fidzu : geek

Federal prosecutors have revealed that Peter Williams, the former general manager of U.S. defense contractor L3Harris's hacking tools division Trenchant, sold eight stolen software exploits to a Russian broker whose customers -- including the Russian government -- could have used them to access "millions of computers and devices around the world." Williams, a 39-year-old Australian national, pleaded guilty in October and admitted to earning more than $1.3 million in cryptocurrency from the sales between 2022 and 2025. In a sentencing memorandum filed Tuesday ahead of his anticipated February 24 sentencing in a Washington, D.C., federal court, the Justice Department asked the judge for nine years in prison, $35 million in restitution, and a maximum fine of $250,000. Prosecutors described the unnamed Russian buyer -- believed to be Operation Zero, which publicly claims to sell only to the Russian government -- as "one of the world's most nefarious exploit brokers." Williams chose it because, by his own admission, "he knew they paid the most." He also oversaw the wrongful firing of a subordinate who was blamed for the theft.

Read more of this story at Slashdot.

12 Feb 2026 9:00am GMT

Apple's long-promised overhaul of Siri has hit fresh problems during internal testing, forcing the company to push several key features out of the iOS 26.4 update that was slated for March and spread them across later releases, Bloomberg is reporting. The new Siri -- first announced at WWDC in June 2024 and originally due by early 2025 -- struggles to reliably process queries, takes too long to respond and sometimes falls back on OpenAI's ChatGPT instead of Apple's own technology, the report said. Apple has instructed engineers to begin testing new Siri capabilities on iOS 26.5 instead, due in May, and internal builds of that update include a settings toggle labeled "preview" for the personal data features. A more ambitious chatbot-style Siri code-named Campo, powered by Google servers and a custom Gemini model, is in development for iOS 27 in September.

Read more of this story at Slashdot.

12 Feb 2026 6:00am GMT

An anonymous reader shares a report: An Anthropic safety researcher quit, saying the "world is in peril" in part over AI advances. Mrinank Sharma said the safety team "constantly [faces] pressures to set aside what matters most," citing concerns about bioterrorism and other risks. Anthropic was founded with the explicit goal of creating safe AI; its CEO Dario Amodei said at Davos that AI progress is going too fast and called for regulation to force industry leaders to slow down. Other AI safety researchers have left leading firms, citing concerns about catastrophic risks.

Read more of this story at Slashdot.

12 Feb 2026 3:44am GMT

SpaceX's crew missions will now launch from Cape Canaveral Space Force Station.

12 Feb 2026 2:23am GMT

The administration's "reasoning" for doing so has little connection to reality.

12 Feb 2026 12:02am GMT

"I want to be very, very clear that this should've never happened."

11 Feb 2026 11:50pm GMT

With the original release of Windows 8, Microsoft also enforced Secure Boot. It's been 15 years since that release, and that means the original 2011 Secure Boot certificates are about to expire. If these certificates are not replaced with new ones, Secure Boot will cease to function - your machine will still boot and operate, but the benefits of Secure Boot are mostly gone, and as newer vulnerabilities are discovered, systems without updated Secure Boot certificates will be increasingly exposed. Microsoft has already been rolling out new certificates through Windows updates, but only for users of supported versions of Windows, which means Windows 11. If you're using Windows 10, without the Extended Security Updates, you won't be getting the new certificates through Windows Update. Even if you use Windows 11, you may need a UEFI update from your laptop or motherboard OEM, assuming they still support your device. For Linux users using Secure Boot, you're probably covered by fwupd, which will update the certificates as part of your system's update program, like KDE's Discover. Of course, you can also use fwupd manually in the terminal, if you'd like. For everyone else not using Secure Boot, none of this will matter and you're going to be just fine. I honestly doubt there will be much fallout from this updating process, but there's always bound to be a few people who fall between the cracks. All we can do is hope whomever is responsible for Secure Boot at Microsoft hasn't started slopcoding yet.

11 Feb 2026 9:45pm GMT

What happens when you slopcode a bunch of bloat to your basic text editor? Well, you add a remote code execution vulnerability to notepad.exe. Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network. An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files. ↫ CVE-2026-20841 I don't know how many more obvious examples one needs to understand that Microsoft simply does not care, in any way, shape, or form, about Windows. A lot of people seem very hesitant to accept that with even LinkedIn generating more revenue for Microsoft than Windows, the writing is on the wall. Anyway, the fix has been released through the Microsoft Store.

11 Feb 2026 9:15pm GMT

If you're a developer and use KDE, you're going to be interested in a new feature KDE is working on for KDE Linux. In my last post, I laid out the vision for Kapsule-a container-based extensibility layer for KDE Linux built on top of Incus. The pitch was simple: give users real, persistent development environments without compromising the immutable base system. At the time, it was a functional proof of concept living in my personal namespace. Well, things have moved fast. ↫ Herp De Derp Not only is Kapsule now available in KDE Linux, it's also properly integrated with Konsole now. This means you can launch Kapsule containers right from the new tab menu in Konsole for even easier access. They're also working on allowing users to easily launch graphical applications from the containers and have them appear in the host desktop environment, and they intend to make the level of integration with the host more configurable so developers can better tailor their containers to their needs.

11 Feb 2026 6:08pm GMT

On Friday, July 18th, 2025, the Arch Linux team was notified that three AUR packages had been uploaded that contained malware. A few maintainers including myself took care of deleting these packages, removing all traces of the malicious code, and protecting against future malicious uploads.

30 Jan 2026 12:00am GMT

While starting this post I realized I have been maintaining personal infrastructure for over a decade! Most of the things I've self-hosted is been for personal uses. Email server, a blog, an IRC server, image hosting, RSS reader and so on. All of these things has all been a bit all over the place and never properly streamlined. Some has been in containers, some has just been flat files with a nginx service in front and some has been a random installed Debian package from somewhere I just forgot.

19 Jan 2026 12:00am GMT

In the recent blog post on the work funded by Sovereign Tech Fund (STF), we provided an overview of the "File Hierarchy for the Verification of OS Artifacts" (VOA) and the voa project as its reference implementation. VOA is a generic framework for verifying any kind of distribution artifacts (i.e. files) using arbitrary signature verification technologies. The voa CLI ⌨️ The voa project offers the voa(1) command line interface (CLI) which makes use of the voa(5) configuration file format for technology backends. It is recommended to read the respective man pages to get …

11 Jan 2026 12:00am GMT