Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.

The team, comprised of researchers from ETH Zurich and Università della Svizzera italiana (USI), examined the "zero-knowledge encryption" promises made by Bitwarden, LastPass, and Dashlane, finding all three could expose passwords if attackers compromised servers. //

As one of the most popular alternatives to Apple and Google's own password managers, which together dominate the market, the researchers found Bitwarden was most susceptible to attacks, with 12 working against the open-source product. Seven distinct attacks worked against LastPass, and six succeeded in Dashlane.

Mini Foldable Desktop Mop – Your Everyday Wet & Dry Cleaning Companion
Make quick cleanups effortless with the Mini Foldable Desktop Mop. Lightweight, portable, and designed for everyday convenience, this compact mop is perfect for countertops, desks, glass surfaces, bathrooms, and even car interiors. It folds neatly for easy storage and features a built-in self-squeezing mechanism to keep your hands clean at all times.

Meet Snappy Tail, the upgraded interactive cat toy designed to keep your cat active, engaged, and entertained — even when you’re not home. Engineered with a high-performance 12,000 RPM motor and smart motion modes, Snappy Tail delivers unpredictable, prey-like movements that satisfy your cat’s natural hunting instincts.

If the president wants to revive the Navy’s surface fleet, he could look to Asian partners to assist in building a reasonably priced and proven multi-mission frigate, such as the South Korean FFX Batch IV class or the Japanese upgraded Mogami class frigates.

Both of these ship designs meet the Navy’s warfighting-capability needs in a cost-effective manner.

This sort of partnership can be modeled on the president’s icebreaker deal with Finland: Build the first few warships in Asia, while training US workers there, then build the remaining 20-plus ships at an existing US military or commercial shipyard modernized with Korean or Japanese technology and processes.

Another opportunity for Asian partnership is in building support vessels — ammunition ships, refueling ships, hydrographic ships, etc.

When the Navy had 600 ships, 200 were support vessels — historically, they’ve been about 30% of the fleet.

As the Navy tries to grow back to 350 or 400 ships, it’ll need 100 to 125 support vessels to meet this ratio. Today, it has only 65.

Yet existing US military shipyards are not scaled to build these, and when they try, they tend to deliver them at double the cost of Korean or Japanese shipyards.

The most expensive element in the Golden Fleet plans is the Navy’s next generation of “large surface combatant,” and this design has also veered off course.

With unprecedented input from the president, the design morphed from a 15,000-ton destroyer to a supersized 35,000-ton “battleship,” likely costing $20 billion for the first ship and $13 billion per follow-on.

For the lower of those prices, you could buy five Aegis-equipped destroyers (DDGs).

And with the “battleship,” the Navy would get only 140 missile cells (as opposed to 480 cells with those DDGs) and one AEGIS air-defense system (as opposed to five with the DDGs).

At a time when the Navy needs to boost capabilities, an oversized ship like the battleship is tactically regressive, and consolidates more eggs in one basket.

A more effective way to maintain America’s dominance in large surface combatants is a three-pronged strategy. //

The president knows he needs to invest in a Navy, but if he wants to get the Golden Fleet right, he should reject much of what he’s hearing from the Pentagon and look to his Asian allies for help.

The Depenguinator, version 2.0

In December 2003, I wrote a script for remotely upgrading a linux system to FreeBSD. I gave it a catchy name ("depenguinator", inspired by the "Antichickenator" in Baldur's Gate), announced it on a FreeBSD mailing list and on slashdot, and before long it was famous. Unfortunately, it didn't take long for changes in the layout of FreeBSD releases to make the depenguination script stop working; so for the past three years I have been receiving emails asking me to update it to work with newer FreeBSD releases.

A few weeks ago, Richard Bejtlich came forward with an offer to pay me to make the necessary improvements (money doesn't solve everything, but offering money certainly helps break the "I'll do it when I have some free time" / "I never have any free time" deadlock). In the end I asked him to arrange for a donation to the FreeBSD Foundation instead of paying me, but his offer was enough of a prompt for me to spend ten hours revising and testing the depenguinator.

Emotion and character are what we remember… not spectacle. At best, spectacle is salt on a good steak.

On the other end of the spectrum, necessity is said to be the mother of invention, and nowhere have we seen this old axiom play out more often than in the movies. Magic happens at the movies most reliably when filmmakers do not have unlimited resources from which to draw, and must find creative ways to “make do” instead.

The most famous example is “Jaws.” As the legend goes, Steven Spielberg’s rubber shark, named “Bruce” after his lawyer, was chronically broken and so Spielberg had to figure out ways to suggest or imply the shark’s presence in scenes without the audience being able to actually see it. The result was a brilliantly understated thriller that plays more like Hitchcock than Roland Emmerich.

All of which cries out for a question be asked… what if bigger isn’t better?

Belligerent bot bullies maintainer in blog post to get its way

20:47 UTC
Today, it's back talk. Tomorrow, could it be the world? On Tuesday, Scott Shambaugh, a volunteer maintainer of Python plotting library Matplotlib, rejected an AI bot's code submission, citing a requirement that contributions come from people. But that bot wasn't done with him.

The bot, designated MJ Rathbun or crabby rathbun (its GitHub account name), apparently attempted to change Shambaugh's mind by publicly criticizing him in a now-removed blog post that the automated software appears to have generated and posted to its website. We say "apparently" because it's also possible that the human who created the agent wrote the post themselves, or prompted an AI tool to write the post, and made it look like it the bot constructed it on its own.

The agent appears to have been built using OpenClaw, an open source AI agent platform that has attracted attention in recent weeks due to its broad capabilities and extensive security issues.

The burden of AI-generated code contributions – known as pull requests among developers using the Git version control system – has become a major problem for open source maintainers. Evaluating lengthy, high-volume, often low-quality submissions from AI bots takes time that maintainers, often volunteers, would rather spend on other tasks. Concerns about slop submissions – whether from people or AI models – have become common enough that GitHub recently convened a discussion to address the problem.

Now AI slop comes with an AI slap.

Many computer systems around the world have been possessed by penguins; some have even been possessed by dead rats. In light of this, it is desireable to exorcize these evil spirits, and replace them with a nice, friendly daemon.
(More to the point, there are a number of dedicated server hosting companies which only offer Linux (or, in some cases, Linux and Windows); being able to remotely replace Linux with FreeBSD makes the (typically very low cost) offerings from these companies available to those who want to run FreeBSD.

I've put together some code for building a FreeBSD disk image which will boot into memory, configure the network, set a root password, and enable SSH. This can be used to "depenguinate" a Linux box, without requiring any access beyond a network connection.

The remainder of this page relates to the original (December 2003) version of my depenguinator. For a more recent version (which works with FreeBSD 7.0) see my blog post about my depenguinator version 2.0.

To store heat for days, weeks, or months, you need to trap the energy in the bonds of a molecule that can later release heat on demand. The approach to this particular chemistry problem is called molecular solar thermal (MOST) energy storage. While it has been the next big thing for decades, it never really took off. //

Molecular batteries, in principle, are extremely good at storing energy. Heating oil, arguably the most popular molecular battery we use for heating, is essentially ancient solar energy stored in chemical bonds. Its energy density stands at around 40 Megajoules per kilo. To put that in perspective, Li-ion batteries usually pack less than one MJ/kg. One of the problems with heating oil, though, is that it is single-use only—it gets burnt when you use it. What Nguyen and her colleagues aimed to achieve with their DNA-inspired substance is essentially a reusable fuel. //

The researchers achieved an energy storage density of 1.65 MJ/kg—nearly double the capacity of Li-ion batteries and substantially higher than any previous MOST material. //

One of the biggest fears with chemical storage is thermal reversion—the fuel spontaneously discharges because it got a little too warm in the storage tank. But the Dewar isomers of the pyrimidones are incredibly stable. The researchers calculated a half-life of up to 481 days at room temperature for some derivatives. This means the fuel could be charged in the heat of July, and it would remain fully charged when you need to heat your home in January. The degradation figures also look decent for a MOST energy storage. The team ran the system through 20 charge-discharge cycles with negligible decay. //

Still, we’re rather far away using MOST systems for heating actual homes. To get there, we’re going to need molecules that absorb far more of the light spectrum and convert to the activated state with a higher efficiency. We’re just not there yet.

But I cannot stress enough how much this story is not really about the role of AI in open source software. This is about our systems of reputation, identity, and trust breaking down. So many of our foundational institutions – hiring, journalism, law, public discourse – are built on the assumption that reputation is hard to build and hard to destroy. That every action can be traced to an individual, and that bad behavior can be held accountable. That the internet, which we all rely on to communicate and learn about the world and about each other, can be relied on as a source of collective social truth.

The rise of untraceable, autonomous, and now malicious AI agents on the internet threatens this entire system. Whether that’s because from a small number of bad actors driving large swarms of agents or from a fraction of poorly supervised agents rewriting their own goals, is a distinction with little difference.