been widely reported to work.

In case you're wondering, because the system treats this high-privilege recovery flow as a total account reset by the "true" owner, the original 2FA gets thoroughly bypassed in the process.

Existing sessions are revoked and the password changed with no email, text, or push notification. The actual owner can't initiate recovery because the email and phone numbers now map to the attacker. There's no human to escalate to, it's just you arguing with a chat hoping to take control back while praying they don't do it again.

And if you're part of the A/B tested accounts on which the AI support option is active, tough luck, you can't even turn it off.

Multiple black market Telegram groups have sprung up offering "account takeover" services at steep rates and quick turnaround times. Considering short handles are worth hundreds of thousands to even millions of dollars, it's not a surprise, really.

Accounts have been flipped, like hey , or been used for propaganda, like obamawhitehouse or ocmssf , the account of the Chief Master Sergeant of the U.S. Space Force.

All the Telegram groups have quieted down as Meta seems to have patched it already, but it appears this particular method was active for weeks, if not months.

The very fact that a $1.5 trillion company lacks robust guard rails and their support AI will just change anyone's linked email if you ask it nicely enough is so terrifying, if it weren't so funny.

If you've reached this far, thank you for reading! :)

I thought multiple exits and retiring in my mid 30s would be fun but I've just been bored and depressed without morning Slacks and emails to wake up to. If you're building something interesting and could use an extra set of hands to ship, or just want to say hi, feel free to reach out . My inbox is open.

Original Submission

AnonTechie writes:

'Bots have now passed human traffic online,' Cloudflare boss laments — says agentic traffic wasn't expected to eclipse real people until next year. Bot (automated) vs. human HTTP requests are split 57.5 vs. 42.5 percent, according to the firm's latest data.

The rapid increase in agentic internet traffic means "bots have now passed human traffic online for the first time in the Internet's history," according to the CEO and co-founder of Cloudflare, Matthew Prince. "Welp, that happened faster than I predicted," Prince awkwardly admitted, making his previous expectations of the crossover happening sometime in 2027 seem way off the mark.

Before going on, it's important to differentiate this new surge in internet traffic from the traditional bots most will be aware of, things like website crawlers, search indexers, and bad stuff like fraud or abuse bots. It is different now, as Cloudflare is charting agents that browse the web much like humans on behalf of humans, and it is already at a massive scale.

[...] We were also interested in looking at Cloudflare's breakdown of human/bot traffic by country. The most bot-ridden traffic comes from the tiny island of Gibraltar (92.1%), followed by Singapore (76.4%), then Iran (76.4%). While some of these places have a lot of data centers and hosting infrastructure compared to population size, Iran's high bot count may rather come from the heavy use of VPNs with automated scraping and bypass tools. Cloudflare has also previously flagged Iran as a hotspot for malicious bot activity.

[Source]: Tom's Hardware

Original Submission

Arthur T Knackerbracket writes:

Lawmakers push DoD to tighten smartphone controls after adversaries exploited commercial tracking data:

Getting the location of troops at war might be as easy as buying the data from a legitimate business. America's foreign adversaries have exploited commercial geolocation data tied to US troops, the Pentagon admits, using it to target or surveil US personnel in the Middle East. Despite that, the Defense Department hasn't exactly moved fast to secure the information, elected officials say.

Senator Ron Wyden (D-OR), Representative Pat Harrigan (R-NC), and a dozen other Congress critters sent a letter to DoD CIO Kirsten Davies on Thursday, demanding a change in smartphone security posture among US military branches. Included in the letter is what lawmakers describe as the first public confirmation that commercial location data has been used to target or surveil American troops in active war zones. The information was shared with Wyden's office in April.

The reason for the delay in publishing the information, Wyden's team told The Register, was due to "markings that restricted public release," which Wyden reportedly pushed back on, leading to Thursday's letter and the attached responses [PDF] from the DoD confirming info purchased from commercial data brokers was used to target troops.

"USCENTCOM [US Central Command] has received multiple threat reports concerning adversary exploitation of commercial location data to target or surveil US personnel in theater," the DoD's responses from April indicate. 

As for how exactly data brokers got access to the data that allowed adversaries to locate troops and their movements, they got it from the same sources as anyone else buying data from a commercial broker: Smartphone advertising profiles. 

According to the DoD responses included in Wyden's letter, not only are US military personnel allowed to use personal devices within operational areas, there's no actual policy that requires servicemembers to turn off geolocation capabilities on their devices when located in active war zones. 

"USCENTCOM's geolocation risk guidance directs personnel to disable geolocation functionality when not needed; periodically review device and application privacy settings; and limit public sharing of information," the DoD said last month, while simultaneously admitting that such guidance doesn't always fully disable geolocation on smartphones. 

In addition to personally-owned devices, the DoD's own issued smartphones don't disable advertising profiles, either. 

[...] It's not like there haven't been plenty of examples of sloppy location data management compromising military operations, either. Data culled from workout tracking app Strava has been used to identify the workout routes of US military personnel jogging on base - and reveal the location of French President Emmanuel Macron thanks to his bodyguards' sloppy security practices - and social media has also been flagged as an OPSEC disaster waiting to happen. 

Despite all those examples and briefings going back a decade, the problem has continued right up to the latest operations in Iran. 

"That foreign adversaries are still able to buy location data collected from the phones of U.S. personnel serving in military hotspots is a direct result of DoD leadership's failure to prioritize this threat and implement commonsense cyber defenses," the letter charges. Whether anything will be done about it remains to be seen.

Original Submission

An Anonymous Coward writes:

https://techcrunch.com/2026/05/26/duckduckgo-installs-are-up-30-as-users-reject-being-force-fed-googles-ai-search/:

Last week, after Google announced its huge overhaul to Search, I overheard a woman on the phone saying she was switching to DuckDuckGo because you can "opt out of using AI."

"Google just isn't Google anymore," she said. It seems that others had the same idea.

At I/O, Google's annual developer conference, the company said it would transform its search box into a conversational engine that expands for longer queries, anticipates user intent, and autocompletes searches. Rather than just returning a list of links, it will use AI Overviews to answer questions directly first. Google also unveiled a more seamless AI Mode, allowing users to ask follow-up questions within AI Overviews.

While a Google spokesperson noted that AI Overviews have existed for two years and AI Mode is not the default, the backlash has been sharp.

Some have argued it will kill the open web, while others shared concerns that AI overviews surface inaccurate responses and take away control from users who might not want to use AI. It also overcomplicates simple things. Just try to Google the word "disregard."

In response to Google's changes, many have begun defecting to DuckDuckGo, a privacy-focused alternative that has never been able to break past Google's dominance, accounting for only around 2% of the U.S. search market.

During Google's search antitrust trial in 2023, DuckDuckGo CEO Gabriel Weinberg testified that Google's exclusive default search contracts harmed its ability to pitch itself as the default on other browsers.

"Google is force-feeding AI with no way to opt out," Weinberg said Tuesday in a statement, referring to Google's Search overhaul. "As a result, their results are getting worse, not better. We want to be the place that puts users in charge and allows them to decide how much or how little AI they want."

Now, it seems that DuckDuckGo is beginning to benefit as consumers flee AI.

[...] DuckDuckGo offers its own AI product called Duck.ai. It's free and doesn't require users to make an account, but provides access to models, including Anthropic's Claude 4.5 Haiku, Meta's Llama 4 Scout, Mistral's Small 3 24B, and OpenAI's GPT-5 mini. All chats are private because DuckDuckGo strips the user's IP address before requests reach model providers, deletes conversations within 30 days, and prevents chats from being used for training.

Related: Google Search is Becoming Something Fundamentally Different

Original Submission