BrianFagioli writes: Mozilla's email subsidiary MZLA Technologies just introduced Thunderbolt, an open-source AI client aimed at organizations that want to run AI on their own infrastructure instead of relying entirely on cloud services. The idea is to give companies full control over their data, models, and workflows while still offering things like chat, research tools, automation, and integration with enterprise systems through the Haystack AI framework. Native apps are planned for Windows, macOS, Linux, iOS, and Android. Thunderbolt allows organizations to do the following:
- Run AI with their choice of models, from leading commercial providers to open-source and local models
- Connect to systems and data: Integrate with pipelines and open protocols, including: deepset's Haystack platform, Model Context Protocol (MCP) servers, and agents with the Agent Client Protocol (ACP)
- Automate workflows and recurring tasks: Generate daily briefings, monitor topics, compile reports, or trigger actions based on events and schedules
- Work seamlessly across devices with native applications for Windows, macOS, Linux, iOS, and Android
- Maintain security with self-hosted deployment, optional end-to-end encryption, and device-level access controls

Longtime Slashdot reader AmiMoJo writes: Windows has limited FAT32 partitions to a maximum of 32GB for decades now. When memory cards and USB drives exceeded 32GB in size, the only options were exFAT or NTFS. Neither option was well supported on other platforms at first, although exFAT support is fairly widespread now. In their latest blog post, Microsoft announced that the limit for FAT32 partitions is being increased to 2TB. Of course, that doesn't mean that every device that supports FAT32 will work flawlessly with a 2TB partition size, but at least there is a decent chance that older devices with don't support exFAT will now be usable with memory cards over 32GB.

An anonymous reader quotes a report from Ars Technica: Two years ago, Microsoft launched its first wave of "Copilot+" Windows PCs with a handful of exclusive features that could take advantage of the neural processing unit (NPU) hardware being built into newer laptop processors. These NPUs could enable AI and machine learning features that could run locally rather than in someone's cloud, theoretically enhancing security and privacy. One of the first Copilot+ features was Recall, a feature that promised to track all your PC usage via screenshot to help you remember your past activity. But as originally implemented, Recall was neither private nor secure; the feature stored its screenshots plus a giant database of all user activity in totally unencrypted files on the user's disk, making it trivial for anyone with remote or local access to grab days, weeks, or even months of sensitive data, depending on the age of the user's Recall database.

After journalists and security researchers discovered and detailed these flaws, Microsoft delayed the Recall rollout by almost a year and substantially overhauled its security. All locally stored data would now be encrypted and viewable only with Windows Hello authentication; the feature now did a better job detecting and excluding sensitive information, including financial information, from its database; and Recall would be turned off by default, rather than enabled on every PC that supported it. The reconstituted Recall was a big improvement, but having a feature that records the vast majority of your PC usage is still a security and privacy risk. Security researcher Alexander Hagenah was the author of the original "TotalRecall" tool that made it trivially simple to grab the Recall information on any Windows PC, and an updated "TotalRecall Reloaded" version exposes what Hagenah believes are additional vulnerabilities.

The problem, as detailed by Hagenah on the TotalRecall GitHub page, isn't with the security around the Recall database, which he calls "rock solid." The problem is that, once the user has authenticated, the system passes Recall data to another system process called AIXHost.exe, and that process doesn't benefit from the same security protections as the rest of Recall. "The vault is solid," Hagenah writes. "The delivery truck is not." The TotalRecall Reloaded tool uses an executable file to inject a DLL file into AIXHost.exe, something that can be done without administrator privileges. It then waits in the background for the user to open Recall and authenticate using Windows Hello. Once this is done, the tool can intercept screenshots, OCR'd text, and other metadata that Recall sends to the AIXHost.exe process, which can continue even after the user closes their Recall session.

"The VBS enclave won't decrypt anything without Windows Hello," Hagenah writes. "The tool doesn't bypass that. It makes the user do it, silently rides along when the user does it, or waits for the user to do it." A handful of tasks, including grabbing the most recent Recall screenshot, capturing select metadata about the Recall database, and deleting the user's entire Recall database, can be done with no Windows Hello authentication. Once authenticated, Hagenah says the TotalRecall Reloaded tool can access both new information recorded to the Recall database as well as data Recall has previously recorded. "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data," a Microsoft spokesperson told Ars. "The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries."

Some Japanese bullet trains will soon support premium private suites this October, featuring windows with embedded 5G antennas for steadier onboard Wi-Fi and NTT noise-cancelling cabin tech to reduce train noise. The 5G window antennas are designed to maintain line-of-sight connections as trains race past base stations at up to 285 km/h. The Register reports: Rail operator JR Central announced the new tech late last month and will initially deploy a couple of the suites on six trains. The carrier explained that the antennas come from a Japanese company called AGC that weaves microscopic wires through glass to form an antenna. JR Central will connect the windows to an on-train Wi-Fi router.

AGC says rival tech relies on 5G signals reaching a train and then bouncing around inside before reaching the Wi-Fi unit. The company says antennas woven into train windows maintain line of sight to nearby 5G base stations. That matters because JR Central's Shinkansen can achieve speeds of up to 285 km/h, which means they speed past cellular network base stations so quickly that it's frequently necessary to reconnect to another radio. AGC says keeping a line of sight connection means its antennas allow increased 5G signal strength, so Wi-Fi service on board trains should be more stable and speedy.

The sound-deadening kit JR Central will deploy is called Personalized Sound Zone (PSZ) and comes from Japan's tech giant NTT. The tech uses the same principles applied to noise-cancelling headphones -- determine the waveform of sound and project an inversion of that waveform that cancels out ambient noise.

Sony Pictures chief Tom Rothman urged theater owners to cut down the roughly 30 minutes of trailers and ads before movies. "Get off the ad crack," Rothman told the audience at CinemaCon this week. "Get rid of the endless advertising and substantially shorten the long pre-shows." Variety reports: He noted that frequent moviegoers now show up a half hour late to avoid all the spots (something that reserved seating has made easier than ever before). Rothman said that means many people "don't even see the trailers," which results in "enticements gone to waste." Rothman predicted that the 2026 box office, which has already benefitted from hits like "Super Mario Galaxy Movie" and "Project Hail Mary," will rebound in a big way. But he acknowledged that attendance still trails pre-pandemic levels.

Rothman has been a vociferous defender of the big screen, pushing studios to embrace longer windows so that movies will stay in cinemas longer. That was a theme that Rothman returned to at CinemaCon, pressing exhibitors to hold strong and agree not to show movies that quickly appear on streaming services or on-demand platforms. "Enforce longer windows," Rothman said. "Yes, even if that means you cannot play every film."

In addition to stumping for exhibition, Rothman has practically begged Hollywood to invest in new stories along with all the franchise fare. In a recent New York Times op-ed, for instance, Rothman, the longest-serving studio chief, wrote, "For all the success of films driven by existing intellectual property, originality is essential to movies. Neither movie theaters nor the art form itself can survive without at least some originality. After all, you can't make a sequel to nothing."

Microsoft has sharply raised prices across its Surface lineup as RAM and component costs keep climbing. "Both its midrange and flagship Surface lines are now significantly more expensive than they were just a few weeks ago, with the flagship Surface Laptop 7 and Surface Pro 11 now starting at $500 more than they launched at in 2024," reports Windows Central. From the report: The Surface Pro 12-inch, which was previously Microsoft's cheapest modern Surface PC at $799, now starts at $1,049. The flagship Surface Pro 13-inch, which originally launched for $999, now starts at an eyewatering $1,499. It's the same story for the Surface Laptop lines, with the entry-level 13-inch model originally priced at $899, now starting at $1,149. The 13.8-inch flagship Surface Laptop launched at $999, but now costs $1,499, with the 15-inch model now starting at $1,599. This means that Microsoft's midrange devices now cost more than the flagships did when they launched in 2024.

[...] Microsoft has raised prices for all SKUs on offer, meaning the high end models are now more expensive too. A top end Surface Laptop 15-inch with Snapdragon X Elite, 64GB RAM and 1TB SSD storage now costs a staggering $3,649. To compare, the 16-inch MacBook Pro with an M5 Pro, 64GB RAM, and 1TB SSD is $3,299, and that comes with a significantly better display and much more power under the hood.

BrianFagioli shares a report from NERDS.xyz: For years pop culture has treated April 25 as the "perfect date," thanks to the famous Miss Congeniality line about needing only a light jacket. But new analysis from WeatherBug suggests that idea does not actually hold up when you look at the numbers. After reviewing U.S. weather data from 2018 through today, the company concluded that October 8 delivers the most reliable combination of comfortable temperatures and low rainfall nationwide. According to the analysis, the average conditions on that day land around 66F with just 0.0573 inches of precipitation.

The study used population weighted weather data drawn from roughly 20 million daily WeatherBug users across the United States. When the company compared all days of the year, April 25 ranked only 80th, averaging about 60F and roughly 0.1297 inches of rain. The broader dataset also shows July dominating the hottest days of the year while January owns the coldest, with January 20 averaging just 33F nationally. While no single date guarantees perfect weather everywhere in a country as large as the U.S., the numbers suggest early October may quietly offer one of the most reliable windows for comfortable outdoor conditions.

A new powerful chipset has arrived to take on x86 CPUs and Apple's M5, writes Wccftech.

The blog Windows Central writes that "Qualcomm's Snapdragon X2 processors are here" — and they run Windows: Microsoft has done a massive amount of work to improve compatibility and has also convinced developers to embrace Windows 11 on Arm. Users of Windows 11 on Arm PCs spend 90% of their time on Arm-based apps that run natively. Additionally, apps that do not run natively can often run through Prism emulation, which has improved dramatically since launch...

[A]pp compatibility issues are overblown by many, and unfortunately those sharing false information are the same folks people rely on to make purchases... Works on Windows on Arm maintains a list of compatible apps and games for the platform. There, you'll see well-known apps like Google Chrome, the Adobe Creative Suite, and Spotify. We also have a collection of the best Windows on Arm apps to help you out. Snapdragon X PCs aren't gaming PCs, but there is a growing library of games that can run on the chips.

"Breathable oxygen has been created from Moon dust," reports the Telegraph, "in a world first that paves the way for a lunar base."

Jeff Bezos's Blue Origin ""announced this week that it had developed a reactor that could successfully release oxygen from lunar soil by using an electric current." Almost half of Moon dust — the thin layer of rock that blankets the lunar surface — is oxygen, but it is bound to metals such as iron and titanium... Previous work to isolate oxygen has been lab-based, and the unwieldy equipment needed has been too difficult to send to the Moon. In contrast, Blue Origin said its small-scale reactor, named Air Pioneer, could be made flight-ready to "provide the first breath of life for a sustainable Moon base"... As well as breathable air, Blue Origin said the reactor produces other critical elements for planetary infrastructure, such as iron, aluminium and silicon for construction and electronics, as well as glass for windows and solar panel covers. The company has previously said it wants to turn the Moon, and eventually Mars, into "self-sustaining worlds where robots and humans can go beyond visiting and truly explore, grow, live, and thrive"....

Blue Origin said it would need to generate around one megawatt of power to drive the reactors — about the energy it would require to power around 400 to 1,000 homes simultaneously. It envisages that each lunar settlement would have an array of nearby solar panels, generating the power needed for one reactor.
Besides breathable air for astronauts, the oxygen could also be used in propellant for refuelling landers and fuel cells, Blue Origin points out — and "produced right where they're needed, and at much lower cost than being brought from Earth."

Thanks to Slashdot reader fjo3 for sharing the article.

Microsoft has started stripping Copilot branding out of Notepad in Windows 11, replacing the old Copilot menu with a more generic "writing tools" label. The AI features themselves aren't going away, but Microsoft seems to be backing off the heavy-handed Copilot branding and extra entry points. Windows Central reports: As promised, Microsoft is now beginning its effort to reduce and remove Copilot branding across Windows 11, with the latest Notepad update for Insiders outright removing the Copilot icon and phrasing. Now, the AI menu is simply called "writing tools," and maintains the same functionality as before. Additionally, Microsoft has also removed references to AI in the Settings area in Notepad. Now, the ability to turn on or off these AI powered writing tools are now listed under "Advanced features."

This change is present in the latest preview build of Notepad which is now rolling out to all Windows Insiders. The app version is 11.2512.28.0, and you'll know you have it if you see the Copilot icon replaced with a pen icon instead. [...] For Notepad, it appears Microsoft has opted to replace the Copilot menu with something more generic. It's still the same functionally, but it's no longer leaning on the tainted Copilot brand. Of course, you can still easily turn off all AI features in Notepad if you don't want them. The Verge reports that the "unnecessary Copilot buttons" are also disappearing from the Snipping Tool, Photos, and Widgets.

France says it plans to move some government computers from Windows to Linux as part of a broader push for digital sovereignty and reduced dependence on U.S. technology. TechCrunch reports: In a statement, French minister David Amiel said (translated) that the effort was to "regain control of our digital destiny" by relying less on U.S. tech companies. Amiel said that the French government can no longer accept that it doesn't have control over its data and digital infrastructure. The French government did not provide a specific timeline for the switchover, or which distributions it was considering. Microsoft did not immediately comment on the news.

[...] France's decision to ditch Windows comes months after the government announced it would stop using Microsoft Teams for video conferencing in favor of French-made Visio, a tool based on the open source end-to-end encrypted video meeting tool Jitsi. The French government said it also plans to migrate its health data platform to a new trusted platform by the end of the year.

BrianFagioli writes: Mozilla is accusing Microsoft of stacking the deck against Firefox, arguing that design choices in Windows steer users toward Edge even when they explicitly choose another browser. According to Mozilla, parts of Windows still open links in Edge regardless of the default browser setting, including results from the taskbar search and links launched from apps like Outlook and Teams. Mozilla says this means Firefox often never even gets the opportunity to handle those links, which quietly shifts user activity back into Microsoft's ecosystem.

The company also points to Microsoft's aggressive rollout of Copilot as another example of platform power being used to push Microsoft services. Copilot appeared pinned to the taskbar, arrived automatically on many systems with Microsoft 365, and even received a dedicated keyboard key on some laptops. Mozilla argues that when the maker of the dominant desktop operating system promotes its own browser and AI tools at the system level, it becomes far harder for independent browsers like Firefox to compete.

Microsoft has apparently terminated the account VeraCrypt uses to sign its Windows drivers and bootloader, leaving the encryption project unable to publish Windows updates and throwing future releases into doubt. VeraCrypt's developer says Microsoft gave no clear explanation or warning for the move. "I didn't receive any emails from Microsoft nor any prior warnings," Mounir Idrassi, VeraCrypt's developer, told 404 Media. From the report: VeraCrypt is an open-source tool for encrypting data at rest. Users can create encrypted partitions on their drives, or make individual encrypted volumes to store their files in. Like its predecessor TrueCrypt, which VeraCrypt is based on, it also lets users create a second, innocuous looking volume if they are compelled to hand over their credentials. Last week, Idrassi took to the SourceForge forums to explain why he had been absent for a few months. The most serious challenge, he wrote, "is that Microsoft terminated the account I have used for years to sign Windows drivers and the bootloader."

"Regarding VeraCrypt, I cannot publish Windows updates. Linux and macOS updates can still be done but Windows is the platform used by the majority of users and so the inability to deliver Windows releases is a major blow to the project," he continued. "Currently I'm out of options." Idrassi told 404 Media the termination happened in mid-January. "I was surprised to discover that I could no longer use my account," he said.

On the forum and in the email to 404 Media, Idrassi shared what he said was the only message he received connected to the account shutdown. "Based on the information you have provided to date, we have determined that your organization does not currently meet the requirements to pass verification. There are no appeals available, we have closed your application," it reads. Idrassi told 404 Media the message is concerning his company IDRIX. "As you can read in their message, they say that the organization (IDRIX) doesn't meet their requirements, but I don't see which requirement IDRIX suddenly stopped meeting," he said. Idrassi said he has tried contacting Microsoft support, but he received automated responses that he believes contained AI-generated text.

Chrome is finally adding built-in vertical tabs, "which will move the tabs to the side of the browser window, making it easier to read full page titles and manage tab groups," reports TechCrunch. The company is also introducing an immersive reading mode for a distraction-free, text-focused experience. From the report: The company notes that the new vertical tabs can be enabled at any time by right-clicking on a Chrome window and selecting "Show Tabs Vertically." The company says there's no hard limit on the number of tabs that can be opened (beyond what would be limited already by the user's hardware). The vertical tabs work just as the horizontal tabs do, meaning you can have different Chrome windows with their own set of tabs or tab groups.

[...] Alongside the launch of vertical tabs, Chrome is also rolling out a new Reading Mode experience, which will offer a full-page interface to make it even easier to reduce on-screen clutter to focus on the text. This will be the new default experience for Chrome users, and arrives at a time when web pages, particularly those on news sites, have become cluttered with ads and prompts to subscribe to newsletters.

NASA's Artemis astronauts are now entering "the lunar sphere of influence," reports NBC News, "meaning the pull of the moon's gravity will become stronger than Earth's." Now as they begin their swing around the moon, the Artemis astronauts "are chasing after Apollo 13's maximum range from Earth," reports the Associated Press, hoping to beat its distance from Earth by more than 4,100 miles (6,600 kilometers).

They'll begin their six-hour lunar flyby 14 hours from now (at 2:45 p.m. ET Monday). But in a space-to-earth interview Saturday with NBC News, the astronauts were already describing their first glimpses of the edge of the far side: [NASA astronaut Christina Koch realized] it looked different from what she was accustomed to on Earth. "The darker parts just aren't quite in the right place," she said. "And something about you senses that is not the moon that I'm used to seeing...."

[Astronaut Reid] Wiseman called the flight a "magnificent accomplishment" and said the astronauts' ability to gaze at both Earth and the moon from their spacecraft has been "truly awe-inspiring." "The Earth is almost in full eclipse. The moon is almost in full daylight, and the only way you could get that view is to be halfway between the two entities," he said... And while the early photos of Earth and the moon that [Canadian astronaut Jeremy] Hansen and his colleagues have beamed back have been spectacular, the Canadian astronaut said they pale in comparison to the real deal outside their capsule's windows. "I know those photos are amazing," he said, "but let me assure you, it is another level of amazing up here."
And their upcoming six-hour lunar flyby "promises views of the moon's far side that were too dark or too difficult to see by the 24 Apollo astronauts who preceded them," notes the Associated Press: A total solar eclipse also awaits them as the moon blocks the sun, exposing snippets of shimmering corona.... At closest approach, they will come within 4,070 miles (6,550 kilometers) of the moon. Because they launched on April 1, the rendezvous won't have as much of the far lunar side illuminated as other dates would have. But the crew still will be able make out "definite chunks of the far side that have never been seen" by humans, said NASA geologist Kelsey Young, including a good portion of Orientale Basin.

They'll call down their observations as they photograph the gray, pockmarked scenes. There's a suite of professional-quality cameras on board, and each astronaut also has an iPhone for more informal, spur-of-the-minute picture-taking... Orion will be out of contact with Mission Control for nearly an hour when it's behind the moon. The same thing happened during the Apollo moonshots. NASA is relying on its Deep Space Network to communicate with the crew, but the giant antennas in California, Spain and Australia won't have a direct line of sight when Orion disappears behind the moon for approximately 40 minutes...

Once Artemis II departs the lunar neighborhood, it will take four days to return home. The capsule will aim for a splashdown in the Pacific near San Diego on April 10, nine days after its Florida launch. During the flight back, the astronauts will link up via radio with the crew of the orbiting International Space Station. This is the first time that a moon crew has colleagues in space at the same time and NASA can't pass up the opportunity for a cosmic chitchat.

"Canonical is no longer pretending that 4GB is enough," writes the blog How-to-Geek, noting Ubuntu 26.04 LTS "raises the baseline memory to 6GB, alongside a 2GHz dual-core processor, and 25GB of storage..." Ubuntu 14.04 LTS (Trusty Tahr) set the floor at 1GB — a modest ask when it launched more than a decade ago in 2014. Then came the Ubuntu 18.04 LTS (Bionic Beaver) that pushed the number to 4GB, surviving quite well in the era of 16GB being considered standard for mid-range laptops.... Ubuntu's new minimum requirement lands in an interesting spot when compared against Windows 11. Microsoft's operating system requires just 4GB RAM, although real-world usage often tells a different story. Usually, 8GB is considered the sweet spot to handle modern apps and multitasking.
The blog OMG Ubuntu argues this change is "not because Ubuntu requires 2GB more memory than it did, but more the way we compute does." it's more of an honesty bump. Components that make up the distro — the GNOME desktop and extensions, modern web browsers (and the sites we load in them) and the kinds of apps we use (and keep running) whilst multitasking are more demanding... The Resolute Raccoon's memory requirements better reflect real-world multitasking.

Ubuntu 26.04 LTS can be installed on devices with less than 6GB RAM (but not less than 25GB of disk space). The experience may not be as smooth or as responsive as developers intend (so you don't get to complain), but it will work. I installed Ubuntu 26.04 Beta on a laptop with just 2 GB of memory — slow to the point of frustration in use, but otherwise functional.

If you have a device with 4 GB RAM and you can't upgrade (soldered memory is a thing, and e-waste can be avoided), then alternatives exist. Many Ubuntu flavours, like Lubuntu, have lower system requirements than the main edition. Plus, there's always the manual option using the Ubuntu netboot installer to install a base system and then built out a more minimal system from there.

"Hackers briefly turned a widely trusted developer tool into a vehicle for credential-stealing malware that could give attackers ongoing access to infected systems," the news site Axios.com reported Tuesday, citing security researchers at Google.

The compromised package — also named axios — simplifies HTTP requests, and reportedly receives millions of downloads each day: The malicious versions were removed within roughly three hours of being published, but Google warned the incident could have "far-reaching impacts" given the package's widespread use, according to John Hultquist, chief analyst at Google Threat Intelligence Group. Wiz estimates Axios is downloaded roughly 100 million times per week and is present in about 80% of cloud and code environments. So far, Wiz has observed the malicious versions in roughly 3% of the environments it has scanned.
Friday PCMag notes the maintainer's compromised account had two-factor authentication enabled, with the breach ultimately traced "to an elaborate AI deepfake from suspected North Korean hackers that was convincing enough to trick a developer into installing malware," according to a post-mortem published Thursday by lead developer Jason Saayman: [Saayman] fell for a scheme from a North Korean hacking group, dubbed UNC1069, which involves sending out phishing messages and then hosting virtual meetings that use AI deepfakes to clone the face and voices of real executives. The virtual meetings will then create the impression of an audio problem, which can only be "solved" if the victim installs some software or runs a troubleshooting command. In reality, it's an effort to execute malware. The North Koreans have been using the tactic repeatedly, whether it be to phish cryptocurrency firms or to secure jobs from IT companies.

Saayman said he faced a similar playbook. "They reached out masquerading as the founder of a company, they had cloned the company's founders likeness as well as the company itself," he wrote. "They then invited me to a real Slack workspace. This workspace was branded... The Slack was thought out very well, they had channels where they were sharing LinkedIn posts. The LinkedIn posts I presume just went to the real company's account, but it was super convincing etc." The hackers then invited him to a virtual meeting on Microsoft Teams. "The meeting had what seemed to be a group of people that were involved. The meeting said something on my system was out of date. I installed the missing item as I presumed it was something to do with Teams, and this was the remote access Trojan," he added. "Everything was extremely well coordinated, looked legit and was done in a professional manner."
Friday developer security platform Socket wrote that several more maintainers in the Node.js ecosystem "have come out of the woodwork to report that they were targeted by the same social engineering campaign." The accounts now span some of the most widely depended-upon packages in the npm registry and Node.js core itself, and together they confirm that axios was not a one-off target. It was part of a coordinated, scalable attack pattern aimed at high-trust, high-impact open source maintainers. Attackers also targeted several Socket engineers, including CEO Feross Aboukhadijeh. Feross is the creator of WebTorrent, StandardJS, buffer, and dozens of widely used npm packages with billions of downloads... Commenting on the axios post-mortem thread, he noted that this type of targeting [against individual maintainers] is no longer unusual... "We're seeing them across the ecosystem and they're only accelerating."

Jordan Harband, John-David Dalton, and other Socket engineers also confirmed they were targeted. Harband, a TC39 member, maintains hundreds of ECMAScript polyfills and shims that are foundational to the JavaScript ecosystem. Dalton is the creator of Lodash, which sees more than 137 million weekly downloads on npm. Between them, the packages they maintain are downloaded billions of times each month. Wes Todd, an Express TC member and member of the Node Package Maintenance Working Group, also confirmed he was targeted. Matteo Collina, co-founder and CTO of Platformatic, Node.js Technical Steering Committee Chair, and lead maintainer of Fastify, Pino, and Undici, disclosed on April 2 that he was also targeted. His packages also see billion downloads per year... Scott Motte, creator of dotenv, the package used by virtually every Node.js project that handles environment variables, with more than 114 million weekly downloads, also confirmed he was targeted using the same Openfort persona.
Socket reports that another maintainer was targetted with an invitation to appear on a podcast. (During the recording a suspicious technical issue appeared which required a software fix to resolve....)

Even just technical implementation, "This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package," the CI/CD security company StepSecurity wrote Tuesday The dropper contacts a live command-and-control server, delivers separate second-stage payloads for macOS, Windows, and Linux, then erases itself and replaces its own package.json with a clean decoy... Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. Every artifact was designed to self-destruct. Within two seconds of npm install, the malware was already calling home to the attacker's server before npm had even finished resolving dependencies... Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline.
"As preventive steps, Saayman has now outlined several changes," reports The Hacker News, "including resetting all devices and credentials, setting up immutable releases, adopting OIDC flow for publishing, and updating GitHub Actions to adopt best practices."

The Wall Street Journal called it "the latest in a string of incidents exposing risks in the systems that underpin how modern software is built."

Nine days ago Microsoft released a non-security "preview" update for Windows 11 — not mandatory for the average Windows user, notes ZDNet, "but rather as optional, more for IT admins and power users who want to test them."

TechRepublic adds that the update "was to bring 'production-ready improvements' and generally ensure system stability by optimizing different Windows services." So it's ironic that some (but not all) users reported instead that the update "blocks users at the door, refusing to install or crashing midway through the process."

"It apparently impacted enough people to force Microsoft to take action," writes ZDNet. "Microsoft paused and then pulled the update," and then Tuesday released a new update "designed to replace the glitchy one. This one includes all the new features and improvements from the previous preview update, but also fixes the installation issues that clobbered that update."

Meanwhile, as Windows 11 version 24H2 approaches its end of life this October, Microsoft is now force-updating users to the latest version, reports BleepingComputer: "The machine learning-based intelligent rollout has expanded to all devices running Home and Pro editions of Windows 11, version 24H2 that are not managed by IT departments," Microsoft said in a Monday update to the Windows release health dashboard... "No action is required, and you can choose when to restart your device or postpone the update."
Neowin reports: The good news is that the update from version 24H2 to 25H2 is a minor enablement package, as the two operating systems share the same codebase. As such, the update won't take long, and you should not encounter any disruptions, compatibility issues, or previously unseen bugs... Microsoft recently promised to implement big changes in how Windows Update works, including the ability to postpone updates for as long as you want. However, Microsoft has yet to clarify if that includes staying on a release beyond its support period.

Thanks to long-time Slashdot reader Ol Olsoc for sharing the news.

Valve's March 2026 Steam Survey shows Linux gaming usage jumping to a record 5.33% share -- more than double macOS's 2.35%. Phoronix reports: Steam on Linux was never above 5% and easily an all-time high for the Linux gaming marketshare, especially in absolute numbers. It was a massive 3.1% spike in March while macOS also jumped surprisingly by 1.19% to 2.35%. The Steam Survey numbers show Windows losing 4.28%, down to 92.33%.

Part of the jump at least appears to be explained by Valve correcting again the Steam China numbers. Month over month they report a 31.85% drop to the Simplified Chinese language use and English use increasing by 16.82% to 39.09%. Other languages also showed gains amid the massive decline in Simplified Chinese use.

The latest numbers for March show around a quarter of the Linux gamers are running Steam OS. Due in part to the Steam Deck APU being a custom AMD product and the popularity of AMD hardware on Linux for its open-source nature, AMD CPU use by Steam on Linux gamers remains just under 70%.

Microsoft is reportedly shifting Windows 11 app development back toward fully native apps. Rudy Huyn, a Partner Architect at Microsoft working on the Store and File Explorer, said in a post on X that he is building a new team to work on Windows apps. "You don't need prior experience with the platform.. what matters most is strong product thinking and a deep focus on the customer," he wrote. "If you've built great apps on any platform and care about crafting meaningful user experiences, I'd love to hear from you." Huyn later said in a reply on X that the new Windows 11 apps will be "100% native." TechSpot reports: The description stands out at a time when many of Microsoft's built-in tools, including Clipchamp and Copilot, rely on web technologies and Progressive Web App architectures. The company's commitment to native performance suggests that some long-standing frustrations around responsiveness, memory use, and interface consistency could finally be addressed.

For Windows developers, Huyn's comments hint at a change in direction. Microsoft's recent development priorities have leaned heavily on web-based approaches, with Progressive Web Apps (PWAs) replacing or supplementing many native programs. [...] Exactly which applications will be rebuilt, or how strictly "100% native" will be enforced, remains unclear. Some current Microsoft apps classified as native still depend on WebView for specific features. But the renewed emphasis already has developers paying attention.