crux

Een kruiswoordpuzzel, maar dan heel klein (en snel).


sudoku

Je krijgt een paar cijfers cadeau, maar het grid van 9x9 moet foutloos ingevuld worden.


in het midden

Wie of wat staat er midden in het nieuws? Een actuele puzzel, die makkelijker is als je het nieuws een beetje volgt.


Bij oppermachtig Spanje hoeft Yamal niet eens het verschil te maken: 2-0 tegen topfavoriet Frankrijk

In het duel tussen twee voetbalgrootheden is Spanje superieur en valt het sterrenensemble van Frankrijk zwaar tegen. Voor de tweede keer in de geschiedenis bereikt Spanje de WK-finale.

IJzersterk Spanje verslaat Frankrijk en plaatst zich als eerste land voor WK-finale

Spanje heeft zich geplaatst voor de finale van het WK voetbal. De Spanjaarden waren in Arlington te sterk voor Frankrijk, die werden gezien als topfavoriet om het toernooi te…

Cees Geel (61), winnaar Gouden Kalf met 'Simon', plotseling overleden

De Nederlandse acteur werd bij het grote publiek bekend door zijn titelrol in de film Simon. Geel, die later ook als stemacteur en voice-over werkte, overleed aan de gevolgen van een hartstilstand.

Slashdot

News for nerds, stuff that matters

Lawsuit Claims Meta's Layoff Decisions Were Made By AI, Not Humans

A lawsuit from 26 Meta employees alleges the company used AI-driven scoring and monitoring systems to select workers for layoffs, disproportionately targeting employees with disabilities or those who had taken protected medical, family, pregnancy, or parental leave. "Meta did not assemble the termination list through the considered judgment of managers who knew the work. Instead, Meta used a constellation of internal artificial-intelligence systems -- including a system referred to internally as 'Metamate,' employee-trained 'second-brain' agents, keystroke- and activity-monitoring data, AI-token-usage dashboards, and algorithmically assisted performance ranking and calibration -- to score, rank, and select employees for inclusion on the list," the lawsuit (PDF) said. Ars Technica reports: Employees were allegedly graded, among other things, on how much they used Meta's AI tools. "Meta's internal dashboards classified employees by their stage of adoption of its artificial-intelligence tools, using categories such as 'AI Native,' 'AI First,' and 'AI Enabled,'" the lawsuit said. The lawsuit is apparently "the first against a major U.S. company to challenge the alleged use of AI in conducting layoffs," according to Reuters. The complaint alleges that Meta's tools for monitoring employees did not account for differences caused by disabilities and protected leaves. "Those tools draw on inputs -- performance ratings, calibration scores, productivity and output metrics, 'AI-native' ratings, and AI-token consumption -- that, by design, cannot be accumulated by an employee who is on protected medical or family leave, or whose output is reduced by a disability," the lawsuit said.

The lawsuit alleged that Meta management did not take steps to adjust scores for employees who took leave or who requested reasonable accommodations for disabilities. "Meta did not neutralize those inputs for protected leave; did not exclude protected-leave-takers or accommodation-seekers from the selection cohort; and did not pause the system for the individualized, leave- and accommodation-neutral review that the law requires," the complaint alleged. "The result was that employees who took protected leaves were disproportionately selected for layoff, based on scoring that not only failed to account for their protected leaves, but in effect penalized the employees for exercising their legal rights to these leaves." The 26 plaintiffs requested leaves or disability accommodations in the 24 months before being selected for layoffs, the lawsuit said. The layoffs are not yet finalized, but employees are scheduled to start losing their jobs on July 22, the lawsuit said. "These claims lack merit and are not based on facts," said Meta in a statement. "Workforce management and organizational decisions were and are made by people, not AI."

Read more of this story at Slashdot.

Google DeepMind Calls For US To Spearhead AI Standards Body

Google DeepMind chief Demis Hassabis is calling for a U.S.-led AI standards body to review frontier models for national security risks such as cybersecurity and biological threats. His proposal would create a federally overseen public-private organization, initially voluntary and eventually mandatory for U.S. deployment. CNBC reports: Google DeepMind boss Demis Hassabis, a Nobel laureate, said in an article posted on X on Tuesday that "urgent action" was needed to address risks associated with artificial general intelligence (AGI) -- the point at which AI matches or surpasses human intelligence. "We've already seen the challenges frontier models pose for cybersecurity, and other threats including nuclear and bio risks may soon emerge as capabilities continue to advance," he said.

[...] Hassabis said the U.S. was well positioned to lead in developing an AI framework "given its economic and technical standing." "It could establish a new Standards Body modelled on a federally overseen public-private partnership or self-regulatory organisation, much like the Financial Industry Regulatory Authority (FINRA), with a board that includes independent leading technical experts and open-source representatives," he added. FINRA regulates brokerage firms and exchange markets in the U.S.

The proposed body would need "substantial" funding "in order to attract world-class technical talent and provide the necessary compute resources for large-scale testing," Hassabis said. Funding would "likely" come from industry, he added. Frontier labs would initially voluntarily share models with the body for review up to 30 days before release, before becoming mandatory for deployment in the U.S. market after being shown to be "effective." "Specific agentic AI tests could look for attempts to bypass safety guardrails or signs of deception, and ensure best practices, such as digitally watermarking AI-generated images and generating human-readable output tokens to understand model reasoning," Hassabis said. Further reading: Over 200 Economists Say 'We Must Act Now' On AI's Economic Impact

Read more of this story at Slashdot.

Linux Foundation's Latest Foray Is To Standardize Internet-Native Payments For AI Agents

Today, the Linux Foundation launched the x402 Foundation to standardize internet-native payments for AI agents, APIs, and applications, based on Coinbase's contributed x402 protocol. Backed by companies including AWS, American Express, Cloudflare, Google, Mastercard, Stripe, and Visa, the effort aims to make payments work directly over HTTP (assuming users are comfortable letting AI agents handle financial transactions).

"The whole idea is to give agents access to money and, through that financial independence, improve their set of capabilities to pretty much anything on the internet," Lincoln Murr, Coinbase's AI product lead, told CNBC last month when the company announced the protocol. "In the 2010s, every internet company dealt with the transition from desktop and web into a mobile environment. And now in the late 2020s, we're seeing the exact same thing happen where agents are going to be the new primary economic actors on the internet."

Read more of this story at Slashdot.

OnePlus Is Reportedly Shutting Down In the US, Europe

OnePlus will reportedly announce this week that it is shutting down its brand in the U.S. and Europe, following months of signs that parent company Oppo was winding down the brand's global presence. India and China are reportedly unaffected, but it's unclear whether Oppo will replace the brand directly in those markets. The move also raises questions about future support for existing OnePlus users. 9to5Google reports: WinFuture reports that OnePlus is gearing up for an official withdrawal from the U.S. and European markets, with the announcement due in the "coming days" this week. Closed-door press conferences have apparently happened, with no details shared on the exact reason OnePlus as a brand is shutting down in these markets. India and China are, as far as this report claims, not affected. The report, citing "well-informed sources," notes that this OnePlus announcement will come amid "fundamental changes" to Oppo's strategy, but the big point here is the global death of OnePlus.

Read more of this story at Slashdot.

I Never Knew Her Grace

Thomas Hawk posted a photo:

I Never Knew Her Grace

I Never Tell My Decisions to the Ones I Adore

Thomas Hawk posted a photo:

I Never Tell My Decisions to the Ones I Adore

Pipe Dream

Greg Adams Photography posted a photo:

Pipe Dream

Lynnewood Hall is an amazing old Neoclassical Revival Mansion with about 110 rooms located in the Philadelphia suburb of Elkins Park.

Flora, Nude

Thomas Hawk posted a photo:

Flora, Nude

Found Slide -- The Buckley Collection

Thomas Hawk posted a photo:

Found Slide -- The Buckley Collection

Covent Garden, London コヴェント・ガーデン、ロンドン

Mr Mikage (ミスター御影) posted a photo:

Covent Garden, London コヴェント・ガーデン、ロンドン

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

OpenAI hides Codex agent instructions behind encryption, leaving developers in the dark

OpenAI has never been as open as its name suggests and is becoming even less so. The free-spending AI giant recently revised the multi-agent orchestration in its Codex command line interface to encrypt messages passed to subagents. OpenAI's Codex supports multi-agent orchestration, a way to have a parent agent spawn child agents or delegate tasks to other agents that may call out to different models. Codex/GPT-5.6 introduced a protocol called multi-agent v2 that appears to be geared toward letting the runtime allocate work instead of leaving those decisions to user-declared configuration settings. Multi-agent v2 is still under development and OpenAI hasn't formally documented it yet. Developers, however, have observed changes made to Codex to accommodate the new agent plumbing – and some are concerned by the new arrangements. Last month, OpenAI devs merged a pull request (a suggested code change) to encrypt multi-agent v2 message payloads – the text instruction passed between agents. The pull request prefaces its explanatory text with the word "Why" but doesn't actually offer a reason for the change. It states: "Multi-agent v2 currently routes agent instructions through normal tool arguments and inter-agent context. That means the parent model can emit plaintext task text, Codex can persist it in history/rollouts, and the recipient can receive it as ordinary assistant-message JSON. "This changes the v2 path so agent instructions stay encrypted between model calls: Responses [An OpenAI API - Ed] encrypts the message argument returned by the model, Codex forwards only that ciphertext, and Responses decrypts it internally for the recipient model." A desire to enhance privacy and security, or conceal data that would be useful for model distillation, are sound reasons for these changes. Yet OpenAI has not said why it made the change. In the absence of clear communication from OpenAI, developers have urged the company to ensure that its implementation doesn't sacrifice auditability to accommodate other concerns. An issue opened by Ignat Remizov, CTO at payment service Zolvat, says, "The encrypted delivery path is understandable as privacy hardening, but it also removes the human-readable task/message text from local rollout history, trace reduction, and parent-side audit/debug surfaces." Remizov's concern is that developers and code maintainers will have less information to assess the instructions an agent received and the actions it took. "Guys, we don’t want to build Skynet and then be unable to audit what it’s doing," he quips. Other developers, echoing Remizov's concern about the loss of observability, speculate that OpenAI has locked its agent messaging down to keep competitors from seeing how its multi-agent implementation works. OpenAI did not immediately respond to a request for comment. ®

Patchpocalypse Now: Microsoft tops last month's record with 622 Patch Tuesday CVEs

Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high. Redmond’s Patch Tuesday release is once again one for the record books, with everything under the sun getting some security fixes – including 428 non-Microsoft Chromium CVEs affecting Edge that aren’t included in that 622 count. Fifty-eight of those are critical, two are under active exploit, and one has already been publicly disclosed, meaning it could join those other two in short order. There is a lot to dig through, and we can hardly cover the whole gamut given the size of this release. As we noted last month, there was concern in the infosec community that AI-enabled bug hunting might mean massive patch volumes are the new normal. Microsoft didn’t disclose how much AI may have contributed to the massive patch list this month, but given the volume it’s safe to say human contributors probably had some assistance. Microsoft’s massive month To start, let’s cover the pair of actively exploited issues that Microsoft patched. The first, CVE-2026-56155, is an Active Directory Federation Services elevation of privilege vulnerability. Attackers who exploit the issue, which Microsoft only described as being due to “insufficient granularity of access control on ADFS,” could gain administrator privileges. They do need to have access already and be local, however, which is why this is only rated with a CVSS score of 7.8. The second actively exploited vulnerability, CVE-2026-56164, is another privilege elevation issue, this time in Microsoft SharePoint. SharePoint is apparently missing authentication for a critical function, which could let an unauthorized attacker on a network elevate their SharePoint permissions. As with the other issue under exploit, this one is somewhat limited, earning it a CVSS of just 5.3. With both under active exploitation, that score doesn’t matter as much as eliminating the vulnerability through good patch management, however. As for the publicly reported but not-yet-exploited issue, CVE-2026-50661, that involves BitLocker being able to have its security measures physically bypassed by anyone with local access to a BitLocker-secured machine. Now let’s round up a few of those 58 critical issues. Everyone’s favorite untrustworthy AI is packing a CVSS 9.6 remote code execution vulnerability. CVE-2026-48561 finds Copilot improperly neutralizing its input, allowing an unauthorized attacker to execute code with nothing but low-privileged Hyper-V guest access. Exploiting the vulnerability can be done without user awareness by, for example, hosting a malicious website that prompts the many embedded Copilot features of Windows machines to process a prompt upon landing on the page. Microsoft Exchange is suffering from a CVSS 9.6 spoofing vuln due to failure to neutralize input, leading to cross-site scripting being possible from within a maliciously crafted email. CVE-2026-55008 allows an unauthorized attacker to perform spoofing over a network by sending said malicious email to a target, allowing arbitrary JavaScript execution. Finally, we’re not picking out one vulnerability for your third notice in this massive list, but are highlighting a full 16 remote code execution vulnerabilities in Microsoft Office and its associated applications. They’re caused by a variety of issues in the Office suite, like heap-based buffer overflow and use after free vulns, and all are scored around a CVSS 7.8. Needless to say, we recommend following Microsoft’s advice and getting all those hundreds of security patches installed ASAP. Adobe throws mud at critical issues in multiple products Microsoft tends to command the headlines on Patch Tuesday (it’s hard not to when you address more than 600 CVEs in a single day), but Adobe released a bunch of patches across its ecosystem too, 64 unique CVEs across seven bulletins for Commerce, Experience Manager, Creative Cloud Desktop, Illustrator, Content Credentials SDK, ColdFusion, and Animate. Every one of the bulletins included at least a couple of critical CVEs. The highest-severity issue among Adobe’s many Patch Tuesday entries comes in the form of a CVSS 9.9 path traversal vulnerability in ColdFusion that can allow arbitrary code execution. CVE-2026-48318 does not yet appear in online CVE directories, but even with limited information, we’d say a 9.9-level issue is one you want to address with a quickness. The second-worst issue that Adobe addressed today is in its Commerce suite. CVE-2026-48356 is a CVSS 9.6 privilege escalation vulnerability that an attacker can trigger thanks to Commerce failing to restrict the upload of dangerous file types. Adobe Experience Manager also includes a pair of CVSS 9.6 issues (CVE-2026-48259 and CVE-2026-48359). Both allow arbitrary code execution: one because of a server-side request forgery vulnerability, and the other because of improper restriction of XML external entity references. Other notable Patch Tuesday releases Broadcom addressed seven CVEs in its Avi Load Balancer today, which it rates from 7.1 to 9.8 on the CVSS scale. The vulnerabilities include authentication bypass, RCE, privilege escalation, and directory traversal. SAP published 16 security updates and one GitHub advisory today; nine of those updates have a CVSS score of 8.1 or higher. CVE-2026-44747 (CVSS 9.9) is a memory corruption issue in SAP NetWeaver Application Server ABAP that could allow an authenticated attacker to gain unauthorized access to system data; CVE-2026-27690, CVSS 9.1, would let an unauthenticated attacker smuggle an HTTP request through SAP Approuter leading to system unavailability; and CVE-2026-44761, CVSS 9.1, involves the retention of a sample OAuth2 client in SAP Commerce Cloud that isn’t documented and, if known, could let an attacker break in. Let’s hope August is a bit quieter, though, given the fact the past two months have set consecutive records for the number of vulnerabilities Microsoft patched; we have our doubts. Godspeed, sysadmins and security teams. ®

MetaFilter

The past 24 hours of MetaFilter

Stephen Sondheim's "Company" with the New York Philharmonic

Here's the full 2011 filmed performance starring an ensemble cast led by Neil Patrick Harris. It also stars Martha Plimpton, Stephen Colbert, Jon Cryer, Patti LuPone, Christina Hendricks, and Chryssie Whitehead.

From the 1970 original D. A. Pennebaker. 'Barcelona' from the 1996 London performance (with Adrian Lester & Hannah Waddingham...) Adam Driver singing 'Being Alive in 'A marriage story'. "Company" on the blue before.

Coolcations

Coolcations are on the rise, with many tourists heading for northerly climates in the summer whilst Southern Europe swelters and burns. Some travellers are opting for a Northern Camino in Norway, the Wild Atlantic Way, or Golfing in Scotland. So what are mefites up to - are you heading north or south this summer?