mjfisher.net

Latest News

Last updated 01 May, 02:29 AM

BBC News

UK terrorism threat level raised to severe after Golders Green attack - The UK was last raised to the second-highest level in November 2021 after an attempted bombing and the murder of an MP.

'I held down Golders Green suspect' says volunteer who grabbed ankle - "If eyes could kill, I'd be dead," he tells the BBC when recounting the moment he saw the suspect.

New footage shows how Trump dinner gunman charged through security in four seconds - The CCTV shows an officer draw a firearm and open fire as the suspect sprints past.

UK should not keep changing prime ministers, warns John Major - The former Tory PM tells the BBC political leaders are letting young people down by failing tackle long-term problems.

Fertiliser boss says Iran war puts 10 billion meals a week at risk - A shortage of fertiliser due to the Iran conflict could reduce crop yields and push prices higher, says the boss of Yara.

The Register

ICANN opens applications for new generic top-level domains for the first time since 2012 - $227k gets you a hearing for your dot.vanity project, or strings in one of 27 scripts The Internet Corporation for Assigned Names and Numbers (ICANN) on Thursday kicked off a new application process for generic top-level domains (gTLDs), its first since 2012.…

The never-ending supply chain attacks worm into SAP npm packages, other dev tools - Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…

Govern your bots carefully or chaos could ensue - Stop the sprawl! With the average Global Fortune 500 enterprise expected to run more than 150,000 AI agents by 2028, up from fewer than 15 today, there’s plenty of room for chaos. Analyst firm Gartner says that, without proper governance, those agents will multiply and run amok.…

Firefox maker torches Google for building Prompt API into browser - Mozilla fears wiring an AI API into Chrome will make the web less open Updated Mozilla has reiterated its opposition to Google's decision to build AI plumbing into its Chrome browser, though rather belatedly now that the technology, known as the Prompt API, is already being tested in Chrome and Microsoft Edge.…

Bot her emails: most modern phishing campaigns are AI-enabled - KnowBe4 says 86% of phishing it tracked used AI, and inboxes are only the start Give a man a phishing kit and he might get lucky a couple of times; teach an AI to phish and it'll change the landscape, if KnowBe4's latest phishing trends report is accurate.…

New Scientist - Home

'Green' cryptocurrency uses 18 times more energy than makers claim - A cryptocurrency that aims to avoid the disastrous energy consumption of bitcoin is actually using 18 times more energy than its makers claim – but it promises improvements are on the way

Your oral microbiome could affect your weight, liver and diabetes risk - An ambitious study has explored how the oral microbiome may affect our metabolic health, raising hopes that conditions like pre-diabetes could one day be screened for via a simple mouth swab

We have figured out a new way to send messages into the past - A technique inspired by the film Interstellar suggests a new way of communicating backwards in time, but it could help improve conventional communication systems as well

Human heads have changed shape a lot in the past 100 years - Since the early 20th century, people’s skulls have got rounder and their jaws have got wider, probably because of changes in health, diet and environment

Doubts cast over 'wild' claim that magnetic control can turn on genes - Researchers in South Korea say they have made a major advance by turning on genes with an electromagnetic signal, but critics say the claims are implausible and the paper is flawed

Hacker News

How Mark Klein told the EFF about Room 641A [book excerpt] - Comments

OpenWarp - Comments

Opus 4.7 knows the real Kelsey - Comments

For Linux kernel vulnerabilities, there is no heads-up to distributions - Comments

Can I disable all data collection from my vehicle? - Comments

Slashdot

US Senators Ban Themselves From Prediction Markets Trading - The U.S. Senate unanimously passed a rule banning senators from trading on prediction markets effective immediately. CNBC reports: The move came amid rising concern about insider trading on prediction market platforms such as Kalshi and Polymarket, and about event contracts that can involve death or violence. On April 22, Kalshi said it had suspended and fined one U.S. Senate candidate and two candidates for the House of Representatives for political insider trading on their own campaigns. Earlier on Thursday, a group of Democratic members of Congress called on the Commodity Futures Trading Commission to issue a rule "that prevents insider trading and corruption in the market and prohibits event contracts on the outcome of elections, war and military actions in the U.S. or abroad, sports, and government actions without a valid economic hedging interest." Kalshi and Polymarket both praised the Senate's action. "I applaud the Senate for passing this resolution to ban Senators and their offices from trading on prediction markets," Kalshi CEO Tarek Mansour wrote in a post on X. "Kalshi already proactively blocks members of congress and enforces against insider trading. This is a great step to increase trust in our markets by making it an industry standard," Mansour said. "Now, let's pass this in the House!" Polymarket, in its own post on X, said, "We're in full support of this. Our Rulebook & Terms of Service already prohibit such conduct, but codifying this into law is a step forward for the industry. Happy to help move this forward however we can." Read more of this story at Slashdot.

New Linux 'Copy Fail' Vulnerability Enables Root Access On Major Distros - A newly disclosed Linux kernel flaw dubbed "Copy Fail" can let a local, unprivileged attacker gain root access on major Linux distributions, with researchers claiming the bug affects kernels shipped since 2017. "The POC exploit works out of the box today, but a future version that can escape from containers like Docker is promised soon," writes Slashdot reader tylerni7. "Technical details are available here." Slashdot reader BrianFagioli shares a report from NERDS.xyz: A newly disclosed Linux kernel vulnerability called Copy Fail (CVE-2026-31431) allows an unprivileged user to gain root access using a tiny 732-byte script, and it works with unsettling consistency across major distributions. Unlike older exploits that relied on race conditions or fragile timing, this one is a straight-line logic flaw in the kernel's crypto subsystem. It abuses AF_ALG sockets and splice to overwrite a few bytes in the page cache of a target file, such as /usr/bin/su. Because the kernel executes from the page cache, not directly from disk, the attacker can inject code into a setuid binary in memory and immediately escalate privileges. What makes this especially concerning is how quiet it is. The file on disk remains unchanged, so standard integrity checks see nothing wrong, while the in-memory version has already been tampered with. The same primitive can also cross container boundaries since the page cache is shared, raising the stakes for multi-tenant environments and Kubernetes nodes. The underlying issue traces back to an in-place optimization added years ago, now being rolled back as part of the fix. Until patched kernels are widely deployed, this is one of those bugs that feels less like a theoretical risk and more like a practical, reliable path to full system compromise. Read more of this story at Slashdot.

In Real-World Test, an AI Model Did Better Than ER Doctors At Diagnosing Patients - A new study from Harvard Medical School and Beth Israel Deaconess found that an OpenAI reasoning model outperformed experienced ER doctors at diagnosing and managing patient cases using messy, real-world emergency department records. Researchers say the results don't support replacing doctors, but they do suggest AI could meaningfully reshape clinical workflows if tested carefully in prospective trials. NPR reports: The researchers ran a series of experiments on the AI model to test its clinical acumen -- including actual cases like the lupus patient who'd been previously treated at the emergency department at Beth Israel in Boston. The team graded how well the AI model could provide an accurate diagnosis at three moments in time, from the triage stage in the ER, up to being admitted into the hospital. Overall, AI outperformed two experienced physicians -- and did so with only the electronic health records and the limited information that had been available to the physicians at the time. "This is the big conclusion for me -- it works with the messy real-world data of the emergency department, " said Dr. Adam Rodman, a clinical researcher at Beth Israel and one of the study authors. "It works for making diagnoses in the real world." Other parts of the study focused on case reports published in the New England Journal of Medicine and clinical vignettes to suss out whether the AI model could meet well-established "benchmarks" and game out thorny diagnostic questions. "The model outperformed our very large physician baseline," said Raj Manrai, assistant professor of Biomedical Informatics at Harvard Medical School who was also part of the study. The authors emphasize the AI relied on text alone, while in real life, clinicians need to attend to many other inputs like images, sounds and nonverbal cues when diagnosing and treating a patient. The findings have been published Thursday in the journal Science. Read more of this story at Slashdot.

French Prosecutors Link 15-Year-Old To Mega-Breach At State's Secure Document Agency - French prosecutors say police detained a 15-year-old suspected of using the alias "breach3d" in connection with a cyberattack on France Titres (ANTS), the state agency that handles passports, ID cards, and other secure documents. The breach allegedly involved 12 million to 18 million lines of data offered for sale online, potentially affecting up to a third of France's population if the records are unique. The Register reports: It formally opened (PDF) a judicial investigation on April 29, covering alleged fraudulent access to a state-run automated data processing system and the extraction of data from it. Each offense carries a potential prison sentence of seven years and a maximum ~$350,000 fine. Public Prosecutor Laure Beccuau has requested that the minor, whose pronouns, like their name, were also not specified, be formally charged and placed under judicial supervision. [...] France's approach to punishing minors via its legal system is typically geared toward re-education and rehabilitation rather than prison time. While those aged between 13 and 16 can face time in juvenile detention, it is often used as a last resort measure. The maximum sentences and fines for the charges the 15-year-old in this case faces are upper limits imposed on adult offenders, and would likely be lowered substantially in cases involving a minor, like this one. Read more of this story at Slashdot.

World's Largest Digital Human Rights Conference Suddenly 'Postponed' - RightsCon, one of the world's largest digital human rights conferences, was suddenly postponed by Zambia's government just days before it was scheduled to begin in Lusaka. Officials cited unresolved speaker clearances and "thematic issues," while Access Now said it had not yet received formal communication and was seeking an urgent meeting with the government. 404 Media reports: Minister of Technology and Science Felix Mutati first announced the postponement on April 28, saying that Zambia needed more time to ensure the conference "fully [aligns] with national procedures, diplomatic protocols, and the broader objective of fostering a balanced and consensus-driven platform for dialogue." "In particular, certain invited speakers and participants remain subject to pending administrative and security clearances, which have not yet been concluded," he added, according to the Lusaka Times. [...] On a popular listserv for academics, many of whom are attending RightsCon, a board member of Access Now wrote "I am told I can leak that RightsCon has been canceled. Message from [Access Now] following shortly" in a thread about what attendees were planning on doing. And in an email, AccessNow wrote: "It is with heavy hearts that we share: RightsCon will not proceed in Zambia or online. We understand this news is deeply upsetting for our community and while we know everyone has questions, our goal right now is to notify you of the event's status because many of you have imminent travel plans. We do not recommend registered participants travel to Lusaka for RightsCon. Over the last 48 hours we have experienced an overwhelming surge of support from civil society, government representatives, sponsors, and our community as a whole. For this, we wholeheartedly thank you. We'll communicate more information soon." Read more of this story at Slashdot.