The Register

The team behind the AI Octopus Euro 2024 predictor has updated its simulator for the 2026 FIFA World Cup, this time allowing users to throw natural-language scenarios at the model and see how the tournament might shake out. "Sensible questions work – a red card, a key injury, a heat wave, a squad switching base camp – but so do the daft ones, e.g. 'What if the tournament were played with rugby rules?'" said Luzmo CTO and co-founder Haroen Vermylen. The system is simple: enter a scenario in a prompt box, and the predictor spits out how the results might go. The raw data includes squad quality based on player information, heat and altitude factors, injury data, and so on. A Monte Carlo simulation of the tournament is used to generate win/lose/draw probabilities, and the score line is derived from 5,000 match runs. The engine behind the Euro 2024 AI Octopus was written in TypeScript. This time around, the team used Rust. "We moved to Rust to also be able to run things more quickly, as now there is a real-time component to this," Vermylen told The Register. "Before it could run for five minutes or so. Now we want the predictions to actually come out within two to three seconds of actual simulation time." OpenAI models parse the request and generate summaries, and an agent is used to create or transform scenarios, call the calculation engine, answer questions, and so on. A user doesn't need to be a data scientist to ask questions and understand the answers. It's certainly rapid, recalculating the results based on suggested scenarios (even one in which we pondered the effect of politically dubious emissions from a certain world leader). Not that all scenarios will work. Vermylen told us that filtering was in place to ignore profanities and "to avoid scenarios that would just be harmful to certain groups." And then there is the age-old issue of an AI parser simply not understanding the prompt. Clarity is key. Using natural language is a great alternative to a UI with settings and sliders, but that ease of use can result in misunderstandings. As the tournament progresses, the data will be refined. At the time of writing, the baseline reckons that Spain will beat England in the final. Spain currently has an 18 percent chance of lifting the trophy and a 26.8 percent chance of reaching the finals. Those figures can, of course, be altered by feeding in scenarios. For example, we asked: "What if the Spanish team eats a bad paella?" Spain's chance of winning the tournament then dropped to 1.5 percent, with France as the projected champion. We also asked it what would happen if we replaced the England team with Register writers. Suffice to say that scenario did not end well. We asked Vermylen what was next. "The Olympics would be nice… or the Eurovision. We'd like to give the United Kingdom a win." ®

Amazon has developed a new networking topology that's up to a third faster and up to 40 percent more energy efficient than traditional hierarchical network designs. The novel architecture, called Resilient Network Graphs (RNG), is based on random graph theory. "Traditional networks have always been hierarchical," explained Matt Rehder, VP of global network engineering at AWS, in a recent interview. "They're sort of like an org chart where one network device will talk to the boss network device which will talk to the next boss network device and you gotta go up the chain of command in order to talk to someone else in another department." There are reasons for that, Rehder said. Hierarchy creates structure and makes data routing rules simpler. "You don't have to know how to talk to everyone in the organization, you just talk to the person above you," he said. But that creates inefficiencies. The tree-like structure creates points of contention where data flow bottlenecks can occur. At the same time, other parts of the network may be underutilized. Rehder said that academics in 2012 proposed a random graph topology for networks. But that design, as detailed [PDF] by Amazon researchers, had issues. The reimagined network structure, dubbed Jellyfish, relied on truly random graphs and called for removing routers from server racks and locating them centrally to simplify cabling. But that approach ended up increasing latency between servers within a rack. Rehder said no one has been able to put that design into production. "It requires much more complicated routing rules to figure out how to program every device – you can't just program every device to know who everyone is, they have limited memory space," he said. "And then the other [issue] is that the cabling actually is very complicated. Part of that hierarchy is about simplifying how you build the network in the datacenter and with a random graph it's literally random and you can't just have cable spaghetti all over a datacenter. So you could build it in a lab but you could never really do it at scale." Nonetheless, said Rehder, AWS has been solving these problems over the past few years. "The only reason we were able to even think about tackling them is that 15-year history of iteratively improving our hardware development and software ownership of our network," he said. Less random Inspired by other academic networking research, AWS managed to succeed with random network topology by making it not entirely random. RNG relies on a flat graph where routers interconnect through a mix of deterministic and randomized cabling. RNG began taking shape three years ago when Seshadhri Comandur, an Amazon Scholar and professor at the University of California, Santa Cruz, answered an internal Slack message from Ratul Mahajan, a fellow Amazon Scholar, datacenter networking expert, and professor at the University of Washington, who was looking for an expert on graph theory and routing. With help from AWS principal applied scientist Giacomo Bernardi and other colleagues, AWS has become the first company to deploy a flat datacenter network at scale. AWS expects the technology will offer better performance and reliability for Amazon customers while also saving billions of dollars in hardware and reducing CO2 emissions. The reimagined network structure was referred to as Penrose internally because the original design involved Penrose tiles. But as the project evolved, AWS settled on Resilient Network Graphs "to reflect the customer benefit and that primarily is a more resilient and performant network," as a company spokesperson put it. RNG relies on a routing algorithm called Spraypoint to identify node paths and an optical device called a Shufflebox for mixing connections between routers. Rehder said the Shufflebox is one of the pieces of magic that makes RNG work. "In a random graph network you don't have that hierarchical structure where you can have all the cables neatly aligned," he explained. "So how do you do that? How do you basically make a random network feel more structured? Well, you have the Shufflebox and the idea is that you plug fiber in here and inside of this it will randomize or basically scramble the fiber. So the ports you plug in get scrambled around and come out on some random port around the other side." RNG is AWS's new network for its core database servers. Machine learning hardware uses the company's UltraServer network, because the machine learning workloads need full bandwidth. "The core server networks can be oversubscribed more efficiently," said Rehder. "Everyone's not talking to each other at the same time." RNG has been rolled out in Ireland, Germany, and Spain, and the plan is to deploy it in the majority of company datacenters by the end of the year. ®

Patients in England cannot stop their data being processed by the Palantir-built NHS Federated Data Platform (FDP), but individual NHS trusts can choose not to use it, health minister Preet Kaur Gill has told MPs. The minister, who was appointed last month to cover health innovation and safety, told fellow Labour MP Neil Duncan-Jordan that patients can only opt out of secondary uses of data such as planning and research. On the main opt-out mechanism, she said: "The National Data Opt-Out does not currently apply to products used in the NHS FDP. In most cases, this is because data is being used for the purpose of direct care." Last month, NHS England confirmed it had changed policy so some Palantir staff can access identifiable patient data through a new "admin" role. A briefing document seen by The Financial Times and confirmed by The Register warned that granting access could create a "risk of loss of public confidence" in NHS England's assurances about safeguarding patient data. Answering a separate question from Labour MP Rachael Maskell, Gill confirmed that NHS trusts running hospitals, mental health and other services can opt out. "Where NHS organizations would like to use alternative solutions, they retain the ability to procure locally, provided solutions meet applicable standards and support the delivery of national priorities," she said. According to NHS England statistics, 168 of 214 NHS trusts have signed up to use the FDP, with 123 live and 80 reporting benefits. All but one of England's 42 integrated care boards, Greater Manchester, have also joined. Palantir's role in the FDP, which followed similar pandemic-era work for NHS England, has become increasingly contentious. Last week, Parliament's Science, Innovation and Technology Committee said the NHS should end Palantir's involvement, and MPs have tabled 40 written questions about the supplier, which also works for intelligence agencies and US Immigration and Customs Enforcement (ICE), in the last month. Responding to a question from Labour MP Mark Sewards, Gill said the government will decide this year whether to extend Palantir's current FDP contract beyond its February 2027 expiry. She noted the program was among just 14 percent of major government projects to get a green rating from the National Infrastructure and Service Transformation Authority, "indicating that the NHS FDP is on track." In a further answer to Neil Duncan-Jordan, Gill said the contract includes an exit management process covering intellectual property rights. "In addition, the contract includes controls to support transition and continuity of services in the event of termination, ensuring that operational delivery and patient services are protected," she said. "In principle, another supplier could provide equivalent functionality in the future," Gill added, signaling that even if Palantir's contract is not renewed, the government wants to retain the FDP. "It would take planning, time, and resources to run a compliant procurement and then move services and data across safely." ®

BORK!BORK!BORK! We're big fans of retro computing here at Vulture Central, and so it is with a certain delight that we can report XP-era Windows has been spotted disgracing itself on London's Docklands Light Railway. Spotted by Register reader Tim Hayward, the wonderfully named DaisySignApp.exe has thrown up an application error. While the Windows shell might be shorn of all of XP's fripperies, the Recycle Bin icon hints at the operating system's origins. Hayward reckoned that XP was stalking the DLR, but it could also be Windows Server 2003. Support for Windows Server 2003 finally ended in 2015. XP was sunset in 2014, so the DLR display is rather out of date. Then again, as any IT administrator would admit, if something isn't broken, there's no point fixing it, no matter how much Microsoft would encourage them to. In this case, it is unlikely that the operating system is at fault (although one could argue that it should handle a misbehaving application more discreetly), and DaisySignApp.exe should be dealing with its own dirty laundry rather than throwing an exception in commuters' faces at Limehouse station. Limehouse connects London's Docklands Light Railway (DLR) to the UK's National Rail services. It was one of the first DLR stations and predates the borked operating system by more than a decade. Indeed, at the time of the DLR's opening in 1987, Microsoft was preparing to inflict Windows 2.0 upon the world – the delights of later versions and the company's GUI dominance were still a few years in the future. The DLR also seemed like a glimpse into the future back in the 1980s. However, a fair chunk of its underpinnings, such as formerly disused railway viaducts, hark back to an earlier era. Anyone looking at today's iteration of Windows might wonder how much of it dates back to what's on display at Limehouse. ®

NanoClaw, a secure agent framework, has partnered with supply chain platform JFrog to allow AI agents to fetch resources from JFrog's reviewed registries. Gavriel Cohen, creator of NanoClaw and co-founder of NanoCo AI, announced the tie-up on Thursday evening in San Francisco at a JFrog event that concluded with a World Cup watch party. Cohen explained that one of the features of Claw agents – OpenClaw and variations like NanoClaw – is that they can improve themselves by fetching tools and resources that they don't have. That works fine, he explained, when there's a manual approval process for accessing known local data. But it's not ideal for npm packages, even when the agent involved is sandboxed and isolated as it is in NanoClaw. Malicious code within a container may still be able to take harmful actions, even if the scope of potential activity is constrained. Developers, Cohen said, may not be familiar with a given package and it can take time to thoroughly assess whether a package is legitimate and uncompromised. "So we teamed up with JFrog and we integrated NanoClaw with JFrog's registries," said Cohen. The arrangement provides a way to reduce the agent's exposure to untrusted content. When the agent downloads new tools and libraries, the software comes from a vetted source. Cohen also announced the availability of what he called an agent factory, his company's homegrown system used to handle pull requests (PRs) using NanoClaw agents. The agent factory, he explained, is an attempt to triage pull requests, which have surged thanks to AI coding agents. "It's very easy now to point a coding agent at a repo and say, 'open a pull request for this repo,'" he explained. "And it's very difficult as a maintainer to tell the difference between a high quality contribution from somebody who's really using the open source project versus someone who's just trying to build up the reputation [using automated methods]. So to help us tackle this, we built an agent factory that helps us review every single contribution to NanoClaw." The agent factory is referred to as the PR Factory in the actual pull request. It's built with NanoClaw and hosted on exe.dev, a service that provides VMs with persistent storage. "When a PR opens, the factory spins up a dedicated worker agent for it, posts a thread to Slack, and the worker triages the change, reviews the diff, and proposes a test plan," Cohen explains in the documentation. "Nothing consequential happens on its own: merges, test runs, and credentialed GitHub actions each surface as an approval card in the thread, and only fire when a human clicks approve." Cohen acknowledged that some developers will think it's madness to process unsanitized PRs that could contain prompt injections or unsafe code. And he asked the assembled audience of developers how many had seen the phrase on the projected slide: "Never, ever, ever do this." Anyone who has spent time using and configuring AI agents in a development context has seen something of the sort in configuration files like Claude.md, which gets loaded as instructions to the underlying agent and model. "If you see something like this in the Claude.md file and the agent instructions say, 'Important: Never run drop database production,' it tells you two things. You know that that agent has deleted a production database before. And you know that it can actually still do it again. That's why the instruction is there." This elicited a knowing laugh from the audience. Cohen went on to say that the agent will do it again because instructions are not a way of enforcing security or safety. "Instructions help steer an agent AI towards valuable output, but it's not a safety mechanism," he said. "The only way to reliably prevent an agent from taking undesired action is not allowing it to take that action, not giving it the ability to take the action." That is the purpose of NanoClaw. ®

Amid the unrelenting demand for AI infrastructure, SK Hynix, the world’s largest supplier of HBM memory used in high-end GPUs, now expects to triple its wafer capacity. You'll just have to wait through two more US presidential elections and then some. All that capacity won’t come online until 2034, SK Group Chairman Chey Tae-won told Nikkei Asia in a recent interview. SK Hynix’s valuation has soared in recent months. The company is one of three major producers of NAND flash and DRAM memory, large quantities of which are required to support the burgeoning AI inference market. Samsung and Micron are the other two major players in this space. This demand has led to skyrocketing memory prices for consumer DRAM and SSDs, some of which have more than tripled in price compared to this time last year. SK Hynix and the other major memory makers meanwhile have seen their revenues explode. Chey's comments come just a week after SK Hynix said that it planned to double its production capacity within the next five years. “Our calculations show that our wafer capacity will double within five years. But honestly once all these facilities are built, it won’t just double, it will triple by around 2034,” Chey told Nikkei. SK is in the process of bringing four additional wafer fabs online, with the first phase reportedly on track to come online as early as 2027. The South Korean memory slinger had previously planned to ramp production of these facilities over the next two decades, but has pulled in its timeline in hopes of satiating AI’s memory addiction. “There is currently no way to move faster than this,” Chey told the newswire. While much of this capacity will be built on SK’s home turf, the company is exploring its options for overseas manufacturing, with Japan being one of the potential destinations, with Chey calling it an “excellent” candidate due to its robust semiconductor supply chains. Unfortunately, the buildout is unlikely to drive down memory prices for consumers any time soon. As we previously reported, memory prices are not expected to peak until later this year at the earliest. Analysts warn that memory prices are more likely to plateau going into 2027 rather than plummeting like we’ve seen in past DRAM and NAND boom-bust cycles. These boom-bust cycles have been a fact of life for commodity electronics manufacturers, like SK Hynix and Samsung, for years. Prices typically spike as inventories are drawn down and crater as new capacity is brought online. On the one hand, AI infrastructure demand has helped to stabilize this to some extent. On the other hand, the AI boom kicked off in 2022 at what was arguably the worst possible time. "This demand started in the Valley for the DRAM industry. That makes financially trying to build additional capacity really challenging," TechInsights analyst James Sanders told El Reg late last year. Business is once again booming for memory vendors presenting ample opportunities for labor disputes over competition as well as fab expansions. Unfortunately, there’s no changing the fact that the fastest anyone can bring a leading edge memory fab online is about three years. ®

GitHub has been struggling with service availability in recent months as traffic on the platform has surged, driven in large part by AI-assisted coding and agentic development workflows. The code-sharing site has been trying to address those issues by expanding capacity and migrating more workloads to Azure infrastructure, but reliability remains uneven. In the May 2026 GitHub Availability Report, GitHub acknowledges nine incidents that degraded performance, one fewer than its April report. That's something. But Jakub Oleksy, SVP of software engineering at GitHub, says there's more to be done. "We are making structural changes that permanently remove failure modes," he said in the report. "We acknowledge that we have work to do, but we’re committed to getting it done and making GitHub reliable when and where you need it." Microsoft’s code hosting site also briefly halted new Copilot subscriptions to reduce the cost impact of its AI services and to adjust its Copilot pricing to account for shifting model provider policies. As noted in an April post, GitHub had planned to increase its capacity by 10x back in October 2025, but by February 2026 it had become evident that a 30x expansion would be needed to accommodate the surge of pull requests, commits, and new repos. Last year, GitHub reportedly handled 1 billion commits for the entire year. Now it receives 1.4 billion commits every month. “We’re now serving 40 percent of monolith traffic from Azure (up from 8 percent in February), with Git traffic at 30 percent and repository replication at 99 percent,” said Oleksy. “We’ve more than doubled our effective capacity in four months.” Oleksy notes that efforts to isolate GitHub’s primary database cluster by moving users, authentication, and authorization into separate domains should prevent failures that cascade across the system. That hasn’t quite solved GitHub’s ongoing availability challenges, in part because Azure has also confronted capacity problems recently. There were nine incidents in May compared to 10 incidents in April. And June is on pace for a similar number. The Missing GitHub Status Page, an unofficial project to track GitHub service problems, counts 12 incidents in May and reports uptime over the past 90 days at 87.26 percent. By month, the project puts GitHub availability at 78.33 percent in April, 93.86 percent in May, and 88.39 percent for June so far. GitHub's Official Status Page presents a far more flattering view of availability, with uptime figures mostly around 99.9 percent for the listed services. These figures depend upon what gets counted and the duration of the disruption. GitHub’s own incident history page cites 26 incidents in April, 23 in May, and 12 to date in June. ®

MX Linux 25.2 is here, now with kernel 7.0 if you choose – although the Raspberry Pi edition still needs some work. MX Linux has been quietly turning into one of the Reg FOSS desk’s favorite distros for a few years now. It has a number of desirable attributes, and with version 25.2 released late last month, some of the slightly bumpier parts of the major upgrade to version 25 are getting smoothed out. We looked at MX Linux 25 in November last year, and reported that one of the niftiest features in previous versions had been lost. In MX 23 and before, you could choose which init system the OS used every time it booted up: so, for instance, you could normally run with the classic sysvinit, but if you needed to install something which demanded systemd, you could temporarily boot up with systemd as the init, install your app, and then switch back. In our testing, we’ve found that some things require Agent P’s Swiss Army Knife of a “System and Service Manager” to install, but once they’re in place on your computer, they will run quite happily without it. Alternatively, if it’s something you only occasionally run, you can start up with systemd only when you need it. The way that MX Linux did this no longer works on kernel 6.12 or above. So, in order to continue to offer a choice of inits at all, MX 25.0 made you choose at install time: either pick the systemd version, or the sysvinit version. (And if you wanted KDE Plasma, it was only available in systemd form.) MX Linux 25.1 fixed that with a new, different, switchable-init system. However, that made upgrading from 23 to 25 tricky, and after we tried it, the OS still worked, but the handy suite of MX Tools didn’t. These aren’t essential, but they significantly facilitate common adjustments and tweaks such as installing extra external apps, switching repositories and mirrors, managing kernel versions, installing additional device drivers such as the eternally problematic Nvidia drivers, and much more. They’re one of the distro’s key advantages, and well worth having. We dug out the machine in our test fleet, which runs MX, and tried the option in the installation program that installs over the top of an existing copy of MX. It worked fine, with some caveats: it’s not quite as capable as Ubuntu’s in-place reinstall, which spares your home directory while reinstalling the OS around it. MX simply overwrites the old OS; it doesn’t pick up any config from it – but it’s quicker and easier than custom partitioning. We had to re-enable our swap partition, and add a user account that matched the old one, but everything worked fine. With the MX Tools, it was fast and easy to choose local repositories for updates, and reinstall some handy proprietary apps such as Google Chrome and Slack. The distro comes with Flatpak preinstalled, and we used that to install Gear Lever to make it easier to reinstall Panwriter. The new MX Linux version 25.2 optionally includes the new kernel 7.0, from the Liquorix project that we looked at in 2022. For the Xfce edition, you can choose the normal edition, with a Debian kernel, or the AHS edition with the newer kernel. The KDE edition only comes in AHS form, and the lightweight Fluxbox edition for low-end kit only offers the Debian kernel. There are any number of Debian and Ubuntu based remixes and meta-distributions out there, but MX Linux is perhaps the single most user-friendly distro we’ve seen that isn’t based on systemd. It’s fast, lightweight, and much easier to get configured and installed than Devuan, or even than Debian itself. It also has better tools for adjustment and customization than any member of the Ubuntu or Debian family, and rivals the best Arch Linux-based distros such as Garuda Linux. As we reported from the Ubuntu Summit, Canonical is beginning a push into AI. Since then, the roadmap for Ubuntu 26.10 “Stonking Stingray” has been published, including what it calls a Context-aware desktop – powered by LLMs. Similar changes have already come to Linux Lite 8.0, which is based on Ubuntu 26.04. This too bundles a local LLM for all your error-filled artificial-plagiarism needs. We suspect that such developments may yet drive a small exodus of Ubuntu users – and if you also want to get away from systemd at the same time, then MX Linux is an excellent place to start. Bootnote: MX Linux on the Raspberry Pi Finally, version 25.2 sees the Raspberry Pi respin updated to the new base OS. Until 25.2, the Pi version was still on MX version 22. As this rather outdated description says, this is a separate edition of MX Linux with Xfce, but built in part from the packages in the Raspberry Pi OS rather than directly from Debian – so it looks and works like MX, but is compatible with most Pis and most apps for PiOS. For instance, the Pi configuration commands, and EEPROM updater, work fine on MX on the Pi, but they don’t on (for instance) Alpine Linux. We tried MX Linux 24.2 for the Raspberry Pi on both 4 GB and 8 GB Pi 5 machines and on a Pi 4, but it wouldn’t get past the splash screen for us – but the previous release worked very well, so once it’s received a little more TLC, this could turn out to be a good option for Pi users wanting a more configurable desktop OS. ®

A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s SaydelU Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems betwUeen May 2023 and January 2025.UU At his sentencing hearing on June 11, the court heard thaUt the IT worker had gathered and stored more than 300 Saydel user accountU credentials before he was terminated from his position. Potter’s other offenses included deleting SCSD’s Facebook page on June 1, 2023, and data related to its Apple School Manager program, which prevented it from managing Macs and iPads. The disgruntled worker, who the prosection described in its sentencing memo [PDF] as “a plague on the Saydel Community School District,” was just one of two IT staff members who had the required privileges to make changes to the Facebook account. The deletion ended up being a permanent one, and SCDC had to create a new page in August. Following his intrusion into the district’s Apple School Manager on June 14, 2023, SCSD’s IT team had to work with Apple for a week to restore their access after Potter deleted users’ passwords, phone numbers, billing information, and the primary mobile device server management information, court documents [PDF] showed. He also attempted to delete all user accounts and restricted access for those who still had one. Potter’s next offense took place between July and August 2023, when he attempted to interfere with SCSD’s GoDaddy account, unsuccessfully resetting usernames and passwords. Potter logged into this GoDaddy account no less than 26 times, including on one occasion where he used his company-issued PC supplied by his subsequent employer, convenience store and pizza chain Casey’s. The IT specialist then took an extended break from his cyber sabotage. Court documents mention Potter successfully gaining access to SCDC’s Google and Gmail accounts in October 2024, but he waited even longer to act on this access. It wasn’t until January 2025 that he logged into SCDC’s PowerSchool-based Schoology learning platform using one of the district’s Google accounts to which he had access, and deleted the account of one of the organization’s IT staff. This had the knock-on effect of locking out teachers during a school day and, in turn, preventing them from teaching for two hours. He returned a week later and deleted an additional nine district Gmail accounts, including current and former staff, the district IT director, and superintendent. Investigations showed that even though Potter switched to a VPN during one of the January intrusions, his IP address was later traced back to him and his employer, The Printer Inc, which he joined after leaving Casey’s. He left that job on January 23, 2025, for reasons not disclosed. Potter seemingly trusted at least one of his coworkers enough to “wipe” a USB drive he left in his old desk, asking them to do so after he departed the company. That trust was misplaced, however, as the coworker instead reported the USB to management, and what followed ultimately proved to be Potter’s undoing. The Printer Inc passed the USB to law enforcement, and later the FBI, which forensically examined the device, finding spreadsheets filled with more than 300 district usernames and passwords, a floor plan for Saydel High School, as well as personal data pertaining to Potter and pay stubs from his employment at SCSD. In total, the district incurred $73,375 worth of costs related to employees' lost time, digital forensics, learning downtime, and time spent working with other vendors to remediate his intrusions. SCSD's insurer spent an additional $27,893.75 in payments for digital forensics and remediation work, taking the total losses up to $101,268.81. Potter was indicted on October 15, 2025, and arrested the following day, but released on pretrial supervision after accepting responsibility for his offenses. He later entered a guilty plea in January 2026, and was found guilty in February. At his sentencing hearing on Thursday, Potter expressed deep regret for his actions, especially for disrupting children’s learning, and for failing his family. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said, according to local media. "This experience humbled me in ways I never expected, but I needed that." His defense attorney, Joseph Herrold, stated: “Mr. Potter now fully sees the impact of his actions and deeply regrets the harm he caused.” Herrold argued against a prison term, instead asking for a five-year probation term, owing to Potter’s deep regret and the strong deterrent that comes with his felony conviction. The public defender also pointed to Potter’s clean criminal background, noting only one prior harassment misdemeanor related to a 2010 case, when he was just 18 years old. Potter was convicted following immature conduct from the backseat of a vehicle, for which he received a $65 fine. Herrold also said Potter’s restitution order to repay $59,668.81 in total, with $31,775.06 going to SCSD and $27,893.75 to its insurer, Travelers Indemnity Company, only furthered the deterrent effect, and would impact his lifestyle for years to come. Prosecuting the case, US attorney David C. Waterman, pushed instead for a 26-month prison term, saying: “Defendant’s actions were not a one-time lapse in judgment. They were calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness.” He added: “The defendant’s attacks on SCSD’s systems are troubling not just because of the significant damage he caused – tens of thousands of dollars, without accounting for the unknown but clearly extensive disruption to teaching and school activities – but also because of the defendant’s motivations. “It appears the defendant repeatedly assaulted SCSD out of spite and pure maliciousness, despite knowing his actions would affect not only his former boss and IT colleagues, but also school faculty, administrators, and students.” ®

KPMG's October 2025 report on the wonders of agentic AI has been accused of demonstrating one of the tech's less desirable talents: making things up. Research outfit GPTZero claims a forensic review of the Big Four firm's October 2025 report, "Total Experience: Redefining Excellence in the Age of Agentic AI," found that only five of its 45 citations correctly pointed to the cited source; the rest ranged from mangled and misleading to partially fabricated or too vague to verify. The consulting industry has form here. Last year, Deloitte ended up refunding the Australian government after AI-generated content slipped into a taxpayer-funded report. GPTZero dubbed the phenomenon "vibe citing" – the citation equivalent of vibe coding – where generative AI appears to stitch together fragments of real sources, invent titles, or otherwise produce references that look convincing until someone actually clicks them. GPTZero alleges that roughly half of the report's factual claims were false, unsupported, or attributed to the wrong source. Several case studies highlighting supposedly cutting-edge deployments of agentic AI appear to have been particularly creative. Among the examples highlighted by GPTZero were purported agentic AI deployments at UBS, Swiss Federal Railways, and Transport for London. According to GPTZero, the sources cited to support those case studies either did not substantiate the report's claims or contained alterations and paraphrasing that undermined their reliability. “These factual errors are not confined to the report’s footnoted passages,” GPTZero said. “On page 42, the authors claim that Emirates airline has adopted a mobile chatbot named Sara (false) that can converse directly with passengers (partially true) and change their flights (false). In fact, Sara is a robot assistant introduced by Emirates in 2023 (not a chatbot) that lacks the ability to alter flight bookings.” Not all of the alleged problems involved external sources. GPTZero noted that the report appears to contradict KPMG's own research, citing a figure of 55 percent of CEOs ranking AI as their top investment priority. KPMG's 2025 CEO Outlook, released the same month, put the number at 71 percent. KPMG has since removed the report from some of its websites while it investigates how the publication made it into the wild, according to the Financial Times. A spokesperson at KPMG told The Register: "KPMG International takes the accuracy and integrity of its published content seriously. The report has been removed and we are reviewing the circumstances surrounding its publication. We expect all our people to follow our guidelines on the responsible use of AI, including human oversight to validate content and verify independent sources." Consulting firms have spent years warning clients about AI hallucinations. According to GPTZero, KPMG may have just provided a live demonstration. ®

Pharmaceutical giant Novo Nordisk says data related to clinical trial participants was stolen as part of a cyberattack. The affected patient data was pseudonymized and not directly linked to names or other direct identifiers, the company said. The maker of the Wegovy weight-loss drug said the affected data types include patient ID, information on trial participation, gender, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors including smoking status, alcohol use, and BMI. "This information is not directly linked to any patients by name or other direct identifiers," the Novo Nordisk said on its dedicated page for the attack. "Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials." The same statement confirmed that the attack affected a "limited number of internal IT systems," and the company said some systems have been taken offline as a precaution. Although it does not believe there is an immediate risk stemming from the breach, it nonetheless warned patients to remain vigilant for anything that could be connected to the data stolen during the attack. A separate letter sent to the company's healthcare partners (HCPs) states that additional personal information may have been stolen and could lead to targeted phishing attempts. Affected HCP data includes names and registration numbers, email addresses, phone numbers, WhatsApp details, and office locations. "Based on the nature of the exposed data, the potential consequences of the incident include targeted phishing attempts through emails, phone, and WhatsApp, or fraudulent communications impersonating colleagues," Novo Nordisk said in the letter. "We recommend that you remain vigilant against unexpected messages or calls and report any suspicious activity to us." The pharma biz warned that it may take time to bring these systems back online, but it is working to do so "in a controlled and safe manner." Elsewhere, it all sounds like standard practice. Outside experts were called in to help investigate, and Novo Nordisk has not yet confirmed the scale of the breach, nor will it until the experts have more time to assess the damage. Novo Nordisk added that the attack has had no impact on its core business operations, which remain running as normal. The attack was announced on what should have been a day of celebration for the company, whose flagship semaglutide weight-loss and diabetes pill received the green light to become the UK's first daily GLP-1 tablet hours earlier. The Wegovy pill joins the list of approved weight-management treatments that act as agonists for the GLP-1 receptor. All the other approved treatments are injectables, including Wegovy and Ozempic, both of which are also developed by Novo Nordisk. The Danish company employs roughly 67,900 people across 80 countries, and markets products in nearly every country globally. ®

Amazon says its datacenters used about 2.5 billion gallons of water last year, but claims that's far less than rival hyperscalers and that it remains on track to become "water positive" by 2030. In a blog post, the digital tat bazaar and cloud computing biz says the 2.5 billion gallon figure covers its entire global datacenter footprint for 2025. It downplayed the number by comparing it to the volume of water Americans - a country of 350 million people - used on lawns and gardens over the same period. Amazon disclosed water usage of 0.12 liters per kilowatt-hour (L/kWh) at its data facilities, and claimed Microsoft used 0.27 L/kWh during 2025, while Meta's consumption stood at 0.19 L/kWh in 2024 and Google was the thirstiest at 1.15 L/kWh during the same year. The Register has asked Microsoft, Meta and Google to comment. The water usage, we're told, is 75 percent of the way to Amazon's goal - announced in 2022 - of being "water positive" by 2030. It means facilities return more water to the environment than they consume, via measures including rainwater capture or other treating waste water for reuse. The figures come amid growing pushback against datacenter construction in the US. A recent Ipsos survey found most Americans don't want facilities built nearby, citing worries over electricity prices, eyesore buildings, and water-hungry operations. This echoes a 2022 report that found Google datacenters were consuming more than a quarter of all the water used in The Dalles, Oregon. Or, if you'd rather not to blame the industry itself, you could go with the line that Chinese operatives are spreading propaganda over social media, a claim that OpenAI and other interested parties are keen to promote. Whatever the cause of the backlash, the underlying numbers are real: datacenter water use has been climbing for years, driven by the sheer growth in facility numbers and by AI servers, which run hotter and demand more cooling than traditional kit. Water consumption at Microsoft's facilities surged 34 percent to 6.4 million cubic meters in 2022, for example, with generative AI blamed. Making matters worse, many datacenters now in the pipeline in the US are slated for areas already experiencing drought, according to analysis by The Guardian newspaper. Amazon says that its facilities use "free air cooling" about 90 percent of the time, pulling in outside air and flowing it past servers to absorb the heat, with no water involved - though it does resort to evaporative cooling during the hottest weather. But as The Register outlined last year, kicking the water habit completely will be nearly impossible, regardless of what claims the operators may make. ®

EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware. According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register. The SAM or SSAM is the embedded controller used in Surface devices. And as our source explained, Microsoft’s implementation of the controller in Surface devices did not include any defense against arbitrary write values. Microsoft does not consider the bug to be a practical threat. "There is no realistic attack scenario with this issue," a spokesperson told The Register. "In order to successfully exploit it, an attacker would need to interact with specific drivers and send commands to a hardware interface. This would require administrator privileges on the machine, as well as disabling the Secure Boot feature. With this access, they could perform any number of actions." Commonly, Darcy said, digital devices require holding a button down or connecting a jumper cable to enable arbitrary write access. But that security check is absent in Surface devices, we're told, enabling Copilot to vandalize the firmware in the absence of Secure Core and Secure Boot. Essentially, the probing triggered an update command from the SAM that overwrote the UEFI and Secure Boot firmware. Surface devices treated to this sort of probing should continue to operate because the SAM was already initialized and is running in RAM. But upon reboot, when the SAM tries to reload using corrupted data in its non-volatile storage, it will fail to initialize, and the system will be unable to Power-On Self-Test (POST). The Python script crafted by Copilot on the security researcher's Surface device iterated blindly over a particular Target Category and the set of Command ID (CID) pairs, sending empty/null payloads to WRITE commands. The result, Darcy explained, is that the SET Feature Report was called with null payload, the Output Report was called with null payload, and other CIDs were hit by SET commands that wrote garbage data. As a result, the device became inoperable. We're told this has been a common complaint about Surface devices online support forums over the years, though we have no way to determine whether boot failures reported for other Surface devices can be attributed to this specific problem. Many Surface hardware issues reported publicly appear to be fixable through various troubleshooting techniques. But devices made inoperable by SAM access, our source insists, are permanently bricked – a situation that can entail hundreds of dollars in repairs for a new motherboard. No USB, no factory reset, no access to the BIOS/UEFI, we're told. Darcy said that the SAM Bus is terribly designed. "There is no way to see the current value without scanning the bus," he said. "But scanning the bus kills the unit." The problem is that the CIDs, which are like APIs for the SAM, have been interleaved in a way that's dangerous. "If all the reads were grouped together (say, CIDs 0x01–0x0F) and all the writes were grouped separately (say, CIDs 0x10–0x1F), a probe script could safely scan the read range without ever accidentally wandering into write territory," Darcy said. "You could even put a simple bounds check in your code: 'only probe below 0x10.' Done. Safe. "But because reads and writes are interleaved in the same numbering space, there is no safe range to probe. You literally cannot scan even two consecutive CIDs without a coin-flip chance of hitting a write command. The moment you decide to enumerate what's available, you're already firing blind writes, because the command space gives you zero structural information about which operations are safe and which are destructive." Managed devices not at risk The Register asked Microsoft about our source's claims on March 10, 2026. A company spokesperson reiterated a prior suggestion that the researcher contact the Microsoft Security Response Center (MSRC), an effort our source found too cumbersome. Rather than publishing details about what might have been a potential zero-day flaw – we were uncertain about the Secure Boot/Secure Core requirement at the time – The Register reached out to internal Microsoft sources in an effort to get someone's attention. By March 12, with the help of Microsoft media relations, we managed to coordinate a conversation between Darcy and Madeline Eckert, senior program manager with MSRC. Microsoft subsequently acknowledged the vulnerability and committed to issuing a fix. The Register in turn agreed to delay publication for 90 days while repairs were made. We're told most affected devices have been updated (via Windows Update), or will receive updates in coming weeks. The issue did not meet the bar for a CVE, according to the company. "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices." That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. Microsoft moving Surface to Rust One of the things we learned from Darcy during the effort to get this issue patched is that Microsoft is planning to move the Surface stack to Rust. We understand from David Abzarian, chief architect for Microsoft Surface, that work is underway to transition future Surface for Business hardware to a more secure architecture based on Rust code. "Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said Abzarian in a statement provided to The Register. "We’re investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively. "We’re also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency." Asked to comment, Darcy said, "The fact that a device can be destroyed, irreparably from userspace is... certainly an interesting design decision. While I applaud Microsoft for their beautiful, and innovative Surface series, a little more innovation around verifying incoming data at the firmware level would have been greatly appreciated." We're told Microsoft provided Darcy with a Surface laptop as a show of appreciation. ®

Google has sued an alleged China-based cybercrime operation it says used AI-powered phishing kits to blast out millions of scam text messages and funnel victims to fake websites designed to steal passwords, payment cards, and other sensitive information. The complaint targets a group Google refers to as the "Outsider Enterprise," which the company describes as a sprawling criminal network that operates on Telegram and supplies phishing tools to other fraudsters. According to Google's filing, the operation has been linked to more than 9,000 fraudulent websites, over one million malicious URLs, and scams that have allegedly defrauded hundreds of thousands of people. The group's biz model centers on distributing phishing kits that enable criminals to impersonate Google and other trusted brands through large-scale text message campaigns, Google claims. Victims are directed to fraudulent websites designed to steal login credentials, payment card details, and other sensitive information, it adds. Google's allegation is not that AI is somehow breaking into people's phones, but rather that the technology appears to have been used to help churn out phishing content, allowing the operation to push more scams, more quickly, and with less effort. Android users flagged more than 55,000 spam texts linked to the operation during a two-week period in May, we're told, while the company detected roughly 2.5 million messages containing links to Outsider-controlled websites sent to Android devices during the same time frame. The lawsuit forms part of a broader effort involving federal law enforcement and US telecom providers. Google said it is coordinating with the FBI, AT&T, T-Mobile, and Verizon to disrupt the infrastructure behind the campaigns and block malicious messages before they reach users. "The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the FBI's Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own." The lawsuit may never put the alleged operators in a courtroom, but it could still help pull apart the infrastructure behind the campaigns. ®

SpaceX has priced its blockbuster initial public offering at $135 a share, raising $75 billion and valuing Elon Musk's rocket biz at roughly $1.78 trillion. The haul could rise to about $86 billion if underwriters exercise their option to buy more stock, making it the largest IPO in US history. The company confirmed [PDF] that 555.6 million shares of Class A common stock were sold in the offering, with another 83.3 million available to underwriters. SpaceX is a loss-making company. In its Form S-1, filed with the US Securities and Exchange Commission, it divided operations into Space (Falcon 9 and the like), Connectivity (Starlink), and AI. Only the Connectivity segment is turning a profit, to the tune of $4.4 billion in 2025, while the others continue to rack up losses. Making a profit from AI continues to elude many companies – SpaceX is not the only entity where investment exceeds revenue, and Starship remains a work in progress. In the company's Form S-1, SpaceX reported a net loss of $4.9 billion on revenue of $18.7 billion in 2025. The IPO values the company at more than 90 times that revenue. According to The Financial Times, the IPO was heavily oversubscribed – orders exceeded the number of shares on offer by more than three times. Retail investors also ordered more than $100 billion of shares, and were allocated between 20 and 25 percent of the shares sold. The record-breaking IPO reflects investor appetite for AI-related companies, as well as a bet that SpaceX's estimate of a $28.5 trillion total addressable market, including $22.7 trillion in "Enterprise Applications," proves realistic. Skeptics may recall that promises and assurances associated with Elon Musk rarely survive contact with reality. We will update when trading kicks off today. Depending on how trading goes, Musk could be a paper trillionaire by the end of the day, thanks to his shares in SpaceX. That figure could climb further if SpaceX ever delivers on its more ambitious plans, from a human settlement on Mars to space-based datacenters. Musk may also be in line for a vast Tesla payout if the carmaker hits targets including a sharp rise in valuation and the delivery of a million robots over the next decade. ®

London's Metropolitan Police Service (MPS) is planning to cut around 700 extra frontline posts after being blocked from awarding a software contract to US supplier Palantir, Commissioner Mark Rowley said. On May 20, the capital's deputy mayor for policing and crime Kaya Comer-Schwartz refused to approve the MPS's plan to hand its Unified Operational Analytics (UOA) contract, worth up to £50 million over two years, to Palantir. The force already uses Palantir in professional standards investigations into its own officers. In the written version of his report to the London Policing Board on June 11, Rowley said the MPS has to reduce its full-time equivalent (FTE) headcount by 1,150 in the current financial year to balance its budget. The UOA would have covered around 500 of these by reducing staff time spent on backroom work including intelligence reports, mobile device analysis, and data processing. "Following the decision not to award the contract with the preferred supplier Palantir, the delivery of these circa 500 FTE reductions are now at risk," Rowley wrote, adding that the UOA also looked likely to allow the force to cut a further 200 FTE serious and organized crime (SOC) posts. "We are now in a scenario where, in the absence of additional new funding, we must identify and implement in-year cuts to our services to Londoners, rather than using technology to automate administrative and research-heavy areas of the MPS," the Commissioner wrote. The MPS "may be able to take the edges off these reductions" if it can quickly find an alternative route to UOA functionality, Rowley said. But as any procurement would likely take months, the force must plan greater cuts in frontline policing. A spokesperson for the Mayor of London said: "The mayor fully supports the Met using modern technology to drive efficiencies and improve the performance of the police. However, as with all procurement, we must always ensure the correct processes are followed and that Londoners get value for money. "In this case, the Met did not present its procurement strategy for approval, as required, and the process followed by the Met did not adequately demonstrate value for money for Londoners for a proposed contract at this value. Given the tight budgetary constraints the police are operating under, it's even more important that robust processes are followed when awarding large contracts. "The Met does face a difficult financial situation, which stems from the huge cuts implemented by the previous government and the significant underfunding of the Met's capital city responsibilities. The mayor has already doubled the policing budget from City Hall and he will continue to do everything he can to support the Met and secure the national funding needed for policing in our city." The dispute comes as the Home Office announced an expansion of AI use across policing in England and Wales, with large-scale pilots in up to ten forces this financial year aimed at helping officers process digital evidence. The work will be run centrally by a new body, PoliceAI. ®

Plymouth City Council has joined the growing ranks of public bodies defeated by the humble BCC field after exposing the email addresses of around 500 home-schooling families in a mass-mailing mishap. The blunder comes barely a week after City of York Council disclosed a similar mistake that exposed the email addresses of hundreds of disabled residents, suggesting that some public sector workers remain engaged in an ongoing battle with one of email's oldest features. The message, sent by Plymouth's Elective Home Education team, was meant to share information about upcoming legislative changes, but it also shared the email addresses of hundreds of home-schooling families with one another. A Register reader who contacted us about the incident described the aftermath as "a bit of a mess," claiming follow-up communications caused further confusion among recipients. Plymouth City Council did not respond to The Register's questions, but in a statement provided to local media, it admitted the incident was caused by human error and affected approximately 500 families. "Unfortunately, due to human error, a recent email was sent to approximately 500 families without using the BCC function, meaning recipient email addresses were visible," the council said. The authority said it contacted recipients as soon as it became aware of the problem, apologized, and asked families to delete the email and refrain from using any details they had received. It stressed that the message included no information relating to children and consisted solely of a general update. The council said the email mishap was investigated internally and that affected families were contacted again once officials had pieced together what went wrong. It also promised extra checks designed to keep future mailing lists out of public view. The council also reported the matter to the Information Commissioner's Office (ICO). An ICO spokesperson told The Register: "We can confirm that we received a report from Plymouth City Council regarding this incident. After carefully assessing the information in the report, we provided data protection advice and closed the case with no further action." While the exposure appears limited to email addresses rather than more sensitive personal information, the incident serves as another reminder that some of the most common data breaches do not involve sophisticated cybercriminals or ransomware gangs. Sometimes all it takes is sending an email to a few hundred people and clicking the wrong box. ®

The UK government has set up an advisory board for its digital ID project, intended "to challenge the government on emerging ideas or policy decisions to ensure the system works for everyone," says the Cabinet Office. The board includes David Rogers, an Internet of Things security expert and CEO of security consultancy Copper Horse. He is no stranger to government advisory panels, having previously sat on a group formed in 2020 to consider telecoms diversification. A year later, as chairman of the GSMA's fraud and security group, he backed the then-Conservative government's Product Security and Telecommunications Infrastructure Act 2022. Rogers has provided El Reg with comments over the years, and in 2014 discussed iPhone 6 biometric security, arguing that better usability would cut data loss overall because most people found PIN locks too cumbersome. Justine Roberts, founder and chief executive of UK parenting forum Mumsnet, is also on the board. The site experienced a data breach in 2019 due to a cloud migration affecting 46 user accounts, leading Roberts to apologize. More recently, some Mumsnet posters have been unimpressed by the government's digital ID plans, with one responding to the prime minister's October 2025 announcement with "Honestly, who is he kidding?" and "Desperate stuff to justify this authoritative bs." During the public consultation, some posters promoted the Sex Matters campaign to let Brits include their sex in their digital IDs. Another board member, Victor Dominello, has relevant experience as the minister who launched New South Wales' digital driver's license in 2019, saying it was more secure than the physical equivalent. In 2022, a researcher at security company Dvuln found numerous security flaws in the Service NSW app that hosts the license and other government services, although the state government said these did not pose a risk to customer information. Other members include John Fallon, former chief executive of Pearson and the lead non-executive board member of the Cabinet Office; Anne-Marie Imafidon, who runs social enterprise Stemettes, which encourages people to consider jobs in tech and science; and digital regulation lawyer Emma Wright. The board will meet quarterly for as long as the digital ID program lasts. The government is also setting up engagement exercises with the digital verification and financial services sectors. It is currently running a People's Panel with around 100 to 120 participants meeting in Birmingham and on Zoom to hear from experts and ministers before producing recommendations, in return for £550 in cash or vouchers. ®

EPISODE 11 "And uh... what are you doing?" the Head of Security asks, entering the Security office as I'm making my way to the exit – with a PC under my arm. "Just taking this back to the office to archive the contents and then reset it to factory defaults," I say. "Company policy when someone has been... let go." There have been a number of changes at Security – the same number of changes as there used to be members of Security staff. Apparently, eating endless pastries and watching pirated movies isn't an industry-standard procedure for security professionals. Furthermore, the spate of alcohol thefts from the boardroom liquor cabinet seems to have ended after HR discovered several empty bottles in Security's overflowing recycling bin... HR acted swiftly (for a change) and a whole new security team was employed, headed by a keen new broom – who's currently blocking the doorway... To say that he's enthusiastic in his role would be an understatement. His first move was to isolate Security onto a completely separate internet feed, firewalled off from the rest of the Company. Move two was to implement a plan of recording the equipment people leave the building with – something that's proving rather unpopular with laptop users. "Oh, I don't think we'll need it to be erased," he says, holding out his hands to retrieve the machine from my grasp. "Really, there's no telling what's on this machine," I say. "Malware, copyright movies, porn even. We don't know. It's safer – for the Company – if we just start from a clean machine. We might even just dump it to be on the safe side." "Sure," the Head of Security says. "Though that machine looks like it's almost brand new. It's still got stickers on it! And it looks fairly... high end. I think we can take the risk. I'm pretty up-to-date with IT security and the like – so maybe you should let me worry about..." "I think this should probably be HR's call," I respond. "They may want to be sure the Company isn't exposed to any risk that the machine might present." "I can call HR if you like," the Chief Pie-eater suggests, calling my bluff and reaching for his phone. "But I doubt they'd be too concerned." "They should be. If there's malware installed on the recovery partition, you'll reinfect the machine when you restore it to factory defaults." "Thanks for your concern," he says, wresting the machine from my grasp and stepping out of the doorway. ... So that's how it's going to be. Obviously, we knew there was going to be trouble. We prepared ourselves for it. The new Security team has an enthusiasm for the job that was completely absent from the former crew, mainly because they're jockeying for the position of 2IC. The Boss is waiting for me when I get back to Mission Control. "Just had a call from Security. Apparently, you were trying to... remove... one of their machines?" "Yeah. I was going to erase it and restore it to factory settings." "Couldn't you just do that there?" "We prefer to do a reinstall on the DMZ segment – just in case there's any malware on the machine after we restore it." "Right. Well, I talked to the guy, and it certainly sounded like he had everything under control," the Boss assures me. And so there you go. The Boss can determine someone's technical competence from a two-minute phone call. It must be one of his superpowers, along with the toxic body odor and the ability to sniff out a kebab stand in a farmers' market. Two minutes later, in Mission Control… "Right," I say, entering Mission Control. "Everyone ready?" The PFY nods. The lead candidate for 2IC of Security nods. "One of the pitfalls with security types is that they often shave with Occam's razor," I say. "When seeing someone leaving the office with a PC under their arm, they immediately think 'office theft,' rather than thinking 'did this person bring the aforementioned machine into the office in the first place, wait until they heard someone approaching, then make to exit the office?'" The 2IC candidate contemplates this silently. "Another problem with security types is how to celebrate a victory. In this situation, a wise person would not simply 'upgrade' their desktop machine with this newer and shinier item – because it might have an infected operating system – AND infected recovery partition. No, a wise person would first sca-" "Ooh, we're in business!" the PFY interrupts, as his machine receives a ping. "Right," I say to Security 2IC, "I'd give it maybe half an hour – to really trash your network – before I head downstairs. Then maybe I'd ask why all the machines in your office appear to be going crazy." "And you think that would be enough to get him fired, do you?" he asks. "It will be when you discover the stash of Company laptops in the boot of his car as he leaves the parking basement," the PFY says. "And make sure you have the Head of HR with you." "Why's that?" the soon-to-be Head of Security asks. "Because one of the laptops is his..." BOFH: Previous episodes on The Register The Compleat BOFH Archives 95-99

BORK!BORK!BORK! Windows swings for a six but smacks the stumps instead as the baleful glow of a Blue Screen of Death (BSOD) adorns Worcestershire County Cricket Club. We were worried that, with recent editions of Windows, the traditional white monospaced text on a blue background of a BSOD was becoming a thing of the past. Thankfully, Worcestershire County Cricket Club, founded in 1865, is keeping the old ways alive with a BSOD to bring a tear to many a system administrator's eye. Spotted by Register reader Rhodri Howell, Windows has been felled by a DRIVER_POWER_STATE_FAILURE, probably due to a bit of hardware not waking up when Windows asked it to, or the driver experiencing an unexpected teatime. The screens on top of the club's sign are usually there to beam messages at attendees, but in this case, it looks like at least one is a bit poorly, which might have contributed to Windows throwing in the towel or, to use cricket terminology, conceding. For the uninitiated, cricket is a team sport in which a ball is thrown at an individual called a "batter'" who defends several sticks in the ground called a "wicket." The sport is notable for a variant called a "test," which can last for several days, involve multiple games, and still end up in a draw. Windows, on the other hand, is an operating system more than capable of knocking an administrator for six and lobbing the odd googly or two at the unwary. The word "test" is also something that doesn't seem to trouble Microsoft so much these days, at least if what the company has delivered in recent months is anything to go by. No amount of shin pads or even the toughest of boxes is sufficient to ward off an eyewatering Windows update. Microsoft's current CEO, Satya Nadella, is a fan of the sport, and so the sight of Windows disgracing itself above Worcestershire County Cricket Club's signage (and the three black pears of the county's emblem) is doubly distressing. As the saying goes: "It's just not cricket." ®