POZNAN, Poland (AP) — A gen­er­a­tion ago, Poland ra­tioned sugar and flour while its cit­i­zens were paid one-tenth what West Germans earned. Today, the econ­omy of the coun­try has edged past Switzerland to be­come the world’s 20th largest with more than $1 tril­lion in an­nual out­put.

It’s a his­toric leap from the post-Com­mu­nist ru­ins of 1989 – 90 to European growth cham­pion, which econ­o­mists say has lessons on how to bring pros­per­ity to or­di­nary peo­ple — and that the Trump ad­min­is­tra­tion says should be rec­og­nized by Poland’s pres­ence at a sum­mit of the Group of 20 lead­ing economies later this year.

The trans­for­ma­tion is re­flected in peo­ple like Joanna Kowalska, an en­gi­neer from Poznan, a city of around 500,000 peo­ple mid­way be­tween Berlin and Warsaw. She re­turned home af­ter five years in the U.S.

“I get asked of­ten if I’m miss­ing some­thing by com­ing back to Poland, and, to be hon­est, I feel it’s the other way around,” Kowalska said. “We are ahead of the United States in so many ar­eas.”

Kowalska works at the Poznan Supercomputing and Networking Center, which is de­vel­op­ing the first ar­ti­fi­cial in­tel­li­gence fac­tory in Poland and in­te­grat­ing it with a quan­tum com­puter, one of 10 on the con­ti­nent fi­nanced by a European Union pro­gram.

3 MIN READ

2 MIN READ

3 MIN READ

Kowalska worked for Microsoft in the U.S. af­ter grad­u­at­ing from the Poznan University of Technology, in a job she saw as a “dream come true.”

Newer sky­scrap­ers flank the com­mu­nist-era Palace of Culture and Science, fore­ground, in n, Poland, May 25, 2018. (AP Photo/Alik Keplicz, File)

But she missed hav­ing a “sense of mis­sion,” she said.

“Especially when it comes to ar­ti­fi­cial in­tel­li­gence, the tech­nol­ogy started de­vel­op­ing so rapidly in Poland,” Kowalska said. “So it was very tempt­ing to come back.”

Breaking out of poverty

The guest in­vi­ta­tion to the G20 sum­mit is mostly sym­bolic. No guest coun­try has been pro­moted to full mem­ber since the orig­i­nal G20 met at the fi­nance min­is­ter level in 1999, and that would take a con­sen­sus de­ci­sion of all the mem­bers. Moreover, the orig­i­nal coun­tries were cho­sen not just by gross do­mes­tic prod­uct rank, but by their “systemic sig­nif­i­cance” in the global econ­omy.

But the ges­ture re­flects a sta­tis­ti­cal truth: In 35 years — a lit­tle less than one per­son’s work­ing life­time — Poland’s per capita GDP rose to $55,340 in 2025, or 85% of the EU av­er­age. That’s up from $6,730 in 1990, or 38% of the EU av­er­age and now roughly equal to Japan’s $52,039, ac­cord­ing to International Monetary Fund fig­ures mea­sured in to­day’s dol­lars and ad­justed for Poland’s lower cost of liv­ing.

Poland’s econ­omy has grown an av­er­age 3.8% a year since join­ing the EU in 2004, eas­ily beat­ing the European av­er­age of 1.8%.

It was­n’t sim­ply one fac­tor that helped Poland break out of the poverty trap, says Marcin Piątkowski of Warsaw’s Kozminski University and au­thor of a book on the coun­try’s eco­nomic rise.

One of the most im­por­tant fac­tors was rapidly build­ing a strong in­sti­tu­tional frame­work for busi­ness, he said. That in­cluded in­de­pen­dent courts, an anti-mo­nop­oly agency to en­sure fair com­pe­ti­tion, and strong reg­u­la­tion to keep trou­bled banks from chok­ing off credit.

As a re­sult, the econ­omy was­n’t hi­jacked by cor­rupt prac­tices and oli­garchs, as hap­pened else­where in the post-Com­mu­nist world.

Poland also ben­e­fited from bil­lions of eu­ros in EU aid, both be­fore and af­ter it joined the bloc in 2004 and gained ac­cess to its huge sin­gle mar­ket.

Above all, there was the broad con­sen­sus, from across the po­lit­i­cal spec­trum, that Poland’s long-term goal was join­ing the EU.

“Poles knew where they were go­ing,” Piątkowski said. “Poland down­loaded the in­sti­tu­tions and the rules of the game, and even some cul­tural norms that the West spent 500 years de­vel­op­ing.”

As op­pres­sive as it was, com­mu­nism con­tributed by break­ing down old so­cial bar­ri­ers and open­ing higher ed­u­ca­tion to fac­tory and farm­work­ers who had no chance be­fore. A post-Com­mu­nist boom in higher ed­u­ca­tion means half of young peo­ple now have de­grees.

“Young Poles are, for in­stance, bet­ter ed­u­cated than young Germans,” Piatkowski said, but earn half what Germans do. That’s “an un­beat­able com­bi­na­tion” for at­tract­ing in­vestors, he said.

Success of an elec­tric bus com­pany

Solaris, a com­pany founded in 1996 in Poznan by Krzysztof Olszewski, is one of the lead­ing man­u­fac­tur­ers of elec­tric buses in Europe with a mar­ket share of around 15%. Its story shows one hall­mark of Poland’s suc­cess: en­tre­pre­neur­ship, or the will­ing­ness to take risks and build some­thing new.

Workers build elec­tric buses at the Solaris bus fac­tory in Poznan, Poland, Thursday, Jan. 29, 2026. (AP Photo/Pietro De Cristofaro)

Educated as an en­gi­neer un­der the Communist gov­ern­ment, Olszewski opened a car re­pair shop where he used spare parts from West Germany to fix Polish cars. While most en­ter­prises were na­tion­al­ized, au­thor­i­ties gave per­mis­sion to small-scale pri­vate work­shops like his to op­er­ate, ac­cord­ing to Katarzyna Szarzec, an econ­o­mist at the Poznan University of Economics and Business.

“These were en­claves of pri­vate en­tre­pre­neur­ship,” she said.

In 1996, Olszewski opened a sub­sidiary of the German bus com­pany Neoplan and started pro­duc­ing for the Polish mar­ket.

“Poland’s en­try to the EU in 2004 gave us cred­i­bil­ity and ac­cess to a vast, open European mar­ket with the free move­ment of goods, ser­vices and peo­ple,” said Mateusz Figaszewski, re­spon­si­ble for in­sti­tu­tional re­la­tions.

Then came a risky de­ci­sion to start pro­duc­ing elec­tric buses in 2011, a time when few in Europe were ex­per­i­ment­ing with the tech­nol­ogy. Figaszewski said larger com­pa­nies in the West had more to lose if switch­ing to elec­tric ve­hi­cles did­n’t work out.

“It be­came an op­por­tu­nity to achieve tech­no­log­i­cal lead­er­ship ahead of the mar­ket,” he said.

An ag­ing pop­u­la­tion

Challenges still re­main for Poland. Due to a low birth rate and an ag­ing so­ci­ety, fewer work­ers will be able to sup­port re­tirees. Average wages are lower than the EU av­er­age. While small and medium en­ter­prises flour­ish, few have be­come global brands.

Poznan Mayor Jacek Jaśkowiak sees do­mes­tic in­no­va­tion as a third wave in Poland’s post­so­cial­ist eco­nomic de­vel­op­ment. In the first wave, for­eign coun­tries opened fac­to­ries in Poland in the early 1990s, tak­ing ad­van­tage of a skilled lo­cal pop­u­la­tion.

Around the turn of the mil­len­nium, he said, Western com­pa­nies brought more ad­vanced branches, in­clud­ing fi­nance, in­for­ma­tion tech­nol­ogy and en­gi­neer­ing.

“Now it’s the time to start such so­phis­ti­cated ac­tiv­i­ties here,” Jaśkowiak says, adding that one of his main pri­or­i­ties is in­vest­ing in uni­ver­si­ties.

“There is still much to do when it comes to in­no­va­tion and tech­no­log­i­cal progress,” added Szarzec, the Poznan econ­o­mist. “But we keep climb­ing up on that lad­der of added value. We’re no longer just a sup­plier of spare parts.”

Szarzec’s stu­dents say more needs to be done to re­duce ur­ban-rural in­equal­i­ties, make hous­ing af­ford­able and sup­port young peo­ple start­ing fam­i­lies. They say Poles need to ac­knowl­edge that im­mi­grants, such as the mil­lions of Ukrainians who fled Russia’s full-scale in­va­sion in 2022, con­tribute to eco­nomic de­vel­op­ment in an ag­ing pop­u­la­tion.

“Poland has such a dy­namic econ­omy, with so many op­por­tu­ni­ties for de­vel­op­ment, that of course I am stay­ing,” said Kazimierz Falak, 27, one of Szarzec’s grad­u­ate stu­dents. “Poland is promis­ing.”

Computer equip­ment at the Poznan Supercomputing and Networking cen­ter is seen in Poznan, Poland, Wednesday, Jan. 28, 2026. (AP Photo/Pietro De Cristofaro)

___

David McHugh re­ported from Frankfurt, Germany.

Google has tied its next-gen­er­a­tion re­CAPTCHA sys­tem to Google Play Services on Android, mean­ing any­one run­ning a de-Googled phone will au­to­mat­i­cally fail ver­i­fi­ca­tion when the sys­tem de­cides to chal­lenge them.

The re­quire­ment forces Android users to run Google’s pro­pri­etary app frame­work ver­sion 25.41.30 or higher just to prove they’re hu­man.

When re­CAPTCHA flags what it con­sid­ers sus­pi­cious ac­tiv­ity, it aban­dons the old im­age puz­zles and de­mands you scan a QR code. That scan re­quires Play Services run­ning in the back­ground, com­mu­ni­cat­ing with Google’s servers. If you’re us­ing GrapheneOS or any other cus­tom ROM that strips out Google’s soft­ware, the ver­i­fi­ca­tion fails.

Google an­nounced the broader sys­tem, Google Cloud Fraud Defense, at Cloud Next on April 23, pitch­ing it as a trust plat­form de­signed to han­dle au­tonomous AI agents and tra­di­tional bots alike. What Google did­n’t em­pha­size was the part where prov­ing you’re hu­man now re­quires sub­mit­ting to its pro­pri­etary sur­veil­lance.

Reclaim Your Digital Freedom.

Get un­fil­tered cov­er­age of sur­veil­lance, cen­sor­ship, and the tech­nol­ogy threat­en­ing your civil lib­er­ties.

This was­n’t sud­den, ei­ther. An Internet Archive snap­shot from October 2025 shows the same sup­port page al­ready list­ing a Play Services re­quire­ment at ver­sion 25.39.30. Google built this de­pen­dency qui­etly for at least seven months be­fore a Reddit user on the de­google sub­red­dit flagged it, with re­port­ing from PiunikaWeb and Android Authority bring­ing wider at­ten­tion.

The iOS com­par­i­son is re­veal­ing be­cause Apple de­vices run­ning iOS 16.4 or later com­plete the same ver­i­fi­ca­tion with­out in­stalling any ad­di­tional apps. Google did­n’t de­mand iPhone users in­stall Google soft­ware to pass the test. Only Android users who refuse Play Services get locked out. The asym­me­try re­veals what this is re­ally about: not se­cu­rity, but ecosys­tem con­trol.

re­CAPTCHA sits in front of mil­lions of web­sites. When Google ties ver­i­fi­ca­tion to Play Services, it es­tab­lishes a prece­dent where ac­cess­ing ba­sic web con­tent re­quires run­ning Google’s soft­ware and trans­mit­ting data to Google’s servers.

People run­ning de-Googled phones chose those se­tups be­cause they read the data prac­tices, un­der­stood what Play Services phones home about, and de­cided they did­n’t con­sent. Google’s new sys­tem pun­ishes that de­ci­sion by treat­ing the ab­sence of its pro­pri­etary soft­ware as sus­pi­cious by de­fault.

Web de­vel­op­ers adopt­ing this re­CAPTCHA should un­der­stand what they’re choos­ing. Every site that im­ple­ments it tells de-Googled Android users they’re not wel­come. That’s a small au­di­ence to­day. It’s also the au­di­ence most likely to care about how a web­site treats their data, and the least likely to ca­pit­u­late.

In May 2026, Google an­nounced “Google Cloud Fraud Defense - the next evo­lu­tion of re­CAPTCHA.” The an­nounce­ment de­scribed a QR code chal­lenge where users scan a code with their phone to prove hu­man pres­ence.

Google killed Web Environment Integrity in 2023 af­ter stan­dards bod­ies ob­jected. Today, three years later, the same de­vice at­tes­ta­tion mech­a­nism launched as a com­mer­cial prod­uct.

The open web sur­vived be­cause no sin­gle com­pany could de­cide which hard­ware was le­git­i­mate enough to use it. Google is de­ter­mined to end that sta­tus quo - now through a re­CAPTCHA up­date.

Table of Contents

Google al­ready tried this in 2023

The QR code will be by­passed

QR auth codes and de­vice at­tes­ta­tion are not new

Device at­tes­ta­tion bars the users who need pri­vacy most

“Legitimate” track­ing

Final thoughts

Google al­ready tried this in 2023

In June 2023, a Google en­gi­neer named Yoav Weiss posted a pro­posal to the Chromium pro­ject called “Web Environment Integrity.” The mech­a­nism was di­rect: browsers would ask de­vice hard­ware to sign a cryp­to­graphic at­tes­ta­tion prov­ing the browser was un­mod­i­fied and run­ning on Google-certified hard­ware. Websites could ver­ify the sig­na­ture and de­cide whether to serve con­tent with­out fric­tion or add a chal­lenge. Of course, the pro­posal framed this as pro­tect­ing web in­tegrity against bots and au­to­mated scrap­ing.

Mozilla pub­lished a for­mal po­si­tion within days. The pro­posal “works against users’ in­ter­ests” and “creates a gated in­ter­net con­trolled by OS and de­vice ven­dors.” The Electronic Frontier Foundation called it “Chrome’s Plan to DRM the Web,” not­ing that by de­sign, only Chrome run­ning on Android or other cer­ti­fied hard­ware would eas­ily pass at­tes­ta­tion, rout­ing traf­fic to­ward Google’s ecosys­tem as a struc­tural con­se­quence, not a side ef­fect.

Google with­drew WEI three weeks af­ter pub­li­ca­tion. The Chromium GitHub thread closed. Publicly, it was dead.

In May 2026, Google an­nounced Google Cloud Fraud Defense, de­scribed in its blog post as “the next evo­lu­tion of re­CAPTCHA.” The sys­tem chal­lenges users with a QR code: scan it with your phone to con­firm hu­man pres­ence. The re­quire­ments page spec­i­fies the hard­ware that qual­i­fies: “modern Android de­vice with Google Play Services in­stalled, or mod­ern iPhone/​iPad.”

“Google Play Services in­stalled” is do­ing sig­nif­i­cant work in that sen­tence. Google Play Services is Google’s closed-source soft­ware layer that runs on cer­ti­fied Android de­vices and pro­vides the at­tes­ta­tion APIs - the Play Integrity API specif­i­cally - that prove a de­vice is un­mod­i­fied and ap­proved by Google. A de­vice with­out Play Services can­not sat­isfy Play Integrity checks at the level Fraud Defense re­quires. That is not a tech­ni­cal lim­i­ta­tion wait­ing to be en­gi­neered around. It is the mech­a­nism.

The WEI re­view process, what­ever its lim­i­ta­tions, re­quired Google to de­fend the mech­a­nism pub­licly. The pro­posal was with­drawn be­cause the ob­jec­tions held. With Fraud Defense, there was no process to re­spond to. The prod­uct launched. The re­quire­ments page went live. The same at­tes­ta­tion in­fra­struc­ture that gen­er­ated those doc­u­mented ob­jec­tions in 2023 be­came the un­der­pin­ning of a com­mer­cial ser­vice avail­able to any or­ga­ni­za­tion with a Google Cloud billing ac­count.

The QR code will be by­passed

Here is how the chal­lenge works: a user en­coun­ters a Fraud Defense prompt and is asked to scan a QR code with their phone cam­era. The phone, au­then­ti­cated against Google’s Play Integrity API, con­firms the de­vice is cer­ti­fied hard­ware. That con­fir­ma­tion re­turns to the orig­i­nat­ing site as proof of hu­man pres­ence.

The de­feat is me­chan­i­cal. Bot op­er­a­tors point a cam­era at a screen, a triv­ial au­toma­tion with off-the-shelf hard­ware. For op­er­a­tions that need Play Integrity at­tes­ta­tion specif­i­cally, a com­pli­ant Android de­vice costs ap­prox­i­mately $30 ($29.88 in Wallmart to be pre­cise) - for a pro­fes­sional bot farm, which pur­chases de­vices in bulk, this is the fixed cost with­out ma­te­r­ial dis­rup­tion to op­er­a­tions.

One ad­di­tional fail­ure worth not­ing: one in­ci­dent re­sponse pro­fes­sional in the HN thread, raised a con­cern that op­er­ates in­de­pen­dently of the bot prob­lem:

How should we re­al­is­ti­cally teach Susan from HR the dif­fer­ence be­tween a real Google Captcha QR code and a ma­li­cious phish­ing QR code - you (realistically) can’t.

How should we re­al­is­ti­cally teach Susan from HR the dif­fer­ence be­tween a real Google Captcha QR code and a ma­li­cious phish­ing QR code - you (realistically) can’t.

The QR chal­lenge trains users to scan codes to ac­cess web­sites. Phishing cam­paigns will ex­ploit that trained be­hav­ior im­me­di­ately.

QR auth codes and de­vice at­tes­ta­tion are not new

In the Apple world iOS App Attestation ver­i­fies that an app was in­stalled through the App Store and has not been mod­i­fied. It gov­erns apps: a walled gar­den users chose when they pur­chased an iPhone. The ex­ten­sion to open web brows­ing is cat­e­gor­i­cally dif­fer­ent: it con­di­tions URL ac­cess on hard­ware a pri­vate com­pany has cer­ti­fied. No prece­dent ex­ists for this ap­plied to the open in­ter­net. App stores are opt-in ecosys­tems with ex­plicit terms of ser­vice. The web was not de­signed to have terms of hard­ware.

QR-based au­then­ti­ca­tion sys­tems them­selves al­ready ex­ist for a while. Estonia’s Smart ID uses QR codes to ver­ify users, but for bounded, con­sent-scoped re­sources: bank­ing por­tals, gov­ern­ment ser­vices, health records. The user chooses to au­then­ti­cate. The pro­tected re­source is de­fined in ad­vance. The scope is ex­plicit. Google Cloud Fraud Defense ap­plies de­vice at­tes­ta­tion to the open web, to any URL an op­er­a­tor chooses to gate, with­out equiv­a­lent con­sent ar­chi­tec­ture, with­out pur­pose lim­i­ta­tion, and very likely with­out user aware­ness that their hard­ware iden­tity is func­tion­ing as an ac­cess cre­den­tial.

Device at­tes­ta­tion bars the users who need pri­vacy most

Google Play Integrity at­tes­ta­tion re­quires Google Play Services. GrapheneOS, the se­cu­rity-hard­ened Android fork rec­om­mended by the EFF and used by jour­nal­ists, lawyers, and ac­tivists in high-risk en­vi­ron­ments, does not ship Play Services by de­fault. It sup­ports a sand­boxed com­pat­i­bil­ity layer that runs some Play Services func­tion­al­ity, but this does not sat­isfy Play Integrity at the MEETS_DEVICE_INTEGRITY level that Fraud Defense re­quires. LineageOS for mi­croG (a pri­vacy-ori­ented Android dis­tri­b­u­tion built specif­i­cally for users who want an open-source al­ter­na­tive) fails for the same rea­son. Any cus­tom ROM that ex­cludes Play Services fails.

Firefox for Android does not ap­pear in Google’s stated browser sup­port list for Fraud Defense. This is not an over­sight. Firefox does not in­te­grate Google Play Integrity by de­sign - Mozilla’s po­si­tion on de­vice at­tes­ta­tion in 2023 was ex­plicit and re­mains cur­rent. The prac­ti­cal ef­fect: users of the most pri­vacy-re­spect­ing ma­jor mo­bile browser are ex­cluded from ver­i­fied ac­cess by de­fault, not be­cause they are bots, but be­cause they use soft­ware that de­clines to par­tic­i­pate in Google’s cer­ti­fi­ca­tion ar­chi­tec­ture.

“Legitimate” track­ing

The gov­er­nance prob­lem is the ob­vi­ous ob­jec­tion. The track­ing prob­lem is the one that gets less at­ten­tion.

Every Fraud Defense chal­lenge that re­solves suc­cess­fully sends a sig­nal to Google: this cer­ti­fied de­vice ac­cessed this site at this time. Device at­tes­ta­tion does not just gate ac­cess - it pro­duces at­tri­bu­tion. A de­vice with a sta­ble hard­ware iden­tity cre­ates a per­sis­tent iden­ti­fier that crosses ses­sions, browsers, and pri­vate brows­ing modes. The com­pany that de­fines which hard­ware is “legitimate” also ac­cu­mu­lates a run­ning record of where that hard­ware goes on the open web. That is not a side ef­fect of fraud de­fense. It is an ar­chi­tec­tural con­se­quence de­ci­sion of ty­ing ver­i­fi­ca­tion to cer­ti­fied de­vice iden­tity.

A tech­ni­cally cred­i­ble al­ter­na­tive ex­ists that avoids both the gov­er­nance prob­lem and the track­ing prob­lem. Private Captcha and sim­i­lar proof-of-work sys­tems is­sue cryp­to­graphic chal­lenges that re­quire com­pu­ta­tional ef­fort (dis) pro­por­tional to vol­ume. One hu­man solv­ing a sin­gle chal­lenge pays a neg­li­gi­ble cost. A bot farm run­ning con­cur­rent ses­sions faces ex­po­nen­tial com­pute costs with each ad­di­tional at­tempt and AI agents, which con­sume GPU cy­cles to op­er­ate, face iden­ti­cal penal­ties re­gard­less of how so­phis­ti­cated their rea­son­ing is. No hard­ware iden­ti­fier is trans­mit­ted. No at­tes­ta­tion is re­quired. No cer­ti­fi­ca­tion layer de­ter­mines who may par­tic­i­pate. User pri­vacy is struc­turally pre­served, not promised.

Final thoughts

Google Cloud Fraud Defense is not a re­CAPTCHA up­date. The QR code is the vis­i­ble mech­a­nism, but de­vice at­tes­ta­tion is the real prod­uct. Every re­solved chal­lenge tells Google which cer­ti­fied hard­ware ac­cessed which site at which time. The same in­fra­struc­ture stan­dards bod­ies re­jected in 2023 now op­er­ates be­hind a com­mer­cial re­lease, ac­cu­mu­lat­ing at­tri­bu­tion data that WEI, as a pub­lic pro­posal, would never have been per­mit­ted to build un­chal­lenged. Ironically, it will fail to stop bots sim­i­larly to the ver­sion it is de­signed to “improve” upon.

This vol­ume re­quires JavaScript. That is part of the point — your browser is what is be­ing read.

With JavaScript off, the page can­not tell you what your browser dis­closed. The data is still there. The dis­clo­sure still hap­pened. Only the telling of it stops.

15 hours ago

Steven McIntoshand

Helen Bushby

Getty Images

King Charles III and Queen Camilla are among well-wish­ers to share a birth­day mes­sage cel­e­brat­ing Sir David Attenborough turn­ing 100.

The royal cou­ple also shared pho­tographs of Sir David, in­clud­ing one of him with a young Prince Charles and Princess Anne in 1958, in which he is in­tro­duc­ing them to Cocky the cock­a­too, from his BBC Zoo Quest TV se­ries.

The vet­eran broad­caster and en­vi­ron­men­tal­ist has said he was “completely over­whelmed” by mes­sages he had re­ceived ahead of his big day, which in­cludes a spe­cial con­cert on Friday evening at the Royal Albert Hall in London.

PA Media

Sir David added: “I sim­ply can’t re­ply to each of you sep­a­rately, but I’d like to thank you all most sin­cerely for your kind mes­sages, and wish those of you who have planned your own lo­cal events: have a very happy day.”

In a video for the Earthshot Prize, which cel­e­brates cli­mate lead­er­ship and in­no­va­tion, the Prince of Wales said: “Happy 100th David, can­not be­lieve it’s your 100th birth­day.”

He went on to thank him for all his sup­port, while not­ing how “everything you do con­tin­ues to in­spire me”.

“His most sig­nif­i­cant con­tri­bu­tion has been the sys­tem­atic dis­man­tling of the no­tion that cli­mate is­sues are hap­pen­ing ‘somewhere else’,” he said.

“Young peo­ple con­tinue to lis­ten to him not just for the spec­ta­cle of na­ture, but for a sense of con­ti­nu­ity in an un­sta­ble world.”

Former England men’s foot­ball cap­tain Sir David Beckham sim­ply called the broad­caster “our National Treasure”, while ac­tress and ac­tivist Joanna Lumley wished the broad­caster a happy birth­day with a lit­tle help from the peo­ple of Stroud, Gloucestershire, in a video mes­sage.

TV nat­u­ral­ist and pre­sen­ter Chris Packham wrote in The Big Issue: “I don’t think that any per­son in the en­tire his­tory of our species has made such a sig­nif­i­cant con­tri­bu­tion to en­gag­ing peo­ple and de­vel­op­ing a love for all of life on Earth as David Attenborough.”

Meanwhile, the World Wide Fund for Nature (WWF) shared a birth­day trib­ute video, voiced by ac­tors Dame Judi Dench, Morgan Freeman, Miranda Richardson, Asa Butterfield, Sam Heughan and Iwan Rheon, along with for­mer Spice Girl Geri Halliwell‑Horner and wildlife pre­sen­ter Liz Bonnin.

It is a spo­ken-word ver­sion of the Louis Armstrong clas­sic song, What a Wonderful World, fea­tur­ing footage of var­i­ous an­i­mals.

Oscar-winning com­poser Hans Zimmer also paid trib­ute, say­ing that de­spite his ex­ten­sive fea­ture film suc­cess, “none of it is as im­por­tant as work­ing for David Attenborough be­cause that is re­ally about the ex­is­tence of our planet.”

“His abil­ity to com­mu­ni­cate his own en­thu­si­asms are very pre­cious and he’s brought such joy to so many peo­ple,” he said. “And I think, along with a lot of peo­ple, my favourite tele­vi­sion pro­grammes are prob­a­bly nat­ural his­tory.”

Friday evening’s show at the Royal Albert Hall is the cli­max of a week of spe­cial events and broad­cast pro­gram­ming in ho­n­our of Sir David, who was born in 1926 and joined the BBC in 1952.

Presenter Kirsty Young will host the spe­cial 90-minute con­cert cel­e­brat­ing Sir David’s life, which will air on BBC One and iPlayer from 20:30 BST.

Special guests in­clud­ing Sir Michael Palin, Steve Backshall, Liz Bonnin and Chris Packham will ap­pear at the event to re­flect on Sir David’s life and legacy.

Ahead of the con­cert, Young said: “Sir David’s gift to the world has been a life spent ex­quis­itely re­veal­ing Earth’s won­ders to us all.

“The very least he de­serves is a big 100th birth­day bash at the Royal Albert Hall. I’m very happy in­deed, as the host, to be able to in­vite every­one to the party.”

The event will re­call some of the most mem­o­rable wildlife mo­ments from Sir David’s ca­reer and the BBC’s nat­ural his­tory archive.

Live mu­sic from the BBC Concert Orchestra will in­clude pieces as­so­ci­ated with his most fa­mous tele­vi­sion se­ries, in­clud­ing the snakes and igua­nas chase from Planet Earth II, and the wave-wash­ing or­cas se­quence from Frozen Planet II.

The con­cert will also fea­ture per­for­mances from Bastille front­man Dan Smith, who will join the or­ches­tra for a ren­di­tion of the band’s hit Pompeii, which fea­tured in Planet Earth III.

Elsewhere, Sigur Rós will per­form Hoppípolla, which was used in the pro­mo­tion of Planet Earth and Planet Earth II, while other mu­si­cal guests will in­clude singer Sienna Spiro and harpist Francisco Yglesia.

The BBC has been cel­e­brat­ing Sir David’s cen­te­nary with spe­cial pro­gram­ming through­out the week.

The BBC’s chief con­tent of­fi­cer Kate Philips said Sir David’s 100th birth­day marked an “extraordinary” mo­ment, de­scrib­ing him as a “truly re­mark­able in­di­vid­ual”.

Sir David was born in west London on 8 May 1926, and has also fronted pi­o­neer­ing nat­ural his­tory se­ries in­clud­ing his Life Collection, The Trials of Life and The Blue Planet.

He has two chil­dren with wife Jane, who died in 1997. His brother Richard was an Oscar-winning ac­tor and di­rec­tor, and died in 2014.

On Thursday, the Natural History Museum paid trib­ute to Sir David by nam­ing a species of par­a­sitic wasp af­ter him.

The Attenboroughnculus tau is na­tive to the Patagonian lakes of Chile, and a spec­i­men was re­cently found in the mu­se­um’s col­lec­tion, four decades af­ter it was col­lected.

Other species to have been named af­ter the broad­caster in the past in­clude a wild­flower, but­ter­fly, grasshop­per, di­nosaur and ghost shrimp.

Get our flag­ship newslet­ter with all the head­lines you need to start the day. Sign up here.

Meshtastic® is a pro­ject that en­ables you to use in­ex­pen­sive LoRa ra­dios as a long range off-grid com­mu­ni­ca­tion plat­form in ar­eas with­out ex­ist­ing or re­li­able com­mu­ni­ca­tions in­fra­struc­ture. This pro­ject is 100% com­mu­nity dri­ven and open source!

Client

Client

Client

Client

Router

Client

Client

Client

LoRa

Bluetooth

WiFi

USB

Features​

Long range (331km record by MartinR7 & al­leg)

No phone re­quired for mesh com­mu­ni­ca­tion

Decentralized com­mu­ni­ca­tion - no ded­i­cated router re­quired

Encrypted com­mu­ni­ca­tion

Excellent bat­tery life

Send and re­ceive text mes­sages be­tween mem­bers of the mesh

Optional GPS based lo­ca­tion fea­tures

And more!

How it works​

Meshtastic uti­lizes LoRa, a long-range ra­dio pro­to­col, which is widely ac­ces­si­ble in most re­gions with­out the need for ad­di­tional li­censes or cer­ti­fi­ca­tions, un­like ham ra­dio op­er­a­tions.

These ra­dios are de­signed to re­broad­cast mes­sages they re­ceive, form­ing a mesh net­work. This setup en­sures that every group mem­ber, in­clud­ing those at the fur­thest dis­tance, can re­ceive mes­sages.

Additionally, Meshtastic ra­dios can be paired with a sin­gle phone, al­low­ing friends and fam­ily to send mes­sages di­rectly to your spe­cific ra­dio. It’s im­por­tant to note that each de­vice is ca­pa­ble of sup­port­ing a con­nec­tion from only one user at a time.

If you are in­ter­ested in a more tech­ni­cal overview of how Meshtastic works, visit the overview sec­tion be­low:

Contributors​

Meshtastic is an open source pro­ject avail­able on GitHub. Our gen­er­ous vol­un­teers do­nate their per­sonal time to write and main­tain this code­base. If you would like to con­tribute see our GitHub, join our Discord server, and read up on our Meshtastic Discussions.

Start us­ing Meshtastic​

Hopefully your “Getting Started” ex­pe­ri­ence is straight for­ward and headache free. If you en­counter any is­sues, please con­sider up­dat­ing our doc­u­men­ta­tion to im­prove fu­ture user ex­pe­ri­ences or reach out on the fo­rum or Discord.

Our sup­port is 100% vol­un­teer based. We are pas­sion­ate about the pro­ject and hope to help new­com­ers be­come Meshtastic ex­perts!

Features

How it works

Contributors

Start us­ing Meshtastic

For the com­plete Mojo doc­u­men­ta­tion in­dex, see llms.txt. Markdown ver­sions of all pages are avail­able by ap­pend­ing .md to any URL (e.g. /docs/manual/basics.md).

Built dif­fer­ent

Modern

Mojo draws in­spi­ra­tion from the best parts of mod­ern lan­guages - like Python’s in­tu­itive syn­tax, Rust’s mem­ory safety, and Zig’s pow­er­ful and in­tu­itive com­pile-time metapro­gram­ming.

AI na­tive

Mojo is built from the ground up to de­liver the best per­for­mance on the di­verse hard­ware that pow­ers mod­ern AI sys­tems. As a com­piled, sta­t­i­cally-typed lan­guage, it’s also ideal for agen­tic pro­gram­ming.

Simply per­for­mant

No more choos­ing be­tween pro­duc­tiv­ity and per­for­mance - Mojo gives you both. You can start with sim­ple and fa­mil­iar pro­gram­ming pat­terns, and add com­plex­ity as you need it.

GPU pro­gram­ming

Mojo makes GPU pro­gram­ming ac­ces­si­ble to every­body, with­out ven­dor-spe­cific li­braries and with­out sep­a­rately-com­piled code. You can fi­nally write high-per­for­mance GPU ker­nels in the same lan­guage you use for CPUs.

def vec­tor_add( a: TileTensor[float_dtype, type­_of(lay­out), el­e­men­t_­size=1, …], b: TileTensor[float_dtype, type­_of(lay­out), el­e­men­t_­size=1, …], re­sult: TileTensor[ mut=True, float_d­type, type­_of(lay­out), el­e­men­t_­size=1, … ],): var i = glob­al_idx.x if i < lay­out.size(): re­sult[i] = a[i] + b[i]

def vec­tor_add(

a: TileTensor[float_dtype, type­_of(lay­out), el­e­men­t_­size=1, …],

b: TileTensor[float_dtype, type­_of(lay­out), el­e­men­t_­size=1, …],

re­sult: TileTensor[

mut=True, float_d­type, type­_of(lay­out), el­e­men­t_­size=1, …

],

):

var i = glob­al_idx.x

if i < lay­out.size():

re­sult[i] = a[i] + b[i]

Python in­terop

Mojo na­tively in­ter­op­er­ates with Python so you can elim­i­nate per­for­mance bot­tle­necks in ex­ist­ing code with­out rewrit­ing every­thing. You can start with one func­tion, and scale up as needed to move per­for­mance-crit­i­cal code into Mojo. Your Mojo code im­ports nat­u­rally into Python and pack­ages to­gether for dis­tri­b­u­tion. Likewise, you can im­port li­braries from the Python ecosys­tem into your Mojo code.

# SIMD-vectorized ker­nel squar­ing ar­ray el­e­ments in place.def mo­jo_square_ar­ray(ar­ray_obj: PythonObject) raises: comp­time simd_width = simd_width_of[DType.in­t64]() ptr = ar­ray_obj.ctypes.data.un­safe_get_as_­pointer[DType.in­t64]() def pow[width: Int](i: Int) uni­fied {mut ptr}: elem = ptr.load[width=width](i) ptr.store[width=width](i, elem * elem) vec­tor­ize[simd_width](len(ar­ray_obj), pow)

# SIMD-vectorized ker­nel squar­ing ar­ray el­e­ments in place.

def mo­jo_square_ar­ray(ar­ray_obj: PythonObject) raises:

comp­time simd_width = simd_width_of[DType.in­t64]()

ptr = ar­ray_obj.ctypes.data.un­safe_get_as_­pointer[DType.in­t64]()

def pow[width: Int](i: Int) uni­fied {mut ptr}:

elem = ptr.load[width=width](i)

ptr.store[width=width](i, elem * elem)

vec­tor­ize[simd_width](len(ar­ray_obj), pow)

Compile-time metapro­gram­ming

Mojo metapro­gram­ming uses the same lan­guage as the run-time code, pro­vid­ing an in­tu­itive sys­tem to max­i­mize per­for­mance. You can build hard­ware-spe­cific op­ti­miza­tions with con­di­tional com­pi­la­tion, en­sure mem­ory safety with com­pile-time eval­u­a­tion, elim­i­nate costly run­time branches, and more—all with clearly de­fined in­ten­tions and zero-cost ab­strac­tions.

# Generic struct equal­ity us­ing com­pile-time re­flec­tion.@al­ways_in­linedef __eq__(self, other: Self) -> Bool: comp­time r = re­flect[Self]() comp­time names = r.field­_­names() comp­time types = r.field­_­types() comp­time for i in range(names.size): comp­time T = types[i] comp­time as­sert con­form­s_to(T, Equatable), “All fields must be Equatable” if trait_­down­cast[Equat­able]( r.field­_ref[i](self) ) != trait_­down­cast[Equat­able](r.field­_ref[i](other)): re­turn False re­turn True

# Generic struct equal­ity us­ing com­pile-time re­flec­tion.

@always_inline

def __eq__(self, other: Self) -> Bool:

comp­time r = re­flect[Self]()

comp­time names = r.field­_­names()

comp­time types = r.field­_­types()

comp­time for i in range(names.size):

comp­time T = types[i]

comp­time as­sert con­form­s_to(T, Equatable), “All fields must be Equatable”

if trait_­down­cast[Equat­able](

r.field­_ref[i](self)

) != trait_­down­cast[Equat­able](r.field­_ref[i](other)):

re­turn False

re­turn True

Roadmap

Mojo was born in late 2022 and has come a long way, but there’s still a lot to do.

Phase 0

Initial bring-up

Implementing the core parser, defin­ing mem­ory types, func­tions, structs, ini­tial­iz­ers, ar­gu­ment con­ven­tions, and other lan­guage foun­da­tions.

Phase 1

in progress

High per­for­mance CPU + GPU cod­ing

Making Mojo a pow­er­ful and ex­pres­sive lan­guage for writ­ing high-per­for­mance ker­nels on CPUs, GPUs, and ASICs, while em­pow­er­ing de­vel­op­ers to ex­tend Python seam­lessly.

Phase 2

Systems ap­pli­ca­tion pro­gram­ming

Expanding Mojo to sup­port more ap­pli­ca­tion-level pro­gram­ming, with a guar­an­teed mem­ory-safety model and more ab­strac­tion fea­tures that de­vel­op­ers ex­pect for sys­tems pro­gram­ming.

Phase 3

Dynamic ob­ject-ori­ented pro­gram­ming

Supporting more of Python’s dy­namic fea­tures like classes, in­her­i­tance, and un­typed vari­ables to max­i­mize com­pat­i­bil­ity with Python code.

Open source

The Mojo stan­dard li­brary is fully open-source on GitHub and we wel­come con­tri­bu­tions! We also plan to open-source the Mojo com­piler in 2026.

We’re com­mit­ted to open-sourc­ing all of Mojo, but the lan­guage is still very young and we be­lieve a tight-knit group of en­gi­neers with a com­mon vi­sion moves faster than a com­mu­nity-dri­ven ef­fort.

If you’d like to get in­volved, join our de­vel­oper com­mu­nity!

Learn Mojo

Join the com­mu­nity

Why have I been blocked?

This web­site is us­ing a se­cu­rity ser­vice to pro­tect it­self from on­line at­tacks. The ac­tion you just per­formed trig­gered the se­cu­rity so­lu­tion. There are sev­eral ac­tions that could trig­ger this block in­clud­ing sub­mit­ting a cer­tain word or phrase, a SQL com­mand or mal­formed data.

What can I do to re­solve this?

You can email the site owner to let them know you were blocked. Please in­clude what you were do­ing when this page came up and the Cloudflare Ray ID found at the bot­tom of this page.

A week ago the Copy Fail vul­ner­a­bil­ity came out, and Hyunwoo Kim im­me­di­ately re­al­ized that the fixes were in­suf­fi­cient, shar­ing a patch the same day. In do­ing this he fol­lowed stan­dard pro­ce­dure for Linux, es­pe­cially within net­work­ing: share the se­cu­rity im­pact with a closed list of Linux se­cu­rity en­gi­neers, while fix­ing the bug qui­etly and ef­fi­ciently in the open. His goal was that with only the raw fix pub­lic, the knowl­edge that a se­ri­ous vul­ner­a­bil­ity ex­isted could be “embargoed”: the peo­ple in a po­si­tion to ad­dress it know, but they’ve agreed not to say any­thing for a few days.

Someone else no­ticed the change, how­ever, re­al­ized the se­cu­rity im­pli­ca­tions, and shared it pub­licly. Since it was now out, the em­bargo was deemed over, and we can now see the full de­tails.

It’s in­ter­est­ing to see the ten­sion here be­tween two dif­fer­ent ap­proaches to vul­ner­a­bil­i­ties, and think about how this is likely to change with AI ac­cel­er­a­tion.

On one side you have “coordinated dis­clo­sure” cul­ture. This is prob­a­bly the most com­mon ap­proach in com­puter se­cu­rity. When you dis­cover a se­cu­rity bug you tell the main­tain­ers pri­vately and give them some amount of time (often 90d) to fix it. The goal is that a fix is out be­fore any­one learns about the hole.

On the other side you have “bugs are bugs” cul­ture. This is es­pe­cially com­mon in Linux, where the ar­gu­ment is that if the ker­nel is do­ing some­thing it should­n’t then some­one some­where may be able to turn it into an at­tack. Just fix things as quickly as pos­si­ble, with­out draw­ing at­ten­tion to them. Often peo­ple won’t no­tice, with so many changes go­ing past, and there’s still time to get ma­chines patched.

This ap­proach never worked per­fectly, but with AI get­ting good at find­ing vul­ner­a­bil­i­ties it’s a much big­ger prob­lem. So many se­cu­rity fixes are com­ing out now that ex­am­in­ing com­mits is much more at­trac­tive: the sig­nal-to-noise ra­tio is higher. Additionally, hav­ing AI eval­u­ate each com­mit as it passes is in­creas­ingly cheap and ef­fec­tive. [1]

Long em­bar­goes, how­ever, aren’t do­ing well ei­ther. The his­tor­i­cal pace of de­tec­tion was slow: if you found some­thing and re­ported it to the ven­dor with a 90d dis­clo­sure win­dow, there was a very good chance no one else would no­tice dur­ing that time. But now with so many AI-assisted groups scan­ning soft­ware for vul­ner­a­bil­i­ties, that no longer holds. In this case, just nine hours af­ter Kim re­ported the ESP vul­ner­a­bil­ity Kuan-Ting Chen also in­de­pen­dently re­ported it. Embargoes can in­crease risk: they cre­ate a false sense of non-ur­gency and limit which ac­tors can work to fix a flaw.

I don’t know how to re­solve this, but per­son­ally very short em­bar­goes seem like a good ap­proach, and they’d need to get even shorter over time. Luckily AI can speed up de­fend­ers as well as at­tack­ers here, al­low­ing em­bar­goes that would pre­vi­ously have been use­lessly short.

[1] I tested on Gemini 3.1 Pro, ChatGPT-Thinking 5.5, and Claude Opus 4.7. All three all got it right away when given f4c50a403. When I gave them just the diff, imag­in­ing a hy­po­thet­i­cal fu­ture where diffs are still pub­lic right away but with less con­text, Gemini was sure it was a se­cu­rity fix, GPT thought it prob­a­bly was, and Claude thought it prob­a­bly was­n’t. This is just a very quick test to il­lus­trate what’s pos­si­ble: one run of each with the prompt “Without search­ing, does this look like a se­cu­rity patch?” Don’t put much stock in the cross-model com­par­i­son!

07 May 2026 ClojureScript Team

We’re happy to an­nounce a new re­lease of ClojureScript. If you’re an ex­ist­ing user of ClojureScript please read over the fol­low­ing re­lease notes care­fully.

Async Functions

Now that ClojureScript tar­gets ECMAScript 2016 we can care­fully choose new ar­eas of en­hanced in­terop. Starting with this re­lease, hint­ing a func­tion as ^:async will make the ClojureScript com­piler emit an JavaScript async func­tion:

(refer-global :only ’[Promise])

(defn ^:async foo [n] (let [x (await (Promise/resolve 10)) y (let [y (await (Promise/resolve 20))] (inc y)) ;; not async f (fn [] 20)] (+ n x y (f))))

This also works for tests:

(deftest ^:async defn-test (try (let [v (await (foo 10))] (is (= 61 v))) (let [v (await (apply foo [10]))] (is (= 61 v))) (catch :default _ (is false))))

In the last Clojure sur­vey sup­port for async func­tions dom­i­nated the list of de­sired ClojureScript en­hance­ments for JavaScript in­terop. This en­hance­ment elim­i­nates the need to take on ad­di­tional de­pen­den­cies for the com­mon cases of in­ter­act­ing with mod­ern Browser APIs and pop­u­lar li­braries.

For a com­plete list of fixes, changes, and en­hance­ments to ClojureScript see here

Contributors

Thanks to all of the com­mu­nity mem­bers who con­tributed to ClojureScript 1.12.145

Michiel Borkent

Michiel Borkent