Artemis II is now on a loop­ing path that will carry the crew around the far side of the Moon and back again. It is the first time since 1972 that hu­mans have trav­elled out­side the Earth’s or­bit.

Legal in­tern Raj Gambhir was the prin­ci­pal au­thor of this post.

The Trump ad­min­is­tra­tion has re­stricted the First Amendment right to record law en­force­ment by is­su­ing an un­prece­dented na­tion­wide flight re­stric­tion pre­vent­ing pri­vate drone op­er­a­tors, in­clud­ing pro­fes­sional and cit­i­zen jour­nal­ists, from fly­ing drones within half a mile of any ICE or CBP ve­hi­cle.

In January, EFF and me­dia or­ga­ni­za­tions in­clud­ing The New York Times and The Washington Post re­sponded to this bla­tant in­fringe­ment of the First Amendment by de­mand­ing that the FAA lift this flight re­stric­tion. Over two months later, we’re still wait­ing for the FAA to re­spond to our let­ter.

The First Amendment guar­an­tees the right to record law en­force­ment. As we have seen with the ex­tra­ju­di­cial killings of George Floyd, Renée Good, and Alex Pretti, cap­tur­ing law en­force­ment on cam­era can drive ac­count­abil­ity and raise aware­ness of po­lice mis­con­duct.

The FAA reg­u­larly is­sues tem­po­rary flight re­stric­tions (TFRs) to pre­vent peo­ple from fly­ing into des­ig­nated air­space. TFRs are usu­ally is­sued dur­ing nat­ural dis­as­ters, or to pro­tect ma­jor sport­ing events and gov­ern­ment of­fi­cials like the pres­i­dent, and in most cases last mere hours.

Not so with the re­stric­tion num­bered FDC 6/4375, which started on January 16, 2026. This TFR lasts for 21 months—un­til October 29, 2027—and cov­ers the en­tire na­tion. It pre­vents any per­son from fly­ing any un­manned air­craft (i.e., a drone) within 3000 feet, mea­sured hor­i­zon­tally, of any of the “facilities and mo­bile as­sets,” in­clud­ing “ground ve­hi­cle con­voys and their as­so­ci­ated es­corts,” of the Departments of Defense, Energy, Justice, and Homeland Security. Violators can be sub­ject to crim­i­nal and civil penal­ties, and risk hav­ing their drones seized or de­stroyed.

In prac­ti­cal terms, this TFR means that any­one fly­ing their drone within a half mile of an ICE or CBP agen­t’s car (a DHS “mobile as­set”) is li­able to face crim­i­nal charges and have their drone shot down. The prac­ti­cal un­fair­ness of this TFR is un­der­scored by the fact that im­mi­gra­tion agents of­ten use un­marked rental cars, use cars with­out li­cense plates, or switch the li­cense plates of their cars to carry out their op­er­a­tions. Nor do they pro­vide prior warn­ing of those op­er­a­tions.

While the FAA as­serts that the TFR is grounded in its law­ful au­thor­ity, the flight re­stric­tion not only vi­o­lates mul­ti­ple con­sti­tu­tional rights, but also the agen­cy’s own reg­u­la­tions.

First Amendment vi­o­la­tion. As we high­lighted in the let­ter, nearly every fed­eral ap­peals court has rec­og­nized the First Amendment right of Americans to record law en­force­ment of­fi­cers per­form­ing their of­fi­cial du­ties. By sub­ject­ing drone op­er­a­tors to crim­i­nal and civil penal­ties, along with the po­ten­tial de­struc­tion or seizure of their drone, the TFR pun­ishes—with­out the re­quired jus­ti­fi­ca­tions—law­ful record­ing of law en­force­ment of­fi­cers, in­clud­ing im­mi­gra­tion agents.

Fifth Amendment vi­o­la­tion. The Fifth Amendment guar­an­tees the right to due process, which in­cludes be­ing given fair no­tice be­fore be­ing de­prived of lib­erty or prop­erty by the gov­ern­ment. Under the flight re­stric­tion, ad­vanced no­tice is­n’t even pos­si­ble. As dis­cussed above, drone op­er­a­tors can’t know whether they are within 3000 hor­i­zon­tal feet of un­marked DHS ve­hi­cles. Yet the TFR al­lows the gov­ern­ment to cap­ture or even shoot down a drone if it flies within the TFR ra­dius, and to im­pose crim­i­nal and civil penal­ties on the op­er­a­tor.

Violations of FAA reg­u­la­tions. In is­su­ing a TFR, the FAA’s own reg­u­la­tions re­quire the agency to “specify[] the haz­ard or con­di­tion re­quir­ing” the re­stric­tion. Furthermore, the FAA must pro­vide ac­cred­ited news rep­re­sen­ta­tives with a point of con­tact to ob­tain per­mis­sion to fly drones within the re­stricted area. The FAA has sat­is­fied nei­ther of these re­quire­ments in is­su­ing its na­tion­wide ban on drones get­ting near gov­ern­ment ve­hi­cles.

We don’t be­lieve it’s a co­in­ci­dence that the TFR was put in place in January 2026, at the height of the Minneapolis anti-ICE protests, shortly af­ter the killing of Renée Good and shortly be­fore the shoot­ing of Alex Pretti. After both of those tragedies, civil­ian record­ings played a vi­tal role in con­tra­dict­ing the gov­ern­men­t’s false ac­count of the events.

By pun­ish­ing civil­ians for record­ing fed­eral law en­force­ment of­fi­cers, the TFR helps to shield ICE and other im­mi­gra­tion agents from scrutiny and ac­count­abil­ity. It also dis­cour­ages the ex­er­cise of a key First Amendment right. EFF has long ad­vo­cated for the right to record the po­lice, and ex­er­cis­ing that right to­day is more im­por­tant than ever.

Finally, while record­ing law en­force­ment is pro­tected by the First Amendment, be aware that of­fi­cers may re­tal­i­ate against you for ex­er­cis­ing this right. Please re­fer to our guid­ance on safely record­ing law en­force­ment ac­tiv­i­ties.

My phone beeped. It was 10pm in the mid­dle of a busy week in book pub­lish­ing — London Book Fair 2025. My col­leagues were alert­ing me to a tweet by Andy Stone, a spokesman at Meta (formerly Facebook). It was short and to the point: “This rul­ing af­firms that Sarah Wynn-Williams’s false and defam­a­tory book should never have been pub­lished.”

The book in ques­tion was Careless People, a grip­ping and ex­plo­sive ac­count of Sarah’s time work­ing at Facebook as di­rec­tor of global pub­lic pol­icy from 2011 to 2017. The “ruling” to which Stone re­ferred was made by a US ar­bi­tra­tor af­ter Meta sought an in­junc­tion, ban­ning Sarah from pro­mot­ing her own book or say­ing any­thing neg­a­tive about Meta, po­ten­tially for ever.

I am Sarah’s ed­i­tor at Pan Macmillan. Like all pub­lish­ers, I typ­i­cally work be­hind the scenes to am­plify the voices of our au­thors. I am only writ­ing this be­cause she can­not.

The day af­ter Stone’s March 12 tweet, Careless People was due to be re­leased in the UK. Drawing on doc­u­men­tary ev­i­dence, it de­tails a stag­ger­ing range of al­le­ga­tions, in­clud­ing sex­ual ha­rass­ment, the de­lib­er­ate ma­nip­u­la­tion of vul­ner­a­ble teenagers and the com­pa­ny’s al­leged com­plic­ity in geno­cide. It also ac­cuses Facebook of hypocrisy re­gard­ing cen­sor­ship, al­leg­ing the com­pany worked “hand in glove” with the Chinese Communist Party. But it was per­haps the per­sonal por­traits of top ex­ec­u­tives that were most damn­ing.

The rul­ing, awarded with­out proper no­tice by an emer­gency ar­bi­tra­tor (a non-court me­di­a­tor that is part of the American Arbitration Association), ac­tu­ally said noth­ing about the truth or oth­er­wise of Sarah’s dev­as­tat­ing claims in her book. It made no men­tion of defama­tion. Instead, it re­lied on a non-dis­par­age­ment clause in her sev­er­ance agree­ment with Facebook to si­lence her. Which it did, from March 13, 2025, her pub­li­ca­tion day. We could still pub­lish the book, but our au­thor could not talk about it. Sarah was left in an un­prece­dented and un­en­vi­able po­si­tion for an au­thor, rem­i­nis­cent of an Orwellian night­mare. Today, she has to po­lice her own speech, fac­ing fines of $50,000 for every state­ment that could be seen to be “negative or oth­er­wise detri­men­tal” to Meta.

Despite her re­sid­ing in the UK, the terms of the or­der are so broad that they ex­tend to the pri­vacy of her own home, even when speak­ing to her own fam­ily. The $50,000 fines could ap­ply in­di­vid­u­ally to the many state­ments in her book too. She faces fi­nan­cial ruin from a multi-tril­lion-dol­lar com­pany seek­ing mil­lions of dol­lars she does­n’t have, as part of the on­go­ing le­gal process which is yet to con­clude — and all for re­veal­ing in­for­ma­tion that is in the pub­lic in­ter­est. She is an award-win­ning, best­selling au­thor. But her voice has been taken away.

In some ways, Meta’s in­ter­ven­tion did us, as her pub­lish­ers, a favour. Careless People was al­ways likely to be a best­seller. But when read­ers re­alised that Meta was try­ing to sup­press it, the book be­came a global phe­nom­e­non. To date we’ve sold al­most 200,000 copies. It has re­ceived rave re­views and cre­ated a me­dia firestorm for its rev­e­la­tions. But also be­cause of the bit­ter irony in Meta’s le­gal ac­tion to si­lence Sarah.

In January 2025, only a few months be­fore it was pub­lished, chief ex­ec­u­tive Mark Zuckerberg had stated that it was “time to get back to our roots around free ex­pres­sion”. They had aban­doned the use of in­de­pen­dent fact-check­ers, claim­ing they were bi­ased and en­cour­aged cen­sor­ship. Yet, in truth, free speech only mat­tered when it was­n’t used to in­ter­ro­gate Meta it­self.

Companies like Meta are wealth­ier than some coun­tries and more pow­er­ful too. They own the tech­nol­ogy be­hind the mod­ern world. We have pub­lished books about highly in­flu­en­tial in­di­vid­u­als be­fore and, in my ex­pe­ri­ence, they tend not to like it and have well re­sourced le­gal teams be­hind them. But Meta’s lead­er­ship had a dif­fer­ent level of power. So Careless People was brought to pub­li­ca­tion in an aura of se­crecy and (it turns out jus­ti­fied) para­noia.

A very small team worked on the book. We com­mu­ni­cated on en­crypted chan­nels and when­ever it was dis­cussed, those not in­volved had to leave the room. There was a ru­mour in our of­fice that it might be Taylor Swift’s mem­oir. Sarah did­n’t even tell her mum she had writ­ten it be­fore the news was made pub­lic.

Usually, we an­nounce our books to re­tail­ers many months in ad­vance. This is so they can build pre-or­ders and sort the lo­gis­tics of get­ting them to book­shops in good time. After all, they deal with thou­sands of new ti­tles re­leased every week. With Careless People, the months rolled by and yet we kept de­lay­ing our an­nounce­ment, con­scious of po­ten­tial at­tempts to quash it. Our in­cred­i­ble sales team man­aged to con­vince re­tail­ers — in­clud­ing a num­ber of su­per­mar­kets — to stock the book with­out even telling them what it was, but re­tail­ers’ pa­tience had lim­its. When we fi­nally did an­nounce the book, it was just a week be­fore pub­li­ca­tion (again un­prece­dented) and we had no idea what to ex­pect.

Sarah went on a pub­lic­ity blitz. She did her first and only print in­ter­view with Rosamund Urwin for this pa­per. In a whirl­wind 24 hours, she jet­ted off to New York for an in­ter­view with NBC, fly­ing back overnight for an in­ter­view the fol­low­ing day with the BBC in our of­fices. She had­n’t slept and ar­rived straight from the air­port at dawn. One of the world’s most sig­nif­i­cant whistle­blow­ers show­ered in our base­ment and used a tote bag from our chil­dren’s de­part­ment as a towel. Who says that pub­lish­ing is­n’t glam­orous?

But the pub­lic­ity tour stopped only a week af­ter it had be­gun, on the day of our pub­li­ca­tion and the rul­ing. The au­dio­book, recorded in se­cret be­fore the gag or­der took ef­fect, soon be­came the only way to hear Sarah speak. And the book? Well, Meta’s spokesman, Stone, called it “a mix of out-of-date and pre­vi­ously re­ported claims about the com­pany and false ac­cu­sa­tions about our ex­ec­u­tives”. Yet not every­one agreed.

In April 2025, Sarah was called to give ev­i­dence to a US Senate sub­com­mit­tee, al­leg­ing that she saw Meta ex­ec­u­tives “repeatedly un­der­mine US na­tional se­cu­rity and be­tray American val­ues” by pro­vid­ing the Chinese Communist Party with ac­cess to the data of Meta users. The chair­man, Republican Senator Josh Hawley, con­cluded the hear­ing by say­ing: “I have a mes­sage to Mark Zuckerberg, as well. It’s time for you to tell the truth. You should come to this com­mit­tee and take an oath and sit where Ms Wynn-Williams is sit­ting now and an­swer this ev­i­dence. Stop try­ing to si­lence her.” He is yet to ap­pear al­most a year later.

In the UK, Careless People was also sent to all MPs by the Molly Rose Foundation, a char­ity set up to pre­vent sui­cide in peo­ple un­der 25. Its chief ex­ec­u­tive Andy Burrows said: “Her claims that Meta cyn­i­cally ex­ploited the well­be­ing of teenage girls to grow its ad­ver­tis­ing rev­enue will deeply dis­turb par­ents and put the con­duct of Meta’s lead­er­ship un­der the spot­light.”

Last Wednesday, Mark Zuckerberg was forced to give ev­i­dence in a land­mark so­cial me­dia ad­dic­tion trial in Los Angeles, which has the po­ten­tial to set new prece­dents, hold­ing so­cial me­dia com­pa­nies legally re­spon­si­ble for their im­pact on chil­dren and ado­les­cents.

While Zuckerberg de­fends his record in court, Sarah sits in London, legally gagged. She can­not com­ment on the trial. She can­not dis­cuss the very book that helped spark this global con­ver­sa­tion. With the pa­per­back to come out this Thursday, Sarah’s fate re­mains un­cer­tain and the le­gal process rum­bles on slowly in the US. Yet she re­tains her fight­ing spirit, as well as the dry hu­mour that is richly on dis­play in Careless People. I feel hugely ho­n­oured to have worked with her and have gained a new ap­pre­ci­a­tion of the per­sonal sac­ri­fices that whistle­blow­ers make for the greater good.

Careless People ex­posed what Sarah termed a cul­ture of “lethal care­less­ness”. Meta’s re­sponse —ruthless and chill­ing — proved her point bet­ter than any mar­ket­ing cam­paign ever could. But while they have stopped her from speak­ing, they could not stop you from read­ing. And that is why books that hold power to ac­count are more im­por­tant than ever.

Mike Harpley is pub­lisher, non-fic­tion at Pan, part of Pan Macmillan, and the ed­i­tor of Careless People: A Story of Where I Used to Work by Sarah Wynn-Williams, pub­lished in pa­per­back by Pan on February 26, £10.99.

Careless People by Sarah Wynn-Williams (Pan Macmillan £10.99). To or­der a copy go to times­book­shop.co.uk. Free UK stan­dard P&P on or­ders over £25. Special dis­count avail­able for Times+ mem­bers.

Federal data shows the tech gi­ant filed for over 3,000 for­eign worker visas as it cuts thou­sands of American jobs.

Federal data shows the tech gi­ant filed for over 3,000 for­eign worker visas as it cuts thou­sands of American jobs.

Submit your up­dates here. ›

Oracle, the soft­ware com­pany head­quar­tered in Austin, Texas, has filed thou­sands of pe­ti­tions for H-1B visas in the past two fis­cal years, even as it lays off thou­sands of American work­ers as part of a broader or­ga­ni­za­tional shift. Federal data shows Oracle filed for 2,690 H-1B visas in fis­cal year 2025 and 436 so far in fis­cal year 2026, to­tal­ing over 3,100 visa re­quests.

The H-1B visa pro­gram al­lows com­pa­nies to tem­porar­ily em­ploy for­eign work­ers with spe­cial­ized skills, of­ten in the tech in­dus­try. Critics ar­gue the pro­gram is used to re­place American work­ers with cheaper for­eign la­bor, while sup­port­ers say it helps fill cru­cial tal­ent gaps. Oracle’s visa fil­ings amid mass lay­offs raise ques­tions about the com­pa­ny’s mo­ti­va­tions and the broader de­bate over the H-1B pro­gram’s im­pact on the American work­force.

According to U. S. Citizenship and Immigration Services data, Oracle America Inc. filed for 2,690 H-1B visas for fis­cal year 2025 and 436 so far for fis­cal year 2026. This comes as Oracle re­port­edly be­gan lay­ing off thou­sands of em­ploy­ees this week, with work­ers re­ceiv­ing let­ters stat­ing ‘today is your last work­ing day.’ The com­pany has not pro­vided pub­lic com­ment on the lay­offs or the H-1B visa fil­ings.

* Oracle filed for 2,690 H-1B visas for fis­cal year 2025, which cov­ers October 1, 2024 to September 30, 2025.

* Oracle filed for 436 H-1B visas so far for fis­cal year 2026, which runs from October 1, 2025 to September 30, 2026.

The full im­pact of Oracle’s lay­offs and H-1B visa fil­ings re­mains to be seen, as the com­pany has not pro­vided de­tailed pub­lic com­ment on its work­force changes and for­eign worker hir­ing plans.

The take­away

Oracle’s ac­tions raise con­cerns about the com­pany po­ten­tially re­plac­ing American work­ers with cheaper for­eign la­bor through the H-1B visa pro­gram, even as it un­der­goes a ma­jor or­ga­ni­za­tional shift. This case high­lights the on­go­ing de­bate over the H-1B pro­gram’s im­pact on the U.S. work­force and the need for greater trans­parency from com­pa­nies uti­liz­ing the pro­gram.

You have JavaScript dis­abled. This site re­quires JavaScript to be en­abled for com­plete site func­tion­al­ity.

An of­fi­cial web­site of the United States gov­ern­ment

Here’s how you know

Official web­sites use .gov A .gov web­site be­longs to an of­fi­cial gov­ern­ment or­ga­ni­za­tion in the United States.

Secure .gov web­sites use HTTPS A lock () or https:// means you’ve safely con­nected to the .gov web­site. Share sen­si­tive in­for­ma­tion only on of­fi­cial, se­cure web­sites.

You have JavaScript dis­abled. This site re­quires JavaScript to be en­abled for com­plete site func­tion­al­ity.

An of­fi­cial web­site of the United States gov­ern­ment

Here’s how you know

Official web­sites use .gov A .gov web­site be­longs to an of­fi­cial gov­ern­ment or­ga­ni­za­tion in the United States.

Secure .gov web­sites use HTTPS A lock () or https:// means you’ve safely con­nected to the .gov web­site. Share sen­si­tive in­for­ma­tion only on of­fi­cial, se­cure web­sites.

OpenClaw be­fore 2026.3.28 con­tains a priv­i­lege es­ca­la­tion vul­ner­a­bil­ity in the /pair ap­prove com­mand path that fails to for­ward caller scopes into the core ap­proval check. A caller with pair­ing priv­i­leges but with­out ad­min priv­i­leges can ap­prove pend­ing de­vice re­quests ask­ing for broader scopes in­clud­ing ad­min ac­cess by ex­ploit­ing the miss­ing scope val­i­da­tion in ex­ten­sions/​de­vice-pair/​in­dex.ts and src/​in­fra/​de­vice-pair­ing.ts.

NVD en­rich­ment ef­forts ref­er­ence pub­licly avail­able in­for­ma­tion to as­so­ci­ate

vec­tor strings. CVSS in­for­ma­tion con­tributed by other sources is also

dis­played.

CVSS 4.0 Severity and Vector Strings:

Denotes Vulnerable Software

Are we miss­ing a CPE here? Please let us know.

OpenClaw be­fore 2026.3.28 con­tains a priv­i­lege es­ca­la­tion vul­ner­a­bil­ity in the /pair ap­prove com­mand path that fails to for­ward caller scopes into the core ap­proval check. A caller with pair­ing priv­i­leges but with­out ad­min priv­i­leges can ap­prove pend­ing de­vice re­quests ask­ing for broader scopes in­clud­ing ad­min ac­cess by ex­ploit­ing the miss­ing scope val­i­da­tion in ex­ten­sions/​de­vice-pair/​in­dex.ts and src/​in­fra/​de­vice-pair­ing.ts.

Nicholas Carlini, a re­search sci­en­tist at Anthropic, re­ported at the [un]prompted AI se­cu­rity con­fer­ence that he used Claude Code to find mul­ti­ple re­motely ex­ploitable se­cu­rity vul­ner­a­bil­i­ties in the Linux ker­nel, in­clud­ing one that sat undis­cov­ered for 23 years.

Nicholas was as­ton­ished at how ef­fec­tive Claude Code has been at find­ing these bugs:

We now have a num­ber of re­motely ex­ploitable heap buffer over­flows in the Linux ker­nel. I have never found one of these in my life be­fore. This is very, very, very hard to do.With these lan­guage mod­els, I have a bunch.

What’s most sur­pris­ing about the vul­ner­a­bil­ity Nicholas shared is how lit­tle over­sight Claude Code needed to find the bug. He es­sen­tially just pointed Claude Code at the Linux ker­nel source code and asked, “Where are the se­cu­rity vul­ner­a­bil­i­ties?”

Nicholas uses a sim­ple script sim­i­lar to the fol­low­ing:

The script tells Claude Code that the user is par­tic­i­pat­ing in a cap­ture the flag cy­ber­se­cu­rity com­pe­ti­tion, and they need help solv­ing a puz­zle.

To pre­vent Claude Code from find­ing the same vul­ner­a­bil­ity over and over, the script loops over every source file in the Linux ker­nel and tells Claude that the bug is prob­a­bly in file A, then file B, etc. un­til Claude has fo­cused on every file in the ker­nel.

In his talk, Nicholas fo­cused on a bug that Claude found in Linux’s net­work file share (NFS) dri­ver which al­lows an at­tacker to read sen­si­tive ker­nel mem­ory over the net­work.

Nicholas chose this bug to show that Claude Code is­n’t just find­ing ob­vi­ous bugs or look­ing for com­mon pat­terns. This bug re­quired the AI model to un­der­stand in­tri­cate de­tails of how the NFS pro­to­col works.

The at­tack re­quires an at­tacker to use two co­op­er­at­ing NFS clients to at­tack a Linux NFS server:

(1) - Client A does a three-way hand­shake with the NFS server to be­gin NFS op­er­a­tions.

(2) - Client A re­quests a lock file. The server ac­cepts, and the client ac­knowl­edges the ac­cep­tance.

(3) - Client A ac­quires the lock and de­clares a 1024-byte owner ID, which is an un­usu­ally long but le­gal value for the owner ID. The server grants the lock ac­qui­si­tion.

The at­tacker then spins up a sec­ond NFS client, Client B, to talk to the server:

(4) Client B does a three-way hand­shake with the NFS server to be­gin NFS op­er­a­tions, same as (1) above.

(5) Client B re­quests ac­cess to the same lock file as Client A from (2). The NFS server ac­cepts, and the client ac­knowl­edges the ac­cep­tance.

(6) Client B tries to ac­quire the lock, but the NFS server de­nies the re­quest be­cause client A al­ready holds the lock.

The prob­lem is that at step (6), when the NFS server tries to gen­er­ate a re­sponse to client B deny­ing the lock re­quest, it uses a mem­ory buffer that’s only 112 bytes. The de­nial mes­sage in­cludes the owner ID, which can be up to 1024 bytes, bring­ing the to­tal size of the mes­sage to 1056 bytes. The ker­nel writes 1056 bytes into a 112-byte buffer, mean­ing that the at­tacker can over­write ker­nel mem­ory with bytes they con­trol in the owner ID field from step (3).

Fun fact: Claude Code cre­ated the ASCII pro­to­col di­a­grams above as part of its ini­tial bug re­port.

This bug was in­tro­duced in the Linux ker­nel in March 2003:

The bug is so old, I can’t even link di­rectly to it be­cause it pre­dates git, which was­n’t re­leased un­til 2005.

Nicholas has found hun­dreds more po­ten­tial bugs in the Linux ker­nel, but the bot­tle­neck to fix­ing them is the man­ual step of hu­mans sort­ing through all of Claude’s find­ings:

I have so many bugs in the Linux ker­nel that I can’t re­port be­cause I haven’t val­i­dated them yet… I’m not go­ing to send [the Linux ker­nel main­tain­ers] po­ten­tial slop, but this means I now have sev­eral hun­dred crashes that they haven’t seen be­cause I haven’t had time to check them.

I searched the Linux ker­nel and found a to­tal of five Linux vul­ner­a­bil­i­ties so far that Nicholas ei­ther fixed di­rectly or re­ported to the Linux ker­nel main­tain­ers, some as re­cently as last week:

What’s strik­ing about Nicholas’ talk was how rapidly large lan­guage mod­els have im­proved at find­ing vul­ner­a­bil­i­ties. Nicholas found these bugs us­ing Claude Opus 4.6, which Anthropic re­leased less than two months ago. He tried to re­pro­duce his re­sults on older AI mod­els, and dis­cov­ered that Opus 4.1 (released eight months ago) and Sonnet 4.5 (released six months ago) could find only a small frac­tion of what Nicholas found us­ing Opus 4.6:

I ex­pect to see an enor­mous wave of se­cu­rity bugs un­cov­ered in the com­ing months, as re­searchers and at­tack­ers alike re­al­ize how pow­er­ful these AI mod­els are at dis­cov­er­ing se­cu­rity vul­ner­a­bil­i­ties.

A new mil­i­tary ser­vice law took ef­fect in Germany at the start of 2026 aimed at boost­ing the strength of the armed forces amid threats to European se­cu­rity in the wake of Russia’s on­go­ing war against Ukraine.

The leg­is­la­tion was con­tentious and many peo­ple even took to the streets to protest the po­ten­tial rein­tro­duc­tion of manda­tory mil­i­tary ser­vice — af­ter con­scrip­tion was sus­pended in 2011 — for men.

But an­other pro­vi­sion in the law has so far gone largely un­no­ticed.

It re­lates to a re­quire­ment for men be­tween the ages of 18 and 46 to “obtain an ap­proval from the rel­e­vant Bundeswehr Career Center if they wish to leave the Federal Republic of Germany for more than three months.”

The Frankfurter Rundschau, which re­ported on the pro­vi­sion on Friday, said the rule would ap­ply re­gard­less of whether a German man “planned a se­mes­ter of study­ing abroad, work­ing in a for­eign coun­try or go­ing on a back­pack­ing trip around the world.”

A Bundeswehr spokesperson con­firmed the re­port, telling the DPA news agency that in the event of a war break­ing out, the mil­i­tary needed to know how many men were liv­ing long-term out­side the coun­try.

While the law re­quires men to re­quest the per­mit, the spokesper­son clar­i­fied, it also obliges the mil­i­tary ca­reer cen­ter to is­sue it, if “no spe­cific mil­i­tary ser­vice is ex­pected dur­ing the pe­riod in ques­tion.”

“Since mil­i­tary ser­vice un­der cur­rent law is based ex­clu­sively on vol­un­tary par­tic­i­pa­tion, such per­mis­sions must gen­er­ally be granted,” the of­fi­cial added.

Acknowledging the “profound” im­pact of the amended con­scrip­tion law, the Defense Ministry said it is work­ing on new rules for ex­cep­tions to the exit per­mit re­quire­ment.

It’s un­clear what con­se­quences men who leave the coun­try for longer than three months with­out the proper per­mit will face.

When asked, the min­istry spokesper­son pointed out that “the reg­u­la­tion was al­ready in place dur­ing the Cold War and had no prac­ti­cal rel­e­vance; in par­tic­u­lar, there are no penal­ties for vi­o­lat­ing it.”

The new law that took ef­fect on January 1, the so-called Military Service Modernization Act, aims to raise the num­ber of ac­tive-duty sol­diers from roughly 180,000 men and women at pre­sent to 260,000 by 2035.

The leg­is­la­tion laid down the path to reach that goal.

After heated de­bates, they fi­nally agreed on a com­pro­mise, de­cid­ing that mil­i­tary ser­vice would re­main vol­un­tary for the time be­ing.

At the same time, start­ing from this year, all men turn­ing 18 will have to fill out a form an­swer­ing ques­tions about their ed­u­ca­tion, health sta­tus and will­ing­ness to serve in the armed forces.

For women, an­swer­ing the ques­tions is vol­un­tary, as they can­not be re­quired to per­form mil­i­tary ser­vice un­der the Constitution.

From mid-2027, all men turn­ing 18 will also be re­quired to ap­pear for a fit­ness test to de­ter­mine who could be drafted in the event of con­flict — a highly con­tro­ver­sial mea­sure that has been slammed by crit­ics as a first step to­wards full con­scrip­tion.

››››Gold over­takes U. S. Treasuries as the world’s largest for­eign re­serve as­set in 2026 — can gold chal­lenge the U.S. dol­lar’s dom­i­nance and hold its ground?

The Economic Times daily news­pa­per is avail­able on­line now.

Gold over­takes U. S. Treasuries as the world’s largest for­eign re­serve as­set in 2026 — can gold chal­lenge the U.S. dol­lar’s dom­i­nance and hold its ground?Gold over­takes U.S. Treasuries as the world’s largest for­eign re­serve as­set in 2026: Gold has crossed a his­toric mile­stone. In 2026, it over­took U.S. Treasuries to be­come the world’s largest for­eign re­serve as­set by value. Central banks now hold close to $4 tril­lion worth of gold, dri­ven by record buy­ing and a sharp price rally above $4,500 an ounce in 2025. According to data tracked by the World Gold Council, of­fi­cial gold re­serves reached roughly 36,000 met­ric tons by early 2026. At cur­rent prices, that stock­pile is now worth more than for­eign-held U.S. Treasuries.Listen to this ar­ti­cle in sum­ma­rized for­mat­Gold over­takes U.S. Treasuries as the world’s largest for­eign re­serve as­set in 2026 — will gold de­throne the U.S. dol­lar as the global re­serve an­chor long term?Gold over­takes U.S. Treasuries as the world’s largest for­eign re­serve as­set in 2026: Gold has climbed past U.S. gov­ern­ment bonds to be­come the largest for­eign re­serve as­set held by cen­tral banks world­wide, mark­ing a ma­jor shift in global fi­nan­cial mar­kets. The to­tal value of gold held by for­eign of­fi­cial in­sti­tu­tions is now ap­proach­ing $4 tril­lion, ex­ceed­ing roughly $3.9 tril­lion in U.S. Treasury hold­ings for the first time since 1996.

The mile­stone comes amid a record rally in gold prices, broad­en­ing geopo­lit­i­cal risk, and ag­gres­sive bul­lion ac­cu­mu­la­tion by cen­tral banks. Gold ended 2025 up more than 70%, briefly top­ping $4,500 an ounce in late December be­fore main­tain­ing high lev­els in early January 2026.

The jour­ney to $4,500 gold was paved by global in­sta­bil­ity. Throughout 2025, es­ca­lat­ing Middle East ten­sions cre­ated a “fear pre­mium” that in­vestors could not ig­nore. Conflict in key en­ergy cor­ri­dors re­minded the world of the fragility of the global sup­ply chain. Simultaneously, do­mes­tic pol­icy un­cer­tainty in the United States—ranging from debt ceil­ing de­bates to shifts in trade tar­iffs—shook con­fi­dence in the green­back.

Central bank gov­er­nors in emerg­ing mar­kets, par­tic­u­larly in Asia and Eastern Europe, were the pri­mary dri­vers of this de­mand. These in­sti­tu­tions added over 1,100 tonnes of gold to their vaults in 2025 alone. They viewed the metal as a crit­i­cal shield against in­fla­tion and po­ten­tial as­set freezes. As the U.S. na­tional debt crossed the $38 tril­lion thresh­old, the “safe-haven” ap­peal of Treasuries weak­ened, leav­ing gold as the last stand­ing pil­lar of fi­nan­cial sta­bil­ity.

Central banks have been ac­cu­mu­lat­ing gold at per­sis­tent high lev­els over the past sev­eral years. Holdings now to­tal roughly 36,000–37,000 tonnes, plac­ing gold’s share of global of­fi­cial re­serves at around 25–27%, a his­toric high com­pared with Treasuries and ma­jor fiat cur­ren­cies.

This mas­sive ac­cu­mu­la­tion is dri­ven by sev­eral fac­tors:

Diversification away from dol­lar‑de­nom­i­nated as­sets amid fears of pol­icy un­pre­dictabil­ity and fis­cal strain in the United States.Safe‑haven de­mand in an era of grow­ing geopo­lit­i­cal ten­sion and mar­ket volatil­ity.Cen­tral banks from emerg­ing mar­kets and ad­vanced economies alike have joined the buy­ing trend. Nations such as China, India, Turkey, and Qatar reg­u­larly ap­pear among the top pur­chasers. In some cases, these pur­chases re­flect ef­forts to re­duce de­pen­dence on for­eign cur­rency re­serves that may be vul­ner­a­ble to sanc­tions or rapid ex­change‑rate swings.

Historically, cen­tral bank gold pur­chases av­er­aged around 473 tonnes an­nu­ally over much of the 2010s. Recent an­nual pur­chases have more than dou­bled that pace, sig­nal­ing a struc­tural shift in global re­serve man­age­ment.

Gold’s rise as a re­serve as­set has been re­in­forced by in­ten­si­fy­ing geopo­lit­i­cal flash­points world­wide, which have dri­ven safe‑haven de­mand from both of­fi­cial buy­ers and pri­vate in­vestors.

In 2025, re­newed con­flict be­tween Israel and Iran, in­clud­ing airstrikes and mil­i­tary es­ca­la­tions, pushed in­vestors to­ward gold. Safe‑haven bids emerged as mar­kets feared broader re­gional in­sta­bil­ity.

In early 2026, U.S. spe­cial forces cap­tured Venezuelan President Nicolás Maduro, height­en­ing geopo­lit­i­cal ten­sion and prompt­ing re­newed in­ter­est in gold and other havens. Precious met­als, in­clud­ing gold and sil­ver, saw sharp price ad­vances in the days fol­low­ing the op­er­a­tion.

Meanwhile, Iran is ex­pe­ri­enc­ing deep un­rest and eco­nomic tur­moil, with wide­spread protests and ris­ing in­fla­tion. These fac­tors are com­pound­ing risks in the Middle East and re­in­forc­ing gold’s role as a hedge against un­cer­tainty.

Analysts note that these con­di­tions — rather than any sin­gle event — are cu­mu­la­tively re­shap­ing re­serve strate­gies. When cen­tral banks per­ceive height­ened risk of con­flict, sanc­tions, or in­sta­bil­ity, they tend to boost hold­ings of as­sets with no coun­ter­party risk. Gold, un­like bonds or fiat cur­ren­cies, can­not de­fault or be frozen un­der sanc­tion regimes.

Despite this dra­matic shift, the U.S. dol­lar re­mains the world’s dom­i­nant re­serve cur­rency, ac­count­ing for an es­ti­mated 45–58% of to­tal for­eign ex­change re­serves de­pend­ing on val­u­a­tion meth­ods.

Gold’s over­tak­ing of Treasuries as a re­serve as­set does not yet mean it has sur­passed the dol­lar over­all, but it does high­light struc­tural shifts in how na­tions man­age risk and di­ver­si­fi­ca­tion.

Economists note that while Treasury se­cu­ri­ties re­main prized for liq­uid­ity and deep sec­ondary mar­kets, po­lit­i­cal po­lar­iza­tion, fis­cal deficits, and mon­e­tary pol­icy un­cer­tain­ties may be prompt­ing re­serve man­agers to re­duce ex­po­sure to debt in­stru­ments.

This trend is re­in­forced by fore­casts that safe-haven as­sets like gold are poised for con­tin­ued struc­tural de­mand in 2026 and be­yond. Recent es­ti­mates sug­gest gold prices could ap­proach or ex­ceed $4,800 per ounce on sus­tained cen­tral bank buy­ing and weaker dol­lar trends.

The shift in re­serve com­po­si­tion car­ries broad im­pli­ca­tions for fi­nan­cial mar­kets, in­vestors, and pol­i­cy­mak­ers:

Reserve di­ver­si­fi­ca­tion: Countries may opt for a bal­anced re­serve base in­clud­ing gold, Treasuries, and other as­sets to en­sure both liq­uid­ity and safety.Cur­rency mar­kets: Reduced re­liance on U.S. debt could grad­u­ally dampen de­mand for dol­lar-de­nom­i­nated se­cu­ri­ties, widen­ing global cur­rency di­ver­si­fi­ca­tion.In­fla­tion and in­ter­est rates: Persistent gold de­mand may in­di­cate cau­tious sen­ti­ment on in­fla­tion and real yields, in­flu­enc­ing cen­tral bank pol­icy.In­vestor psy­chol­ogy:Gold’s ris­ing sta­tus re­in­forces con­fi­dence in tra­di­tional store-of-value as­sets dur­ing times of un­cer­tainty.As we move deeper into 2026, the ques­tion is whether gold can hold its ground. Most mar­ket an­a­lysts be­lieve the rally has fur­ther to run. Forecasts from ma­jor in­vest­ment banks sug­gest gold could av­er­age $5,000 per ounce by the end of the year. The ra­tio­nale is sim­ple: the fac­tors that drove the 2025 surge—geopo­lit­i­cal fric­tion and high debt—have not been re­solved.

Sustained buy­ing is ex­pected to con­tinue as cen­tral banks aim for a 20% to 25% gold-to-re­serve ra­tio. Many de­vel­op­ing na­tions still hold less than 10% of their wealth in gold. If these coun­tries con­tinue their di­ver­si­fi­ca­tion strat­egy, the in­flux of cap­i­tal could keep prices el­e­vated for years. For the first time in the mod­ern era, gold is not just a backup; it is the pri­mary en­gine of global wealth preser­va­tion.

Q: Why has gold over­taken U.S. Treasuries as the largest for­eign re­serve as­set?

A: Foreign cen­tral banks now hold nearly $4 tril­lion in gold, ex­ceed­ing $3.9 tril­lion in Treasuries. Rising gold prices, geopo­lit­i­cal ten­sions, and di­ver­si­fi­ca­tion away from dol­lar as­sets are dri­ving this his­toric shift. Central banks aim to re­duce risk and pro­tect re­serves from fis­cal and geopo­lit­i­cal un­cer­tain­ties.

Q: Which coun­tries are lead­ing in gold re­serve ac­cu­mu­la­tion?

A: Major buy­ers in­clude China, India, Turkey, and Qatar, among oth­ers. Central banks have in­creased an­nual pur­chases to more than 900–1,000 tonnes, more than dou­ble the 2010s av­er­age. This re­flects a global trend of re­bal­anc­ing re­serves to­ward gold for sta­bil­ity and safe-haven pro­tec­tion.

(You can now sub­scribe to our Economic Times WhatsApp chan­nel)

Will gold re­tain its dom­i­nance as a global re­serve as­set af­ter de­thron­ing U.S. Treasuries tied to the dol­larGold sur­passes: US Treasuries global re­serves­Gold over­takes Treasuriesreserve as­set shift­cen­tral banks gold hold­ings 2026 Download The Economic Times News App to get Daily International News Updates.Will gold re­tain its dom­i­nance as a global re­serve as­set af­ter de­thron­ing U.S. Treasuries tied to the dol­larGold sur­passes: US Treasuries global re­serves­Gold over­takes Treasuriesreserve as­set shift­cen­tral banks gold hold­ings 2026 Download The Economic Times News App to get Daily International News Updates.Trump an­nounces Reliance in­vest­ment in new US oil re­fin­ery‘Priyanka as LoP would per­form bet­ter’: Rijiju swipes at RahulTuesday will be ‘most in­tense day’ of strikes on Iran: HegsethHow to build a truly di­ver­si­fied port­fo­lio: TGT Episode 17Trump an­nounces Reliance in­vest­ment in new US oil re­fin­ery‘Priyanka as LoP would per­form bet­ter’: Rijiju swipes at RahulTuesday will be ‘most in­tense day’ of strikes on Iran: HegsethHow to build a truly di­ver­si­fied port­fo­lio: TGT Episode 17Thought of the day by Jeffrey Gitomer: ’Change is not a four-let­ter word… but of­ten your re­ac­tion to it is!’Quote of the day by Abba Eban: ’History teaches us that men, na­tions, and the world be­have wisely when they ex­haust all other op­tions.’Will US get a new oil re­fin­ery for the first time in 50 years, and where will this fa­cil­ity come up? $300 bil­lion re­fin­ery plan ex­plained. Here’s why the an­nounce­ment is hap­pen­ing now­Nancy Guthrie dis­ap­pear­ance case is go­ing cold or a break­through is com­ing? Neighbor sight­ing, FBI in­ves­ti­ga­tion and clues raise ques­tions in miss­ing Tucson mother case­Has Iran planted mines in Strait of Hormuz, and who will win con­trol of the cru­cial sea pas­sage? Here’s why is strait im­por­tant for oil and LNGHappy New Year 2026 WishesYouTube and Google down­Quote of the Day by Warren BuffettFIFA peace prize­Sil­ver Price2026 Social SecurityWhy is gold down to­day?So­cial Security COLA in­crease for 2026Quote of the Day by Johnny Depp: “If you love two peo­ple at the same time, choose the sec­ond. Because if you re­ally loved the first one, you would­n’t have fallen for the sec­ond.”So­cial Security Administration cuts key ser­vice for mil­lions as na­tion­wide changes be­gin to­dayAmer­ica could be the un­ex­pected eco­nomic win­ner of the Iran war­Job­less for 16 months, 38-year-old says ca­reer strug­gle cost him his health and mar­riage - story sparks de­bate on work­place ageis­mQuote of the Day by Elvis Presley : ‘Just be­cause you look good, does­n’t mean you…’