Rejus Almole – Page 21

Phishers have found a way to downgrade—not bypass—FIDO MFA

Biz & IT, fido alliance, passkeys, phishing, Security / Rejus Almole / July 19, 2025

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises.

If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely regarded as being immune to credential phishing attacks. After analyzing the Expel write-up, I’m confident that the attack doesn’t bypass FIDO protections, at least not in the sense that the word “bypass” is commonly used in security circles. Rather, the attack downgrades the MFA process to a weaker, non-FIDO-based process. As such, the attack is better described as a FIDO downgrade attack. More about that shortly. For now, let’s describe what Expel researchers reported.

Abusing cross-device sign-ins

Expel said the “novel attack technique” begins with an email that links to a fake login page from Okta, a widely used authentication provider. It prompts visitors to enter their valid user name and password. People who take the bait have now helped the attack group, which Expel said is named PoisonSeed, clear the first big hurdle in gaining unauthorized access to the Okta account.

The FIDO spec was designed to mitigate precisely these sorts of scenarios by requiring users to provide an additional factor of authentication in the form of a security key, which can be a passkey, or physical security key such as a smartphone or dedicated device such as a Yubikey. For this additional step, the passkey must use a unique cryptographic key embedded into the device to sign a challenge that the site (Okta, in this case) sends to the browser logging in.

One of the ways a user can provide this additional factor is by using a cross-device sign-in feature. In the event there is no passkey on the device being used to log in, a user can use a passkey for that site that’s already resident on a different device, which in most cases will be a phone. In these cases, the site being logged into will display a QR code. The user then scans the QR code with the phone, and the normal FIDO MFA process proceeds as normal.

Phishers have found a way to downgrade—not bypass—FIDO MFA Read More »

Court rules Trump broke US law when he fired Democratic FTC commissioner

ftc, Policy, Trump / Rejus Almole / July 19, 2025

“Without removal protections, that independence would be jeopardized… Accordingly, the Court held that the FTC Act’s for-cause removal protections were constitutional,” wrote AliKhan, who was appointed to the District Court by President Biden in 2023.

Judge: Facts almost identical to 1935 case

The Supreme Court reaffirmed its Humphrey’s Executor findings in cases decided in 2010 and 2020, AliKhan wrote. “Humphrey’s Executor remains good law today. Over the span of ninety years, the Supreme Court has declined to revisit or overrule it,” she wrote. Congress has likewise not disturbed FTC commissioners’ removal protection, and “thirteen Presidents have acquiesced to its vitality,” she wrote.

AliKhan said the still-binding precedent clearly supports Slaughter’s case against Trump. “The answer to the key substantive question in this case—whether a unanimous Supreme Court decision about the FTC Act’s removal protections applies to a suit about the FTC Act’s removal protections—seems patently obvious,” AliKhan wrote. “In arguing for a different result, Defendants ask this court to ignore the letter of Humphrey’s Executor and embrace the critiques from its detractors.”

The 1935 case and the present case are similar in multiple ways, the judge wrote. “Humphrey’s Executor involved the exact same provision of the FTC Act that Ms. Slaughter seeks to enforce here: the for-cause removal protection within 15 U.S.C. § 41 prohibiting any termination except for ‘inefficiency, neglect of duty, or malfeasance in office,'” she wrote.

The “facts almost identically mirror those of Humphrey’s Executor,” she continued. In both Roosevelt’s removal of Humphrey and Trump’s removal of Slaughter, the president cited disagreements in priorities and “did not purport to base the removal on inefficiency, neglect of duty, or malfeasance.”

Trump and fellow defendants assert that the current FTC is much different from the 1935 version of the body, saying it now “exercises significant executive power.” That includes investigating and prosecuting violations of federal law, administratively adjudicating claims itself, and issuing rules and regulations to prevent unfair business practices.

Court rules Trump broke US law when he fired Democratic FTC commissioner Read More »

Nothing Phone 3 review: Nothing ventured, nothing gained

android, Features, Nothing, Reviews, smartphones, Tech / Rejus Almole / July 18, 2025

The Nothing Phone 3 is the company’s best phone by a wide margin, but is that enough?

The Nothing Phone 3 has a distinctive design. Credit: Ryan Whitwam

The last few years have seen several smartphone makers pull back or totally abandon their mobile efforts. UK-based Nothing Technologies, however, is still trying to carve out a niche in the increasingly competitive smartphone market. Its tools have been quirky designs and glowing lights, along with a focus on markets outside the US. With the Nothing Phone 3, the company has brought its “first flagship” phone stateside.

Nothing didn’t swing for the fences with the Phone 3’s specs, but this device can hold its own with the likes of OnePlus and Google. Plus, it has that funky Nothing design aesthetic. There’s a transparent back, a tiny dot matrix screen, and a comprehensive Android skin. But at the end of the day, the Nothing Phone 3 is not treading new ground.

Designing Nothing

Despite Nothing’s talk about unique designs, the Nothing Phone 3 looks unremarkable from the front. The bezels are slim and symmetrical all the way around the screen. Under a sheet of Gorilla Glass 7i, it has a 6.67-inch 120Hz OLED screen with an impressive 1260 x 2800 resolution. It hits 4,500 nits of brightness, which is even higher than Google and Samsung phones. It’s more than bright enough to be readable outdoors, and the touch sensitivity is excellent—sometimes too excellent, as we’ve noticed a few accidental edge touches.

Specs at a glance: Nothing Phone 3
SoC	Snapdragon 8s Gen 4
Memory	12GB, 16GB
Storage	256GB, 512GB
Display	1260 x 2800 6.67″ OLED, 120 Hz
Cameras	50MP primary, f/1.7, OIS; 50MP ultrawide, f/2.2; 50MP 3x telephoto, f/2.7, OIS; 50MP selfie, f/2.2
Software	Android 15, 5 years of OS updates
Battery	5,150 mAh, 65 W wired charging, 15 W wireless charging
Connectivity	Wi-Fi 7, NFC, Bluetooth 6.0, sub-6 GHz 5G, USB-C 3.2
Measurements	160.6 x 75.6 x 9 mm; 218 g

Like many other phones, the Nothing Phone 3 has an optical fingerprint sensor under the display. It’s quick and accurate, but it’s a bit too low (barely a pinky finger’s width from the bottom of the device). As an optical sensor, it’s also very bright in a dark room. Similar phones from Google and Samsung have faster and less disruptive ultrasonic fingerprint sensors.

Nothing Phone 3 home screen — Nothing OS is a great Android skin. Credit: Ryan Whitwam

The overall shape of the phone is almost the same as current Samsung, Apple, and Google phones, but it’s closest to the Pixel 9 series. The IP68-rated body has the same minimalist aesthetic as those other phones, with flat edges and rounded corners. The aluminum frame curves in to merge seamlessly with the front and rear glass panels. It has a matte finish, making it reasonably grippy in the hand. Nothing includes a clear case in the box—we appreciate the effort, but the case feels very cheap and will probably discolor after a couple of months of use.

You won’t see anything extravagant like a headphone jack or IR blaster. The volume and power buttons are flat, tactile, and very stable, with no discernible wiggle. Below the power button is the Essential Key, a convex button that plugs into Nothing’s on-device AI features (more on that later). It’s a delight for button-lovers, but it can be too easy to accidentally press when picking up the phone. And no, you can’t remap the button to do something else.

Nothing Phone 3 side — The Essential Button has a nice feel, but it’s too easy to mistake for the power button. Credit: Ryan Whitwam

It’s not until you get to the back that the Nothing Phone 3 stands out. The back has a clear panel of extra-strong Gorilla Glass Victus, but you’re not seeing the phone’s internals through it. The panels under the glass have slightly different colors and textures and were chosen to create an interesting visual effect. It’s certainly eye-catching, but whether or not you like it is a matter of taste. The camera sensors are near the top in a staggered arrangement, right across from the “Glyph Matrix.”

The monochrome Glyph Matrix is Nothing’s replacement for the Glyph light bars on its older phones. A pressure-sensitive button under the glass can be pressed to switch between various display options, some of which might occasionally be useful, like a clock and battery monitor. There are also less useful “Glyph toys” like a Magic 8-ball, a low-fi mirror, and a Rock, Paper, Scissors simulator. It can also display call and status notifications, for instance letting you know when Do Not Disturb is activated or when you have a missed call. Or you can just turn the phone over and use the full display.

Nothing Phone 3 Glyph — The Glyph matrix is a gimmick, but it does look cool. Credit: Ryan Whitwam

There’s only so much you can do with 489 LEDs and a single button, which makes some of the toys frustrating. For example, you have to long-press to stop the stopwatch, which defeats the purpose, and the selfie mirror is very difficult to use for framing a photo. The Glyph dot matrix is fun to play around with, but it’s just a gimmick. Really, how much time do you spend looking at the back of your phone? Checking the time or playing Rock, Paper, Scissors is not a game-changer, even if the display is visually interesting.

Flagship-ish performance

Nothing says this is a flagship phone, but it doesn’t have Qualcomm’s flagship mobile processor. While you’ll find the Snapdragon 8 Elite in most high-end devices today, Nothing went with the slightly more modest Snapdragon 8s Gen 4. It doesn’t have the Oryon CPU cores, relying instead on eight Arm reference cores, along with a slower GPU.

Nothing Phone 3 and Pixel 9 Pro XL — The Nothing Phone 3 (left) is about the same size and shape as the Pixel 9 Pro XL (right). Credit: Ryan Whitwam

What does that mean for the speeds and feeds? The Nothing Phone 3 doesn’t keep up with high-end devices like the Galaxy S25 in benchmarks, but it’s no slouch, either. In fact, the Snapdragon 8s Gen 4 beats Google’s latest Tensor chip featured in the Pixel 9 series.

As expected, the standard Arm cores fall behind the custom Oryon CPUs in Geekbench, running about 40 percent behind Qualcomm’s best processor. However, the gulf is much narrower in graphics because the Adreno 825 in the Nothing Phone 3 is very similar to the 830 used in Snapdragon 8 Elite phones.

So you could see better gaming performance with a phone like the Galaxy S25 compared to the Nothing Phone 3, but only if you’re playing something very graphically intensive. Even when running these devices side by side, we have a hard time noticing any loss of fidelity on the Nothing Phone 3. It performs noticeably better in high-end games compared to the latest Pixels, though. The Phone 3 maintains performance fairly well under load, only losing 25 to 30 percent at peak temperature. The body of the phone does get uncomfortably hot, but that’s better than overheating the processor.

That modest drop in CPU performance benchmarks does not equate to a poor user experience. The Nothing Phone 3 is very snappy, opening apps quickly and handling rapid multitasking without hesitation. The animations also have a Google level of polish.

Nothing managed to fit a 5,150 mAh battery in this phone, which is a bit larger than even the Galaxy S25 Ultra at 5,000 mAh. The battery life is strong, with the phone easily making it all day—no range anxiety. It won’t last through a second day on a single charge, though. Just like a Pixel or Galaxy phone, you’ll want to plug the Nothing Phone 3 in every night.

But you don’t necessarily have to save your charging for nighttime. The Nothing Phone 3 offers 65 W wired charging, which is much faster than what you get from Google, Samsung, or Apple phones. If the battery gets low, just a few minutes connected to almost any USB-PD charger will get you enough juice to head out the door. You also get 15 W wireless charging, but it doesn’t support the magnetic Qi 2 standard.

We’ve had no problems using the Phone 3 on T-Mobile, and Nothing says AT&T is also fully supported. However, there’s no official support for Verizon. The phone has all the necessary sub-6GHz 5G bands, but you may have trouble activating it as a new device on Verizon’s network.

Upgraded cameras

A camera upgrade was a necessary part of making this device a “flagship” phone, so Nothing equipped the Phone 3 with a solid array of sensors, ensuring you’ll get some good shots. They won’t all be good, though.

Nothing Phone 3 back — The clear glass shows off subtly differing blocks and a button to control the Glyph Matrix display. Credit: Ryan Whitwam

The Nothing Phone 3 has a quartet of 50 MP sensors, including a wide-angle, a 3x telephoto, and an ultrawide on the back. The front-facing selfie camera is also 50 MP. While you can shoot in 50 MP mode, smartphone camera sensors are designed with pixel binning in mind. The phone outputs 12.5 MP images, leaning on merged pixel elements to brighten photos and speed up captures. We’ve found Nothing’s color balance and exposure to be very close to reality, and the dynamic range is good enough that you don’t have to worry about overly bright or dim backgrounds ruining a shot.

The Nothing Phone 3 cameras can produce sharp details, but some images tend to look overprocessed and “muddy.” However, the biggest issue is shutter lag—there’s too much of it. It seems like the phone is taking too long to stack and process images. So even outdoors and with a high shutter speed, a moving subject can look blurry. It’s challenging to snap a clear photo of a hyperactive kid or pet. In low-light settings, the shutter lag becomes worse, making it hard to take a sharp photo. Night mode shots are almost always a bit fuzzy.

Low indoor light. Ryan Whitwam

Photos of still subjects are generally good, and you can get some nice ones with the ultrawide camera. Landscapes look particularly nice, and the camera has autofocus for macro shots. This mode doesn’t activate automatically when you move in, so you have to remember it’s there. It’s worth remembering, though.

The telephoto sensor uses a periscope-style lens, which we usually see on sensors with 5x or higher zoom factors. This one is only 3x, so it will get you somewhat closer to your subject without cropping, but don’t expect the same quality you’d get from a Pixel or Samsung phone.

In its sub-flagship price range, we’d put the Nothing Phone 3 camera experience on par with Motorola. A device like the OnePlus 13R or Pixel 9a will take better pictures, but the Nothing Phone 3 is good enough unless mobile photography is at the top of your requirements.

Great software, plus an AI button

Nothing isn’t beating Samsung to the punch with Android 16—the first new phone to launch with Google’s latest OS will be the Z Fold 7 and Z Flip 7 later this month. Nothing is releasing its phone with Android 15 and Nothing OS 3.5, but an Android 16 update is promised soon. There’s not much in the first Android 16 release to get excited about, though, and in the meantime, Nothing OS is actually quite good.

Nothing’s take on Android makes changes to almost every UI element, which is usually a recipe for Samsung levels of clutter. However, Nothing remains true to its minimalist aesthetic throughout the experience. The icon styling is consistent and attractive, Nothing’s baked-in apps are cohesive, and the software includes some useful home screen options and widgets. Nothing also made a few good functional changes to Android, including a fully configurable quick settings panel and a faster way to clear your recent apps.

We’ve encountered a few minor bugs, like the weather widget that won’t show freedom units and a back gesture that can be a little finicky. Nothing’s Android skin is also very distinctive compared to other OEM themes. Not everyone will like the “dot matrix” vibe of Nothing OS, but it’s one of the more thoughtfully designed Android skins we’ve seen.

Nothing Phone 3 software — Nothing OS has a distinctive look. Credit: Ryan Whitwam

Like every other 2025 smartphone, there’s an AI angle here. Nothing has a tool called Essential Space that ties into the aforementioned Essential Key. When you press the button, it takes a screenshot you can add notes to. It logs that in Essential Space and turns an AI loose on it to glean important details. It can create to-do lists and reminders based on the images, but those suggestions are misses as often as they are hits. There’s also no search function like the Google Pixel Screenshots app, which seems like a mistake. You can hold the essential key to record a voice memo, which goes through a similar AI process.

There are also some privacy caveats with Essential Space. The screenshots you save are uploaded to a remote server for processing, but Nothing says it won’t store any of that data. Your voice notes are processed on-device, but it would be nice if images were as well.

Nothing has part of a good idea with its mobile AI implementation, but it’s not as engaging as what we’ve seen from Google. And it’s not as if Google’s use of AI is essential to the mobile experience. The Nothing Phone 3 also gets the standard Gemini integration, and Google’s chatbot will probably get much more use than Essential Space.

Nothing has promised five years of major Android version updates, and there will be two additional years of security patches after that. Nothing is still a very new company, though, and there’s no guarantee it will still be around in seven years. If we assume the best, this is a good update policy, surpassing Motorola and OnePlus but not quite at the level of Google or Samsung, both of which offer seven years of full update support.

Different but not that different

The Nothing Phone 3 is a good smartphone, and it’s probably the best piece of hardware the company has made in its short run. The performance is snappy, the software is thoughtfully designed, and the hardware, while gimmicky, is solid and visually interesting. If you prefer a more understated look or plan to encapsulate your phone in the most durable case you can find, this is not the phone for you.

Nothing’s Glyph Matrix is fun to play with, but it’s the kind of thing you’ll write off after some time with the phone. You can only play so many games of Rock, Paper, Scissors before the novelty wears off. Nothing is not alone in going down this path—Asus has a dot matrix on its ROG gaming phones, and Xiaomi has slapped full LCDs on the back of a few of its devices. It’s really no different from the days when OEMs tinkered with secondary ticker displays and rear-facing e-paper screens. Those weren’t very useful, either.

Nothing did all it could to make the secondary display attractive, but even if it came up with a truly great idea, there’s little utility in a screen on the back of your phone. The transparent design and dot matrix screen help the phone stand out from the crowd, but not because they’re doing anything radical. This is still a pretty typical glass sandwich smartphone, like most other 2025 offerings.

At $799, the Nothing Phone 3 is competing with devices like the Pixel 9 and OnePlus 13, both of which have it beat in the camera department, and the OnePlus phone is faster. Meanwhile, Google also has better update support. If you buy the Nothing Phone 3, it should be because you genuinely like the hardware and software design, and there’s very little bad to say about Nothing OS. Otherwise, there are better options for the same or less money.

The good

Excellent build quality with IP68 rating
Nothing OS looks and works great
Good performance
Glyph Matrix looks cool

The bad

Glyph Matrix is an unnecessary gimmick
AI features are still not very useful
Cameras have noticeable shutter lag
Verizon not officially supported

Ryan Whitwam is a senior technology reporter at Ars Technica, covering the ways Google, AI, and mobile technology continue to change the world. Over his 20-year career, he’s written for Android Police, ExtremeTech, Wirecutter, NY Times, and more. He has reviewed more phones than most people will ever own. You can follow him on Bluesky, where you will see photos of his dozens of mechanical keyboards.

Nothing Phone 3 review: Nothing ventured, nothing gained Read More »

ChatGPT’s new AI agent can browse the web and create PowerPoint slideshows

agentic AI, AI, AI agents, AI assistants, AI behavior, AI benchmarks, AI development tools, AI programming, AI research, AI safety, AI security, AI work, Automation, Biz & IT, browser automation, chatgpt, ChatGPT agent, computer use model, machine learning, multimodal AI, openai, sam altman, task automation / Rejus Almole / July 18, 2025

On Thursday, OpenAI launched ChatGPT Agent, a new feature that lets the company’s AI assistant complete multi-step tasks by controlling its own web browser. The update merges capabilities from OpenAI’s earlier Operator tool and the Deep Research feature, allowing ChatGPT to navigate websites, run code, and create documents while users maintain control over the process.

The feature marks OpenAI’s latest entry into what the tech industry calls “agentic AI“—systems that can take autonomous multi-step actions on behalf of the user. OpenAI says users can ask Agent to handle requests like assembling and purchasing a clothing outfit for a particular occasion, creating PowerPoint slide decks, planning meals, or updating financial spreadsheets with new data.

The system uses a combination of web browsers, terminal access, and API connections to complete these tasks, including “ChatGPT Connectors” that integrate with apps like Gmail and GitHub.

While using Agent, users watch a window inside the ChatGPT interface that shows all of the AI’s actions taking place inside its own private sandbox. This sandbox features its own virtual operating system and web browser with access to the real Internet; it does not control your personal device. “ChatGPT carries out these tasks using its own virtual computer,” OpenAI writes, “fluidly shifting between reasoning and action to handle complex workflows from start to finish, all based on your instructions.”

A still image from an OpenAI ChatGPT Agent promotional demo video showing the AI agent searching for flights. Credit: OpenAI

Like Operator before it, the agent feature requires user permission before taking certain actions with real-world consequences, such as making purchases. Users can interrupt tasks at any point, take control of the browser, or stop operations entirely. The system also includes a “Watch Mode” for tasks like sending emails that require active user oversight.

Since Agent surpasses Operator in capability, OpenAI says the company’s earlier Operator preview site will remain functional for a few more weeks before being shut down.

Performance claims

OpenAI’s claims are one thing, but how well the company’s new AI agent will actually complete multi-step tasks will vary wildly depending on the situation. That’s because the AI model isn’t a complete form of problem-solving intelligence, but rather a complex master imitator. It has some flexibility in piecing a scenario together but also many blind spots. OpenAI trained the agent (and its constituent components) using examples of computer usage and tool usage; whatever falls outside of the examples absorbed from training data will likely still prove difficult to accomplish.

ChatGPT’s new AI agent can browse the web and create PowerPoint slideshows Read More »

EU presses pause on probe of X as US trade talks heat up

content moderation, elon musk, EU, Policy, syndication, X, xAI / Rejus Almole / July 17, 2025

While Trump and Musk have fallen out this year after developing a political alliance on the 2024 election, the US president has directly attacked EU penalties on US companies calling them a “form of taxation” and comparing fines on tech companies with “overseas extortion.”

Despite the US pressure, commission president Ursula von der Leyen has explicitly stated Brussels will not change its digital rule book. In April, the bloc imposed a total of €700 million fines on Apple and Facebook owner Meta for breaching antitrust rules.

But unlike the Apple and Meta investigations, which fall under the Digital Markets Act, there are no clear legal deadlines under the DSA. That gives the bloc more political leeway on when it announces its formal findings. The EU also has probes into Meta and TikTok under its content moderation rule book.

The commission said the “proceedings against X under the DSA are ongoing,” adding that the enforcement of “our legislation is independent of the current ongoing negotiations.”

It added that it “remains fully committed to the effective enforcement of digital legislation, including the Digital Services Act and the Digital Markets Act.”

Anna Cavazzini, a European lawmaker for the Greens, said she expected the commission “to move on decisively with its investigation against X as soon as possible.”

“The commission must continue making changes to EU regulations an absolute red line in tariff negotiations with the US,” she added.

Alongside Brussels’ probe into X’s transparency breaches, it is also looking into content moderation at the company after Musk hosted Alice Weidel of the far-right Alternative for Germany for a conversation on the social media platform ahead of the country’s elections.

Some European lawmakers, as well as the Polish government, are also pressing the commission to open an investigation into Musk’s Grok chatbot after it spewed out antisemitic tropes last week.

X said it disagreed “with the commission’s assessment of the comprehensive work we have done to comply with the Digital Services Act and the commission’s interpretation of the Act’s scope.”

EU presses pause on probe of X as US trade talks heat up Read More »

Steam cracks down on some sex games to appease payment processors

gaming, sex, steam / Rejus Almole / July 17, 2025

Valve’s famously permissive rules for what games are and are not allowed on Steam got a little less permissive this week, seemingly in response to outside pressure from some of its partner companies. In a Tuesday update to the “Rules and Guidelines” section of Steam’s Onboarding Documentation, the company added a new rule prohibiting “Content that may violate the rules and standards set forth by Steam’s payment processors and related card networks and banks, or Internet network providers. In particular, certain kinds of adult only content.”

On its own, the new rule seems rather vague, with no details on which of the many kinds of “adult only content” would belong in the “certain” subset prohibited by these unnamed payment processors and ISPs. But the trackers over at SteamDB noticed that the publication of the new rule coincides with the removal of dozens of Steam games whose titles make reference to incest, along with a handful of sex games referencing “slave” or “prison” imagery.

Holding the keys to the bank

Valve isn’t alone in having de facto restrictions on content imposed on it by outside payment processors. In 2022, for instance, Visa suspended all payments to Pornhub’s ad network after the adult video site was accused of profiting from child sexual abuse materials. And PayPal has routinely disallowed payments to file-sharing sites and VPN providers over concerns surrounding piracy of copyrighted materials.

Steam cracks down on some sex games to appease payment processors Read More »

Congress moves to reject bulk of White House’s proposed NASA cuts

congress, human spaceflight, NASA, nasa budget, Science, solar system, Space, space policy, space science / Rejus Almole / July 16, 2025

Fewer robots, more humans

The House version of NASA’s fiscal year 2026 budget includes $9.7 billion for exploration programs, a roughly 25 percent boost over NASA’s exploration budget for 2025, and 17 percent more than the Trump administration’s request in May. The text of the House bill released publicly doesn’t include any language explicitly rejecting the White House’s plan to terminate the SLS and Orion programs after two more missions.

Instead, it directs NASA to submit a five-year budget profile for SLS, Orion, and associated ground systems to “ensure a crewed launch as early as possible.” A five-year planning budget seems to imply that the House committee wants SLS and Orion to stick around. The White House budget forecast zeros out funding for both programs after 2028.

The House also seeks to provide more than $4.1 billion for NASA’s space operations account, a slight cut from 2025 but well above the White House’s number. Space operations covers programs like the International Space Station, NASA’s Commercial Crew Program, and funding for new privately owned space stations to replace the ISS.

Many of NASA’s space technology programs would also be salvaged in the House budget, which allocates $913 million for tech development, a reduction from the 2025 budget but still an increase over the Trump administration’s request.

The House bill’s cuts to science and space technology, though more modest than those proposed by the White House, would still likely result in cancellations and delays for some of NASA’s robotic space missions.

Rep. Grace Meng (D-NY), the senior Democrat on the House subcommittee responsible for writing NASA’s budget, called out the bill’s cut to the agency’s science portfolio.

“As other countries are racing forward in space exploration and climate science, this bill would cause the US to fall behind by cutting NASA’s account by over $1.3 billion,” she said Tuesday.

Lawmakers reported the Senate spending bill to the full Senate Appropriations Committee last week by voice vote. Members of the House subcommittee advanced their bill to the full committee Tuesday afternoon by a vote of 9-6.

The budget bills will next be sent to the full appropriations committees of each chamber for a vote and an opportunity for amendments, before moving on to the floor for a vote by all members.

It’s still early in the annual appropriations process, and a final budget bill is likely months away from passing both houses of Congress and heading to President Donald Trump’s desk for signature. There’s no guarantee Trump will sign any congressional budget bill, or that Congress will finish the appropriations process before this year’s budget runs out on September 30.

Congress moves to reject bulk of White House’s proposed NASA cuts Read More »

Merger of two massive black holes is one for the record books

astronomy, astrophysics, black hole mergers, black holes, gravitational waves, LIGO/VIRGO/KAGRA, Physics, Science / Rejus Almole / July 15, 2025

Physicists with the LIGO/Virgo/KAGRA collaboration have detected the gravitational wave signal (dubbed GW231123) of the most massive merger between two black holes yet observed, resulting in a new black hole that is 225 times more massive than our Sun. The results were presented at the Edoardo Amaldi Conference on Gravitational Waves in Glasgow, Scotland.

The LIGO/Virgo/KAGRA collaboration searches the universe for gravitational waves produced by the mergers of black holes and neutron stars. LIGO detects gravitational waves via laser interferometry, using high-powered lasers to measure tiny changes in the distance between two objects positioned kilometers apart. LIGO has detectors in Hanford, Washington, and in Livingston, Louisiana. A third detector in Italy, Advanced Virgo, came online in 2016. In Japan, KAGRA is the first gravitational-wave detector in Asia and the first to be built underground. Construction began on LIGO-India in 2021, and physicists expect it will turn on sometime after 2025.

To date, the collaboration has detected dozens of merger events since its first Nobel Prize-winning discovery. Early detected mergers involved either two black holes or two neutron stars. In 2021, LIGO/Virgo/KAGRA confirmed the detection of two separate “mixed” mergers between black holes and neutron stars.

A tour of Virgo. Credit: EGO-Virgo

LIGO/Virgo/KAGRA started its fourth observing run in 2023, and by the following year had announced the detection of a signal indicating a merger between two compact objects, one of which was most likely a neutron star. The other had an intermediate mass—heavier than a neutron star and lighter than a black hole. It was the first gravitational-wave detection of a mass-gap object paired with a neutron star and hinted that the mass gap might be less empty than astronomers previously thought.

Merger of two massive black holes is one for the record books Read More »

Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks

bitfl, bitflips, Biz & IT, GPUs, NVIDIA, rowhammer, Security / Rejus Almole / July 15, 2025

GPUhammer is the first to flip bits in onboard GPU memory. It likely won’t be the last.

The Nvidia RTX-A6000. Credit: Nvidia

Nvidia is recommending a mitigation for customers of one of its GPU product lines that will degrade performance by up to 10 percent in a bid to protect users from exploits that could let hackers sabotage work projects and possibly cause other compromises.

The move comes in response to an attack a team of academic researchers demonstrated against Nvidia’s RTX A6000, a widely used GPU for high-performance computing that’s available from many cloud services. A vulnerability the researchers discovered opens the GPU to Rowhammer, a class of attack that exploits physical weakness in DRAM chip modules that store data.

Rowhammer allows hackers to change or corrupt data stored in memory by rapidly and repeatedly accessing—or hammering—a physical row of memory cells. By repeatedly hammering carefully chosen rows, the attack induces bit flips in nearby rows, meaning a digital zero is converted to a one or vice versa. Until now, Rowhammer attacks have been demonstrated only against memory chips for CPUs, used for general computing tasks.

Like catastrophic brain damage

That changed last week as researchers unveiled GPUhammer, the first known successful Rowhammer attack on a discrete GPU. Traditionally, GPUs were used for rendering graphics and cracking passwords. In recent years, GPUs have become the workhorses for tasks such as high-performance computing, machine learning, neural networking, and other AI uses. No company has benefited more from the AI and HPC boom than Nvidia, which last week became the first company to reach a $4 trillion valuation. While the researchers demonstrated their attack against only the A6000, it likely works against other GPUs from Nvidia, the researchers said.

The researchers’ proof-of-concept exploit was able to tamper with deep neural network models used in machine learning for things like autonomous driving, healthcare applications, and medical imaging for analyzing MRI scans. GPUHammer flips a single bit in the exponent of a model weight—for example in y, where a floating point is represented as x times 2^y. The single bit flip can increase the exponent value by 16. The result is an altering of the model weight by a whopping 2¹⁶, degrading model accuracy from 80 percent to 0.1 percent, said Gururaj Saileshwar, an assistant professor at the University of Toronto and co-author of an academic paper demonstrating the attack.

“This is like inducing catastrophic brain damage in the model: with just one bit flip, accuracy can crash from 80% to 0.1%, rendering it useless,” Saileshwar wrote in an email. “With such accuracy degradation, a self-driving car may misclassify stop signs (reading a stop sign as a speed limit 50 mph sign), or stop recognizing pedestrians. A healthcare model might misdiagnose patients. A security classifier may fail to detect malware.”

In response, Nvidia is recommending users implement a defense that could degrade overall performance by as much as 10 percent. Among machine learning inference workloads the researchers studied, the slowdown affects the “3D U-Net ML Model” the most. This model is used for an array of HPC tasks, such as medical imaging.

The performance hit is caused by the resulting reduction in bandwidth between the GPU and the memory module, which the researchers estimated as 12 percent. There’s also a 6.25 percent loss in memory capacity across the board, regardless of the workload. Performance degradation will be the highest for applications that access large amounts of memory.

A figure in the researchers’ academic paper provides the overhead breakdowns for the workloads tested.

Overheads of enabling ECC in A6000 GPU for MLPerf Inference and CUDA samples benchmarks. Credit: Lin et al.

Rowhammer attacks present a threat to memory inside the typical laptop or desktop computer in a home or office, but most Rowhammer research in recent years has focused on the threat inside cloud environments. That’s because these environments often allot the same physical CPU or GPU to multiple users. A malicious attacker can run Rowhammer code on a cloud instance that has the potential to tamper with the data a CPU or GPU is processing on behalf of a different cloud customer. Saileshwar said that Amazon Web Services and smaller providers such as Runpod and Lambda Cloud all provide A6000s instances. (He added that AWS enables a defense that prevents GPUhammer from working.)

Not your parents’ Rowhammer

Rowhammer attacks are difficult to perform for various reasons. For one thing, GPUs access data from GDDR (graphics double data rate) physically located on the GPU board, rather than the DDR (double data rate) modules that are separate from the CPUs accessing them. The proprietary physical mapping of the thousands of banks inside a typical GDDR board is entirely different from their DDR counterparts. That means that hammering patterns required for a successful attack are completely different. Further complicating attacks, the physical addresses for GPUs aren’t exposed, even to a privileged user, making reverse engineering harder.

GDDR modules also have up to four times higher memory latency and faster refresh rates. One of the physical characteristics Rowhammer exploits is that the increased frequency of accesses to a DRAM row disturbs the charge in neighboring rows, introducing bit flips in neighboring rows. Bit flips are much harder to induce with higher latencies. GDDR modules also contain proprietary mitigations that can further stymie Rowhammer attacks.

In response to GPUhammer, Nvidia published a security notice last week reminding customers of a protection formally known as system-level error-correcting code. ECC works by using what are known as memory words to store redundant control bits next to the data bits inside the memory chips. CPUs and GPUs use these words to quickly detect and correct flipped bits.

GPUs based on Nvidia’s Hopper and Blackwell architectures already have ECC turned on. On other architectures, ECC is not enabled by default. The means for enabling the defense vary by the architecture. Checking the settings in Nvidia GPUs designated for data centers can be done out-of-band using a system’s BMC (baseboard management controller) and software such as Redfish to check for the “ECCModeEnabled” status. ECC status can also be checked using an in-band method that uses the system CPU to probe the GPU.

The protection does come with its limitations, as Saileshwar explained in an email:

On NVIDIA GPUs like the A6000, ECC typically uses SECDED (Single Error Correction, Double Error Detection) codes. This means Single-bit errors are automatically corrected in hardware and Double-bit errors are detected and flagged, but not corrected. So far, all the Rowhammer bit flips we detected are single-bit errors, so ECC serves as a sufficient mitigation. But if Rowhammer induces 3 or more bit flips in a ECC code word, ECC may not be able to detect it or may even cause a miscorrection and a silent data corruption. So, using ECC as a mitigation is like a double-edged sword.

Saileshwar said that other Nvidia chips may also be vulnerable to the same attack. He singled out GDDR6-based GPUs in Nvidia’s Ampere generation, which are used for machine learning and gaming. Newer GPUs, such as the H100 (with HBM3) or RTX 5090 (with GDDR7), feature on-die ECC, meaning the error detection is built directly into the memory chips.

“This may offer better protection against bit flips,” Saileshwar said. “However, these protections haven’t been thoroughly tested against targeted Rowhammer attacks, so while they may be more resilient, vulnerability cannot yet be ruled out.”

In the decade since the discovery of Rowhammer, GPUhammer is the first variant to flip bits inside discrete GPUs and the first to attack GDDR6 GPU memory modules. All attacks prior to GPUhammer targeted CPU memory chips such as DDR3/4 or LPDDR3/4.

That includes this 2018 Rowhammer variant. While it used a GPU as the hammer, the memory being targeted remained LPDDR3/4 memory chips. GDDR forms of memory have a different form factor. It follows different standards and is soldered onto the GPU board, in contrast to LPDDR, which is in a chip located on hardware apart from the CPUs.

Besides Saileshwar, the researchers behind GPUhammer include Chris S. Lin and Joyce Qu from the University of Toronto. They will be presenting their research next month at the 2025 Usenix Security Conference.

Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.

Nvidia chips become the first GPUs to fall to Rowhammer bit-flip attacks Read More »

Species at 30 makes for a great guilty pleasure

culture, Entertainment, film, film anniversaries, h.r.giger, MGM, Michael Madsen, species / Rejus Almole / July 14, 2025

Sure, the plot lacks originality, but it’s a solid B movie—and H.R. Giger designed the alien life form.

Earlier this month, Hollywood mourned the passing of Michael Madsen, a gifted actor best known for his critically acclaimed roles in Reservoir Dogs, Kill Bill, and Donnie Brasco, among others. Few obituaries have mentioned one of his lesser-known roles: a black ops mercenary hired to help hunt down an escaped human/alien hybrid in 1995’s Species. The sci-fi thriller turns 30 this year, and while it garnered decidedly mixed reviews upon release, the film holds up quite well as a not-quite-campy B monster movie that makes for a great guilty pleasure.

(Many spoilers below.)

Screenwriter Dennis Feldman (The Golden Child) was partially inspired by an Arthur C. Clarke article discussing how the odds were slim that an extraterrestrial craft would ever visit Earth, given the great distances that would need to be traversed (assuming that traveling faster than the speed of light would be highly unlikely). Feldman was intrigued by the prospect of making extraterrestrial contact via information— specifically, alien instructions on how to build an instrument that could talk to terrestrial humans.

That instrument wouldn’t be mechanical but organic, enabling an extraterrestrial visitor to adapt to Earth via combined DNA. Furthermore, rather than viewing projects like SETI or the Voyager missions—both of which sent transmissions containing information about Earth—as positive, Feldman considered them potentially dangerous, essentially inviting predators to target Earth’s inhabitants. His alien would be a kind of bioweapon. The result was Species, which began as a spec script that eventually attracted the interest of MGM and director Roger Donaldson (The Bounty, No Way Out).

The premise is that the US government receives a response to the transmissions set into space: One message gives instructions on a new fuel source; the other contains explicit instructions on how to create an alien DNA sample and splice it with that of a human. Dr. Xavier Fitch (Ben Kingsley) is the scientist in charge of conducting the latter experiment, and the result is Sil (played as a young girl by Michelle Williams), a female alien/human hybrid they believed would have “docile and controllable” traits.

In just three months, Sil develops into a 12-year-old girl. But she starts exhibiting odd behavior as she sleeps, indicative of violent tendencies. Fitch decides to terminate the experiment, which means killing Sil by filling her containment cell with cyanide gas. A betrayed Sil breaks out of her cell and escapes. Fitch (who is the worst) puts together a crack team to track her down and eliminate her: mercenary Preston Lennox (Madsen); a molecular biologist named Dr. Laura Baker (a pre-CSI Marg Helgenberger); anthropologist Dr. Stephen Arden (Alfred Molina), and an “empath” named Dan Smithson (Forest Whitaker).

An experiment run amok

Preston Lennox (Michael Madsen), Dan Smithson (Forest Whitaker), Dr. Xavier Fitch (Ben Kingsley), and Dr. Laura Baker (Marg Helgenberger) must hunt down an escaped alien/human hybrid. MGM

Sil won’t be easy to find. Not only does she evade detection and hop on a train to Los Angeles, but she also transforms into a cocoon stage en route, emerging as a fully grown female (Natasha Henstridge) upon arrival. She’s smart and resourceful, too—and very deadly when she feels her survival is threatened, which is often. The team must locate Sil before she manages to mate and produce equally rapid-developing offspring. At least they can follow all the bodies: a tramp on the train, a train conductor, a young woman in a nightclub, a rejected suitor, etc. Of course, she finally manages to mate—with an unsuspecting Arden, no less—and gives birth in the labyrinthine LA sewers, before she and her hybrid son meet their grisly demises.

One can only admire H.R. Giger’s striking alien design; he wanted to create a monster who was “an aesthetic warrior, also sensual and deadly,” and he very much delivered on that vision. He had also wanted several stages of development for Sil, but in the end, the filmmakers kept things simple, limiting themselves to the cocoon stage that shepherded young Sil through puberty and Sil’s final alien maternal form with translucent skin—described as being “like a glass body but with carbon inside.”

That said, Giger didn’t much care for the final film. He thought it was much too similar to the Alien franchise, which boasts his most famous creature design, the xenomorph. For instance, there is the same punching tongue (Giger had wanted to incorporate barbed hooks for Sil), and Sil giving birth seems eerily akin to Alien‘s famous “chestburster” scene. Giger did manage to convince the director to have the team ultimately take out Sil with a fatal shot to the head rather than with flame-throwers, which he felt was too derivative of Alien 3 and Terminator 2: Judgement Day.

Giger had a point: Species is not particularly ground-breaking or original in terms of plot or the nature of the alien posing a threat to humankind. The dialogue is uninspired (occasionally downright trite) and the characters aren’t well developed, most notably Kingsley’s weak-willed amoral scientist and Whitaker’s reluctant empath—both exceptionally gifted actors who are largely wasted here. Poor Whitaker is reduced to looking broody and stating the obvious about whatever Sil might be “feeling.” There are gestures toward themes that are never fully explored, and the outcome is predictable, right down to the final twist.

The mating game

Sil picks up a potential mate (Anthony Guidera) at ta local club. MGM

But there’s also plenty to like about Species. Madsen and Helgenberger give strong performances and have excellent on-screen chemistry; their sweetly awkward sex scene is the antithesis of Sil’s far more brutal approach—in fact, Sil learns more about the subtleties of seduction by eavesdropping on the pair. And the film is well-paced, with all the right beats and memorable moments for a successful sci-fi thriller.

Former model Henstridge acquits herself just fine in her debut role. Much was made in the press of Henstridge’s nude scenes, but while her beauty is used to great effect, it’s the character of Sil and her journey that compels our attention the most, along with our shifting emotions toward her. Young Sil is sympathetic, the result of an unethical science experiment. She didn’t ask to be born and has little control over what is happening to her. But she does want to live (hence her escape) and is genuinely scared when she begins to transform into her cocoon on the train.

Our sympathy is tested when adult Sil brutally kills a kindly train conductor, and then a romantic rival in a nightclub, both in a very gruesome manner. We might be able to rationalize the killing of the first rejected suitor, since he refuses to accept she’s changed her mind about mating with him and gets rough. But nice guy John (Whip Hubley)? The woman she takes as hostage to fake her own death? Both offer to help Sil and die for their trouble.

Granted, Sil’s distrust of humans is learned. She is being hunted by a team of professionals who intend to kill her, after all. When the woman hostage swears she won’t harm Sil if she lets her go, Sil responds, “Yes you would. You just don’t know it yet.” We gradually realize that Sil is not that little girl any longer—if she ever was—but a ruthless creature driven entirely by instinct, even if she doesn’t fully understand why she’s been sent to Earth in the first place. As Laura notes, adult Sil views humans as disposable “intergalactic weeds.” By the time we get to the showdown in the sewer, Sil isn’t even in human form anymore, so the audience has no qualms about her eventual violent demise.

Species performed well enough at the box office to spawn multiple sequels—each one worse than the last— an adapted novel, and a Dark Horse Comics series. None of them captured the unique combination of elements that lifted the original above its various shortcomings. It will never match Alien, but Species is nonetheless an entertaining ride.

Jennifer is a senior writer at Ars Technica with a particular focus on where science meets culture, covering everything from physics and related interdisciplinary topics to her favorite films and TV series. Jennifer lives in Baltimore with her spouse, physicist Sean M. Carroll, and their two cats, Ariel and Caliban.

Species at 30 makes for a great guilty pleasure Read More »

Lamborghini follows successful racing Huracan with new Temerario GT3

Cars, GT3, Lamborghini Temerario / Rejus Almole / July 11, 2025

Thanks to performance balancing, older GT3 cars like the Huracan are still competitive. But with the road car out of production, it was obvious that a racing version of its replacement was called for.

“The Temerario GT3 has been designed with the end user in mind,” said Lamborghini Chief Technical Officer Rouven Mohr. “Everything has been considered, from the efficiency of the aerodynamics to the power curve to the way in which the team is able to operate the car. The car operates in a slightly different area of the performance windows, which are used to balance the cars of different configurations compared to its predecessor. We are confident that it will be competitive in terms of lap time, while also nice to drive in a wide range of conditions, including at night and in the rain. The development team has worked hard to ensure the car has a wide operating window and that the teams are better able to work on it.”

The hybrid system is gone—too complex for customer racing, not to mention far too heavy. And again, with its balance of performance, it’s not like the Temerario GT3 would be allowed much more than half of the road car’s 907 hp (676 kW). The 4.0 L twin-turbo V8 stays, albeit limited to just 550 hp (410 kW), and there’s a new six-speed racing transmission that sends power to the rear wheels. The bodywork is designed for rapid replacement—rubbing isn’t really racing, but contact happens, and the faster you can fix it, the better.

These customer racing cars are even a decent little money-spinner for Lamborghini. The company sold more than 200 Huracan GT3s, and probably at least that many Super Trofeo cars, which race in a one-make series and don’t have the restrictions of the GT3 category.

Lamborghini follows successful racing Huracan with new Temerario GT3 Read More »

Here’s why Trump appointed the secretary of transportation to lead NASA

nasa administrator, Sean Duffy, Space / Rejus Almole / July 10, 2025

Six weeks after he terminated the nomination of Jared Isaacman to become NASA administrator, President Trump moved on Wednesday evening to install a new temporary leader for the space agency.

The newly named interim administrator, Sean Duffy, already has a full portfolio: He is serving as the secretary of transportation, a Cabinet-level position that oversees 55,000 employees at 13 agencies, including the Federal Aviation Administration.

“Sean is doing a TREMENDOUS job in handling our Country’s Transportation Affairs, including creating a state-of-the-art Air Traffic Control systems, while at the same time rebuilding our roads and bridges, making them efficient, and beautiful, again,” Trump wrote on his social media network Wednesday evening. “He will be a fantastic leader of the ever more important Space Agency, even if only for a short period of time.”

In response to this post, Duffy wrote on X, “Honored to accept this mission. Time to take over space. Let’s launch.”

The idea of the secretary of transportation also running NASA may seem like an odd choice, but in some ways the appointment of Duffy makes sense for the president. Whether it is beneficial to the space agency remains to be seen, but two industry sources speaking confidentially said they would not immediately dismiss the prospect.

Who is Sean Duffy?

Duffy has a colorful background, starring in the Real World: Boston reality television show in 1997 and serving as a commentator on ESPN. A Republican, he served in the US House of Representatives from 2011 to 2019. He is married and has nine children.

Although he does not have a space background, Duffy has shown an interest in spaceflight since becoming FAA administrator. He watched from NASA Headquarters the Crew 9 mission’s splashdown on March 18, which brought Butch Wilmore and Suni Williams back to Earth after a prolonged stay in space. He also had expressed an interest in attending the forthcoming Crew 11 launch at the end of this month.

Here’s why Trump appointed the secretary of transportation to lead NASA Read More »

Author name: Rejus Almole