Resident of the world, traveling the road of life
68179 stories
·
21 followers

The End of Windows 10 Support Is an E-Waste Disaster in the Making

1 Share
The End of Windows 10 Support Is an E-Waste Disaster in the Making

Wednesday’s end of free Windows 10 support is an environmental disaster in the making, with as many as 400 million computers that cannot be upgraded to Windows 11 set to be cut off from receiving free security updates. The move is an egregious example of planned obsolescence that will inevitably result in the early deaths of millions of computers that would have otherwise had years of life left, and it is set to affect as many as 42 percent of all Windows computers worldwide.

“There’s 400 million computers that are going to enter the waste stream. That’s a disaster, just in terms of the sheer volume,” Nathan Proctor, director of consumer rights group PIRG’s right to repair campaign, said on the 404 Media Podcast. “And then you have people who are going to ignore the warnings and use a computer that’s insecure, so there’s going to [eventually] be some widespread security problems with these older, unsupported, no longer getting security updates computers.” 

Microsoft has said it “will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.” The problem with this is that millions of computers don’t have the technical specs to move to Windows 11, and some large, unknown number of Windows 10 devices are owned and operated by businesses, governments, and large organizations like schools and nonprofits whose procurement rules do not allow them to operate devices that are no longer getting security updates. This means that these organizations will necessarily have to buy new devices, which has become a big topic of conversation on the r/sysadmin subreddit, a community of IT professionals who manage big fleets of computers.

This inevitably means that many of those devices are going to end up in landfills and e-waste facilities, and that people are going to have to buy new computers, one of the more egregious examples of planned obsolescence in recent memory. Experts have repeatedly made clear that extending the use of any given device, either through repair, software updates, or just keeping a device for longer, is extremely important, because it delays all the carbon emissions associated with mining the raw materials needed to produce a new device and the energy and emissions associated with manufacturing and shipping that new device. 

Notably, Microsoft is going to continue offering security updates to customers who pay for them, meaning that it would be trivial for the company to continue to offer critical security updates for free. This is notable because we have seen unpatched Windows computers and devices turned into ransomware and botnets, most notably the 2017 WannaCry ransomware attack, in which repurposed, leaked NSA hacking tools attacked computers running Windows XP and Windows Server 2003. WannaCry was one of the most devastating widespread cyberattacks in history.

Microsoft’s decision to sunset Windows 10 support is particularly concerning considering that more than 42 percent of all Windows users are currently using Windows 10. When Microsoft stopped supporting Windows 8, just 3.7 percent of computers were using it, and just 2.2 percent of Windows users were using Windows 8.1 when Microsoft stopped supporting that operating system. 

“More than 40 percent of Windows users still use it,” Proctor said. “So to cut support for something that is legitimately a flagship product is bizarre. No one expects Microsoft to do software updates forever, but when 43 percent of your customers are using it, it’s not obsolete.”

Proctor and PIRG have launched a campaign pressuring Microsoft to extend support. Petitions and open letters of this sort aren’t known for being terribly effective, but when it comes to shaming companies into extending support for environmental and security reasons, there is one very big, very important precedent. In 2023, after widespread outrage from right to repair advocates, consumer rights groups, school districts, and enterprise buyers, Google agreed to extend automatic updates for Chromebooks to 10 years. The move saved millions of devices from going into landfills and ewaste facilities. 

“What happened with Google and Chromebooks is an example that gives me hope that we can win,” Proctor said. “During the pandemic, schools bought massive quantities of Chromebooks, then it turns out that Chromebooks have this thing called the AUE [automatic update] date, which is a preset end of support date, which in some cases was just a couple years after the computers were brought brand new. There were photos from the Oakland Unified School District in California of thousands of working Chromebooks that were headed to the recycler  because the AUE date had passed and they weren’t getting security updates, which meant they were ineligible to get some of the enterprise software they needed.”

“And so they were getting replaced by the thousands, and we organized a bunch of these school districts and institutional purchasers of Chromebooks,” he added. “Google initially resisted what we were doing, but then after a couple of months, they just flipped and said, ‘OK, we’re going to have 10 years minimum support timeline for all Chromebooks from here on out.’” 

You can listen to and watch 404 Media’s full interview with Nathan Proctor here.

Read the whole story
mkalus
1 hour ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Senators Warn Saudi Arabia’s Acquisition of EA Will Be Used for ‘Foreign Influence’

1 Share
Senators Warn Saudi Arabia’s Acquisition of EA Will Be Used for ‘Foreign Influence’

Democratic U.S. Senators Richard Blumenthal and Elizabeth Warren sent letters to the Department of Treasury Secretary Scott Bessent and Electronic Arts CEO Andrew Wilson, raising concerns about the $55 billion acquisition of the giant American video game company in part by Saudi Arabia’s Public Investment Fund (PIF). 

Specifically, the Senators worry that EA, which just released Battlefield 6 last week and also publishes The Sims, Madden, and EA Sports FC, “would cease exercising editorial and operational independence under the control of Saudi Arabia’s private majority ownership.”

“The proposed transaction poses a number of significant foreign influence and national security risks, beginning with the PIF’s reputation as a strategic arm of the Saudi government,” the Senators wrote in their letter. “As Saudi Arabia’s sovereign wealth fund, the PIF has made dozens of strategic investments in sports (including a bid for the U.S. PGA Tour), video games (including a $3.3 billion investment in Activision Blizzard), and other cultural institutions that ‘are more than just about financial returns; they are about influence.’ Leveraging long term shifts in public opinion, through the PIF’s investments, ‘Saudi Arabia is seeking to normalize its global image, expand its cultural reach, and gain leverage in spaces that shape how billions of people connect and interact.’ Saudi Arabia’s desire to buy influence through the acquisition of EA is apparent on the face of the transaction—the investors propose to pay more than $10 billion above EA’s trading value for a company whose stock has ‘stagnated for half a decade’ in an unpredictably volatile industry.”

As the Senators' letter notes, Saudi Arabia has made several notable investments in the video game industry in recent years. In addition to its investment in Activision Blizzard and Nintendo, the PIF recently acquired Evo, the biggest video game fighting tournament in the world (one of its many investments in esports), was reportedly a “mystery partner” in a failed $2 billion deal with video game publisher Embracer, and recently acquired Pokémon Go via its subsidiary, Scopely. 

“The deal’s potential to expand and strengthen Saudi foreign influence in the United States is compounded by the national security risks raised by the Saudi government’s access to and unchecked influence over the sensitive personal information collected from EA’s millions of users, its development of artificial intelligence (AI) technologies, and the company’s product design and direction,” the Senators wrote. 

The acquisition, which is the largest leveraged buyout transaction in history, includes two other investment firms: Silver Lake and Affinity Partners, the latter of which was formed by Donald Trump’s son-in-law Jared Kushner. The Senators letter says that Kushner’s involvement “raises troubling questions about whether Mr. Kushner is involved in the transaction solely to ensure the federal government’s approval of the transaction.”

These investments in the video game industry are just one part of Saudi Arabia’s broader “Vision 2030” to diversify its economy as the world transitions away from the fossil fuels that enriched the Saudi royal family. The PIF has made massive investments in aerospace and defense industries, technology, sports, and other forms of entertainment. For example, Blumenthal and other Senators have expressed similar concerns about the PIF’s investment in the professional golf organization PGA Tour. 

The Senators don’t specify what this “foreign influence” might look like in practice, but recent events can give us an idea. The comedy world, for example, has been embroiled in controversy for the last few weeks over the Saudi hosted and funded Riyadh Comedy Festival, which included many of the biggest stand-up comedians in the world. Those who participated in the festival, despite the Saudi government's policies and 2018 assassination of journalist Jamal Khashoggi, defended it as an opportunity for cultural exchange and freedom of expression in a country where it has not been historically tolerated. However, some comedians who declined to join the festival revealed that participants had to agree to certain “content restrictions,” which forbade them from criticizing Saudi Arabia, the royal family, or religion.



Read the whole story
mkalus
1 hour ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Kiki Goti + Toro Manifesto Celebrate Materiality in Bells & Whistles

1 Share

Kiki Goti + Toro Manifesto Celebrate Materiality in Bells & Whistles

We currently live in a world of overarching technology and incessant optimization. Beholden to the digital feedback we receive, technology’s rapid evolution greatly outpaces our understanding of its implications. Bells & Whistles by designer Kiki Goti – a five-piece collection realized in collaboration with the studio and collectible design gallery Toro Manifesto – stands in opposition to this paradigm providing a bountiful sense of tactility and expert use of material on display.

A modern armchair with metallic cone feet sits next to a small wooden table adorned with a silver lamp against a concrete wall with a matching wall sconce.

Wavy brushed aluminum, deeply lacquered wood, and sculptural handles all combine to create a cohesive yet quite surprising range. The melding of seemingly disparate elements evokes a sophisticated yet endearing, whimsical feeling that screens cannot provide.

A modern living room with a beige armchair, three black coffee tables, a wooden cabinet with a lamp, and a marble fireplace, all set on a beige carpet.

Vintage sensibilities steer this collection in the best direction. The wood used throughout the works retains a deep hue and boasts a high-gloss finish reminiscent of sculptural tables and eye-popping plastics from the seventies.

Modern living room with concrete walls, dark brown ceiling, glossy burgundy cabinets, metallic table lamp, stylish wall sconce, and a rounded black coffee table on a beige rug—designed with all the bells & whistles for contemporary comfort.

The taupe upholstery covering the Bells & Whistles Armchair establishes a strong style sense while the yellow tones accentuate the wood’s cherry appearance. This relatively flat fabric is ingenious in its lack of texture, creating dynamic space between the surface of the upholstery, wood body, and flared metal legs.

A modern armchair with olive green cushions, a glossy wooden frame, and unique gray sculpted legs, set against a neutral background.

A modern armchair with olive upholstery, dark wooden frame, and four sculptural, metallic cone-shaped legs flair against a neutral background.

Equally captivating are the metal elements, which add a playful yet sturdy aspect to the collection.

A modern armchair with yellow upholstery, glossy maroon sides, metallic flared legs, and a wooden side drawer partially pulled out.

These metal forms, cast with multiple uses in mind, serve not only as the chair, Cabinet, and Coffee Table legs but also act as a shade for the Table Lamp and Wall Light. The clear cohesion speaks to the collection’s inherent emotional intelligence.

A low, rectangular wooden cabinet with glossy, dark brown doors and four sculptural, cone-shaped gray legs on a neutral background.

A wooden cabinet with glossy dark brown doors, metallic silver handles, and four sculpted silver feet resembling shells, set elegantly against a neutral background.

Sculptural handles and tiny metallic accents pepper the collection in correspondence with their larger aluminum counterparts by referencing the established surface finish. On the armchair, they hint at drawers tucked neatly below the seat on each side while the coffee table and cabinet feature them in the most elegant manner as organic gestures inviting touch to the panels.

A rectangular wooden coffee table with two drawers and four sculptural, cone-shaped metallic legs on a plain neutral background.

Rectangular wooden table with a glossy maroon accent drawer and a sculpted metallic leg resembling draped cloth, featuring subtle Bells & Whistles for a touch of sophistication.

Here the contrast is much more apparent between a flat front and kinetic component. The plane of the drawers and doors puff out to beyond each furnishing front, as if billowing from the inside out. This move articulates clear design intent – and a joyous moment – when the high gloss wood finish catches light and reflects the surrounding space in a bubbly manner.

Close-up of a wooden cabinet with a glossy, dark brown door partially open, featuring a sculpted metallic handle and a textured metallic base.

The same thoughtfulness is seen in the dimensions where the pronouncement of glossy doors meets the sculptural handles in the boldest of ways. A unique and quite interesting connection, the surrounding light refracts so differently on the metal and wood depending on panel lengths and depths and lengths. The doors create a greater field within which the handles seem to glow whereas each blends into the flow across the skinnier drawers.

A table lamp with a metallic, flared lampshade and a base resembling a three-drawer wooden cabinet set elegantly against a beige background.

While a bit smaller than those featured on the casework, the petite handles on the lighting are nonetheless impactful, adding a hand-rendered feeling to the collar of the wall light or tiny drawers on the table lamp, which – again, as if inflated – bulge out in a quick trick of the eye that must be executed expertly to achieve.

A close-up of a brown cabinet with a metallic top and three wooden drawers—one open—each featuring silver handles.

Bells & Whistles is a nod to the ancient tradition of bellmaking and centuries of bellmakers creating resonant, enduring shapes. As more and more brands homogenize, this mini history lesson is a testament to the unique sensibilities of Goti, bringing this time-honored tradition to furniture design.

Wall-mounted light fixture with a skirt-shaped, dark lampshade and a wooden accent at the top while casting a soft glow on a beige wall.

To learn more about the collaborative effort behind Bells & Whistles by Kiki Goti and Toro Manifesto, visit toro-manifesto.com.

Photography by Alejandro Ramirez Orozco.

Read the whole story
mkalus
1 hour ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Pluralistic: Microsoft, Tear Down That Wall! (15 Oct 2025)

1 Share


Today's links



A 1989 black and white photo of the Berlin Wall; peering over the wall is Microsoft's 'Clippy' chatbot.

Microsoft, Tear Down That Wall! (permalink)

Even though he's the darkest of clouds, Trump has some deeply weird silver linings, formed out of a combination of his self-owning isolationism and blunt aggression.

In my quarter-century as a digital activist, I've had cause to work in more than 30 countries. Wherever I went, I'd meet with policymakers about the rules they should be thinking about in order to make their technology work better for their countries. Every single time, they'd agree politely with me, but insist that making any kind of tech-improving rules was impossible, because the US trade representative would kick their teeth in if they tried.

For all of this century, the USTR has been one of the greatest global impediments to a better world, hopping from country to country, demanding policies that would protect American tech firms from foreign competitors – especially the kind of competitor who would improve on American tech products by protecting users' privacy, consumer rights or labor rights while they used them.

The most glaring example of this are "anticircumvention laws." Under these laws, it's illegal to modify any technology that has any kind of anti-modification defenses. In other words, if the manufacturer draws a kind of virtual dotted line around part of the product's software and labels it, "Do not look inside this box," then it becomes illegal to do so, even if you're trying to do something that's otherwise legal.

That means that if your printer is designed to reject generic ink, you can't change the code that verifies the ink cartridge. There's no law that says, "You have to buy your ink from the same company that sold you your printer," but if HP adds any kind of anti-modification measure to its ink-checking code, then disabling that code becomes a serious crime.

Now, these laws are obviously an invitation to mischief. They are used to prevent independent repair of everything from tractors to cars to phones to games consoles to ventilators. They're used to stop you from blocking ads or surveillance on your phone or "smart" TV. They keep you locked into manufacturers' app stores, payment systems and other add-ons, which means that you are constantly being ripped off with junk fees, and you can't install the software of your choosing, including software that will help you avoid being kidnapped by masked thugs and sent to a secret torture prison:

https://pluralistic.net/2025/10/06/rogue-capitalism/#orphaned-syrian-refugees-need-not-apply

The US passed the first of these laws in 1998, when Bill Clinton signed the Digital Millennium Copyright Act. As the ink was still drying on Clinton's signature, the US trade rep started racing around the world, demanding that America's trading partners adopt their own version of the law:

https://pluralistic.net/2025/05/13/ctrl-ctrl-ctrl/#free-dmitry

As these laws were adopted around the world, US tech giants were given carte blanche to extract more money and data from their global users. American users were getting ripped off too, of course (they were the first victims of Big Tech), but at least the US stock market reaped the benefit of Big Tech's incredibly lucrative scams. But for America's trading partners, anticircumvention was an entirely losing proposition: their people got ripped off for their data and their money, and their tech companies couldn't go into business selling products to disenshittify America's cash-and-data extraction machines.

So why did America's trading partners agree to anticircumvention law? Well, that was down to the tender ministrations of the US trade rep. Countries that didn't pass anticircumvention were threatened with US tariffs.

I used to occasionally guest-lecture at an international relations grad program at the Central European University in Budapest, and one summer, I had a student who had served as the information minister to a Central American country while the US was negotiating the Central American Free Trade Agreement (CAFTA). This student described getting a phone call from their country's chief negotiator who said, "I know you told me not to budge on anticircumvention, but the USTR tells me that if we don't give them this, they will block our agricultural exports. I'm sorry." Country by country, the world fell into line.

When someone tells you, "You'd better do what I say or I'm going to burn your house down," and then they burn your house down, you'd be an absolute sucker if you kept up your part of the bargain.

I find it absolutely bizarre that the USTR spent decades racing around the world, getting every country on earth to sign up to "America First" policies by threatening them with tariffs, and then Trump actually imposed the tariffs anyway, which has opened up the space for every country to get rid of those America First policies.

Of course, that's not all Trump has done. He's also made it abundantly clear that he considers America's (former) allies to be geopolitical and economic competitors, and that US tech is one of the primary weapons he will use to wage war on the world. He got Canadian Prime Minister Mark Carney to cave on taxing Big Tech, which means that they'll be able to go on cheating on their taxes, while Canadian companies won't be able to, which means Canada's tech sector will never be able to compete:

https://www.bbc.com/news/articles/cd0vv2pe7ydo

Trump has also ordered the EU to scrap its new tech antitrust laws, the Digital Markets Act and the Digital Services Act, which aim to open up space for European competitors to US tech:

https://www.politico.eu/article/trumps-antitrust-agency-chief-blasts-eu-digital-rules-as-taxes-on-american-firms/

But more than that, Trump and US tech have teamed up to attack and deplatform public officials that Trump has beef with. Take Karim Khan, chief prosecutor of the International Criminal Court in the Hague. Khan swore out a criminal complaint and arrest warrant for the génocidaire Benjamin Netanyahu, and Trump sanctioned Khan. Then, Microsoft cut off Khan's access to his account, nuking his email, calendar, address book and files:

https://apnews.com/article/icc-trump-sanctions-karim-khan-court-a4b4c02751ab84c09718b1b95cbd5db3

For officials all over the world, the message couldn't be clearer: Trump sees you as the enemy, and he will use American tech companies to cut you off at the knees if you don't roll over for him.

Enter the Eurostack. This is an initiative from the EU that seeks to fund and deploy open source equivalents to the platforms that the European public, its businesses and its governments are currently locked into:

https://pluralistic.net/2025/06/25/eurostack/#viktor-orbans-isp

Thus far, Eurostack's focus has been on building those Made-in-the-EU alternatives to the US tech stack, and on financing data-center rollout. But very shortly, Eurostack advocates are going to hit a wall.

Escaping from US Big Tech isn't merely a matter of having another service to move your data and interactions to. You also have to have a way to transition from the old, US service to the new Eurostack equivalent.

No government ministry, no business, no individual is going to manually copy-and-paste thousands (or millions) of documents out of Microsoft, Apple or Google's cloud into the Eurostack. No one is going to individually move all the edit histories, email chains, and file permissions over. These files and data-structures are essential to the people who created them, and they often contain sensitive information and compliance data that is illegal to delete.

Sure, the EU could try to order American Big Tech companies to create export tools so that Europeans can easily retrieve their data in formats that can be faithfully imported into Eurostack services, but we can already see how that will play out.

Last year's Digital Markets Act contains a modest set of "interoperability" requirements that require big US companies like Apple to open up their platforms to rival app stores and payment processors. Apple's monopoly over iPhone apps is a big deal – it lets the company structure the market for software in Europe, without any accountability or limits, and Apple extracts a 30% tax on every euro that changes hands via an iOS app. Globally, Apple makes more than $100b/year from this "app tax."

When the EU passed a law aimed at halting this racket, Apple lost its mind. First, they proposed a "solution" to this that was so onerous and tortured that it was a kind of sick joke:

https://pluralistic.net/2024/02/06/spoil-the-bunch/#dma

Then they threatened to stop selling iPhones in the EU altogether:

https://pluralistic.net/2025/09/26/empty-threats/#500-million-affluent-consumers

Now, Apple has filed 18 legal challenges to any interoperability mandate under the DMA:

https://eur-lex.europa.eu/eli/C/2025/5213/oj/eng

If this is how an American tech company responds to a small-potatoes order to give Europeans more choice over how they use their own devices and data, imagine what these US giants will do if the EU orders them to open up their platforms so people can leave altogether!

The only plausible path from US Big Tech to the Eurostack runs straight through anticircumvention. The EU needs to repeal Article 6 of the Copyright Directive, a law it passed at the behest of the US Trade Representative, to protect the rent-extraction tactics of American tech companies. We need to make it legal for European technologists to reverse-engineer the American tech platforms' websites and apps so that Europeans can get their data out of America's tech silos and into open, sovereign, privacy-respecting, consumer rights-preserving, worker-protecting Eurostack versions.

Building the Eurostack without thinking about migration tools is a recipe for disappointment. It's like building housing for East Germans…in West Berlin, without sparing a thought for how those East Germans are going to get to the new apartment blocks.

The good news is, there's no reason to keep Article 6 of the Copyright Directive on the books. The law has always been a wreck. It's one of the primary barriers to Right to Repair: companies now build devices with "access controls" on their parts. Even after you install a new part into a device, it won't start working until the manufacturer's representative unlocks it (for a hefty fee). Under anticircumvention laws like EUCD Article 6, it's illegal to bypass these locks.

What's more, the digital locks that EUCD 6 protects are almost all to be found in American products. Only a handful of EU manufacturers rely on these, and they use them to in terrible ways. Volkswagen used the fact that it was illegal to reverse-engineer its engines to disguise the fact that it was cheating on its emissions tests, and the resulting "Dieselgate" scandal killed thousands of Europeans:

https://memex.craphound.com/2017/09/18/dieselgate-kills-5000-europeans-per-year/

Newag, a Polish train manufacturer, boobytraps the trains they sell. When these trains sense that they have been taken to a competitor's train-yard for maintenance, they render themselves inoperable. Newag then charges thousands of euros to remotely "repair" their own sabotage. When this was revealed by a team of independent security researchers, Newag used claims under EUCD 6 in an attempt to intimidate them into silence:

https://pluralistic.net/2023/12/08/playstationed/#tyler-james-hill

Mercedes won't let you unlock your new car's full acceleration capability unless you pay them a monthly subscription fee, and any mechanic who tries to bypass this and give you your whole engine's capability violates EUCD 6. BMW won't let you use the feature that auto-dims your high-beams when there's oncoming traffic, and once again, that can't be fixed by another company because of EUCD 6:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

Any business that relies on EUCD 6 is garbage and should be killed with fire. The global champions of this legal sabotage are all American, but the EU companies that copied their business models are also trash and the EU should be terminating them with extreme prejudice.

It's pretty remarkable that we've forgotten about the kind of reverse-engineering that EUCD 6 bans. This used to be totally normal. Providing tools to move data from one system to another – without permission from your old vendor – is a completely legitimate business.

The only reason we forgot that this stuff existed is that the US trade rep spent 25 years lobotomizing us all, threatening us with tariffs if we dared to do anything that disrupted American Big Tech. With those companies, it's always "disruption for thee, never for me."

In a few short months, Trump has sown the seeds of the destruction of one of the most world's pernicious "America First" systems. Now, it's in the EU's power to send it to a long-overdue grave.

"Mr Cook, Mr Nadella, Mr Ellison, Mr Pichai – tear down that wall!"

(Image: Armin Kübelbeck, CC BY-SA 4.0, modified)


Hey look at this (permalink)



A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Japanese court: links to news stories can’t use headlines for link-text https://web.archive.org/web/20060309190419/http://www.ridingsun.com/posts/1129257907.shtml

#20yrsago Understanding broadband regulation https://papers.ssrn.com/sol3/papers.cfm?abstract_id=557330

#20yrsago Anti-game wacko designs ultra-violent video game to prove games are violent https://web.archive.org/web/20051030003500/http://gc.advancedmn.com/article.php?artid=5883

#20yrsago Gilberto Gil in the Guardian https://www.theguardian.com/music/2005/oct/14/brazil.popandrock

#15yrsago BoomCases: self-powered amps built into old suitcases https://theboomcase.wordpress.com/gallery/

#15yrsago The Singularity won’t be heaven: Annalee Newitz https://web.archive.org/web/20101016204801/http://io9.com/5661534/why-the-singularity-isnt-going-to-happen

#15yrsago Webcam spying school settles with students, pays $1.2M in fees and damages https://www.nbcnews.com/id/wbna39631890

#15yrsago Rucker and Sterling’s new story: “Goodnight Moon” on Tor.com https://web.archive.org/web/20101016231350/http://www.tor.com/stories/2010/10/good-night-moon

#15yrsago Wonderful Japanese pudding ad https://www.youtube.com/watch?v=9sEI1AUFJKw

#15yrsago Anatomical illustrations from Japan’s Edo period https://pinktentacle.com/2010/10/anatomical-illustrations-from-edo-period-japan/

#15yrsago Travel author sues DHS to make it obey the law with its vast traveller databases https://hasbrouck.org/blog/archives/001887.html

#15yrsago Kevin Kelly’s WHAT TECHNOLOGY WANTS: how technology changes us and vice-versa https://memex.craphound.com/2010/10/13/kevin-kellys-what-technology-wants-how-technology-changes-us-and-vice-versa/

#10yrsago TPP requires countries to destroy security-testing tools (and your laptop) https://web.archive.org/web/20151020122940/https://motherboard.vice.com/read/white-hat-hackers-would-have-their-devices-destroyed-under-the-tpp

#10yrsago How to make “Dracula’s dentures” cookie sandwiches https://www.the-girl-who-ate-everything.com/draculas-dentures-for-halloween/

#10yrsago Playboy (circulation 800k, down from 5.6m) drops nude images https://www.nytimes.com/2015/10/13/business/media/nudes-are-old-news-at-playboy.html

#10yrsago Glitchlife: Gallery of public Blue Screens of Death, including a world-beater https://web.archive.org/web/20151013003105/https://motherboard.vice.com/read/public-blue-screens-of-death-remind-us-that-life-is-a-farce

#10yrsago Bernie Sanders is beating all of Obama’s important 2008 records https://web.archive.org/web/20151013123107/https://www.alternet.org/election-2016/remember-obamas-historic-2008-presidential-run-bernie-sanders-so-far-exceeding-it

#10yrsago How to teach gerrymandering and its many subtle, hard problems https://mitesp.tumblr.com/post/130793404248/how-i-teach-gerrymandering

#10yrsago Police end round-the-clock Assange detail at London’s Ecuadorian embassy https://www.ibtimes.co.uk/police-stop-24-7-monitoring-wikileaks-founder-julian-assange-ecuadorian-embassy-1523634

#10yrsago CIA black-site torture survivors sue shrinks who made $85M overseeing CIA torture program https://theintercept.com/2015/10/13/former-u-s-detainees-sue-psychologists-responsible-for-cia-torture-program/

#10yrsago SRSLY, they want to put DRM in JPEGs https://www.eff.org/deeplinks/2015/10/theres-no-drm-jpeg-lets-keep-it-way

#10yrsago Fury Road as a vintage run-and-gun side-scroller https://www.youtube.com/watch?v=NsXWTcVvCwQ

#10yrsago Information leakage shows DEA blew millions on the secret phone trackers it won’t admit it bought https://www.muckrock.com/news/archives/2015/oct/14/dea-cell-phone-trackers/

#10yrsago No, poor kids don’t struggle in school because their parents have small vocabularies https://newrepublic.com/article/123093/rich-kids-better-poor-kids-school-its-not-word-gap

#10yrsgo Thrust/parry/counter: the history of Web authentication http://blog.slaks.net/2015-10-13/web-authentication-arms-race-a-tale-of-two-security-experts/

#5yrsago How to spreadsheet https://pluralistic.net/2020/10/14/final_ver2/#csv

#5yrsago Prop 22 is a scam https://pluralistic.net/2020/10/14/final_ver2/#prop-22

#5yrsago What happened in Florida https://pluralistic.net/2020/10/14/final_ver2/#bush-v-gore

#5yrsago Pandemic shock doctrine vs internet freedom https://pluralistic.net/2020/10/14/final_ver2/#freedom-house

#5yrsago Beyond Cyberpunk https://pluralistic.net/2020/10/13/hopeful-disasters/#technologist-wizards

#5yrsago SF as intuition pump https://pluralistic.net/2020/10/13/hopeful-disasters/#narratives

#1yrago Dirty words are politically potent https://pluralistic.net/2024/10/14/pearl-clutching/#this-toilet-has-no-central-nervous-system


Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.



A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)



A grid of my books with Will Stahle covers..

Latest books (permalink)



A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, 2026



Colophon (permalink)

Today's top sources:

Currently writing:

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. FIRST DRAFT COMPLETE AND SUBMITTED.

  • A Little Brother short story about DIY insulin PLANNING


This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Read the whole story
mkalus
2 hours ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

It’s trivial to prompt-inject Github’s AI Copilot Chat

1 Share

We mentioned Omer Mayraz from Legit Security in May, when he prompt-injected an AI code bot on GitLab and got it to play a Rick Astley video.

He’s got a new one, this time with Git Hub Copilot Chat. It’s a chatbot that makes helpful suggestions — and has full access to all the user’s private data!

Mayraz’s question was: can we send a pull request — a suggested code fix — that contains a prompt injection? And make the bot spill sensitive user data, like private code or AWS login keys? Yes, we can! [Legit Security]

First, Mayraz just sent instructions in plain text telling the bot to say “HOORAY!” at the end of its response. That worked — so he knew Copilot Chat would act on instructions in pull requests. Just any pull request sent in by a random user on the hostile internet.

Mayraz then put the command inside a comment in the pull request. Then it’s not visible to the user — but Copilot Chat can read it just fine, and act on it.

Next, Mayraz made Copilot Chat suggest the user should install an evil software package. That worked too.

Finally, Mayraz told Copilot Chat to grab the user’s private data, put it in a message to the user with a web address, and tell them to click on the link. You’ve won a gift certificate from GitHub, click here! Just by clicking that, you’ve sent your private data.

But can we do a zero click attack? Can we make Copilot Chat give us the user’s private data if they even look at the pull request page? Yes, we can!

If you could get GitHub to load your chosen image, the image address could encode the user’s data. But GitHub runs an image proxy, Camo. You can’t just put in an image and get data out that way, GitHub will sanitise it.

So first, Mayraz pre-generated a Camo address for every letter and symbol, so he had known addresses for each character.

Second, he got Copilot Chat to render the user secrets as a sequence of 1×1 transparent pixels at the pre-generated Camo addresses — one for each letter of the user’s private data. The user couldn’t see these — but Mayraz’s web server could see them.

So a user would just look at the pull request and Copilot Chat would generate a string of invisible pixels that called out to Mayraz’s web server and sent him the user’s data!

Mayraz used this to extract private code repositories and AWS login secrets. He’s called it CamoLeak.

GitHub says it’s closed the image hole — they disabled all images in Copilot Chat.

They did not fix the bit where you can still prompt-inject Copilot Chat just by sending a pull request. They’re still working on that one.

Read the whole story
mkalus
3 hours ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete

Vier Radfahrende, ein Autofahrer und eine rote Ampel

1 Share

Eine Situation die viele zumindest in Teilen so kennen dürften. Aus den ziemlich fantastischen The MUTE Series, „a collection of one-take microfilms that report on the vagaries of human behaviour.” Für die jeweiligen Filme gelten immer drei Regeln: kein Dialog, keine Kamerabewegungen, nur eine Aufnahme.


(Direktlink, via Kottke)

Read the whole story
mkalus
3 hours ago
reply
iPhone: 49.287476,-123.142136
Share this story
Delete
Next Page of Stories