The Register

Microsoft's June Windows update has upset some third-party applications that use Object Linking and Embedding (OLE) automation to open or control Office apps, leaving users with failed document launches and, in some cases, no error message to explain what went wrong. According to Microsoft, "reports indicate that this issue may affect applications such as CCH Engagement, Workpaper Manager, dental software (such as Dentrix and Softdent), and Zotero; other similar applications might also be impacted." The workaround is to "open the application or document directly instead of launching it from the affected third-party application." Microsoft was quick to point out that this wasn't its problem. The third parties concerned are "independent of Microsoft." "We make no warranty, implied or otherwise, about the performance or reliability of these products." That would be fair enough were it not for the fact that these third parties are relying on Windows plumbing that has been around since the 1990s, and abruptly breaking or changing something in a Windows release doesn't give those vendors much time to deal with the problem. OLE allows one application to control another – for example, firing up a Word document or Excel spreadsheet from an accounting application. When it works properly, users don't need to switch between applications. The process should be seamless. If opening the file directly, which somewhat defeats the point of OLE, doesn't help, ordinary users will have to wait for a fix in "a future Windows update." There is a mitigation for affected devices within organizations, though obtaining it requires contacting Microsoft support for business customers. Veteran techies may find this mess ironic, given that in the 1990s Microsoft went all-in on OLE and ultimately saw off the rival OpenDoc tech backed by Apple and IBM. The issue is the first that Microsoft has acknowledged in the patch, although the company's forums are full of users complaining about other difficulties, including OneDrive and BitLocker problems. ®

INTERVIEW There are only a handful of dedicated Linux PC vendors. One of the best-known is the 20-year-old American company System76. It's not just a business that installs Linux on PCs. System76 is building something rare in 2026: a vertically integrated Linux‑first computing stack that treats open source as an engineering north star, not just marketing copy. We spoke to founder and CEO Carl Richell about where System76 began and where it's going. When Richell started System76 20 years ago, he had "$1,500 in my basement" and no venture capital. He only had a bet that there were enough serious Linux users to sustain an honest, Linux‑only PC company. It has since grown organically into a factory operation in Denver, where raw aluminum sheets and billets come in one end and finished Thelio desktops roll out the other, complete with in‑house firmware and Linux preloads. It wasn't an immediate success. The growth curve was incremental. The company started in a basement, moved to a tiny office, then a slightly larger office, a still bigger one in downtown Denver, and, more recently, System76 operates out of its own factory. There, the company says, its servers, desktops, and laptops are "designed by nerds. Engineered by experts. Handcrafted by humans." All this was funded, Richell said, by reinvested profits and conventional machinery loans rather than venture capitalists. This was by design. That choice means there's no VC partner demanding an "exit" or pushing for a pivot away from Linux and open source; Richell says they "work for our customers and we work for each other," and have "never had to really roll the dice on the company," just take calculated risks. That deliberate pacing also shaped the culture. Many of the engineers who could "go work at Google" stay, he argues, because their "true beliefs align" with System76's open source‑first mission, not a retrofit of openness onto an ad business. For a niche OEM in a hostile, margin‑thin PC market, that ideological stickiness might be as important an asset as any product spec sheet. System76 likes to talk about its community roots, but the company's survival story is written in purchase orders. More than half of its sales are business‑to‑business, and Richell says there are "very few Fortune 500 companies that we don't ship products to," even if those deals are typically developer and engineering rigs rather than sprawling, company‑wide rollouts. Those systems often land in engineering departments and university labs as developer desktops, AI workstations, or high‑end Linux boxes for research workloads rather than accounting PCs. The pitch is a fully integrated Linux platform: hardware designed and manufactured for Linux in Denver, Pop!_OS and COSMIC developed in‑house, and open firmware that can be audited, modified, and redeployed. In a year when AI datacenters have driven up the cost of memory and storage, System76 entered 2026 expecting "much harsher headwinds" from component prices. Instead, demand stayed strong, and the business continues to grow year‑over‑year, suggesting that for a certain class of customer – developers, researchers, and Linux‑centric organizations – the premium for a well‑supported Linux workstation is easier to swallow than the friction of fighting Windows or bespoke dual‑boot setups. System76 keeps that business by pairing the product with the kind of operational plumbing most open hardware upstarts never quite build. That includes tightly coupled support, sales, and engineering teams (support is "ten feet from the sales team") and the ability to trace customer pain directly into product changes. It's a Linux company built like a small enterprise vendor, not a boutique enthusiast shop. On the hardware side, 2026 is the beginning of a new design era, centered on the freshly redesigned Thelio desktop family. Mira is the high‑performance mid‑tower, aimed at users who need serious CPU and GPU throughput in a comparatively compact box. Thelio Major stretches into high‑end desktop territory with support for Threadripper‑class CPUs, ECC memory, and dual power supplies to feed multiple top‑end GPUs. Richell describes Mira as the "beginning of that new desktop design refresh," a platform that lets System76 relearn thermal dynamics, structural design, and manufacturability at scale. They put the chassis through adhesive and mechanical torture tests – robots repeatedly pulling the side and front panels off thousands of times – to ensure the new modular construction would withstand years of use and field servicing. Next up is the Prime, a mini‑ITX desktop that shrinks the new design language into an "adorable, tiny desktop" now going through thermal testing. Further out is "Paleo Mega," an AI workstation designed to carry the thermal and power lessons from Mira and Major into multi‑GPU, AI‑first configurations, where cooling and power delivery are often the limiting factors. The product cadence shows a company that now thinks in platform terms: reuse chassis and thermal designs across a family, and then specialize for AI, compact workstations, and other niches. COSMIC and Pop!_OS as a buildable desktop If hardware is where System76 proves it can build real machines, software is where it tries to shape the broader Linux ecosystem. COSMIC, its Rust‑based desktop for Pop!_OS and other distros, is explicitly designed to be "modular and composable," with components you can replace, extend, or use as building blocks for entirely new UI experiences. Richell argues that before COSMIC, there "wasn't really a Linux desktop… designed to build things" in the way the kernel or the LAMP stack are foundations for other work. COSMIC's components have strict, well‑defined dependencies and are built to be reassembled – by OEMs, distro maintainers, or specialized platforms – into custom desktops for different devices and use cases. In System76's ideal world, COSMIC becomes the UI layer you reach for when you're building your own Linux‑based system, not just the default skin on Pop!_OS. On the user‑facing side, COSMIC is already shipping as a rolling‑release desktop, with new features and fixes flowing into users' machines as soon as they clear QA rather than on slow, monolithic schedules. Since its December 11 release, the project has seen roughly 1,200 merges from 172 contributors, a pace more reminiscent of a popular upstream project than a vendor‑specific shell. That rolling strategy matters right now in gaming, where System76 is devoting fresh attention. The team has recently added support for Wayland's pointer capture protocol, so first‑person shooters and "infinite scroll" scenarios behave correctly, fixed full‑screen window handling for workflows like Steam Big Picture, and tightened a long list of "around the edges" behaviors that used to require user workarounds. In Richell's telling, the aim is to make gaming "just work" on Pop!_OS + COSMIC without hidden incantations, a necessity if Linux gaming is going to be credible outside the hobbyist circle. Pop!_OS itself runs atop Ubuntu LTS, with System76 adopting what Richell – over some internal grumbling – still calls a "hardware enablement stack": newer kernels, Mesa, and related bits to keep up with GPUs and emerging hardware, while COSMIC continues to roll on top. The current release tracks Ubuntu 24.04 LTS; Pop!_OS 26.04 is expected to follow roughly a month after its upstream release, with some delay thanks to Canonical's recent DDoS‑related infrastructure issues. Critically, Pop!_OS has gone "entirely over to Wayland." That move, Richell says, freed the team from trying to build a cutting‑edge desktop on top of legacy X11 stacks and let them align COSMIC with the latest graphics and input pipelines from the start. Ask any Linux vendor about AI in 2026, and you'll likely get a flurry of product names; System76 is more circumspect. While Canonical, for example, is busy wiring "agentic AI tools" into Ubuntu so they're easy to add, Richell says System76 is still "thinking about it" and sees "more questions than answers" for now. The areas where he does see clear value for AI are pragmatic, Linux-user-focused ones, including accessibility features that can leverage AI, and smarter launchers that go beyond fuzzy string matching to actually understand user intent when they hit Super and start typing. In that world, the launcher might answer questions, locate files, or trigger workflows that shrink the distance between "I want this" and "it's done." But AI features will have to be optional, he insists, and designed with "the community's concerns around AI" in mind. For now, the company's to-do list prioritizes HDR, gaming polish, and foundational desktop work over embedding language models everywhere. That restraint might frustrate some early adopters, but it aligns with System76's tendency to ship infrastructure first and pretty features later. On the hardware side, AI shows up more directly in plans for the Paleo Mega workstation and in the market forces buffeting System76's bill of materials. GPU and memory prices are being driven upward by datacenter AI demand, which in turn raises the costs of high‑end desktops and workstations. The surprise for Richell is that demand for System76's boxes has held steady despite those increases, suggesting a base of customers who see local, Linux‑native AI workstations as a necessary capital expense rather than a nice‑to‑have. If there's a single idea that animates Richell when he talks about System76's next decade, it's the dream of "liberating the entire stack." Open source has already transformed the operating system and much of the software above it; he'd like to see hardware follow, turning the motherboard, firmware, and even some silicon into something you can read, fork, and improve. To that end, he said, "anything that we design inside of System76 is open hardware." System76 wants to go further with open hardware by creating reusable components that others can build into their own designs. Think of chassis elements, power distribution boards, or controller modules that can be dropped into third‑party projects – hardware analogs to open libraries and frameworks. The obstacles are obvious: CPUs, memory, and most major silicon are still dominated by opaque supply chains, NDAs, and closed firmware. RISC‑V offers a path toward open instruction set architectures, and System76 is watching that space as a way to eventually reduce its dependence on closed processor platforms. In the meantime, it has chipped away where it can, shipping its own open EC (embedded controller) firmware and adopting coreboot‑based system firmware on many laptops, closing a gap Richell once thought might never be solved. "It took us 15 years, but we got there," he says about open firmware. That timeline is probably the right yardstick for the rest of the hardware vision. Over the next decade, he wants System76 to take on more design and manufacturing in‑house, build more of its own components, and gradually expand the platform's surface area that can be studied, modified, and reused by others. The company will never be able to satisfy the most uncompromising free‑software purists – Richell readily admits they can't "work in a totally purist fashion" and stay in business – but its trajectory is pointed toward more openness, not less. For many developers and organizations who want control without giving up modern hardware, that may be enough. In 2026, most stories about PCs involve consolidation, commoditization, or retreat from the desktop toward cloud services and locked‑down devices. System76 is betting on a different future: one where there's enduring demand for machines you can understand, repair, and reimagine, running an OS that treats you as the operator rather than the product. It's a risky path. The company operates in a small, noisy niche where many rivals have tried and failed; Linux‑only hardware vendors have come and gone, often leaving behind little more than a blog post and some unfulfilled orders. System76's answer is to behave less like a startup and more like a craft manufacturer crossed with a small enterprise vendor: design your own hardware, invest in a factory, write your own desktop, and grow slowly enough that you never lose sight of the people actually using the machines. If the next ten years look anything like what Richell hopes, System76 could end up not just as "the company that still makes Linux desktops," but as the reference implementation for an open, full‑stack computing platform. In a world increasingly defined by black‑box AI and sealed hardware, that might be its most radical feature. ®

UK retail giant Tesco is replacing VMware with an alternative product and pressing ahead with its licensing lawsuit against the virtualization pioneer's parent company, Broadcom, in a matter due to be heard by the UK's High Court starting in November 2027. The roots of the matter are a January 2021 contract that saw Tesco acquire perpetual licenses for VMware's vSphere Foundation and Cloud Foundation products, plus subscriptions to Virtzilla's Tanzu products. The supermarket giant also signed up for support services and software upgrades until 2026, with an option to extend that deal for four years. Computacenter signed up as a reseller and relied on Dell as the distributor of VMware's products. Tesco also uses some of Broadcom's mainframe software, and wanted to extend support for that too. Tesco and VMware struck that deal before Broadcom acquired VMware. After the acquisition, Broadcom stopped selling standalone services for customers who did not adopt subscriptions for its software bundles. Broadcom was therefore unwilling to extend support for Tesco's VMware estate. The supermarket sued Broadcom in mid-2025, alleging breach of contract and anti-competitive behavior. The case picked up again in late May with a flurry of filings that The Register has just digested. The new filings reveal that Tesco has decided to quit VMware and Broadcom's mainframe products, is rushing to migrate to alternatives, has turned to third-party support providers for its VMware estate, and alleges Broadcom is abusing its market power. "Faced with Broadcom's abusive conduct, and given the criticality of virtualization and mainframe software and services to its business, Tesco has been forced to incur material costs to procure alternative solutions with reduced functionality, and to migrate to that software in a manner, and on a timeframe, that creates very significant risks to its business," the filing states. Those costs include payments for third-party VMware support because Tesco alleges Broadcom stopped supporting the virtualization software on January 29, 2026. The supermarket hopes to be off VMware by the end of 2027 but says that target is its earliest possible date and will require it to work "at exceptional pace." Elsewhere in the filing, Tesco says "the timeframe in which that migration must be undertaken has created and continues to create operational and commercial risk, and at material ongoing cost and disruption to the business." The risks aren't abstract: Tesco says it uses Broadcom mainframe software to order products for its stores and process its payroll. The retailer is also worried about data security and protection because the virtualization product it has chosen as a VMware replacement isn't compatible with the Veeam and Zerto tools it uses. Rejecting offers Broadcom appears to have made Tesco at least four offers, including a "Strategic proposal" in July 2024 that covered virtualization and mainframe products. Another delivered on January 9, 2026, offered separate terms for VMware products and mainframe software – the first time Broadcom dangled discrete deals. Tesco struggled to process it because Broadcom offered the deal just 19 days before the end of its existing agreements. Two offers arrived in April. Tesco says one proposed charges of $23.5 million (around £17.4 million) for a year of VMware Cloud Foundation 9.0 and Mainframe Software and Support Services. The retailer says that offer represented an increase of "around 175 percent" compared to the prices Tesco believes it was entitled to under its 2021 contract for VMware software and services, and a 350 percent increase for the mainframe products and services. The retailer described those price hikes as "manifestly unfair and excessive." Broadcom's amended defence rejects that characterisation, and also Tesco's claim that it deserves damages as it could not find an alternative supplier before its deals expire. Now that Tesco has found alternatives, Broadcom thinks the retailer can't easily point to losses that deserve damages payments. Other recent filings reveal that the matter is due to be heard in the UK's High Court during a window that opens on November 1, 2027, and closes on February 25, 2028. That doesn't mean the trial will consume all that time – it's an indication of when the court thinks it will have time to consider the matter. Broadcom has fought other high-profile cases over its licensing changes, most notably with AT&T and Siemens. The telco giant reached a confidential settlement, but the Siemens case is ongoing. On The Reg's reading of Tesco's filings, the retailer appears comfortable with litigating its claims with an argument that Broadcom refused to honor past agreements and that its main defense – it can't support products that don't exist since it reorganized VMware – is weak. Broadcom execs have told The Register they have an enormous dislike for providing extended support for old products and a huge preference to shift customers to subscriptions for the company's flagship Cloud Foundation (VCF). They argue that that continuing to use old VMware software sold under perpetual licenses is an act of corporate self-harm because VCF is so powerful it quickly pays for itself by improving IT department operations and improving business efficiency. But those messages aren't landing with some customers. We've reported organizations including Western Union, GEICO, and Computershare moving away from VMware, and even some VMware partners like Rackspace reducing their use of the virtualization giant's wares. We've also just learned that Belgian technical secondary school Scheppers Instituut Wetteren shifted to local contender Whitesky.Cloud to avoid a 400 percent price hike, and made the move without needing any new hardware. ®

Forty years ago, while working for a tiny subsidiary of a gigantic telco, I stumbled through pre-Git source code management and tried to avoid explosively devolving into a mess of conflicts after every merge. Thankfully, modern practices make it possible to work in massive, distributed teams, swarming around a codebase, working independently toward a collective goal. That sounds a lot like what we're heading toward with agents, and here it touches a nerve: nearly everyone in software engineering feels a deep terror as an invasion of agentic systems sweep all before them. Now that Stack Overflow has gone agent-first, what's left for us meatsacks? Shoulder-to-shoulder with the flesh-based cohort most immediately under the pump at a conference called AI Engineer Melbourne, I heard conversations about the future of software engineering working their way through denial, anger, bargaining, and depression, to ... coupon clipping? Now that organisations have been weaned off earlier 'all you can eat' subscription plans and onto 'pay-as-you-go' metered token consumption, they're all in various stages of sticker shock. Several talks at the conference discussed managing token costs, such as AJ Fisher's exploration of 'diffusion' models. Analogous to the diffusers used to generate images, they generate text at lighting speed, making them cheaper to operate while also being less accurate than the pricey and slower “autoregressive” frontier models. Fisher's solution? Use a low-quality model and make it iterate on a problem (that new classic, the Ralph Wiggum loop) until it gets a satisfactory solution. This approach delivers the same result as a full-fat model, for anywhere from one half to one tenth the spend. Google released its DiffusionGemma mode, which produces text at prodigious speed, just days after Fisher's talk, giving everyone the ability to try this approach. But some engineers reject AI in 'all the things'. Annie Vella, author of the seminal essay "The Software Engineering Identity Crisis" shared what she's learned about the feelings of grief experienced by a cohort of software engineers, provoked by AI tooling. We've seen the field divide into 'all in' and 'never ever' camps (even in the pages of El Reg), with a broad middle cautiously getting their feet wet. That divide has roots in two styles of work: those who look for outcomes, and those who look for learning, for whom the journey into understanding is the whole point of the exercise. Short circuiting that journey with AI tools makes folks for whom the journey is the reward feel cheated. How do we breach the divide? Annie suggests sensitivity, listening, and openness to change on both sides - highlighting human qualities in the machine age. Kaggle and fast.ai alum Jeremy Howard took a different tack, reminding the audience of the importance of critical thinking - really, a plea to just keep thinking, a refrain we'll be hearing a lot as we struggle to avoid nodding off in the warm bath of machine thoughts. He followed up with a demo of SolveIT, his still-in-beta tool combining some of the best aspects of Python notebooks, Mathematica, Wikipedia, and a chatbot, offering up a counterexample of an environment designed for swimming in the sea of knowledge, rather than floating off into mindless oblivion. Finally, Daniel Rodgers-Pryor's "Fully Automated Luxury Gay Space Engineering" blew my mind with a practical, working vision for AI in the engineering department. Rodgers-Pryor's entire CI/CD pipeline feeds all of its metrics, messages, logs and user feedback into a set of AI agents that quickly identify issues, find the underlying problems, fix them, integrate solutions into the codebase, test them, and push them out to users. What sounds like a recipe for disaster turns out to be a formula for a self-healing, 'anti-fragile' system that improves as the pressure on it increases. More users? Good. More metrics? Great! More messages and logs? Even better. Agents eat all of that data and use it to improve the performance of the overall system. Rodgers-Pryor's "closed feedback loop" reminds me of a 20th century production line worker dipping into the stream of bonbons (or widgets) eyeing a few for quality, then tossing them back into the stream. "This is your job now," he concludes. "How can you can make those feedback loops shorter and tighter?" Software engineers have been forced to absorb more change in the last three years than in the previous thirty, and have every right to be a aggrieved about that. Yet as AJ Fisher, Annie Vella, Jeremy Howard and Daniel Rodgers-Pryor all portrayed in their own ways, adopting AI looks less like rolling over before the dictates of the machine, and more like exploring a whole new world. Like any journey into a new realm, perils and hardships await. Who's to say that's not the price of admission for a once-in-a-lifetime opportunity? ® The author attended AI Engineer Melbourne as a guest of the conference.

A cyberattack on Australia’s second-largest sugar producer has forced farmers to keep crops in the ground, and looks like denting their incomes. Mackay Sugar, based in the Australian state of Queensland, processes sugar cane farmed in nearby districts. The company disclosed a cyberattack on June 10 and limited operations while it dealt with the fallout. Some operations remain restricted, but the company said on Monday that it managed to perform some manual crushing at its Farleigh Mill site, working with sugar cane that was harvested before the attack. “Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting, and mill operations,” Mackay Sugar said in a statement. “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week.” While the company is optimistic it can resume crushing, it's advised growers not to harvest their crops for the time being. That edict works for Mackay Sugar because sugar producers need to process crops within 48 hours of harvest. Doing so preserves high sugar content and overall yield. Delaying the processing for any longer after harvesting could result in sucrose converting to simple sugars, unwanted fermentation, and lower yields. But late harvesting can reduce the quality of cane, reducing the price they earn for their crops. Interrupted harvesting also impacts the railways used to move cane from farms to mills. Mackay Sugar acknowledged the impact its downtime could have on growers and other partners, and committed to restoring systems safely. “We are communicating directly and regularly with our employees, growers, and key partners,” it said. “We recognise the impact this incident is having on our growers, and we are doing everything we can to support them and to safely resume full operations as soon as possible. “We take our responsibility to protect our systems, operations, and information very seriously. We apologise for any disruption this incident has caused and will continue to provide updates as we continue our investigation.” The company operates three mills across Queensland, two of which were operating at a limited capacity due to the attack. Its Racecourse Mill, described as the heart of the business and home to its corporate offices, was among those affected. Racecourse Mill typically generates 213,000 tons of raw sugar and 58,000 tons of molasses a year, and the site’s cogeneration plant generates 156,000 MWhs of renewable electricity a year, around 71 percent of which is sent back into the national electricity grid. Mackay’s mill in Farleigh, the company’s oldest, was also affected. It typically produces around 196,000 tons of raw sugar and 49,000 tons of molasses per year. The company’s largest and most productive factory, Marian Mill, was unscathed. Ungentlemanly conduct Cybercrime group The Gentlemen claimed responsibility for the attack on Mackay Sugar, posting the company to its data leak site without offering any details about the attack or whether it stole data to use as leverage for extortion demands. Cyber threat intelligence professionals have known of the group for almost a year, after spotting it in July 2025 and classifying it as a ransomware-as-a-service provider. However, there is no evidence that ransomware was used in the attack on Makay Sugar. The company has never mentioned ransomware in its statements, referring to the attack only as a “cyber security incident.” However, The Gentlemen is known for using file-encrypting malware in its double extortion attacks. The group caught the attention of Microsoft’s researchers, who last month published a deep dive into how it carries out attacks. Microsoft’s report noted that not only do The Gentlemen affiliates have access to a powerful file encryptor, but also one that self-propagates, which “increases the likelihood of widespread impact once initial access is achieved.” It has also recently established a partnership with BreachForums, which allows the group to recruit prospective new affiliates with different skillsets, such as penetration testers and initial access brokers. ®

With no end in sight to the memory crunch, AMD thinks that AI, the main cause of the shortage, could be part of the solution. This week, the House of Zen acquired predictive memory startup Mext for an undisclosed sum, setting the stage for a world where bots decide which data to put into RAM and which to store in less-expensive flash. Founded in 2023, the Mext proactive memory platform uses machine learning algorithms and learned heuristics to proactively offload "cold" memory to flash storage, and, based on data access patterns, restore it before its needed again. Modern flash arrays are already approaching main memory in terms of aggregate bandwidth, but swapping to disk still imposes a stiff latency penalty. Mext claims it can expand the effective memory of a system by 2 to 4x using flash, which gig for gig is still vastly less expensive than DRAM. This flash memory is exposed to the operating system like regular memory simply by running the Mextd daemon. Memory tiering is nothing new and has seen various reincarnations over the years with some being software based and others, like Intel Optane persistent memory, using special 3D XPoint memory tech co-developed by Micron. Mext stands out for its use of machine learning to migrate data from hot memory to cold storage almost like a branch predictor — something AMD has an awful lot of experience with. Mext isn't using one model to decide when to shuffle your data. Instead it uses a series of heuristics, long short term memory, and modern transformer architectures depending on which combination renders the best results. “This approach has the potential to reduce infrastructure costs, improve resource utilization, and help customers more effectively scale general-purpose and AI workloads,” Dan McNamara SVP of AMD’s compute and enterprise AI biz wrote in a blog post this week. Beyond enterprise applications, the technology could have implications for AI serving. Modern mixture of experts (MoE) models are, as their name suggests, comprised of multiple sub-models. For each token predicted, a different selection of experts may be used. In practice an LLM may use some experts more frequently and others rarely. We wouldn't be surprised to see AMD use Mext's prediction algorithms to offload infrequently utilized experts from HBM to slower system memory, enabling enterprises to take advantage of larger more capable models with fewer resources. That’s just speculation of course, but we've reached out to AMD for comment; we'll let you know if we hear anything back. ®

HANDS ON That new AI-juiced Siri that Apple rolled out last week at WWDC was supposed to set a new paradigm for on-device AI. But don't believe the hype coming out of Tim Cook's final big event. After a week-long test drive, it seems like Apple just crammed Google AI Overviews on top of the most useful parts of its various operating systems and made the whole ecosystem more cumbersome to use. But hey, it has more AIs! I’ve been running the iOS and macOS 27 developer betas since they were made available on June 8, and I was blessed by the waitlist gods with access to the new version of Siri a few days after that. There are definitely some useful new features: Siri now carries on actual conversations, which makes it far more useful than the ask, get a response, we’re-done-here flow of the old Siri that left no room for clarifying questions or follow ups. Siri is now able to find things on my device more easily too – at least on my M1 MacBook. My iPhone 15 Pro has been telling me it’s still re-indexing my device after the update for more than a week, but I was still able to use it to conduct web searches and find some things on my phone – it's possible this message itself was an error. The dedicated Siri app is also nice in its own way, as it shows a record of every conversation I’ve had with the new Apple Intelligence front end for later review, but that comes with a caveat, too. Even the most brief questions – the overnight weather forecast, for example – is now stored in perpetuity, cluttering up the list of chats we’ve had until I manually delete it. The only apparent alternative is setting an expiration window for past chats and losing records of the more useful conversations we’ve had. Who turned out my Spotlight? Those are small inconveniences, however, compared to my biggest gripe with Siri AI: It’s completely ruined Spotlight. I’ve come to rely on Apple’s embedded search/launcher feature almost exclusively for digging up apps that I don’t keep a shortcut for, and on my iPhone, it’s the main method I use to kick off a web search because it's so simple. Swipe down from the center of the screen, type what I want to search for, and tap on the item that points to my query as a Google search in Safari. Swipe, type, and a tap and I’m perusing a search result page. Not anymore. The new Siri-first interface that presumes that if you’re searching for anything but an app or file, you must want Siri to feed you a few links of Apple Intelligence’s choosing. Getting to a web search from a Spotlight query now requires multiple taps: Type your query, tap “Show Results” (careful: hitting enter will trigger Siri to craft a response, eliminating the possibility of seeing any actual Spotlight content), tap on “Show More” next to the list of Siri-surfaced web results, scroll down until you see Search Google (or whatever engine you have set as your default), then tap that. Maybe I’m being a grumpy old journalist who likes things the way they used to be, the transformation of Spotlight into a Siri interface seems like intentional degradation of a basic feature in order to front-load an AI that in my experience so far is largely an inconvenience. Overall, the experience reminds me of Google’s much-maligned and often wrong AI Overviews, which push actual search results down the page in favor of force-fed info from Google Gemini. There's a logical reason for the similarity. At the end of 2025, Apple replaced its former AI chief John Giannandrea, formerly Google's SVP of search and AI, in a bid to right the Siri ship. Taking his place was another Google alum with even closer ties to The Chocolate Factory’s AI strategy, Amar Subramanya, who spent 16 years there, including a turn as the head of Gemini engineering. Subramanya, now Apple’s VP of AI, now reports directly to Apple's SVP of software engineering, Craig Federighi, who himself has assumed responsibility for Apple’s machine learning initiatives, including the construction of Apple foundation models. As we learned at WWDC last week, Apple has leaned heavily on a partnership with Google to build its foundation models, and it appears Subramanya has brought some of that Google AI ethos with him as well. So, what’s the alternative to the new AI bloat in iOS 27? Siri can still be turned off entirely in the Settings app, so there’s that, but I’ve decided to take another tack and use one of Apple’s other AI features to get what I want. As the iMaker mentioned at WWDC, you can now create shortcuts (tiny scripts that automate basic tasks) by making a natural language request to Siri. In my case, I asked it to build a shortcut I could drop on my home screen to do a Google search with whatever text I input. It works perfectly, and is available to duplicate on your own iDevice should you see fit. Again, this is a developer beta, so it’s entirely possible that Apple will wise up and stop burying basic Spotlight search functionality before its 27 series of OSes release to the public this fall. We asked Apple if the change was intentional, but didn’t hear back. ®

Python developer Roman Imankulov nearly took the bait. The fact that he didn't can be chalked up to human intuition and AI code vetting. A person claiming to be a recruiter from a small crypto startup got in touch through LinkedIn, looking for help with what she described as proof-of-concept code that didn't work. The company, she explained, needed a lead engineer. As Imankulov described the exchange in a blog post, the recruiter asked him to look into an issue with a deprecated Node module. Something about the request seemed off. "I'd heard, as probably all of us have, about those types of attacks," Imankulov explained in a phone interview. "And I was like, 'what if this could be I could be the target?' It was just based on the past experience that I had." So he took the unusual step of spinning up a VPS on Hetzner where he cloned the repo. He then used his Pi coding agent (running Codex) to conduct a read-only analysis of the code. "I ran an agent to test how it worked, and I was almost certain that it would return to me 'everything is clear, the code is ugly but in general it's safe to run and just go ahead and perform your review,'" he explained. "To my surprise, almost immediately the agent returned a response like, 'Don't run this code, just walk away because there's a trap.'" The AI model had flagged one of the files, app/test/index.js. The file contained a backdoor. It took the form of a server URL, fragmented to look like a test suite configuration, and a network request that will run anything the server sends in response to the request. Imankulov credited his AI agent with catching details that he had missed. "I opened this code myself and I skimmed through this code and it looked to me like just, you know, a regular sloppy file written by a sloppy developer," he said. "So I just scroll down, [thinking] 'Yeah, yeah, it's awful, but you know if they can pay me to fix this code, I don't mind.' But the agent in the very same file found the exact vulnerability that I overlooked." Just installing the repo using npm would have been sufficient to trigger the backdoor. The repo's package.json file contained a "prepare" post-installation hook designed to run the script following the installation process. The referenced malicious repo is no longer accessible – presumably GitHub removed it in response to Imankulov's complaint – but a clone can still be found. "What makes this attack insidious is how it hijacks standard developer workflows," explained Devashri Datta, independent open source and security architect, in an email to The Register. "The adversary didn't rely on the target executing a suspicious binary; they relied on the target running a routine command: npm install. "By burying the execution logic inside the prepare lifecycle hook within package.json, the malicious payload triggers automatically during dependency resolution. This isn't a novel technique, but it remains highly effective precisely because developers run npm install on autopilot. The string fragmentation used to assemble the malicious URL, piecing together a domain from small constants, was deliberate obfuscation designed to defeat static analysis tools that scan for hardcoded indicators of compromise." Imankulov said that the commits in the malicious repo appeared to be the work of a developer with an established web presence and body of work. But when he contacted the supposed author, the dev said he had been impersonated on GitHub more than once and didn't write that code. The recruiter's LinkedIn profile referenced a real arts journalist, though Imankulov believes the associated profile was faked. His online interactions with the recruiter suggested a level of technical knowledge not evident in her work history. LinkedIn likes to talk about the tens of millions of fake accounts it catches and removes before they interact with anyone. But hundreds of thousands of accounts still get created and interact with people before being detected and flagged. And that number keeps growing. In the period from January through June 2025, LinkedIn restricted 386,000 accounts after user reports. That figure was 266,000 in the prior six month period. And it was a mere 86,000 in the January through June 2021 period. These sorts of software supply chain social engineering attacks have become commonplace. Earlier this month, we noted how North Korean-linked scammers have been running various campaigns to compromise developer accounts using fake interviews and job offers. Other developers have reported nearly falling for these scams (and also being saved by their AI agent) and have posted code analyses. Datta said Imankulov's response highlights a shift in how security-conscious developers are approaching code review hygiene. "Historically, the guidance was to sandbox untrusted code or review it manually," she said. "Here, Roman deployed a local AI agent in a constrained, read-only environment to analyze the codebase before executing anything. This is a useful counterpoint to the dominant narrative around AI as an offensive threat vector. Used defensively at the developer endpoint, an AI agent isn't susceptible to fatigue or social pressure; it simply surfaces anomalous behavior, such as a test suite initiating an outbound network connection to retrieve unverified code, in seconds." npm 12 could change the game If it's any consolation, the relevant attack vector should be addressed next month. GitHub, which maintains npm, is preparing to release npm 12 which changes the behavior of the npm install command. The allowScripts setting will be defaulted to off. "npm install will no longer execute preinstall, install, or postinstall scripts from dependencies unless they are explicitly allowed in your project," GitHub explains. "Install-time lifecycle scripts are the single largest code-execution surface in the npm ecosystem," explained GitHub product manager Leo Balter in a community discussion post last week. "Every npm install runs scripts from every transitive dependency, so a single compromised package anywhere in your tree can execute arbitrary code on a developer machine or CI runner. Making script execution opt-in closes that path while keeping it one command away for the packages you trust." Imankulov said he doesn't have a strong opinion about that. "From my perspective, just for the sake of personal safety, I switched to pnpm just to make sure that I don't execute those scripts by default," he said. Datta said the incident underscores why enterprise software supply chain security had to extend beyond the perimeter of the corporate network. "Attackers are now shifting left all the way to individual engineering endpoints before a single line of code enters the corporate supply chain," she said. "When a developer's local workstation is compromised during what appears to be a routine job interview, that machine frequently holds active SSH keys, cloud provider tokens, and live access to internal repositories." Proper defense, Datta contends, requires enforcing technical guardrails such as isolated developer containers or secure cloud workstations for evaluating third-party or untrusted code. "Emerging frameworks are beginning to extend exploitability context down to the workstation layer itself, recognizing that VEX-style signal needs to travel further left than the enterprise SBOM inventory if it is to intercept threats at the point of introduction," she said. ®

When it comes to networking supercomputers, Nvidia's InfiniBand rules the roost, but a new competitor is sneaking into the space with its own solution. This week the Department of Energy powered on a new cluster at Lawrence Livermore National Laboratory, and gluing it all together is Intel spinoff Cornelis Network’s Omni-Path interconnect tech. Lynx is a relatively modest bit of iron, at least as DoE supers go, packing 952 Dell Technologies PowerEdge nodes powered by Intel’s aging 4th-gen Xeon Scalable processors, codenamed Sapphire Rapids. The system, commissioned by the National Nuclear Security Administration (NNSA) will provide additional compute capacity for some of America’s most secretive workloads. But what sets the machine apart isn’t the compute, but rather its choice of interconnect. Most DoE systems today either use HPE Cray’s proprietary Slingshot 11 or Nvidia’s InfiniBand networking. Lynx uses neither, instead opting for Cornelis Network’s CN5000-series Omni-Path switches and NICs. “The collaboration between the NNSA ASC program and Cornelis has been rooted in a shared commitment to advance high-performance computing. Lynx reflects the results of that public-private R&D investment and will support the modeling, simulation, and analysis capabilities that underpin the modern NNSA complex,” Matt Leininger, a senior principal HPC strategist at LLNL, said in a statement. If Omni-Path sounds familiar, that’s because it’s been around in one shape or form for the better part of a decade. Originally developed by Intel in 2015 for HPC applications, the lossless interconnect is similar in many respects to InfiniBand. Several DoE Labs were early adopters, including Los Alamos National Lab’s Trinity super and the Cori machine, before Intel pulled the plug in 2019. The division was eventually spun off in 2020. For many, this is where the story ended, but in 2025, the company unveiled its CN5000 family of NICs and switches to the world, promising 400 Gbps connectivity with near linear performance scaling. The tech quickly attracted the attention of the DoE which tapped the niche networking startup’s tech for its Lynx system last summer. Omni-Path not only offers the agency an alternative to InfiniBand for non-Cray systems, but is now one of the fastest interconnects at their disposal. The majority of the Cray systems deployed by the DoE labs operate at 200 Gbps. InfiniBand technically can accommodate higher port speeds, but is in extremely high demand for AI compute clusters. For Cornelis, the deployment represents a significant proof point for the company’s next-generation Omni-Path protocol and networking systems. “It's laying that foundational proof point for the industry to see that the most demanding customers out there have run it through its paces and are seeing really good results,” Cornelis CEO Lisa Spelman told El Reg. In particular, Spelman says the deployment allowed Cornelis to demonstrate the scaling efficiency of its CN5000 portfolio. As compute clusters grow larger, network interconnects can quickly become a bottleneck. “We were able to show a 91% network scaling efficiency, which is great for this size of cluster,” she said. This scaling is so good, in fact, that Spelman expects to see Lynx outperform similarly sized clusters using more modern processors simply because the interconnects are more efficient. Lynx won’t be the last supercomputer Omni-Path finds its way into. The company is working on additional systems, including some, we’re told, that will make use of some non-traditional accelerators. “We're looking forward to the next chance to prove it at 2,000, 5,000, 10,000 and just keep going up from there,” Spelman said. Cornelis is also working to bring faster 800 Gbps equipment to market later this year, timed with the release of PCIe Gen 6.0-compatible CPUs from Intel, AMD, and others. PCIe 5.0 connectivity effectively caps conventional NICs at 400 Gbps. Nvidia and some others have side stepped this problem by integrating large PCIe switches into their NICs which offers additional bandwidth, but adds cost and complexity that Spelman says Cornelis would prefer to avoid. CN6000 is expected to launch in the second half of this year, and is expected to bring with it support for Ethernet connectivity allowing for greater cross compatibility with existing networks.®

Imagine being paralyzed so badly that not only can't you move your hands or feet, but you can't speak either. For years, brain computer interfaces have presented the tantalizing promise of reading brainwaves well enough to allow a person to communicate and access a PC. Now, a new breakthrough shows how someone can talk and even work a job while afflicted with a motion-robbing disease. A team of scientists from the University of California, Davis, published a paper Monday detailing a years-long study of a brain computer interface (BCI) system implanted in a patient with amyotrophic lateral sclerosis (ALS, also known as Lou Gehrig’s disease), which destroys motor neurons and causes loss of motor control and eventual paralysis. According to the team, their patient, Casey Harrell, has been living with BCI implants since 2023 that are still working today, giving him the ability not only to control a computer cursor with his thoughts, but also to speak. The Davis team is part of a broader coalition of universities with the US Department of Veterans Affairs known as BrainGate. They're working on a variety of neuroscience projects to do things like restore speech, use computers, and, in some cases, restore movement. In Harrell’s case, the Davis team was trying to figure out how to turn experimental tech into something long lasting and practical for use outside of a laboratory. Davis neurosurgeon David Brandman, co-principal investigator and co-senior author of the paper published Monday, as well as the surgeon who placed Harrell’s implant, described the results his team published as the crossing of a threshold in BCI technology: Not only has Harrell’s implant been working well with daily use since 2023, but it’s also incredibly accurate. In controlled tests, the system managed to synthesize sentences from Harrell’s brain activity with 99 percent accuracy; outside of the lab in daily use, Harrell still assessed it as being accurate 92 percent of the time. “The key thing to me is that it’s enabling everyday communication for a guy who wants to talk but can’t,” Brandman told The Register in an interview. “Despite being paralyzed [Harrell] has gone back to work full time and has meaningful conversations with his daughter who’s never heard the sound of his voice.” Prior work in the BCI space, Brandman told us, has either required researchers to be in a patient’s home whenever they’re using the tech, or for the patient to come to the researchers. That’s not the case here, with the system allowing Harrell’s home care team to hook him up to the system themselves, enabling him to use the device for more than 3,800 hours in the past few years. Based on the time the study was filed (It published Monday but went into peer review in July 2025) that would mean Harrell was using the device for more than five hours a day, on average. “It is a life that is more full of dynamic action and with friends and family, with colleagues, and it is something that allows me to communicate more in my natural way of communicating than any other technology that I have experienced,” Harrell told UC Davis via his BCI system. An actual practical use of AI Brandman is no stranger to BCI technology: Along with being a key figure in the BrainGate consortium, he’s also worked as study principal in investigating the safety of commercial BCI tech from Paradromics, one of the leading companies in the space alongside Synchron and Neuralink. As Brandman explained it, the Davis study didn’t involve any purpose-built hardware, instead making use of an existing BCI design produced by Blackrock Neurotech. The big advancement, says the Davis neurosurgeon, is with his team’s use of machine learning technology. The lab has built its own software platform for operating BCI devices known as Brain-computer interface for Rapidly Adaptive Neural Decoding (BRAND, which Brandman told us was coincidentally named), which UCD postdoctoral fellow Nick Card built machine learning algorithms for. BRAND is now used across the BrainGate consortium, and is where the secret sauce of the project’s success lies. According to the paper, BRAND’s AI algorithms are able to translate activity in Harrell’s ventral precentral gyrus, the part of the brain that controls motor function in the face, mouth, and jaw, into English-language phonemes. Additional algorithms in the software map those phonemes to words, and words to sentences. The end result is some very precise speech synthesis that allows Harrell to work full time as an environmental advocate. As for when the technology being developed by the UCD team might hit the commercial market, Brandman tells us that other technologies in the BCI space, such as those from Neuralink and others, are all working on tech with the same sorts of goals. His team’s objective is just to prove that BCI systems are more than just dead-end laboratory experiments. “My job is to derisk it,” Brandman told us. He likened the current state of BCI technology to early pacemakers, which started off in the 1950s having to be wired to hardware outside the body that was often connected to large batteries or directly tethered to the wall. Fast forward seventy years, and pacemakers are so simple to implant they’re often done in an outpatient procedure. “We’re at the early stages of this kind of technology,” Brandman said. “Casey has demonstrated that this kind of tech is practical.” Harrell may be wired up to a bunch of bulky external computers now, but combine the Davis UCD team’s AI advancements with the hardware work being done by other firms, and the future looks brighter for a lot of people whose lives are limited by paralysis and other impairments. “I want desperately to not be unique or special, because that will mean I no longer have the disease or that everyone that has the disease like me can get [BCI] prescribed to them,” Harrell said. BrainGate is currently accepting applications for future study participants. ®

Three critical flaws in Fortinet’s sandbox that allow remote attackers to bypass authentication, escalate privileges, and execute malicious code are under active exploitation, according to threat intelligence firm Defused. Fortinet patched two of the three flaws, CVE-2026-39813 and CVE-2026-39808, in April and the third, CVE-2026-25089 last week. All three bugs received 9.1 CVSS ratings, and, at the time, the vendor said that there were no reports of active exploitation. CVE-2026-39813 is a path traversal bug in the FortiSandbox JRPC API that allows an authentication bypass using specially crafted HTTP requests. It affects FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5. Patch to 4.4.9+ or 5.0.6+, depending on the branch, to fix the flaw. Fortinet security analyst Loic Pantano found this one. CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized code or commands via HTTP requests. It affects versions 4.4.0 through 4.4.8, and upgrading to FortiSandbox 4.4.9 or above patches the hole. Fortinet credited KPMG Spain researcher Samuel de Lucas Maroto with finding and reporting this bug. Finally, CVE-2026-25089 is another OS command vulnerability in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI that allows unauthenticated attackers to execute unauthorized commands using specifically crafted HTTP requests. FortiSandbox 4.4.0 through 4.4.8 and 5.0.0 through 5.0.5, FortiSandbox Cloud 5.0.4 through 5.0.5, and FortiSandbox PaaS 5.0.4 through 5.0.5 are vulnerable. Upgrading to a fixed version patches the hole. Fortinet did not respond to The Register’s inquiries about these three CVEs and if the vendor had also observed any attacks against them. According to Defused, the exploitation began over the weekend. “We are observing exploitation of multiple Fortinet FortiSandbox vulnerabilities during the past 24 hours,” the threat-intel firm said in a LinkedIn post on Monday. “Per our research a working exploit for CVE-2026-25089 has not yet been publicly disclosed,” the company added, noting that the exploit for this flaw appeared to be vibe coded and may be faulty. We do know that all manner of miscreants love to abuse Fortinet flaws, so if you haven’t already, patch now. Earlier this month, Check Point VP of research Lotem Finkelstein warned that ransomware crims had exploited a critical authentication bypass vulnerability affecting Fortinet's Remote Access VPN and Mobile Access deployments, and said that the same crew was also likely abusing other VPN-related vulnerabilities in Fortinet products. ®

Retro computing brand Commodore has brought its pre-internet sensibilities to the mobile phone market with a $500 flip handset that proudly ships without social media, email, a web browser, or most of the things people typically buy smartphones to use. The company unveiled the device, dubbed Callback, this week and pitched it as a privacy-focused antidote to doomscrolling. Built in partnership with Finnish outfit Jolla, whose Sailfish OS traces its roots back to former Nokia engineers, the Linux-based handset attempts to split the difference between a feature phone and a smartphone. If your idea of progress is deleting half the apps on your phone, Callback may be for you. Commodore has removed email, social media, web browsing, workplace chat apps, and AI assistants, while bringing back physical controls and T9-style texting. Instead, buyers get a flip phone with a 48 MP Sony camera, FM radio, HD audio support, a selection of Commodore-themed games, and enough Android compatibility to run "99 percent" of Android applications through Sailfish OS's compatibility layer. "Phones were fun. Then they got too smart for their own good, and ours," said Commodore chief executive Peri Fractic, who said the idea grew out of his own efforts to reduce screen time before becoming a father. The company leans heavily on privacy as a selling point, promising no hidden data collection, no account sign-ins, encrypted storage, and what it describes as a "private not profit" business model. For many tech veterans, however, the real selling point may simply be the badge on the front. Long before smartphones, app stores, and algorithmic feeds, Commodore systems occupied bedrooms, classrooms, and living rooms around the world. For a generation of geeks, the brand still evokes cassette tape loading screens, SID-chip soundtracks, and countless hours spent typing programs from magazine listings. That's also why the company keeps getting resurrected. Commodore International collapsed in 1994, but the brand has spent much of the intervening decades bouncing between various owners eager to capitalize on the affection still attached to the name. Callback will initially launch in five versions, ranging from a $500 BASIC Beige model to a $640 Founders Edition complete with a 24-carat gold Commodore button. Whether nostalgia translates into sales remains another matter. Privacy-focused and minimalist phones have appeared regularly over the past decade, such as Punkt, usually attracting plenty of headlines and relatively few customers compared with the hundreds of millions of mainstream smartphones sold each year. Still, for anyone nostalgic for the days when hanging up the phone actually ended the conversation, Commodore has an answer: snap it shut and walk away. ®

OPINION Do AI agents need a new kind of CPU? That's what Arm, Nvidia, and a growing number of chip designers would have you believe. Arm named its first datacenter silicon the "AGI CPU." Nvidia CEO Jensen Huang described Vera as a "CPU for agents," and AWS's Graviton 5 marketing is chock full of references to agentic AI. None of these Arm-based processors are going to bring about the singularity. They're not even AI accelerators. Don't let the spin doctors fool you – these chips are nothing more than general-purpose processors that have received an AI glow-up. Sure, AI agents and their harnesses need CPUs. No argument there. But agents aren't one workload. They're simply a bridge between the AI model and the same applications we've been running for decades. And the tools those agents end up running often look wildly different. Some will benefit from a higher ratio of memory bandwidth to compute, some will perform better on chips with large unified caches or dedicated compression engines, while others will prefer high frequency over core count, or vice versa. There's a reason AMD and Intel don't just build one Epyc or Xeon SKU, and why all of the "purpose-built" agentic CPUs look so different. If you look at what Nvidia has built with its 88-core Vera CPU, the chip promises high single-threaded performance with gobs of memory and interconnect bandwidth. As Huang explained it during his GTC Taiwan keynote, this combination of compute and bandwidth is key to keeping latency as low as possible. "There will be billions of agents and these agents are going to be using the CPUs with very little patience because the cost of the GPUs they sit next to is too high," he said. But of course Huang would say that – he's in the GPU-slinging biz. Vera, just like Grace, was designed to keep data flowing between the CPU and GPU as smoothly as possible. Data movement is literally Vera's thing. Arm's AGI CPU, meanwhile, looks to be a bog-standard Neoverse V3 processor with 136 cores that's been stripped of anything an agent is unlikely to need in order to keep power consumption as low as possible. No simultaneous multithreading or dedicated accelerators, minimal vector extensions, but loads of memory bandwidth. Amazon's 192-core Graviton 5 processors, announced at Re:Invent last winter, are essentially a scaled-up version of Arm's AGI CPU, right down to the Neoverse V3 cores, but arguably even more generic. To echo Corey Quinn, "please, for the love of all that's holy, stop calling them 'AI chips.'" Not to be left out of the fun, Intel and AMD have also been keen to recast their flagship Xeons and Epycs as the ideal platforms for running AI agents. At Computex earlier this month, Intel showed off a couple of reference rack designs packing as many as 36,864 x86 cores into a 100 kW rack. Meanwhile, AMD, following an initial round of Vera CPU benchmarks, went on the defensive last week, arguing that concurrency, not latency, is the metric that matters most when running agents at scale. The House of Zen projects that for a 100 kW power envelope, its 256-core Venice Epycs, due out later this year, would deliver 3.3x higher throughput per rack than Vera. If it feels like everyone has a different opinion on what the ideal agentic CPU should look like, that's because, as with any other datacenter workload, there's rarely one right answer. We see this in early benchmarks of Nvidia's Vera CPU. Late last month, FOSS-friendly publication Phoronix got early access to the chip and ran a subset of its test suite that Nvidia apparently felt was representative of its target market. The chip achieved a geo-mean score 10 percent higher than AMD's 128-core Epyc 9575F, and 55 percent higher than Intel's 128-core Xeon 6980P. That's a strong showing. But looking closer at the results, it becomes clear that Vera performs better in some apps than others. And this gets to the crux of it all. There has never been one CPU to rule them all, and as the AI hype cycle enters its agentic era, there certainly isn't one now. ®

Firefox 152 is now available for download, after no fewer than four minor point releases to its predecessor, last month’s Firefox 151. And quieting noisy tabs has never been easier. It’s a good time to check out the Fox: recently, this patch to the Google Chromium codebase, continues closing the door to Manifest V2 extensions, as The Register warned you was coming early last year. As the W3C documents, the forthcoming Google Chrome 150 turns off the last workarounds available for full-power ad blockers, and Chrome 151 will nuke them altogether. Firefox 152 revamps the layout of the Settings page. To be honest, we had no particular problems with this before, but it’s a good thing to make it easier to twiddle the knobs and dials that make Firefox arguably the most extensible and customizable web browser. The new version also understands that sometimes you just want it to shut up. When a tab (or, worse, multiple tabs) are playing audio, if you go to the address bar and type “mute” (or “sssh” or “hush”), then a new Quick Action button appears beneath it offering to immediately silence all tabs in all windows at once. For some streaming services, there are also improved media playback controls on the tab context menu, but we don’t use streaming much around these parts and weren’t able to test this. If you admired the cleverness of the JPEG XL format as much as this Vulture , then we have glad tidings. Back in 2022, we reported that Google was dropping JPEG-XL support from Chromium and Chrome. Back in January, Mountain View changed track on this, and now, Firefox 152 has experimental JPEG XL support too. The functions for sending tabs to other devices, and for copying URLs for easier sharing, have been improved. There’s an optional new “Send Tab” toolbar button. You can also right-click on a tab button and get options to send it to a nominated device, or copy its URL for sharing. Better still, this also applies to groups of tabs: hold down Ctrl or Cmd, select several, and right-click any of them, and they’ll all be sent, or their URLs copied, in one action. There are also multiple bug fixes, about 40 security fixes, and as always, some new features for developers. Speakers of Basque or Galician will welcome their inclusion in its translation répertoire. Mozilla’s fast release cycle for Firefox is a minor irritation, yes. (Of course, there’s always the Extended Support Release channel, if you want to hop off the treadmill.) However, one interpretation of it – and the stream of bug-fix versions – is that Mozilla is working hard on Firefox, and in our view that’s good news. A new source of information that the company has published with this version) is the new Firefox Roadmap, which has info about future planned changes. ®

Microsoft is facing AI-related issues on multiple fronts. Disgruntled investors have flung a sueball at the company over its Copilot claims, while it is reportedly turning to other cloud vendors to help with AI-induced scalability issues at its coding collaboration tentacle, GitHub. The sueball is a class action, filed by the City of St. Clair Shores Police and Fire Retirement System in the Seattle US District Court, that alleges that Microsoft bosses (including its CEO, Satya Nadella) made "materially false and/or misleading" statements about adoption of the company's Copilot technology. On the contrary, according to the complaint, "Microsoft’s flagship proprietary AI model ranked well below competitors on a number of benchmark tests," and "Microsoft had failed to convert a significant percentage of its commercial Microsoft 365 users to paid Copilot subscriptions and the Company's Copilot offerings had lost market share to rival products, a trend that was increasing." Some organizations are gung-ho for Copilot these days – NHS England, for example, announced plans last week to roll the technology out to more than half a million staff. However the class action alleges Microsoft's SEC filings did not clearly explain problems "regarding the development and customer adoption of Copilot products and Microsoft's proprietary AI models." On January 28, Microsoft announced results for its fiscal second quarter, which included a slowdown in Azure growth and an admission that paid Microsoft 365 seats had reached only 15 million out of 450 million Microsoft 365 users. The company's shares subsequently declined by more than $48 per share, around ten percent of their value at the time, according to the complaint. “We are aware of the complaint and believe the claims are without merit. Microsoft stands by the integrity of its public statements and will vigorously defend itself in court," a Microsoft spokesperson told The Register. Git thee to AWS? Microsoft's AI headaches are not limited to the sueball, which the company reportedly claims "is without merit." Its source-shack tentacle, GitHub, is also reportedly facing the possibility of being forced to leap into bed with a rival to address ongoing reliability and scalability woes. Microsoft acquired GitHub in 2018, but the source site has sometimes struggled with availability amid a surge in AI-assisted workflows. The site has attempted to shift workloads to Azure, but has, for many users, remained unreliable. Azure has, infamously, had its own capacity problems recently. According to reports, the source shack will be propped up with additional resources from AWS, although it is not clear whether this is a temporary measure to address immediate problems or something more permanent. After all, given the choice, few IT managers would entrust all their workloads to a single vendor, and a multicloud approach is sensible. The Register asked GitHub if the reports were correct, but the site has yet to respond. It is, however, a little embarrassing when your owner operates its own cloud service. ®

Cybercrims deploying DragonForce ransomware appear to have gained access to a major US services company's network, then spent two months up to no good while disguising their command-and-control activities as legitimate Microsoft Teams traffic. Researchers at security firm Symantec said the intrusion began with attackers gaining access to the victim's environment before deploying a custom Go-based backdoor, tracked as "Backdoor.Turn," to maintain communication with the compromised systems. Rather than reaching out to attacker-controlled infrastructure that might raise alarms, the backdoor hid its activity inside traffic associated with Microsoft's widely used collaboration platform. To anyone monitoring network traffic, the compromised systems appeared to communicate only with legitimate Microsoft servers. "The attackers in this campaign use exceptionally sophisticated cyber tradecraft," Symantec said. "The configuration of Backdoor.Turn means that security products only see C&C traffic going to legitimate Teams servers, leaving defenders unaware that data is being siphoned away by malicious actors." Symantec said the attackers installed Backdoor.Turn on systems after deploying DragonForce ransomware, potentially giving them a way back into compromised networks or access they could later sell to other criminals. To connect to Microsoft's infrastructure, the backdoor first requested an anonymous visitor token from Microsoft Teams and Skype back-end services. It then used a Microsoft-operated TURN relay server – infrastructure typically used to help establish communication between users – before establishing a direct QUIC connection to a malicious command-and-control server. Symantec said this is the first known case of malware using this particular technique. The security firm did not identify the victim beyond describing it as a major US services company, nor did it say whether the Teams-based communications channel had been observed in other DragonForce incidents. The ransomware operation has become increasingly prominent over the past year, operating a ransomware-as-a-service model that allows affiliates to conduct attacks under the DragonForce banner. It has been linked to the prolific Scattered Spider group, which has conducted a string of high-profile attacks, including intrusions targeting major retailers in the UK. While attackers have long abused legitimate cloud services to conceal malicious traffic, Symantec's findings suggest that DragonForce operators continue to look for ways to blend into the software and infrastructure that organizations trust most. ®

Linux kernel 7.1 is out, bringing significant changes that have been brewing for years – including the long-promised removal of support for Intel's 486 chip and its contemporaries. More than 140,000 lines of code have been chopped, with more facing deletion. Back in May 2025, we wrote that kernel 6.15 would drop 486 support, but that change was canceled at the last minute. Now it's in: in April, Penguin Emperor Linus Torvalds merged the big change that we described back then. More work is still ahead before this is completely gone, though. The Reg reported on the Russian Baikal family of CPUs way back in 2014, and again in 2021, but now Linux support for Baikal hardware has been removed, as has support for ancient bus mouse ports. We've also previously described 7.1's new NTFS driver, NTFSplus. It's optional for now, but South Korean filesystems boffin Namjae Jeon has revived and rewritten the original read-only NTFS driver from the 1990s. Most importantly, now it's able to write to NTFS volumes as well as read from them, and it's been modernized in line with current kernel filesystem methods. Linux Weekly News (LWN) explained the change in its January Filesystem Medley. Along with the new driver, there's also a new and improved version of the additional ntfsprogs utilities, called ntfsprogs-plus. This gives Linux the ability to repair some forms of NTFS corruption and errors – so we suspect that the various Linux-based live rescue media such as SystemRescue, GParted Live, and Grml may be quick to adopt kernel 7.1. This reminds us of what might have been the first time we reported on some of Namjae's filesystem finesse, when his code to repair exFAT volumes was added back in 2022. NTFSplus stands to completely replace the driver that Paragon Software donated back in 2020, as we described in April. It also seems likely that the old read-only NTFS driver will be removed too, as NTFSplus is based on that code. As it happens, exFAT support has been improved too. Contiguous space for files can be pre-allocated without zeroing the blocks first, making the process faster, and reducing fragmentation so storage media stays faster for longer. There are also improvements in ext4 and Btrfs handling. The swap memory subsystem has been overhauled, and should be faster. With RAM prices still high and thus renewed interest in memory and cache compression tools, we suspect that there's much more to do here. There are, of course, many smaller changes, some of which we've previously covered – including the removal of a whole collection of ancient communications devices. In 2022, our own Steven J. Vaughan-Nichols introduced the new io_uring API. In doing so, he also mentioned the new eBPF functionality, which we had days previously attempted to summarize. In 7.1, those two meet: now eBPF code can handle io_uring scheduling. The extensible kernel scheduler, which we've previously mentioned as an advanced feature of Oracle Linux's UEK-next kernel, has now been merged. Kernel 7.1 has improved power management for both AMD and Intel chips, as well as battery-status reporting on Apple M1 and M2-based laptops. The security of KVM virtualization on Arm has been tightened up, and so has that around accessing PIDs (process IDs) in the /proc virtual filesystem. The CIFS network filesystem – or SMB, as most of us call it – now has explicit support for creating temporary files. Intel FRED support debuted way back in kernel 6.9 but it's now on by default, and it helps performance on AMD processors as well. Kernel Rust support now needs Rust 1.85. For a deep dive into all the changes, as ever, LWN is the place to go. All this and much, much more is described in the articles on the first half of the 7.1 merge window and the rest of the 7.1 merge window. ®

Servers employing x86 chips from AMD and Intel now account for little more than half of server revenue, according to the latest figures from IDC. In its Worldwide Quarterly Server Tracker for Q1 2026, the analyst firm says that non-x86 server revenue hit $58.7 billion, representing a startling increase of 107 percent over the same period last year. The results mean that those non-x86 servers make up 47.9 percent of the market revenue, closing in rapidly on the amount of cash spent on x86 boxes. The growth in non-x86 turnover is likely thanks to systems powered by Nvidia’s AI chips featuring Arm cores. Although there is high demand for these, they also cost a pretty packet compared to an average datacenter box. In fact, IDC noted a stark divide shaping the worldwide server market, which reached $122.6 billion in vendor revenue during this period, a 30.4 percent increase year-on-year. On the one hand, AI infrastructure investment from hyperscalers and large cloud providers is “running at a scale that shows no sign of plateauing,” while everything else - the non-accelerated segment - faces a supply-constrained environment, thanks largely to that AI infrastructure spending. As Reg readers will know, memory chipmakers are prioritizing manufacturing capacity for higher margin products for AI servers and GPUs, starving the rest of the market of supply. Component availability, particularly DRAM and NAND flash, is limiting near-term shipment volumes from vendors, IDC says, though order pipelines are strong. Supply of the right chips is therefore the chief limiting factor on server market growth. Revenue for x86 servers still reached $63.9 billion, but this was a decline of 2.9 percent due to those component supply constraints impacting shipment volumes. GPU accelerated servers pulled in $68.9 billion for the vendors, up nearly 25 percent year-on-year, while other accelerated servers surged a massive 122 percent to $17.7 billion. The latter category represents AI systems configured with FPGAs or ASICs rather than GPUs. IDC’s spin on the data is that AI infrastructure adoption is no longer limited to hyperscalers, thanks to developments such as government-led sovereign AI initiatives, while the non-accelerated segment tells a more nuanced story. Although revenue here declined, underlying demand remains strong, but many enterprise customers are holding out against elevated component prices. “Companies aren’t pulling back from infrastructure investment; they’re just not getting servers as fast as they need them. Longer term, emerging workloads, including agentic applications and physical AI ecosystems, will keep demand elevated well beyond the current cycle,” commented IDC research director Juan Seminara. The firm says it expects to see supply normalization beginning in 2027, with capacity relief coming as chipmakers bring new fabrication plants online. Across the last two decades, non-x86 servers accounted for less than ten percent of revenue, and most of that went to IBM which emerged as the last vendor of proprietary servers as Oracle lost interest in Sun and the likes of HPE decided they couldn't sustain businesses built on exotic architectures. ®

Nearly a third of NHS trusts using Palantir's health data platform are performing fewer patient procedures than before it went live, according to figures analyzed by campaign group Foxglove. The research – based on a series of Freedom of Information (FOI) requests – also found that a single body, Chelsea and Westminster Hospital NHS Foundation Trust, accounted for 84 percent of the fall in outpatient waiting lists, while 16 trusts use the tool provided by the US firm. Palantir won the £330 million contract to provide the NHS Federated Data Platform (FDP), which the UK government said was vital to improving NHS productivity and recovering from the long waiting lists for elective care caused by the COVID-19 pandemic. Palantir's journey with the NHS began with a £1 award in 2020, which later led to a total of £60 million in contracts awarded without competition during the pandemic. NHS England, which awarded the contracts, said that as of June, 139 trusts used the FDP, with 137 reporting benefits. An Inpatients Care Co-ordination Solution (CCS) tool based on the platform had resulted in 111,589 additional patients undergoing procedures in operating theatres, it said. However, data obtained by tech rights campaign group Foxglove found that 41 NHS trusts are using Inpatient CCS, the module for helping hospitals manage operation scheduling, but 13 of them – or about 30 percent – report having carried out fewer operations overall since using the tool. Staffing shortages, more complex cases, or pressure on hospital bed capacity might explain the fall. Foxglove said it was the first time that data from individual trusts using FDP had been made publicly available. The FOI response also shows that, for the Outpatient CCS, a single trust accounted for the vast majority of the benefits. According to NHS figures, Chelsea and Westminster Hospital NHS Foundation Trust accounted for 183,061 of the patients removed from the outpatient waiting list, compared with the total of 217,846. Foxglove head of strategy Tim Squirrell said: "We now know that the big claim the FDP is delivering more operations for hospitals across the NHS is covering up a much less positive reality – a third of the trusts using the FDP's operations scheduling tool, Inpatient CCS, are actually delivering fewer operations than before they started using Palantir's kit. "Palantir can't have it both ways. If it expects us to believe that the FDP is responsible for improvements in some hospitals, it must also accept that things are getting worse as a result of its tools in others. "The data the NHS has seen fit to publish provides no useful comparisons of how things are going at the trusts not using Palantir's tools. So, in effect, we are being asked to back Palantir's FDP is delivering the goods based on faith, rather than hard evidence." An NHS spokesperson said: "Thousands more patients are benefiting from the NHS Federated Data Platform every month, with more than 110,000 extra patients having undergone procedures in operating theatres, while also reducing the number of unnecessary days patients stay in hospital following treatment by a seventh. "As NHS organizations expand the use of this technology, we will continue to work with them to ensure they use it to its full extent and get the most out of it for patients." An official pointed out that trusts have different starting points, at different scales, through locally agreed rollout plans when using the FDP. In a statement to The Financial Times, Stephen Childs, head of UK health partnerships at Palantir, said the company was working to improve by applying lessons from the trusts that get the best results from its software. "But we should be clear that the recent history of technology in the NHS has, by the government's own admission, seen us fall behind, exacerbated by various failed programmes, often at great expense to the taxpayer," he said. "And what these figures show, despite attempts by the campaign group that obtained them to present them otherwise, is that Palantir software is helping to fix this and enable the NHS to deliver better patient care. "This includes more than 110,000 additional operations to date, a 15 percent reduction in discharge delays for long-stay patients, and a 6.8 percent increase in the number of patients finding out whether they have cancer within 28 days of referral." The FDP deal has been the subject of frequent criticism in recent months. Earlier in June, MPs told the government to reduce reliance on the US spy-tech firm, and specifically use a break clause in the FDP contract to end its involvement in the NHS. Instead, the government should "develop an in-house replacement or seek an alternative developed by UK-owned and UK-based providers that are more compatible with UK values, and do not pursue either technical or contractual dependencies," the House of Commons science committee said. ®

Russia's space agency Roscosmos intended to cut into part of the International Space Station (ISS) to determine the extent of leaks in the aging structure, according to a space agency source. The Register was told that discussions involved a handsaw . Other reports have suggested cosmonauts planned to deploy a drill. Whatever tool was involved, the plan made NASA sufficiently alarmed that the agency sent its astronauts scurrying into the relative safety of a SpaceX Dragon capsule docked at the ISS. Neither NASA nor Roscosmos has commented officially. Russia's plan was to use the tool to learn more about the extent of the crack. NASA said: "This revised approach involved cutting a bracket to access better an area identified as a possible leak source for further inspection, using a method that could have resulted in elevated risk to the structure in the area." However, this could have created unpredictable loads on other cracks. Eventually, the plan was called off in favor of more measurements and data gathering. The SpaceX Crew-12 astronauts and NASA astronaut Chris Williams were forced to shelter in the Crew Dragon spacecraft earlier in June following a sharp increase in the rate of air leakage from the orbiting outpost. The offending area is the Zvezda service module's transfer tunnel, known by the Russian abbreviation PrK. While more epoxy patches might address the problem in the short term, the fact that additional cracks have appeared suggests issues Zvezda has wider problems. That's not unexpected given the age of the craft, some parts of which date to the 1980s when it was a backup for the Mir space station. Russia launched Zvezda in 2000, so it's now endured decades of stress. The module has leaked for years. In 2024, ESA astronaut Andreas Mogensen suggested one option for dealing with the cracks was to seal off the module once and for all. He told The Register: "The lucky point is that the cracks are confined to that chamber at the very end. So, as long as Russia is willing to forego that docking port, that wouldn't impact operations too badly." The crew routinely keeps the hatch to the tunnel closed when not in use, but a more permanent solution might be necessary in light of the ongoing problems. "So, yeah, worst case, you could seal it off," said Mogensen, "and I think the Space Station could continue. But of course, you never know what other problems might arise." Mogensen's "worst case" is, according to reports, likely the way forward: permanently sealing off the affected segment. A sudden depressurization of the PrK segment is a risk NASA is no longer willing to take. ®