10 interesting stories served every morning and every evening.




1 1,195 shares, 88 trendiness

upper-up/meta-lobbying-and-other-findings

An open-source in­tel­li­gence in­ves­ti­ga­tion into how Meta Platforms built a multi-chan­nel in­flu­ence op­er­a­tion to pass age ver­i­fi­ca­tion laws that shift reg­u­la­tory bur­den from so­cial me­dia plat­forms onto Apple and Google’s app stores.

Every find­ing in this repos­i­tory is sourced from pub­lic records: IRS 990 fil­ings, Senate LD-2 lob­by­ing dis­clo­sures, state lob­by­ing reg­is­tra­tions, cam­paign fi­nance data­bases, cor­po­rate reg­istries, WHOIS/DNS records, Wayback Machine archives, and in­ves­tiga­tive jour­nal­ism.

Status: Active in­ves­ti­ga­tion. 47 proven find­ings, 9 struc­turally pos­si­ble but un­proven hy­pothe­ses, and mul­ti­ple pend­ing FOIA re­sponses.

Meta spent a record $26.3 mil­lion on fed­eral lob­by­ing in 2025, de­ployed 86+ lob­by­ists across 45 states, and covertly funded a grassroots” child safety group called the Digital Childhood Alliance (DCA) to ad­vo­cate for the App Store Accountability Act (ASAA). The ASAA re­quires app stores to ver­ify user ages be­fore down­loads but im­poses no re­quire­ments on so­cial me­dia plat­forms. If it be­comes law, Apple and Google ab­sorb the com­pli­ance cost while Meta’s apps face zero new man­dates.

This in­ves­ti­ga­tion traced fund­ing flows across five con­firmed chan­nels, an­a­lyzed $2.0 bil­lion in dark money grants, searched 59,736 DAF re­cip­i­ents, parsed LD-2 fil­ings, and mapped cam­paign con­tri­bu­tions across four states to doc­u­ment the op­er­a­tion.

Meta’s fed­eral lob­by­ing spend­ing jumped from $19M (2022-2023) to $24M (2024) to $26.3M (2025) as ASAA bills were in­tro­duced in roughly 20 states. In Louisiana alone, 12 lob­by­ists were de­ployed for a sin­gle bill that passed 99-0.

Across all five Arabella Advisors en­ti­ties (New Venture Fund, Sixteen Thirty Fund, North Fund, Windward Fund, Hopewell Fund), 4,433 grants to­tal­ing ap­prox­i­mately $2.0 bil­lion were an­a­lyzed. Not a sin­gle dol­lar went to any child safety, age ver­i­fi­ca­tion, or tech pol­icy or­ga­ni­za­tion. The Schedule I grant path­way through the Arabella net­work is de­fin­i­tively ruled out.

Five con­firmed chan­nels con­nect Meta’s spend­ing to ASAA ad­vo­cacy: di­rect fed­eral lob­by­ing ($26.3M), state lob­by­ist net­works (45 states), the Digital Childhood Alliance (astroturf 501(c)(4)), su­per PACs ($70M+), and state leg­isla­tive cam­paigns (3 laws passed). A sixth chan­nel through the Arabella dark money net­work is struc­turally pos­si­ble but un­proven.

These stand­alone HTML doc­u­ments pro­vide de­tailed views of the in­ves­ti­ga­tion:

Full Investigation Documentation con­tains the com­plete OSINT in­ves­ti­ga­tion re­port with all five chan­nels, ev­i­dence ta­bles, and source ci­ta­tions.

Funding Network Timeline maps the chrono­log­i­cal de­vel­op­ment of Meta’s lob­by­ing in­fra­struc­ture, DCAs for­ma­tion, and ASAA leg­isla­tive progress across states.

Research Timeline tracks the in­ves­ti­ga­tion it­self, show­ing when each find­ing was es­tab­lished and how threads con­nected.

Meta re­tained 40+ lob­by­ing firms and 87 fed­eral lob­by­ists in 2025 (85% with prior gov­ern­ment ser­vice). Meta’s own LD-2 fil­ings with the Senate ex­plic­itly list H. R. 3149/S. 1586, the App Store Accountability Act, as a lob­bied bill. The fil­ing nar­ra­tive in­cludes protecting chil­dren, bul­ly­ing pre­ven­tion and on­line safety; youth safety and fed­eral parental ap­proval; youth re­stric­tions on so­cial me­dia.”

At the state level, con­firmed op­er­a­tions in­clude $338,500 to Headwaters Strategies (Colorado), $324,992+ across 9 firms and 12 lob­by­ists in Louisiana, and $1,036,728 in di­rect California lob­by­ing (Q1-Q3 2025 alone). A Meta lob­by­ist brought the leg­isla­tive lan­guage for Louisiana HB-570 di­rectly to the bil­l’s spon­sor, Rep. Kim Carver, who con­firmed this pub­licly.

DCA is a 501(c)(4) ad­vo­cacy group that Meta covertly funds. Bloomberg ex­posed the fund­ing re­la­tion­ship in July 2025. Under oath at a Louisiana Senate com­mit­tee hear­ing, Executive Director Casey Stefanski ad­mit­ted re­ceiv­ing tech com­pany fund­ing but re­fused to name donors.

DCA has no EIN in the IRS Business Master File, no in­cor­po­ra­tion record in any state reg­istry searched (CO, DC, DE, VA, OpenCorporates), and no Form 990 on file. It processes do­na­tions through the For Good DAF (formerly Network for Good) as a Project,” not a stand­alone non­profit. Its likely fis­cal spon­sor is NCOSEAction/Institute for Public Policy (EIN 88-1180705), NCOSEs con­firmed 501(c)(4) af­fil­i­ate with the same lead­er­ship.

DCAs do­main was reg­is­tered December 18, 2024. The web­site was live and fully formed the next day. Every blog post and tes­ti­mony tar­gets Apple and Google. Meta is never men­tioned or crit­i­cized.

Meta com­mit­ted over $70 mil­lion to four state-level su­per PACs: ATEP ($45M, bi­par­ti­san, co-led by Hilltop Public Solutions), META California ($20M), California Leads ($5M), and Forge the Future (Texas, Republican-aligned). Forge the Future’s stated pol­icy pri­or­ity is empowering par­ents with over­sight of chil­dren’s on­line ac­tiv­i­ties,” which mir­rors ASAA lan­guage ex­actly.

Hilltop Public Solutions co-leads the $45M ATEP su­per PAC and is also in­volved in DCAs mes­sag­ing co­or­di­na­tion, mak­ing it the first firm con­firmed in both Meta’s PAC op­er­a­tion and the as­tro­turf ad­vo­cacy track.

All su­per PACs are reg­is­tered at the state level rather than with the FEC, scat­ter­ing dis­clo­sure fil­ings across in­di­vid­ual state ethics com­mis­sions in­stead of a sin­gle search­able fed­eral data­base.

Meta’s Colorado lob­by­ist Adam Eichberg si­mul­ta­ne­ously serves as Board Chair of the New Venture Fund, the flag­ship 501(c)(3) of the Arabella Advisors net­work. NVF trans­fers $121.3 mil­lion an­nu­ally to the Sixteen Thirty Fund, a 501(c)(4) with no donor dis­clo­sure re­quire­ments.

The Arabella net­work op­er­ates four en­ti­ties from 1828 L Street NW, Washington DC (suites 300-A through 300-D) with com­bined an­nual rev­enue ex­ceed­ing $1.3 bil­lion. All five en­ti­ties’ grant re­cip­i­ents were an­a­lyzed (4,433 grants, ap­prox­i­mately $2.0 bil­lion). Zero dol­lars went to any child safety or­ga­ni­za­tion, de­fin­i­tively rul­ing out the Schedule I grant path­way.

If Meta money flows through the Arabella net­work to DCA, it would have to travel via fis­cal spon­sor­ship, con­sult­ing fees, or lob­by­ing ex­pen­di­tures, which are more opaque than grant dis­clo­sures.

ASAA has been signed into law in three states:

Roughly 17 ad­di­tional states have in­tro­duced or are con­sid­er­ing ASAA bills, in­clud­ing Kansas, South Carolina, Ohio, Georgia, and Florida. The fed­eral ver­sion was in­tro­duced in May 2025 by Rep. John James (R-MI) and Sen. Mike Lee (R-UT).

Each find­ing be­low is doc­u­mented with sources in the cor­re­spond­ing analy­sis file.

Meta funds DCA, con­firmed by Bloomberg re­porters and par­tially ad­mit­ted by Stefanski un­der oath at the Louisiana Senate Commerce Committee hear­ing (April 2025). Sources: Insurance Journal/Bloomberg July 2025, Deseret News Dec 2025, The Center Square LA.

Meta de­ployed 86+ lob­by­ists across 45 states for ASAA and re­lated cam­paigns. Source: OpenSecrets, state lob­by­ing reg­is­tra­tions.

Meta spent $26.3 mil­lion on fed­eral lob­by­ing in 2025, an all-time record ex­ceed­ing Lockheed Martin and Boeing. Source: OpenSecrets, Quiver Quantitative, Dome Politics.

Meta paid Headwaters Strategies $338,500 for Colorado lob­by­ing be­tween 2019 and 2026. Source: Colorado SOS SODA API.

Adam Eichberg si­mul­ta­ne­ously co-founded Meta’s Colorado lob­by­ing firm (Headwaters Strategies) and chairs the New Venture Fund board. Sources: Headwaters Strategies web­site, NVF board page, InfluenceWatch.

NVF does not di­rectly fund any child safety or tech pol­icy or­ga­ni­za­tions via Schedule I grants. Source: NVF Form 990 Schedule I analy­sis, 2,669 re­cip­i­ents.

DCA and DCI share in­fra­struc­ture: same reg­is­trar (GoDaddy), CDN (Cloudflare), email (Microsoft 365), and mar­ket­ing plat­form (Elastic Email). Source: DNS/WHOIS analy­sis.

Pelican State Partners rep­re­sents Meta as a lob­by­ing client in Louisiana. Source: F Minus data­base, LA Board of Ethics.

DCA lead­er­ship comes from NCOSE: three of four se­nior staff have NCOSE con­nec­tions (Stefanski, Hawkins, McKay). Source: DCA web­site, NCOSE pub­lic records.

ASAA has been signed into law in three states: Utah (SB-142, March 2025), Louisiana (HB-570, June 2025), and Texas (SB 2420, May 2025, paused by judge December 2025). Sources: State leg­is­la­ture records, news cov­er­age.

The Sixteen Thirty Fund does not fund any child safety or tech pol­icy or­ga­ni­za­tions via Schedule I grants (306 of 318 re­cip­i­ents an­a­lyzed). Source: STF Form 990 Schedule I, 2024.

All five Arabella en­ti­ties an­a­lyzed: 4,433 grants (approximately $2.0 bil­lion) with zero dol­lars go­ing to child safety or tech pol­icy or­ga­ni­za­tions. Schedule I path­way de­fin­i­tively ruled out across the en­tire net­work. Sources: NVF, STF, North Fund, Windward, Hopewell Form 990 Schedule I fil­ings via ProPublica.

A Meta em­ployee (Jake Levine, Product Manager) con­tributed $1,175 to ASAA spon­sor Matt Ball’s cam­paign ap­pa­ra­tus on June 2, 2025. Source: Colorado TRACER bulk data.

A Google Policy Manager (Kyle Gardner) also con­tributed $450 to Matt Ball. Multiple tech com­pany em­ploy­ees from ASAA-affected com­pa­nies tar­geted the same ASAA bill spon­sor. Source: Colorado TRACER bulk data.

Eichberg and Coyne (Headwaters prin­ci­pals) did not con­tribute to ASAA bill spon­sors Ball or Paschal de­spite $20,000+ com­bined po­lit­i­cal giv­ing. Source: Colorado TRACER bulk data.

No di­rect Meta PAC con­tri­bu­tions to any ASAA spon­sor across Utah, Louisiana, Texas, or Colorado. Source: FollowTheMoney.org multi-state search.

Todd Weiler (Utah SB-142 spon­sor) does not ac­cept cor­po­rate con­tri­bu­tions and has not dis­cussed ASAA di­rectly with Meta. DCA served as the pol­icy in­ter­me­di­ary. Source: Investigative re­port­ing, Weiler’s pub­lic state­ments.

DCA has no EIN in the IRS Business Master File. Not found in any of four re­gional ex­tracts (eo1-eo4.csv) cov­er­ing all US tax-ex­empt or­ga­ni­za­tions. Source: IRS BMF re­gional ex­tracts.

DCI con­firmed in IRS BMF with EIN 39-3684798, Delaware in­cor­po­ra­tion at 213 N Market St Wilmington, IRS rul­ing November 2025. Source: IRS BMF ex­tract.

Meta’s Forge the Future su­per PAC spent $1.3 mil­lion in Texas ahead of March 2026 pri­maries. Source: Texas Ethics Commission fil­ings, news cov­er­age.

DCAs web­site de­ployed less than 24 hours af­ter do­main reg­is­tra­tion: fully func­tional ad­vo­cacy site with pro­fes­sional de­sign, sta­tis­tics, and Heritage/NCOSE tes­ti­mo­ni­als. Source: Wayback Machine CDX API, 100+ snap­shots.

77-day pipeline from DCA do­main reg­is­tra­tion (December 18, 2024) to Utah SB-142 sign­ing (March 5, 2025). Site pre-loaded with ASAA talk­ing points be­fore any bill had passed. Source: WHOIS records, Utah Legislature.

Meta de­ployed 12 lob­by­ists for Louisiana HB-570, which passed 99-0. Disproportionate de­ploy­ment in­di­cates text-con­trol and amend­ment-block­ing rather than vote per­sua­sion. Source: Investigative re­port­ing, LA Board of Ethics.

Three California tech pol­icy em­ploy­ees from Meta, Google, and Pinterest con­tributed to Matt Ball within 90 days. All from ASAA-affected com­pa­nies, all out-of-state, tar­get­ing a newly-ap­pointed sen­a­tor. Source: Colorado TRACER bulk data.

Pelican State Partners rep­re­sents both Meta and Roblox in Louisiana. Both are ASAA ben­e­fi­cia­ries, en­abling broad in­dus­try sup­port” fram­ing. Source: F Minus data­base.

DCAs coali­tion count in­flated from 50+ to 140+ with only six or­ga­ni­za­tions ever pub­licly named. No mem­ber list has been pub­lished on the web­site. Source: DCA web­site, Wayback Machine.

NCOSE has a con­firmed 501(c)(4) af­fil­i­ate: NCOSEAction / Institute for Public Policy (EIN 88-1180705), IRS rul­ing May 2025, same ad­dress and lead­er­ship as NCOSE. Source: IRS BMF, NCOSE web­site.

Network for Good is a Donor Advised Fund, not a pay­ment proces­sor. DCA is clas­si­fied as Project” (ID 258136) in the sys­tem. For Good ex­plic­itly lim­its grants to 501(c)(3) or­ga­ni­za­tions. Source: For Good web­site, IRS de­ter­mi­na­tion.

A Meta lob­by­ist drafted HB-570′s leg­isla­tive lan­guage, con­firmed by spon­sor Rep. Kim Carver. The bill as orig­i­nally writ­ten placed age ver­i­fi­ca­tion bur­den ex­clu­sively on app stores, not plat­forms. Source: Investigative re­port­ing, Carver’s pub­lic con­fir­ma­tion.

Nicole Lopez (Meta Director of Global Litigation Strategy for Youth) tes­ti­fied in both Louisiana and South Dakota for ASAA bills, serv­ing as Meta’s na­tional ASAA spokesper­son. Source: Legislative hear­ing records.

The Sixteen Thirty Fund’s $31 mil­lion lob­by­ing bud­get and $13.1 mil­lion in pro­fes­sional fees con­tain zero men­tions of child safety, dig­i­tal pol­icy, age ver­i­fi­ca­tion, or app stores. Source: STF Form 990 Part IX.

John R. Read (DCA Senior Policy Advisor) lists Digital Childhood Alliance” as his em­ployer in Colorado TRACER records. Contributed $100 to AG can­di­date Hetal Doshi (October 2025). Source: Colorado TRACER.

Matt Ball re­ceived 8% of to­tal fundrais­ing from tech in­dus­try em­ploy­ees. He is the only 2026 Colorado sen­ate can­di­date with con­tri­bu­tions from Meta, Pinterest, Instacart, Anthropic, and Google em­ploy­ees. Four of eight dual-maxed donors are tech em­ploy­ees. Source: Colorado TRACER analy­sis.

NCOSE Schedule R re­veals a two-en­tity evo­lu­tion: the orig­i­nal NCOSE Action (EIN 86-2458921, c4 re­clas­si­fied to c3) was re­placed by the Institute for Public Policy (EIN 88-1180705, c4). All 19 NCOSE-to-Institute trans­ac­tion in­di­ca­tors are marked No” de­spite shared lead­er­ship. Source: NCOSE Form 990 Schedule R, 2019-2023.

For Good DAF path­way de­fin­i­tively ruled out: 59,736 grant re­cip­i­ents across five years (approximately $1.73 bil­lion) searched with zero matches for DCA, DCI, NCOSE, NCOSEAction, or any re­lated en­tity. Source: For Good DAF grant data.

NCOSE lob­by­ing spend­ing tripled from $78,000 to $204,000 con­cur­rent with DCA launch and the ASAA leg­isla­tive push (FY2023 to FY2024). Source: NCOSE Form 990 Part IX.

Forge the Future su­per PAC ex­plic­itly lists an ASAA-aligned pol­icy pri­or­ity: Empowering par­ents with over­sight of chil­dren’s on­line ac­tiv­i­ties across de­vices and dig­i­tal en­vi­ron­ments.” Source: Forge the Future fil­ings.

Hilltop Public Solutions bridges Meta’s su­per PAC and DCA op­er­a­tions. It co-leads ATEP ($45M) and is in­volved in DCA mes­sag­ing co­or­di­na­tion. First firm con­firmed in both tracks. Source: ATEP fil­ings, in­ves­tiga­tive re­port­ing.

Meta su­per PACs are state-level en­ti­ties (not FEC-registered), de­lib­er­ately scat­ter­ing fil­ings across state ethics com­mis­sions to avoid cen­tral­ized search­a­bil­ity. Source: FEC search (negative), state PAC reg­is­tra­tions.

Meta’s to­tal doc­u­mented po­lit­i­cal spend­ing ex­ceeds $70 mil­lion: $45M ATEP, $20M META California, $5M California Leads, with down­stream flows to Forge the Future (TX) and Making Our Tomorrow (IL). Source: State PAC fil­ings, news cov­er­age.

Casey Stefanski never ap­pears on any NCOSE 990 fil­ing de­spite re­port­edly work­ing there ten years. Not among of­fi­cers, di­rec­tors, key em­ploy­ees, or five high­est-com­pen­sated. Source: NCOSE Form 990 fil­ings, 2015-2023.

Meta’s LD-2 fil­ings ex­plic­itly list the App Store Accountability Act (H. R. 3149/S. 1586) as a lob­bied bill. This is the first di­rect ev­i­dence from Meta’s own fed­eral fil­ings con­nect­ing its $26.3M lob­by­ing spend to the spe­cific leg­is­la­tion DCA ad­vo­cates for. Source: Senate LDA fil­ing UUID b73445ed-15e5-42e7-a1e8-ae­b224755267.

Meta si­mul­ta­ne­ously lob­bies FOR ASAA and ON KOSA/COPPA 2.0, sup­port­ing leg­is­la­tion that bur­dens Apple and Google while op­pos­ing or amend­ing leg­is­la­tion that would reg­u­late Meta di­rectly. Both ap­pear in the same LD-2 fil­ing. Source: Meta LD-2 Q1-Q2 2025.

LD-2 nar­ra­tive mir­rors DCA mes­sag­ing: youth safety and fed­eral parental ap­proval” fram­ing in Meta’s fed­eral fil­ings matches DCAs parental ap­proval” and child pro­tec­tion” ad­vo­cacy lan­guage. Source: LD-2 fil­ing CPI is­sue code nar­ra­tive.

Meta funds flow through the Arabella net­work via non-grant mech­a­nisms (fiscal spon­sor­ship, con­sult­ing fees, lob­by­ing ex­pen­di­tures). The Schedule I and For Good DAF path­ways are both ruled out.

DCA op­er­ates un­der NCOSEAction (EIN 88-1180705) as fis­cal spon­sor. The per­son­nel chain is di­rect (van der Watt to Hawkins to Stefanski), but NCOSE re­ports zero trans­ac­tions with its c4 af­fil­i­ate.

Jake Levine’s con­tri­bu­tion to Matt Ball was co­or­di­nated by Meta’s gov­ern­ment af­fairs team rather than be­ing purely per­sonal.

Angela Paxton (Texas ASAA spon­sor) was among the un­named state sen­a­tors sup­ported by Forge the Future.

NCOSEs lob­by­ing spend tripling is causally re­lated to DCA/ASAA ac­tiv­ity (timing is con­cur­rent but pro­gram de­scrip­tions do not men­tion ASAA).

DCAs For Good do­na­tion page is cos­metic. Actual fund­ing comes di­rectly from Meta, not small-dol­lar DAF do­na­tions.

This in­ves­ti­ga­tion used Claude Code (Anthropic’s CLI tool, run­ning Claude Opus) was used as a re­search as­sis­tant for:

* Bulk data pro­cess­ing: pars­ing 4,433 IRS Schedule I grant records, 59,736 DAF re­cip­i­ents, 132MB of Colorado TRACER cam­paign fi­nance data, and IRS Business Master File ex­tracts cov­er­ing all US tax-ex­empt or­ga­ni­za­tions

* Cross-referencing find­ings across 24 analy­sis files and iden­ti­fy­ing pat­terns that span mul­ti­ple re­search threads

Claude Code did not in­de­pen­dently choose what to in­ves­ti­gate, de­cide what con­sti­tutes a find­ing, or de­ter­mine what to pub­lish. Every fac­tual claim in this repos­i­tory cites a pri­mary source (IRS fil­ing, Senate dis­clo­sure, state data­base, leg­isla­tive record, or pub­lished re­port­ing) that can be in­de­pen­dently ver­i­fied. The tool does not change whether Meta’s LD-2 fil­ing lists H. R. 3149, whether DCA has an EIN, or whether Stefanski ad­mit­ted tech fund­ing un­der oath. The records ex­ist or they don’t.

If you want to ver­ify any find­ing, the source URLs and data­base iden­ti­fiers are pro­vided through­out. Start with the pri­mary records, not with this repos­i­tory.

This is an OSINT re­search prod­uct. All find­ings are based on pub­lic records. Source data is cited through­out.

...

Read the original on github.com »

2 1,054 shares, 80 trendiness

CanIRun.ai — Can your machine run AI models?

Find out which AI mod­els your ma­chine can ac­tu­ally run.

Improved V3 with hy­brid think­ing and tool use

Try ad­just­ing your search or fil­ters

...

Read the original on canirun.ai »

3 575 shares, 34 trendiness

TUIStudio — Design Terminal UIs. Visually.

Alpha no­tice: Code ex­port is not func­tional yet. We’re ac­tively work­ing on it — check back soon.

Design once, gen­er­ate pro­duc­tion-ready code for your frame­work of choice. Switch tar­gets with­out touch­ing your de­sign.

Alpha no­tice: Code ex­port is not func­tional yet. We’re ac­tively work­ing on it — check back soon.

Design once, gen­er­ate pro­duc­tion-ready code for your frame­work of choice. Switch tar­gets with­out touch­ing your de­sign.

Everything you need to know be­fore hit­ting down­load.

A TUI (Text User Interface) is an in­ter­ac­tive ap­pli­ca­tion that runs en­tirely in the ter­mi­nal — like htop, lazy­git, or k9s. Instead of a web browser or na­tive win­dow, the UI is built from char­ac­ters, col­ors, and ANSI es­cape codes. TUIStudio lets you de­sign these vi­su­ally in­stead of hand-cod­ing every lay­out.

Will ma­cOS or Windows block the app?

With no code-sign­ing con­fig­ured, each plat­form be­haves dif­fer­ently:

ma­cOS

Gatekeeper blocks the app im­me­di­ately. You’ll see ei­ther TUIStudio can­not be opened be­cause it is from an uniden­ti­fied de­vel­oper” or TUIStudio is dam­aged and can’t be opened” on newer ma­cOS af­ter quar­an­tine flags the bi­nary.

To get past it: right-click the .app → Open → Open any­way — or go to System Settings → Privacy & Security → Open Anyway”.

Windows

SmartScreen shows Windows pro­tected your PC. Click More info → Run any­way. Less fa­tal than ma­cOS, but still alarm­ing to non-tech­ni­cal users.

Linux

No such gate. dpkg -i TUIStudio-amd64.deb or dou­ble-click in a file man­ager — just works.

Why are ex­ports not work­ing?

TUIStudio is cur­rently in Alpha — ex­ports are not func­tional yet. We’re ac­tively work­ing on it.

When ready, the fol­low­ing 6 frame­works will be sup­ported:

Switch ex­port tar­gets at any time with­out touch­ing your de­sign.

TUIStudio is cur­rently in early ac­cess. The core ed­i­tor is free to down­load and use. A pro tier with team fea­tures, cloud sync, and pri­or­ity sup­port is planned for later.

Can I save and re­open my de­signs?

Yes. Projects are saved as portable .tui JSON files you can open from any­where, com­mit to git, or share with your team. No ac­count or cloud re­quired.

...

Read the original on tui.studio »

4 521 shares, 21 trendiness

Vite 8.0 is out!

We’re thrilled to an­nounce the sta­ble re­lease of Vite 8! When Vite first launched, we made a prag­matic bet on two bundlers: es­build for speed dur­ing de­vel­op­ment, and Rollup for op­ti­mized pro­duc­tion builds. That bet served us well for years. We’re very grate­ful to the Rollup and es­build main­tain­ers. Vite would­n’t have suc­ceeded with­out them. Today, it re­solves into one: Vite 8 ships with Rolldown as its sin­gle, uni­fied, Rust-based bundler, de­liv­er­ing up to 10-30x faster builds while main­tain­ing full plu­gin com­pat­i­bil­ity. This is the most sig­nif­i­cant ar­chi­tec­tural change since Vite 2.

Vite is now be­ing down­loaded 65 mil­lion times a week, and the ecosys­tem con­tin­ues to grow with every re­lease. To help de­vel­op­ers nav­i­gate the ever-ex­pand­ing plu­gin land­scape, we also launched reg­istry.vite.dev, a search­able di­rec­tory of plu­g­ins for Vite, Rolldown, and Rollup that col­lects plu­gin data from npm daily.

Play on­line with Vite 8 us­ing vite.new or scaf­fold a Vite app lo­cally with your pre­ferred frame­work run­ning pnpm cre­ate vite. Check out the Getting Started Guide for more in­for­ma­tion.

We in­vite you to help us im­prove Vite (joining the more than 1.2K con­trib­u­tors to Vite Core), our de­pen­den­cies, or plu­g­ins and pro­jects in the ecosys­tem. Learn more at our Contributing Guide. A good way to get started is by triag­ing is­sues, re­view­ing PRs, send­ing tests PRs based on open is­sues, and sup­port­ing oth­ers in Discussions or Vite Land’s help fo­rum. If you have ques­tions, join our Discord com­mu­nity and talk to us in the #contributing chan­nel.

Stay up­dated and con­nect with oth­ers build­ing on top of Vite by fol­low­ing us on Bluesky, X, or Mastodon.

Since its ear­li­est ver­sions, Vite re­lied on two sep­a­rate bundlers to serve dif­fer­ent needs. es­build han­dled fast com­pi­la­tion dur­ing de­vel­op­ment (dependency pre-bundling and TypeScript/JSX trans­forms) that made the dev ex­pe­ri­ence feel in­stant. Rollup han­dled pro­duc­tion bundling, chunk­ing, and op­ti­miza­tion, with its rich plu­gin API pow­er­ing the en­tire Vite plu­gin ecosys­tem.

This dual-bundler ap­proach served Vite well for years. It al­lowed us to fo­cus on de­vel­oper ex­pe­ri­ence and or­ches­tra­tion rather than rein­vent­ing pars­ing and bundling from scratch. But it came with trade-offs. Two sep­a­rate trans­for­ma­tion pipelines meant two sep­a­rate plu­gin sys­tems, and an in­creas­ing amount of glue code needed to keep the two pipelines in sync. Edge cases around in­con­sis­tent mod­ule han­dling ac­cu­mu­lated over time, and every align­ment fix in one pipeline risked in­tro­duc­ing dif­fer­ences in the other.

Rolldown is a Rust-based bundler built by the VoidZero team to ad­dress these chal­lenges head-on. It was de­signed with three goals:

* Performance: Written in Rust, Rolldown op­er­ates at na­tive speed. In bench­marks, it is 10-30x faster than Rollup match­ing es­build’s per­for­mance level.

* Compatibility: Rolldown sup­ports the same plu­gin API as Rollup and Vite. Most ex­ist­ing Vite plu­g­ins work out of the box with Vite 8.

* Advanced fea­tures: A sin­gle uni­fied bundler un­locks ca­pa­bil­i­ties that were dif­fi­cult or im­pos­si­ble with the dual-bundler setup, in­clud­ing full bun­dle mode, more flex­i­ble chunk split­ting, mod­ule-level per­sis­tent caching, and Module Federation sup­port.

The mi­gra­tion to Rolldown was de­lib­er­ate and com­mu­nity-dri­ven. First, a sep­a­rate roll­down-vite pack­age was re­leased as a tech­ni­cal pre­view, al­low­ing early adopters to test Rolldown’s in­te­gra­tion with­out af­fect­ing the sta­ble ver­sion of Vite. The feed­back from those early adopters was in­valu­able. They pushed the in­te­gra­tion through real-world code­bases of every shape and size, sur­fac­ing edge cases and com­pat­i­bil­ity is­sues we could ad­dress be­fore a wider re­lease. We also set up a ded­i­cated CI suite val­i­dat­ing key Vite plu­g­ins and frame­works against the new bundler, catch­ing re­gres­sions early and build­ing con­fi­dence in the mi­gra­tion path.

In December 2025, we shipped the Vite 8 beta with Rolldown fully in­te­grated. During the beta pe­riod, Rolldown it­self pro­gressed from beta to a re­lease can­di­date, with con­tin­u­ous im­prove­ments dri­ven by the test­ing and feed­back of the Vite com­mu­nity.

During the pre­view and beta phases of roll­down-vite, sev­eral com­pa­nies re­ported mea­sur­able re­duc­tions in pro­duc­tion build times:

For large pro­jects, the im­pact can be es­pe­cially no­tice­able, and we ex­pect fur­ther im­prove­ments as Rolldown con­tin­ues to evolve.

With Vite 8, Vite be­comes the en­try point to an end-to-end tool­chain with closely col­lab­o­rat­ing teams: the build tool (Vite), the bundler (Rolldown), and the com­piler (Oxc). This align­ment en­sures con­sis­tent be­hav­ior across the en­tire stack, from pars­ing and re­solv­ing to trans­form­ing and mini­fy­ing. It also means we can rapidly adopt new lan­guage spec­i­fi­ca­tions as JavaScript evolves. And by in­te­grat­ing deeply across lay­ers, we can pur­sue op­ti­miza­tions that were pre­vi­ously out of reach, such as lever­ag­ing Oxc’s se­man­tic analy­sis for bet­ter tree-shak­ing in Rolldown.

None of this would have been pos­si­ble with­out the broader com­mu­nity. We want to ex­tend our deep thanks to the frame­work teams (SvelteKit, React Router, Storybook, Astro, Nuxt, and many oth­ers) who tested roll­down-vite early, filed de­tailed bug re­ports, and worked with us to re­solve com­pat­i­bil­ity is­sues. We are equally grate­ful to every de­vel­oper who tried the beta, shared their build time im­prove­ments, and re­ported the rough edges that helped us pol­ish this re­lease. Your will­ing­ness to test the mi­gra­tion on real pro­jects helped make the tran­si­tion to Rolldown smoother and more re­li­able.

Vite 8 re­quires Node.js 20.19+, 22.12+, the same re­quire­ments as Vite 7. These ranges en­sure Node.js sup­ports re­quire(esm) with­out a flag, al­low­ing Vite to be dis­trib­uted as ESM only.

Beyond the Rolldown in­te­gra­tion, Vite 8 in­cludes sev­eral no­table fea­tures:

* Integrated Devtools: Vite 8 ships de­v­tools op­tion to en­able Vite Devtools, a de­vel­oper tool­ing for de­bug­ging and analy­sis. Vite Devtools pro­vide deeper in­sights into your Vite-powered pro­jects di­rectly from the dev server.

* Built-in tscon­fig paths sup­port: Developers can en­able TypeScript path alias res­o­lu­tion by set­ting re­solve.tscon­fig­Paths to true. This has a small per­for­mance cost and is not en­abled by de­fault.

* emit­Dec­o­ra­torMeta­data sup­port: Vite 8 now has built-in au­to­matic sup­port for TypeScript’s emit­Dec­o­ra­torMeta­data op­tion, re­mov­ing the need for ex­ter­nal plu­g­ins. See the Features page for de­tails.

* Wasm SSR sup­port: .wasm?init im­ports now work in SSR en­vi­ron­ments, ex­pand­ing Vite’s WebAssembly fea­ture to server-side ren­der­ing.

* Browser con­sole for­ward­ing: Vite 8 can for­ward browser con­sole logs and er­rors to the dev server ter­mi­nal. This is es­pe­cially use­ful when work­ing with cod­ing agents, as run­time client er­rors be­come vis­i­ble in the CLI out­put. Enable it with server.for­ward­Con­sole, which ac­ti­vates au­to­mat­i­cally when a cod­ing agent is de­tected.

Alongside Vite 8, we are re­leas­ing @vitejs/plugin-react v6. The plu­gin uses Oxc for React Refresh trans­form. Babel is no longer a de­pen­dency and the in­stal­la­tion size is smaller.

For pro­jects that need the React Compiler, v6 pro­vides a re­act­Com­pil­er­P­re­set helper that works with @rolldown/plugin-babel, giv­ing you an ex­plicit opt-in path with­out bur­den­ing the de­fault setup.

See the Release Notes for more de­tails.

Note that v5 still works with Vite 8, so you can up­grade the plu­gin af­ter up­grad­ing Vite.

The Rolldown in­te­gra­tion opens the door to im­prove­ments and op­ti­miza­tions. Here is what we are work­ing on next:

* Full Bundle Mode (experimental): This mode bun­dles mod­ules dur­ing de­vel­op­ment, sim­i­lar to pro­duc­tion builds. Preliminary re­sults show 3x faster dev server startup, 40% faster full re­loads, and 10x fewer net­work re­quests. This is es­pe­cially im­pact­ful for large pro­jects where the un­bun­dled dev ap­proach hits scal­ing lim­its.

* Raw AST trans­fer: Allows JavaScript plu­g­ins to ac­cess the Rust-produced AST with min­i­mal se­ri­al­iza­tion over­head, bridg­ing the per­for­mance gap be­tween Rust in­ter­nals and JS plu­gin code.

* Native MagicString trans­forms: Enables cus­tom trans­forms where the logic lives in JavaScript but the string ma­nip­u­la­tion com­pu­ta­tion runs in Rust.

* Stabilizing the Environment API: We are work­ing to make the Environment API sta­ble. The ecosys­tem has started reg­u­lar meet­ings to bet­ter col­lab­o­rate to­gether.

We want to be trans­par­ent about changes to Vite’s in­stall size. Vite 8 is ap­prox­i­mately 15 MB larger than Vite 7 on its own. This comes from two main sources:

* ~10 MB from light­ningcss: Previously an op­tional peer de­pen­dency, light­ningcss is now a nor­mal de­pen­dency to pro­vide bet­ter CSS mini­fi­ca­tion out of the box.

* ~5 MB from Rolldown: The Rolldown bi­nary is larger than es­build + Rollup mainly due to per­for­mance op­ti­miza­tions that fa­vor speed over bi­nary size.

We will con­tinue mon­i­tor­ing and work­ing to re­duce in­stall size as Rolldown ma­tures.

For most pro­jects, up­grad­ing to Vite 8 should be a smooth process. We built a com­pat­i­bil­ity layer that auto-con­verts ex­ist­ing es­build and rollupOp­tions con­fig­u­ra­tion to their Rolldown and Oxc equiv­a­lents, so many pro­jects will work with­out any con­fig changes.

For larger or more com­plex pro­jects, we rec­om­mend the grad­ual mi­gra­tion path: first switch from vite to the roll­down-vite pack­age on Vite 7 to iso­late any Rolldown-specific is­sues, then up­grade to Vite 8. This two-step ap­proach makes it easy to iden­tify whether any is­sues come from the bundler change or from other Vite 8 changes.

Please re­view the de­tailed Migration Guide be­fore up­grad­ing. The com­plete list of changes is in the Vite 8 Changelog.

As Vite moves to Rolldown, we want to take a mo­ment to ex­press our deep grat­i­tude to the two pro­jects that made Vite pos­si­ble.

Rollup has been Vite’s pro­duc­tion bundler since the very be­gin­ning. Its el­e­gant plu­gin API de­sign proved so well-con­ceived that Rolldown adopted it as its own, and Vite’s en­tire plu­gin ecosys­tem ex­ists be­cause of the foun­da­tion Rollup laid. The qual­ity and thought­ful­ness of Rollup’s ar­chi­tec­ture shaped how Vite thinks about ex­ten­si­bil­ity. Thank you, Rich Harris for cre­at­ing Rollup, and Lukas Taegert-Atkinson and the Rollup team for main­tain­ing and evolv­ing it into some­thing that has had such a last­ing im­pact on the web tool­ing ecosys­tem.

es­build pow­ered Vite’s re­mark­ably fast de­vel­op­ment ex­pe­ri­ence from its early days: de­pen­dency pre-bundling, TypeScript and JSX trans­forms that com­pleted in mil­lisec­onds rather than hun­dreds. es­build proved that build tools could be or­ders of mag­ni­tude faster, and its speed set the bar that in­spired an en­tire gen­er­a­tion of Rust and Go-based tool­ing. Thank you, Evan Wallace, for show­ing all of us what was pos­si­ble.

Without these two pro­jects, Vite would not ex­ist as it does to­day. Even as we move for­ward with Rolldown, the in­flu­ence of Rollup and es­build is deeply em­bed­ded in Vite’s DNA, and we are grate­ful for every­thing they have given to the ecosys­tem. You can learn more about all the pro­jects and peo­ple Vite de­pends on at our Acknowledgements page.

Vite 8 was led by sap­phi-red and the Vite Team with the help of the wide com­mu­nity of con­trib­u­tors, down­stream main­tain­ers, and plu­gin au­thors. We want to thank the Rolldown team for their close col­lab­o­ra­tion in mak­ing the Rolldown-powered Vite 8 pos­si­ble. We are also es­pe­cially grate­ful to every­one who par­tic­i­pated in the roll­down-vite pre­view and the Vite 8 beta pe­riod. Your test­ing, bug re­ports, and feed­back made the Rolldown mi­gra­tion pos­si­ble and shaped this re­lease into some­thing we are proud of.

Vite is brought to you by VoidZero, in part­ner­ship with Bolt and NuxtLabs. We also want to thank our spon­sors on Vite’s GitHub Sponsors and Vite’s Open Collective.

...

Read the original on vite.dev »

5 482 shares, 29 trendiness

Qatar helium shutdown puts chip supply chain on a two-week clock — SK hynix forced to diversify after 30% of global supply removed from the market

QatarEnergy has not restarted he­lium pro­duc­tion at its Ras Laffan com­plex — one of the largest con­cen­tra­tions of he­lium pro­duc­tion in­fra­struc­ture glob­ally — nine days af­ter Iranian drone strikes forced the fa­cil­ity of­fline. The en­su­ing dis­rup­tion to sup­ply has sparked con­cerns for South Korea’s chip in­dus­try, Nikkei re­ports.

The fa­cil­ity went of­fline on March 2 fol­low­ing drone strikes, re­mov­ing ap­prox­i­mately 30% of global he­lium sup­ply from the mar­ket. QatarEnergy de­clared force ma­jeure on ex­ist­ing con­tracts on March 4, free­ing it from sup­ply oblig­a­tions to cus­tomers, and in­dus­try out­let Gasworld re­ported on March 7 that no im­mi­nent restart is planned.

Helium con­sul­tant Phil Kornbluth, speak­ing at a Gasworld we­bi­nar on March 4, said that if the out­age ex­tends be­yond roughly two weeks, in­dus­trial gas dis­trib­u­tors could be forced to re­lo­cate cryo­genic equip­ment and reval­i­date sup­plier re­la­tion­ships, a process that could stretch over months re­gard­less of when Qatari out­put re­sumes.

South Korea is among the most ex­posed coun­tries, which, ac­cord­ing to the Korea International Trade Association, im­ported 64.7% of its he­lium from Qatar in 2025. The coun­try re­lies heav­ily on he­lium im­ports to cool sil­i­con wafers dur­ing fab­ri­ca­tion and is un­der­stood to have no vi­able sub­sti­tute.

The coun­try’s Ministry of Trade, Industry and Resources has re­port­edly launched an in­ves­ti­ga­tion into sup­ply and de­mand for 14 semi­con­duc­tor ma­te­ri­als and equip­ment types with high de­pen­dence on Middle Eastern sources, Nikkei re­ported on Wednesday. Bromine, which is used in cir­cuit for­ma­tion, is an­other big con­cern, with South Korea sourc­ing 90% of its im­ports from Israel, also party to the on­go­ing con­flict in Iran.

South Korean mem­ory gi­ant SK hynix has since said it had di­ver­si­fied sup­plies for he­lium and se­cured suf­fi­cient in­ven­tory. Meanwhile, TSMC said that it does­n’t cur­rently an­tic­i­pate a no­table im­pact fol­low­ing Ras Laffan go­ing of­fline, but that it’s mon­i­tor­ing the sit­u­a­tion. South Korea and Taiwan each ac­count for 18% of global semi­con­duc­tor pro­duc­tion ca­pac­ity, ac­cord­ing to Boston Consulting Group and the Semiconductor Industry Association.

The sit­u­a­tion echoes a 2022 short­age of he­lium and neon, which was trig­gered by Russia’s in­va­sion of Ukraine. That event prompted South Korea to pur­sue sup­ply di­ver­si­fi­ca­tion and do­mes­tic pro­duc­tion of those gases, which are used in lith­o­g­ra­phy to trans­fer cir­cuit pat­terns onto wafers

Follow Tom’s Hardware on Google News, or add us as a pre­ferred source, to get our lat­est news, analy­sis, & re­views in your feeds.

...

Read the original on www.tomshardware.com »

6 448 shares, 79 trendiness

1M context is now generally available for Opus 4.6 and Sonnet 4.6

Claude Opus 4.6 and Sonnet 4.6 now in­clude the full 1M con­text win­dow at stan­dard pric­ing on the Claude Platform. Standard pric­ing ap­plies across the full win­dow — $5/$25 per mil­lion to­kens for Opus 4.6 and $3/$15 for Sonnet 4.6. There’s no mul­ti­plier: a 900K-token re­quest is billed at the same per-to­ken rate as a 9K one.

* Full rate lim­its at every con­text length. Your stan­dard ac­count through­put ap­plies across the en­tire win­dow.

* 6x more me­dia per re­quest. Up to 600 im­ages or PDF pages, up from 100. Available to­day on Claude Platform na­tively, Microsoft Azure Foundry, and Google Cloud’s Vertex AI.

* ​​No beta header re­quired. Requests over 200K to­kens work au­to­mat­i­cally. If you’re al­ready send­ing the beta header, it’s ig­nored so no code changes are re­quired.

1M con­text is now in­cluded in Claude Code for Max, Team, and Enterprise users with Opus 4.6. Opus 4.6 ses­sions can use the full 1M con­text win­dow au­to­mat­i­cally, mean­ing fewer com­pactions and more of the con­ver­sa­tion kept in­tact. 1M con­text pre­vi­ously re­quired ex­tra us­age.

A mil­lion to­kens of con­text only mat­ters if the model can re­call the right de­tails and rea­son across them. Opus 4.6 scores 78.3% on MRCR v2, the high­est among fron­tier mod­els at that con­text length.

That means you can load an en­tire code­base, thou­sands of pages of con­tracts, or the full trace of a long-run­ning agent — tool calls, ob­ser­va­tions, in­ter­me­di­ate rea­son­ing — and use it di­rectly. The en­gi­neer­ing work, lossy sum­ma­riza­tion, and con­text clear­ing that long-con­text work pre­vi­ously re­quired are no longer needed. The full con­ver­sa­tion stays in­tact.

...

Read the original on claude.com »

7 442 shares, 35 trendiness

Watch YouTube Like It's Cable TV

...

Read the original on channelsurfer.tv »

8 414 shares, 32 trendiness

We’ll Be “Stunned” By What the NSA Is Doing Under Section 702

Senator Ron Wyden says that when a se­cret in­ter­pre­ta­tion of Section 702 is even­tu­ally de­clas­si­fied, the American pub­lic will be stunned” to learn what the NSA has been do­ing. If you’ve fol­lowed Wyden’s ca­reer, you know this is not a man prone to hy­per­bole — and you know his track record on these warn­ings is per­fect.

Just last month, we wrote about the Wyden Siren — the pat­tern where Senator Ron Wyden sends a cryp­tic pub­lic sig­nal that some­thing ter­ri­ble is hap­pen­ing be­hind the clas­si­fi­ca­tion cur­tain, can’t say what it is, and then is even­tu­ally proven right. Every sin­gle time. The cat­a­lyst then was a two-sen­tence let­ter to CIA Director Ratcliffe ex­press­ing deep con­cerns about CIA ac­tiv­i­ties.”

Well, the siren is go­ing off once again. This time, Wyden took to the Senate floor to de­liver a lengthy speech, os­ten­si­bly about the since ap­proved (with sup­port of many Democrats) nom­i­na­tion of Joshua Rudd to lead the NSA. Wyden was protest­ing that nom­i­na­tion, but in the con­text of Rudd be­ing un­will­ing to agree to ba­sic con­sti­tu­tional lim­i­ta­tions on NSA sur­veil­lance. But that’s just a jump­ing off point ahead of Section 702’s up­com­ing reau­tho­riza­tion dead­line. Buried in the speech is a pas­sage that should set off every alarm bell:

There’s an­other ex­am­ple of se­cret law re­lated to Section 702, one that di­rectly af­fects the pri­vacy rights of Americans. For years, I have asked var­i­ous ad­min­is­tra­tions to de­clas­sify this mat­ter. Thus far they have all re­fused, al­though I am still wait­ing for a re­sponse from DNI Gabbard. I strongly be­lieve that this mat­ter can and should be de­clas­si­fied and that Congress needs to de­bate it openly be­fore Section 702 is reau­tho­rized. In fact, when it is even­tu­ally de­clas­si­fied, the American peo­ple will be stunned that it took so long and that Congress has been de­bat­ing this au­thor­ity with in­suf­fi­cient in­for­ma­tion.

You can see the full video here if you want.

Here’s a sit­ting mem­ber of the Senate Intelligence Committee — some­one with ac­cess to the clas­si­fied de­tails — is telling his col­leagues and the pub­lic that there is a se­cret in­ter­pre­ta­tion of Section 702 that directly af­fects the pri­vacy rights of Americans,” that he’s been ask­ing mul­ti­ple ad­min­is­tra­tions to de­clas­sify it, that they’ve all re­fused, and that when it fi­nally comes out, peo­ple will be stunned.

If you’ve fol­lowed Wyden for any amount of time, this all sounds very fa­mil­iar. In 2011, Wyden warned that the gov­ern­ment had se­cretly rein­ter­preted the PATRIOT Act to mean some­thing en­tirely dif­fer­ent from what Congress and the pub­lic un­der­stood. He could­n’t say what. Nobody be­lieved it could be that bad. Then the Snowden rev­e­la­tions showed the NSA was en­gaged in bulk col­lec­tion of es­sen­tially every American’s phone meta­data. In 2017, he caught the Director of National Intelligence an­swer­ing a dif­fer­ent ques­tion than the one Wyden asked about Section 702 sur­veil­lance. The pat­tern re­peats. The siren sounds. Years pass. And then, even­tu­ally, we find out it was worse than we imag­ined.

Now here he is, do­ing the ex­act same thing with Section 702 yet again, now that it’s up for re­newal. Congress is weeks away from a reau­tho­riza­tion vote, and Wyden is ex­plic­itly telling his col­leagues (not for the first time) they are prepar­ing to vote on a law whose ac­tual mean­ing is be­ing kept se­cret from them as well as from the American pub­lic:

The past fif­teen years have shown that, un­less the Congress can have an open de­bate about sur­veil­lance au­thor­i­ties, the laws that are passed can­not be as­sumed to have the sup­port of the American peo­ple. And that is fun­da­men­tally un­de­mo­c­ra­tic. And, right now, the gov­ern­ment is re­ly­ing on se­cret law with re­gard to Section 702 of FISA. I’ve al­ready men­tioned the pro­vi­sion that was stuck into the last reau­tho­riza­tion bill, that could al­low the gov­ern­ment to force all sorts of peo­ple to spy on their fel­low cit­i­zens. I have ex­plained the de­tails of how the Biden Administration chose to in­ter­pret it, and how the Trump Administration will in­ter­pret it, are a big se­cret. Americans have the right to be con­fused and an­gry that this is how the gov­ern­ment and Congress choose to do busi­ness.

That’s a United States sen­a­tor who has a long his­tory of call­ing out se­cret in­ter­pre­ta­tions that lead to sur­veil­lance of Americans — stand­ing on the Senate floor and warn­ing, once again, that there’s a se­cret in­ter­pre­ta­tion of Section 702 au­thor­i­ties. One that al­most cer­tainly means mass sur­veil­lance.

And Wyden knows ex­actly how this plays out. He’s been through the reau­tho­riza­tion cy­cle enough times to know the play­book the in­tel­li­gence com­mu­nity runs every time 702 is up for re­newal:

I’ve been do­ing this a long time, so I know how this al­ways goes. Opponents of re­form­ing Section 702 don’t want a real de­bate where Members can de­cide for them­selves which re­form amend­ments to sup­port. So what al­ways hap­pens is that a lousy reau­tho­riza­tion bill mag­i­cally shows up a few days be­fore the au­tho­riza­tion ex­pires and Members are told that there’s no time to do any­thing other than pass that bill and that if they vote for any amend­ments, the pro­gram will die and ter­ri­ble things will hap­pen and it will be all their fault.

He’s right. Every time reau­tho­riza­tion is on the table, no real de­bate hap­pens, and then just be­fore the au­tho­riza­tion is about to run out, some loyal sol­dier of the sur­veil­lance brigade in Congress will scream national se­cu­rity” at the top of their lungs, in­sist there’s no time to de­bate this or peo­ple will die, and then promises that we need to just re-au­tho­rize for a few more years, at which point we’ll be able to hold a de­bate on the sur­veil­lance.

But even set­ting aside the se­cret in­ter­pre­ta­tion Wyden can’t dis­cuss, his speech high­lights some­thing al­most as damn­ing: just how spec­tac­u­larly the sup­posed reforms” from the last reau­tho­riza­tion have failed. Remember, one of the big concessions” to get the last reau­tho­riza­tion across the fin­ish line was a re­quire­ment that sensitive searches” — tar­get­ing elected of­fi­cials, po­lit­i­cal can­di­dates, jour­nal­ists, and the like — would need the ap­proval of the FBIs Deputy Director.

This was in re­sponse to some GOP elected of­fi­cials be­ing on the re­ceiv­ing end of in­ves­ti­ga­tions dur­ing the Biden era, freak­ing out that the NSA ap­peared to be do­ing the very things plenty of civil so­ci­ety and pri­vacy ad­vo­cates had been telling them about for over a decade while they just yelled national se­cu­rity” back at us.

So how are those small reforms” work­ing out? Here’s Wyden:

The so-called big re­form was to re­quire the ap­proval of the Deputy FBI Director for these sen­si­tive searches.

Until two months ago, the Deputy FBI Director was Dan Bongino. As most of my col­leagues know, Mr. Bongino is a long­time con­spir­acy the­o­rist who has fre­quently called for spe­cious in­ves­ti­ga­tions of his po­lit­i­cal op­po­nents. This is the man whom the President and the U. S. Senate put in charge of these in­cred­i­bly sen­si­tive searches. And Bongino’s re­place­ment as Deputy Director, Andrew Bailey, is a highly par­ti­san elec­tion de­nier who re­cently di­rected a raid on a Georgia elec­tion of­fice in an ef­fort to jus­tify Donald Trump’s con­spir­acy the­o­ries. I don’t know about my col­leagues, but this so-called re­form makes me feel worse, not bet­ter.

So the grand re­form that was sup­posed to pro­vide mean­ing­ful over­sight of the FBIs most sen­si­tive sur­veil­lance ac­tiv­i­ties ended up plac­ing that au­thor­ity in the hands of a con­spir­acy the­o­rist, fol­lowed by a par­ti­san elec­tion de­nier. And just to make the whole thing even more far­ci­cal, Wyden notes that the FBI has re­fused to even keep a ba­sic record of these searches:

But it’s even worse than it looks. The FBI has re­fused to even keep track of all of the sen­si­tive searches the Deputy Director has con­sid­ered. The Inspector General urged the FBI to just put this in­for­ma­tion into a sim­ple spread­sheet and they re­fused to do it. That is how much the FBI does not want over­sight.

They won’t main­tain a spread­sheet. The Inspector General asked them to track their use of a sen­si­tive sur­veil­lance power us­ing what amounts to a ba­sic Excel file, and the FBI said no. That’s the state of reform” for Section 702 af­ter the last re-auth.

Wyden has also been sound­ing the alarm about the ex­pan­sion of who can be forced to spy on be­half of the gov­ern­ment, thanks to a pro­vi­sion jammed into the last reau­tho­riza­tion that ex­panded the de­f­i­n­i­tion of electronic com­mu­ni­ca­tions ser­vice provider” to cover es­sen­tially any­one with ac­cess to com­mu­ni­ca­tions equip­ment. As Wyden ex­plained:

Two years ago, dur­ing the last reau­tho­riza­tion de­ba­cle, some­thing re­ally bad hap­pened. Over in the House, ex­ist­ing sur­veil­lance law was changed so that the gov­ern­ment could force any­one with access” to com­mu­ni­ca­tions to se­cretly col­lect those com­mu­ni­ca­tions for the gov­ern­ment. As I pointed out at the time, that could mean any­one in­stalling or re­pair­ing a ca­ble box, or any­one re­spon­si­ble for a wifi router. It was a jaw-drop­ping ex­pan­sion of au­thor­i­ties that could end up forc­ing count­less or­di­nary Americans to se­cretly help the gov­ern­ment spy on their fel­low cit­i­zens.

The Biden ad­min­is­tra­tion ap­par­ently promised to use this au­thor­ity nar­rowly. But, of course, the Trump ad­min­is­tra­tion has made no such promise. As we say with every ex­pan­sion of ex­ec­u­tive au­thor­ity, just imag­ine how the worst pos­si­ble pres­i­dent from the op­pos­ing party would use it. And now we don’t have to won­der any more.

Wyden cor­rectly points out that se­cret promises from a prior ad­min­is­tra­tion are worth ex­actly noth­ing:

But here’s the other thing — what­ever se­cret promise the Biden Administration made about us­ing these vast, unchecked au­thor­i­ties with re­straint, the cur­rent ad­min­is­tra­tion clearly is­n’t go­ing to feel bound by that promise. So what­ever the pre­vi­ous ad­min­is­tra­tion in­tended to ac­com­plish with that pro­vi­sion, there is ab­solutely noth­ing pre­vent­ing the cur­rent ad­min­is­tra­tion from con­script­ing those ca­ble re­pair and tech sup­port men and women to se­cretly spy on Americans.

So to tally this up: Congress is about to vote on reau­tho­riz­ing Section 702 with a se­cret le­gal in­ter­pre­ta­tion that Wyden says will stun the pub­lic when it’s even­tu­ally re­vealed, with reforms” that placed sur­veil­lance ap­proval au­thor­ity in the hands of con­spir­acy the­o­rists who won’t even keep a spread­sheet, with a mas­sively ex­panded de­f­i­n­i­tion of who can be forced to help the gov­ern­ment spy, with se­cret promises about re­straint that the cur­rent ad­min­is­tra­tion has no in­ten­tion of hon­or­ing, and with a nom­i­nee to lead the NSA who won’t com­mit to fol­low­ing the Constitution.

The Wyden Siren is blar­ing. And if his­tory is any guide — and it has been, with­out ex­cep­tion — what­ever is be­hind the clas­si­fi­ca­tion cur­tain is worse than what we can see from the out­side.

...

Read the original on www.techdirt.com »

9 373 shares, 21 trendiness

Help Center

...

Read the original on help.instagram.com »

10 316 shares, 15 trendiness

Bucketsquatting is (Finally) Dead – One Cloud Please

For a decade, I have been work­ing with AWS and third-party se­cu­rity teams to re­solve buck­et­squat­ting / buck­et­snip­ing is­sues in AWS S3. Finally, I am happy to say AWS now has a so­lu­tion to the prob­lem, and it changes the way you should name your buck­ets.

Bucketsquatting (or some­times called buck­et­snip­ing) is an is­sue I first wrote about in 2019, and it has been a re­cur­ring is­sue in AWS S3 ever since. If you’re in­ter­ested in the specifics of the prob­lem, I rec­om­mend you check out my orig­i­nal post on the topic: S3 Bucket Namesquatting - Abusing pre­dictable S3 bucket names. In short, the prob­lem is that S3 bucket names are glob­ally unique, and if the owner of a bucket deletes it, that name be­comes avail­able for any­one else to reg­is­ter. This can lead to a sit­u­a­tion where an at­tacker can reg­is­ter a bucket with the same name as a pre­vi­ously deleted bucket and po­ten­tially gain ac­cess to sen­si­tive data or dis­rupt ser­vices that rely on that bucket.

Additionally, it is a com­mon prac­tice for or­ga­ni­za­tions to use pre­dictable nam­ing con­ven­tions for their buck­ets, such as ap­pend­ing the AWS re­gion name to the end of the bucket name (e.g. myapp-us-east-1), which can make it eas­ier for at­tack­ers to guess and reg­is­ter buck­ets that may have been pre­vi­ously used. This lat­ter prac­tice is one that AWS in­ter­nal teams com­monly fall vic­tim to, and it is one that I have been work­ing with the AWS Security Outreach team to ad­dress for al­most a decade now across dozens of in­di­vid­ual com­mu­ni­ca­tions.

To ad­dress this is­sue, AWS has in­tro­duced a new pro­tec­tion that works ef­fec­tively as a namespace” for S3 buck­ets. The name­space syn­tax is as fol­lows:

For ex­am­ple, if your ac­count ID is 123456789012, your pre­fix is myapp, and you want to cre­ate a bucket in the us-west-2 re­gion, you would name your bucket as fol­lows:

Though not ex­plic­itly men­tioned, the -an here refers to the account name­space”. This new syn­tax en­sures that only the ac­count that owns the name­space can cre­ate buck­ets with that name, ef­fec­tively pre­vent­ing buck­et­squat­ting at­tacks. If an­other ac­count tries to cre­ate a bucket with the same name, they will re­ceive an InvalidBucketNamespace er­ror mes­sage in­di­cat­ing that the bucket name is al­ready in use. Account own­ers will also re­ceive an InvalidBucketNamespace er­ror if they try to cre­ate a bucket where the bucket re­gion does not match the re­gion spec­i­fied in the bucket name.

Interestingly, the guid­ance from AWS is that this name­space is rec­om­mended to be used by de­fault. Namespaces aren’t new to S3, with suf­fixes like .mrap, –x-s3, and -s3alias all be­ing ex­am­ples of ex­ist­ing name­spaces that AWS pre­vi­ously used for new fea­tures; how­ever, this is the first time AWS has in­tro­duced a name­space that is rec­om­mended for gen­eral use by cus­tomers to pro­tect against a spe­cific se­cu­rity is­sue.

It is AWS stance that all buck­ets should use this name­space pat­tern, un­less you have a com­pelling rea­son not to (hint: there aren’t many). To this end, AWS is al­low­ing se­cu­rity ad­min­is­tra­tors to set poli­cies that re­quire the use of this name­space through the use of a new con­di­tion key s3:x-amz-bucket-name­space, which can be ap­plied within an Organization’s SCP poli­cies to en­force the use of this pro­tec­tion across an or­ga­ni­za­tion.

This does­n’t retroac­tively pro­tect any ex­ist­ing buck­ets (or pub­lished tem­plates that use a re­gion pre­fix/​suf­fix pat­tern with­out the name­space), but it does pro­vide a strong pro­tec­tion for new buck­ets go­ing for­ward (okay, so it’s dy­ing, not dead). If you wish to pro­tect your ex­ist­ing buck­ets, you’ll need to cre­ate new buck­ets with the name­space pat­tern and mi­grate your data to those buck­ets.

While AWS has in­tro­duced this new name­space pro­tec­tion for S3 buck­ets, the other ma­jor cloud providers han­dle things slightly dif­fer­ently.

Google Cloud Storage al­ready has a name­space con­cept in place for its buck­ets, which is based on do­main name ver­i­fi­ca­tion. This means that only the owner of a do­main can cre­ate buck­ets with names that are of a do­main name for­mat (e.g. myapp.com), and they must ver­ify own­er­ship of the do­main be­fore they can cre­ate buck­ets with that name. Bucketsquatting is still pos­si­ble with non-do­main name for­mat­ted buck­ets, but the use of do­main name for­mat­ted buck­ets is Google’s so­lu­tion to the is­sue.

For Azure Blob Storage, stor­age ac­counts are scoped with a con­fig­urable ac­count name and con­tainer name, so the same is­sue does ap­ply. This is fur­ther ex­ac­er­bated by the fact that Azure’s stor­age ac­count names have a max­i­mum of 24 char­ac­ters, leav­ing a fairly small name­space for or­ga­ni­za­tions to work with. (h/t vhab for point­ing this out)

There is a new name­space for S3 buck­ets. The name­space pro­tects you from buck­et­squat­ting at­tacks, and you should use it for any S3 buck­ets you cre­ate.

If you liked what I’ve writ­ten, or want to hear more on this topic, reach out to me on LinkedIn or 𝕏.

...

Read the original on onecloudplease.com »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.