"Microsoft is hoping that Windows can once again serve as the platform where it all takes off," reports GeekWire: A new framework called Agent Launchers, introduced in December as a preview in the latest Windows Insider build, lets developers register agents directly with the operating system. They can describe an agent through what's known as a manifest, which then lets the agent show up in the Windows taskbar, inside Microsoft Copilot, and across other apps... "We are now entering a phase where we build rich scaffolds that orchestrate multiple models and agents; account for memory and entitlements; enable rich and safe tools use," Microsoft CEO Satya Nadella wrote in a blog post this week looking ahead to 2026. "This is the engineering sophistication we must continue to build to get value out of AI in the real world...." [The article notes Google's Gemini and Anthropic's Claude will also offer desktop-style agentsthrough browsers and native apps, while Amazon is developing "frontier agents" for automating business processes in the cloud.]

But Microsoft's Windows team is betting that agents tightly linked to the operating system will win out over ones that merely run on top of it, just as a new class of Windows apps replaced a patchwork of DOS programs in the early days of the graphical operating system. Microsoft 365 Copilot is using the Agent Launchers framework for first-party agents like Analyst, which helps users dig into data, and Researcher, which builds detailed reports. Software developers will be able to register their own agents when an app is installed, or on the fly based on things like whether a user is signed in or paying for a subscription...

Agents are meant to maintain this context across apps, ask follow-up questions, and take actions on a user's behalf. That requires a different level of trust than Windows has ever had to manage, which is already raising difficult questions for the company. Microsoft acknowledges that agents introduce unique security risks. In a support document, the company warned that malicious content embedded in files or interface elements could override an agent's instructions — potentially leading to stolen data or malware installation. To address this, Microsoft says it has built a security framework that runs agents in their own contained workspace, with a dedicated user account that has limited access to user folders. The idea is to create a boundary between the agent and what the rest of the system can access. The agentic features are off by default, and Microsoft is advising users to "understand the security implications of enabling an agent on your computer" before turning them on...

There is a business reality driving all of this. In Microsoft's most recent fiscal year, Windows and Devices generated $17.3 billion in revenue — essentially flat for the past three years. That's less than Gaming ($23.5 billion) and LinkedIn ($17.8 billion), and a fraction of the $98 billion in revenue from Azure and cloud services or the nearly $88 billion from Microsoft 365 commercial.

President Donald Trump signed into law this month a measure that prohibits anyone based in China and other adversarial countries from accessing the Pentagon's cloud computing systems. From a report: The ban, which is tucked inside the $900 billion defense policy law, was enacted in response to a ProPublica investigation this year that exposed how Microsoft used China-based engineers to service the Defense Department's computer systems for nearly a decade -- a practice that left some of the country's most sensitive data vulnerable to hacking from its leading cyber adversary.

U.S.-based supervisors, known as "digital escorts," were supposed to serve as a check on these foreign employees, but we found they often lacked the expertise needed to effectively supervise engineers with far more advanced technical skills. In the wake of the reporting, leading members of Congress called on the Defense Department to strengthen its security requirements while blasting Microsoft for what some Republicans called "a national betrayal." Cybersecurity and intelligence experts have told ProPublica that the arrangement posed major risks to national security, given that laws in China grant the country's officials broad authority to collect data.

Nokia, the Finnish company whose iconic ringtone was played an estimated 1.8 billion times daily at the height of its mobile phone dominance and whose 3310 "brick" sold 126 million units, has reinvented itself again -- this time as a key piece of AI infrastructure. In October, Nvidia announced a $1 billion investment in Nokia and a strategic partnership to incorporate AI into telecommunications networks.

The company that was once worth $335 billion and controlled more than a quarter of the global handset market seemed destined for irrelevance after the iPhone's 2007 arrival. A last-ditch bet on Microsoft's Windows phone system in 2011 failed, and Nokia sold its devices division to Microsoft for $6.34 billion in 2014. Revenues had fallen from $44.27 billion in 2007 to $12.56 billion. Nokia rebuilt around its $2 billion acquisition of Siemens' networks stake in 2013, then added French network provider Alcatel-Lucent for $18.32 billion in 2015.

Current CEO Justin Hotard, who took over in April, has pushed the company further into cloud services, data centers and optical networks. Nokia acquired optical specialist Infinera for $2.3 billion in February. The company's optical technology enables information to pass between data centers, and it produces routers for cloud-based services.

Three decades after RFC 1883 promised to future-proof the internet by expanding the available pool of IP addresses from around 4.3 billion to over 340 undecillion, IPv6 has yet to achieve the dominance its creators envisioned. Data from Google, APNIC and Cloudflare analyzed by The Register shows less than half of all internet users rely on IPv6 today.

"IPv6 was an extremely conservative protocol that changed as little as possible," APNIC chief scientist Geoff Huston told The Register. "It was a classic case of mis-design by committee." The protocol's lack of backward compatibility with IPv4 meant users had to choose one or run both in parallel. Network address translation, which allows thousands of devices to share a single public IPv4 address, gave operators an easier path forward. Huston adds: "These days the Domain Name Service (DNS) is the service selector, not the IP address," Huston told The Register. "The entire security framework of today's Internet is name based and the world of authentication and channel encryption is based on service names, not IP addresses."

"So folk use IPv6 these days based on cost: If the cost of obtaining more IPv4 addresses to fuel bigger NATs is too high, then they deploy IPv6. Not because it's better, but if they are confident that they can work around IPv6's weaknesses then in a largely name based world there is no real issue in using one addressing protocol or another as the transport underlay." But calling IPv6 a failure misses the point. "IPv4's continued viability is largely because IPv6 absorbed that growth pressure elsewhere -- particularly in mobile, broadband, and cloud environments," said John Curran, president and CEO of the American Registry for Internet Numbers. "In that sense, IPv6 succeeded where it was needed most." Huawei has sought 2.56 decillion IPv6 addresses and Starlink appears to have acquired 150 sextillion.

An anonymous reader quotes a report from Cyber Press: A newly uncovered Chinese threat group, DarkSpectre, has been linked to one of the most widespread browser-extension malware operations to date, compromising more than 8.8 million users of Chrome, Edge, Firefox, and Opera over the past seven years. According to research by Koi.ai, the group operates three interconnected campaigns: ShadyPanda, GhostPoster, and a newly identified one named The Zoom Stealer, forming a single, strategically organized operation.

DarkSpectre's structure differs from that of ordinary cybercrime operations. The group runs separate but interconnected malware clusters, each with distinct goals. The ShadyPanda campaign, responsible for 5.6 million infections, focuses on long-term user surveillance and e-commerce affiliate fraud. Its extensions have appeared legitimate for years, offering new tab pages and translation utilities, before secretly downloading malicious configurations from command-and-control servers such as jt2x.com and infinitynewtab.com. Once activated, they inject remote scripts, hijack search results, and track browsing activity.

The second campaign, GhostPoster, spreads via Firefox and Opera extensions that conceal malicious payloads in PNG images via steganography. After lying dormant for several days, the extensions extract and execute JavaScript hidden within images, enabling stealthy remote code execution. This campaign has affected over one million users and relies on domains like gmzdaily.com and mitarchive.info for payload delivery.

The most recent discovery, The Zoom Stealer, exposes around 2.2 million users to corporate espionage. These extensions masquerade as productivity tools or video downloaders while secretly harvesting corporate meeting links, credentials, and speaker profiles from more than 28 video conferencing platforms, including Zoom, Microsoft Teams, and Google Meet. The extensions use real-time WebSocket connections to exfiltrate data to Firebase databases, such as zoocorder.firebaseio.com, and to Google Cloud functions, such as webinarstvus.cloudfunctions.net.

In an opinion piece for Computerworld, columnist Steven Vaughan-Nichols argues that restrictive visa policies and a hostile border climate under the Trump administration are driving foreign tech workers, researchers, and conference speakers away from the U.S. The result, he says, is a gradual shift of talent, events, and long-term innovation toward more welcoming regions such as Europe, Canada, and Asia. From the report: I go to a lot of tech conferences -- 13 in 2025 -- and many of those I attend are outside the U.S.; several are in London, one is in Amsterdam, another in Paris, and two in Tokyo. Wherever I went this past year, when we weren't talking about AI, Linux, the cloud, or open-source software, the top non-tech topic for non-Americans involved the sweeping changes that have occurred since President Donald J. Trump returned to office last January. The conversations generally ended with something like this: "I'm not taking a job or going to a conference in the United States."

Honestly, who can blame them? Under Trump, America now has large "Keep Out!" and "No Trespassing!" signs effectively posted. I've known several top tech people who tried to come to the U.S. for technology shows with proper visas and paperwork, but were still turned away at the border. Who wants to fly for 8+ hours for a conference, only to be refused entry at the last minute, and be forced to fly back? I know many of the leading trade show organizers, and it's not just me who's seeing this. They universally agree that getting people from outside the States to agree to come to the U.S. is increasingly difficult. Many refuse even to try to come. As a result, show managers have begun to close U.S.-based events and are seeking to replace them with shows in Europe, Canada, and Asia. [...]

Once upon a time, everyone who was anyone in tech was willing to uproot their lives to come to the U.S. Here, they could make a good living. They could collaborate, publish, and build companies in jurisdictions that welcome them, and meet their peers at conferences. Now, they must run a gauntlet at the U.S. border and neither a green card nor U.S. citizenship guarantees they won't be abused by the federal government. Trump's America seems bound and determined to become a second-rate tech power. His administration can loosen all the restrictions it wants on AI, but without top global talent, U.S. tech prowess will decline. That's not good for America, the tech industry or the larger world.

Even after its acquisition by Qualcomm, the EFF believes Arduino "isn't imposing any new bans on tinkering with or reverse engineering Arduino boards," (according to Mitch Stoltz, EFF director for competition and IP litigation). While Adafruit's managing editor Phillip Torrone had claimed to 36,000+ followers on LinkedIn that Arduino users were now "explicitly forbidden from reverse engineering," Arduino corrected him in a blog post, noting that clause in their Terms & Conditions was only for Arduino's Software-as-a-Service cloud applications. "Anything that was open, stays open."

And this week EE Times spoke to Guneet Bedi, SVP of Arduino, "who was unequivocal in saying that Arduino's governance structure had remained intact even after the acquisition." "As a business unit within Qualcomm, Arduino continues to make independent decisions on its product portfolio, with no direction imposed on where it should or should not go," Bedi said. "Everything that Arduino builds will remain open and openly available to developers, with design engineers, students and makers continuing to be the primary focus.... Developers who had mastered basic embedded workflows were now asking how to run large language models at the edge and work with artificial intelligence for vision and voice, with an open source mindset," he said. According to Bedi, this was where Qualcomm's technology became relevant. "Qualcomm's chipsets are high performance while also being very low power, which comes from their mobile and Android phone heritage. Despite being great technology, it is not easily accessible to design engineers because of cost and complexity. That made this a strong fit," he said.

The most visible outcome of this acquisition is Uno Q, which Bedi described as being comparable to a mid-tier Android phone in capability, starting at a price of $44. For Arduino, this marked a shift beyond microcontrollers without abandoning them. "At the end of the day, we have not gone away from our legacy," Bedi said. "You still have a real-time microcontroller, and you still write code the way Arduino developers are used to. What we added is compute, without forcing people to change how they work." Uno Q combines a Linux-based compute system with a real-time microcontroller from the STM32 family. "You do not need two different development environments or two different hardware platforms," Bedi added... Rather than introducing a customized operating system, Arduino chose standard Debian upstream. "We are not locking developers into anything," Bedi said. "It is standard Debian, completely open...." Pre-built models covering tasks like object detection and voice recognition run locally on the board....

While the first reference design uses Qualcomm silicon, Bedi was careful to stress that this does not define the roadmap. "There is zero dependency on Qualcomm silicon," he said. "The architecture is portable. Tomorrow, we can run this on something else." That distinction matters, particularly for developers wary of vendor lock-in following the acquisition. Uno Q does compete directly with platforms like Raspberry Pi and Nvidia Jetson, but Bedi framed the difference less in terms of raw performance and more in flexibility. "When you build on those platforms, you are locked to the board," he said. "Here, you can build a prototype, and if you like it, you can also get access to the chip and design your own hardware." With built-in storage removing the need for external components, Uno Q positions itself less as a faster board and more as a way to simplify what had become an increasingly messy development stack...

Looking a year ahead, Bedi believes developers should experience continuity rather than disruption. The familiar Arduino approach to embedded and real-time systems remains unchanged, while extending naturally into more compute-intensive applications... Taken together, Bedi's comments suggest that Arduino's post-acquisition direction is less about changing what Arduino is, and more about expanding what it can realistically be used for, without abandoning the simplicity that made it relevant in the first place.
"We want to redefine prototyping in the age of physical artificial intelligence," Bedi said...

The Register reports on challenges facing Europe's pursuit of "digital sovereignty": The US CLOUD Act of 2018 allows American authorities to compel US-based technology companies to provide requested data, regardless of where that data is stored globally. This places European organizations in a precarious position, as it directly clashes with Europe's own stringent privacy regulation, the General Data Protection Regulation (GDPR)... Furthermore, these warrants often come with a gag order, legally prohibiting the provider from informing their customer that their data has been accessed. This renders any contractual clauses requiring transparency or notification effectively meaningless. While technical measures like encryption are often proposed as a solution, their effectiveness depends entirely on who controls the encryption keys. If the US provider manages the keys, as is common in many standard cloud services, they can be forced to decrypt the data for authorities, making such safeguards moot....

American hyperscalers have recognized the market demand for sovereignty and now aggressively market 'sovereign cloud' solutions, typically by placing datacenters on European soil or partnering with local operators. Critics call this 'sovereignty washing'... [Cristina Caffarra, a competition economistand driving force behind the Eurostack initiative] warns that this does not resolve the fundamental problem. "A company subject to the extraterritorial laws of the United States cannot be considered sovereign for Europe," she says. "That simply doesn't work." Because, as long as the parent company is American, it remains subject to the CLOUD Act...

Even when organizations make deliberate choices in favour of European providers, those decisions can be undone by market forces. A recent acquisition in the Netherlands illustrates this risk. In November 2025, the American IT services giant Kyndryl announced its intention to acquire Solvinity, a Dutch managed cloud provider. This came as an "unpleasant surprise" to several of its government clients, including the municipality of Amsterdam and the Dutch Ministry of Justice and Security. These bodies had specifically chosen Solvinity to reduce their dependence on American firms and mitigate CLOUD Act risks.
Still, The Register provides several examples of government systems that are "taking concrete steps to regain control over their IT."

• Austria's Federal Ministry for Economy, Energy and Tourism now has 1,200 employees on the European open-source collaboration platform Nextcloud, leading several other Austrian ministries to also implement Nextcloud. (The Ministry's CISO tells the Register "We can see our input in Nextcloud releases. That is a feeling we never had with Microsoft.")

• France's Ministry of Economics and Finance recently completed NUBO (which the Register describes as "an OpenStack-based private cloud initiative designed to handle sensitive data and services.")

• In November the International Criminal Court in The Hague announced it was replacing its Microsoft office software with a European alternative.

• The German state of Schleswig-Holstein is replacing Microsoft products with open-source alternatives for 30,000 civil servants

Thanks to long-time Slashdot reader mspohr for sharing the article.

Two years after generative AI was supposed to render India's $250 billion IT services industry obsolete, the sector is finding that enterprises still need someone to handle the unglamorous plumbing work that large-scale AI deployment demands. Less than 15% of organizations are meaningfully deploying the new technology, according to investment bank UBS, and Indian IT firms are positioning themselves to capture the preparatory work -- data cleanup, cloud migration, system integration -- that channel checks suggest could take two to three years before enterprise-wide AI becomes feasible.

The financials have held up better than the doomsday predictions suggested. Infosys now calls AI-led volume opportunities a bigger tailwind than the deflation threat, a reversal from 2024, and orderbooks held steady in the third quarter even as pricing pressure filtered through renewals. Infosys expects its orderbook to grow more than 50% this quarter, anchored by an NHS deal worth $1.6 billion over 15 years.

The companies have been restructuring accordingly. TCS cut headcount by 2% and invested in a 1GW data-centre network while acquiring Salesforce advisory firm Coastal Cloud. HCLTech reduced margins by 100 basis points and became one of the first large systems integrators to partner with OpenAI; this week it announced acquisitions of Jaspersoft for $240 million and Belgian firm Wobby to expand agentic AI capabilities.

The bear case for the Indian IT sector assumed that AI would work out of the box. Two years in, it does not.

European public institutions are quietly migrating away from American cloud providers and office software, driven less by policy ambitions in Brussels than by the mundane legal reality that GDPR-mandated risk assessments keep flagging the US CLOUD Act as an unacceptable threat to citizen data.

Austria's Federal Ministry for Economy, Energy and Tourism moved 1,200 employees to the open-source platform Nextcloud in four months. Germany's Schleswig-Holstein has already transitioned 24,000 of its 30,000 civil servants to LibreOffice, Nextcloud and Thunderbird. The International Criminal Court in The Hague announced in November 2025 that it would replace Microsoft office software after chief prosecutor Karim Khan was temporarily locked out of his Outlook account.

Competition economist Cristina Caffarra estimates that 90% of Europe's digital infrastructure is now controlled by non-European companies. Forrester predicts no European enterprise will fully abandon US hyperscalers in 2026, but these targeted migrations for sensitive government applications are already underway.

A "slew of layoffs, price hikes and studio closures" for Microsoft's Xbox "have led many to declare — not for the first time — that the Xbox is dead," reports CNBC.

Or is it just changing its business model? The company's overall gaming revenue decreased 2% year-over-year, with a 29% dip in Xbox hardware sales, according to Microsoft's first-quarter earnings for fiscal 2026. The broader console industry has been in a major slump, with hardware spending down 27% year-over-year in November, which is typically a busy shopping month, according to a recent report from research firm Circana. It was the worst November in two decades, IGN reported, citing Circana data. Combined Switch and Switch 2 unit sales were down more than 10% during the month and PS5 sales were down more than 40%, IGN said. But the Xbox Series hardware took the biggest beating, with a dramatic 70% drop in sales...Microsoft's Xbox Series S and Series X, at 1.7 million units, couldn't outsell the original Nintendo Switch, which launched in 2017 and has sold 3.4 million units so far this year, data from game sales tracking site VGChartz estimated...

Microsoft CEO Satya Nadella said in a recent interview with the TBPN podcast that the company's gaming business model will look to be "everywhere in every platform," from consoles to TV to mobile. His comments also hinted that the next Xbox may function more like a PC. "It's kind of funny people think about the console and PC as two different things," Nadella said. "We built a console because we wanted to build a better PC, which could then perform for gaming. So I kind of want to revisit some of that conventional wisdom...." A source familiar with Xbox strategy told CNBC that the company is looking at creating an open system that enables players to jump between console, PC and cloud gaming — and any form of entertainment beyond gaming. [Wedbush analyst Michael Pachter told CNBC] that while Microsoft is not completely abandoning hardware, the company is splitting its audience into existing buyers interested in specialized consoles and everyone else.

Xbox Game Pass subscription service, which gives subscribers access to games from a variety of publishers, is a clear example of this strategy... The growth in cloud gaming has been blistering. Xbox reported a record 34 million Game Pass subscribers in 2024 and a total Game Pass revenue of almost $5 billion over the last fiscal year. Xbox said in a November blog post that the number of cloud gaming hours from Game Pass subscribers was up 45% compared to the same time last year. The Microsoft subsidiary also said console players are "spending 45% more time cloud streaming on console and 24% more on other devices..."

Despite gaming's scaling limitations, Microsoft seems committed to doing what it has done with the rest of its products — moving it to the cloud... [Xbox President Sarah] Bond recently said in an interview with Mashable that the idea of exclusive games is "antiquated" as the company has leaned into cross-platform gaming... Xbox is betting that cloud and cross-platform gaming are the future. For a decade, claims have been made about the death of the Xbox, and what comes next could fully spell the end, or bring a metamorphosis.

Airbus is preparing to tender a major contract to move mission-critical systems like ERP, manufacturing, and aircraft design data onto a digitally sovereign European cloud, citing national security concerns and fears around U.S. extraterritorial laws like the CLOUD Act. "I need a sovereign cloud because part of the information is extremely sensitive from a national and European perspective," Catherine Jestin, Airbus's executive vice president of digital, told The Register. "We want to ensure this information remains under European control." The Register reports: The driver is access to new software. Vendors like SAP are developing innovations exclusively in the cloud, pushing customers toward platforms like S/4HANA. The request for proposals launches in early January, with a decision expected before summer. The contract -- understood to be worth more than 50 million euros -- will be long term (up to ten years), with price predictability over the period. [...] Jestin is waiting for European regulators to clarify whether Airbus would truly be "immune to extraterritorial laws" -- and whether services could be interrupted.

The concern isn't theoretical. Chief Prosecutor of the International Criminal Court (ICC) Karim Khan reportedly lost access to his Microsoft email after Trump sanctioned him for criticizing Israeli PM Benjamin Netanyahu, though Microsoft denies suspending ICC services. Beyond US complications, Jestin questions whether European cloud providers have sufficient scale. "If you asked me today if we'll find a solution, I'd say 80/20."

Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future.

Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model.

"We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip.

He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.

A critical React vulnerability (CVE-2025-55182) is being actively exploited at scale by Chinese, Iranian, North Korean, and criminal groups to gain remote code execution, deploy backdoors, and mine crypto. The Register reports: React maintainers disclosed the critical bug on December 3, and exploitation began almost immediately. According to Amazon's threat intel team, Chinese government crews, including Earth Lamia and Jackpot Panda, started battering the security hole within hours of its disclosure. Palo Alto Networks' Unit 42 responders have put the victim count at more than 50 organizations across multiple sectors, with attackers from North Korea also abusing the flaw.

Google, in a late Friday report, said at least five other suspected PRC spy groups also exploited React2Shell, along with criminals who deployed XMRig for illicit cryptocurrency mining, and "Iran-nexus actors," although the report doesn't provide any additional details about who the Iran-linked groups are and what they are doing after exploitation. "GTIG has also observed numerous discussions regarding CVE-2025-55182 in underground forums, including threads in which threat actors have shared links to scanning tools, proof-of-concept (PoC) code, and their experiences using these tools," the researchers wrote.

"A SpaceX executive says a satellite deployed from a Chinese rocket risked colliding with a Starlink satellite," reports PC Magazine: On Friday, company VP for Starlink engineering, Michael Nicolls, tweeted about the incident and blamed a lack of coordination from the Chinese launch provider CAS Space. "When satellite operators do not share ephemeris for their satellites, dangerously close approaches can occur in space," he wrote, referring to the publication of predicted orbital positions for such satellites...

[I]t looks like one of the satellites veered relatively close to a Starlink sat that's been in service for over two years. "As far as we know, no coordination or deconfliction with existing satellites operating in space was performed, resulting in a 200 meter (656 feet) close approach between one of the deployed satellites and STARLINK-6079 (56120) at 560 km altitude," Nicolls wrote... "Most of the risk of operating in space comes from the lack of coordination between satellite operators — this needs to change," he added.
Chinese launch provider CAS Space told PCMag that "As a launch service provider, our responsibility ends once the satellites are deployed, meaning we do not have control over the satellites' maneuvers."

And the article also cites astronomer/satellite tracking expert Jonathan McDowell, who had tweeted that CAS Space's response "seems reasonable." (In an email to PC Magazine, he'd said "Two days after launch is beyond the window usually used for predicting launch related risks."

But "The coordination that Nicolls cited is becoming more and more important," notes Space.com, since "Earth orbit is getting more and more crowded." In 2020, for example, fewer than 3,400 functional satellites were whizzing around our planet. Just five years later, that number has soared to about 13,000, and more spacecraft are going up all the time. Most of them belong to SpaceX. The company currently operates nearly 9,300 Starlink satellites, more than 3,000 of which have launched this year alone.

Starlink satellites avoid potential collisions autonomously, maneuvering themselves away from conjunctions predicted by available tracking data. And this sort of evasive action is quite common: Starlink spacecraft performed about 145,000 avoidance maneuvers in the first six months of 2025, which works out to around four maneuvers per satellite per month. That's an impressive record. But many other spacecraft aren't quite so capable, and even Starlink satellites can be blindsided by spacecraft whose operators don't share their trajectory data, as Nicolls noted.

And even a single collision — between two satellites, or involving pieces of space junk, which are plentiful in Earth orbit as well — could spawn a huge cloud of debris, which could cause further collisions. Indeed, the nightmare scenario, known as the Kessler syndrome, is a debris cascade that makes it difficult or impossible to operate satellites in parts of the final frontier.

joshuark shares a report from BleepingComputer: More than 10,000 Docker Hub container images expose data that should be protected, including live credentials to production systems, CI/CD databases, or LLM model keys. After scanning container images uploaded to Docker Hub in November, security researchers at threat intelligence company Flare found that 10,456 of them exposed one or more keys. The most frequent secrets were access tokens for various AI models (OpenAI, HuggingFace, Anthropic, Gemini, Groq). In total, the researchers found 4,000 such keys. "These multi-secret exposures represent critical risks, as they often provide full access to cloud environments, Git repositories, CI/CD systems, payment integrations, and other core infrastructure components," Flare notes. [...]

Additionally, they found hardcoded API tokens for AI services being hardcoded in Python application files, config.json files, YAML configs, GitHub tokens, and credentials for multiple internal environments. Some of the sensitive data was present in the manifest of Docker images, a file that provides details about the image.Flare notes that roughly 25% of developers who accidentally exposed secrets on Docker Hub realized the mistake and removed the leaked secret from the container or manifest file within 48 hours. However, in 75% of these cases, the leaked key was not revoked, meaning that anyone who stole it during the exposure period could still use it later to mount attacks.

Flare suggests that developers avoid storing secrets in container images, stop using static, long-lived credentials, and centralize their secrets management using a dedicated vault or secrets manager. Organizations should implement active scanning across the entire software development life cycle and revoke exposed secrets and invalidate old sessions immediately.

Broadcom has quietly pulled VMware vSphere Foundation from parts of EMEA, pushing smaller customers toward far more expensive bundles and prompting some to consider jumping to Hyper-V or Nutanix. The Register reports: VVF is a bundle that offers compute, storage, and networking virtualization, and a platform to run containers. It's most useful in hyperconverged infrastructure and hybrid clouds, but is less capable than the Cloud Foundation (VCF) private cloud suite. Virtzilla said EMEA customers would need to check with their local dealer to see if VVF was still on sale in their country. "VVF is no longer available in some EMEA countries, but for the majority it is still available," a Broadcom spokesperson said. "Customers will have to reach out to sales reps or partners to determine availability of a given product in their region. These changes were recent."

Our initial tipster said their reseller clued them into the impending change when VMware's new fiscal year started in November. This anonymous customer told us that their hardware fleet boasts thousands of compute cores and without more affordable options, his organization was looking at their annual VMware spend leaping by 10x from around $130,000 to $1.3 million. "We're currently looking to jump ship to either Microsoft's Hyper-V or Nutanix, as we can't eat (that) increase," they told The Register. [...]

For the moment, a Broadcom spokesperson told us it has no plans to ditch VMware vSphere Standard, the basic server virtualization bundle which we're told makes up about 60 percent of the company's licenses and is a lower-cost way to access VMware's hypervisor than buying its full suite of VMware Cloud Foundation products. "We have not announced any changes to the availability of vSphere Standard in EMEA nor end of support for vSphere Standard," the spokesperson said via email. "The product remains fully available across EMEA today. However, Broadcom product availability can vary by region to align with local market requirements, customer demand, and other considerations."

Longtime Slashdot reader Randseed writes: With the likes of Google Nest, Ring, and others cooperating with law enforcement, I started to look for affordable wireless IP security cameras that I can put around my house. Unfortunately, it looks like almost every thing now incorporates some kind of cloud-based slop. All I really want is to put up some cameras, hook them up to my LAN, and install something like ZoneMinder. What are the most economical, wireless IP security cameras that I can set up with my server?

Microsoft announced on Tuesday its largest-ever investment in Asia -- $17.5 billion over four years starting in 2026 -- to expand cloud and AI infrastructure across India, fund skilling programs, and support ongoing operations in the country. The commitment adds to a $3 billion investment the company announced in January 2025 that is on track to be spent by the end of 2026. A new hyperscale cloud region in Hyderabad is set to go live in mid-2026 and will be Microsoft's largest in India, comprising three availability zones.

The company also plans to integrate AI into two government employment platforms -- e-Shram and the National Career Service -- that serve more than 310 million informal workers. Microsoft is doubling its India skilling target to 20 million people by 2030; since January, it has already trained 5.6 million.

Microsoft Excel, the 40-year-old spreadsheet application that helped establish personal computers as essential workplace tools and contributed to Microsoft's current valuation of nearly $4 trillion, has weathered both the rise of cloud computing and the current AI boom largely unscathed. In its most recent quarter, commercial revenue for Microsoft 365 -- the bundle including Excel, Word, and PowerPoint -- increased 17% year over year, and consumer revenue rose 28%.

The software traces its origins to a 1983 Microsoft offsite under the code name Odyssey, where engineers set out to clone Lotus 1-2-3. That program had itself cloned VisiCalc, the first computerized spreadsheet, created by Dan Bricklin for the Apple II in the late 1970s. Bricklin never patented VisiCalc. "Financially it would have been great if we'd have been able to patent it," he told Bloomberg. "And there would be a Bricklin Building at MIT, instead of a Gates Building."

Excel now counts an estimated 500 million paying users. The Pentagon pays for 2 million Microsoft 365 licenses. Google's free Sheets product, launched in 2006, captured casual use cases like potluck sign-ups but failed to dislodge Excel from enterprise work. AI chatbots present the latest challenge, but venture capitalists say nearly every AI spreadsheet startup they meet builds on top of Excel rather than replacing it.