"It's all fixed," says that Apple developer who was locked out of his Apple Account after redeeming a compromised Apple Gift Card. "A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it's all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that.

"Obviously it's unacceptable that this can happen, and I'm still trying to get more information out of him, but at least things are now mostly working.

"Strangely, he did tell me to only ever buy gift cards from Apple themselves; I asked if that means Apple's supply chain of Blackhawk Network, InComm, and other gift card vendors is insecure, and he was unwilling to comment."
Updates to his original blog post now include a frequently-asked questions list:

• Yes, I have the receipt for the card, including the activation receipt.
• Yes, the card was legitimately purchased, it's not from eBay.
• Yes, I have contacted the retailer.
• Yes, I do have backups... No, I don't know why parts of the account still kinda work, and parts don't.
• No, I didn't write this article with AI...
• Yes, Apple really did use emojis in their Live Chat...

An independent review found that at least ten technical and process failures during a routine firewall upgrade at Australia's Optus prevented emergency calls from reaching Triple Zero for 14 hours, during which 455 calls failed and two callers died. The Register reports: On Thursday, Optus published an independent report (PDF) on the matter written by Dr Kerry Schott, an Australian executive who has held senior management roles at many of the country's most significant businesses. The report found that Optus planned 18 firewall upgrades and had executed 15 without incident. But on the 16th upgrade, Optus issued incorrect instructions to its outsourced provider Nokia. [...] Schott summarized the incident as follows: "Three issues are clear during this incident. The first is the very poor management and performance within [Optus] Networks and their contractor, Nokia. Process was not followed, and incorrect procedures were selected. Checks were inadequate, controls avoided and alerts given insufficient attention. There appeared to be reticence in seeking more experienced advice within Networks and a focus on speed and getting the task done, rather than an emphasis on doing things properly."

The review also found that Optus' call center didn't appreciate it could be "the first alert channel for Triple Zero difficulties." The document also notes that Australian telcos try to route 000 calls during outages, but that doing so is not easy and is made harder by the fact that different smartphones behave in different ways. Optus does warn customers if their devices have not been tested for their ability to connect to 000, and maintains a list of known bad devices. But the report notes Optus's process "does not capture so-called 'grey' devices that have been bought online or overseas and may not be compliant." "To have a standard firewall upgrade go so badly is inexcusable," the document states. "Execution was poor and seemed more focussed on getting things done than on being right. Supervision of both network staff and Nokia must be more disciplined to get things right."

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."

An anonymous reader quotes a report from Reuters: Several dozen people protested on Sunday in the Siberian city of Tomsk against Russia's ban on U.S. children's gaming platform Roblox, a rare show of public dissent as popular irritation over the ban gains some momentum. In wartime Russia, censorship is extensive: Moscow blocks or restricts social media platforms such as Snapchat, Facebook, Instagram, WhatsApp and YouTube while distributing its own narrative through a network of social media and Russian media. Russia's communications watchdog Roskomnadzor said on December 3 it had blocked Roblox because it was "rife with inappropriate content that can negatively impact the spiritual and moral development of children."

In Tomsk, 2,900 km (1,800 miles) east of Moscow, several dozen people braved the snow to hold up hand-drawn placards reading "Hands off Roblox" and "Roblox is the victim of the digital Iron Curtain" in Vladimir Vysotsky Park, according to photographs provided by an organizer of the protest. "Bans and blocks are all you are able to do," read one placard. The photographs showed about 25 people standing in a circle in the snow, holding up placards. In Russia, the ban on Roblox has triggered a debate over censorship, child safety in relation to technology and even the effectiveness of censorship in a digitalized world where children can bypass many bans in a few clicks.

A Kansas man who sued Verizon in small claims court after the carrier refused to unlock his iPhone has won his case, scoring a small but meaningful victory against a company that retroactively applied a policy change to deny his unlock request.

Patrick Roach bought a discounted iPhone 16e from Verizon's Straight Talk brand in February 2025, intending to pay for one month of service before switching the device to US Mobile. Under FCC rules dating back to a 2019 waiver, Verizon must unlock phones 60 days after activation on its network. Verizon refused to unlock the phone, citing a new policy implemented on April 1, 2025 requiring "60 days of paid active service."

Roach had purchased his device over a month before that policy took effect. Magistrate Judge Elizabeth Henry ruled in October 2025 that applying the changed terms to Roach's earlier purchase violated the Kansas Consumer Protection Act. The court ordered Verizon to refund Roach's $410.40 purchase price plus court costs. Roach had previously rejected a $600 settlement offer because it would have required him to sign a non-disclosure agreement. He estimated spending about 20 hours on the lawsuit but said "it wasn't about" the money.

One of the most water-scarce regions on Earth is now experiencing a dramatic atmospheric shift that's pushing moisture onto Oman's northern coast at rates more than 1.5 times the global average, according to a Washington Post investigation of global atmospheric data [non-paywalled source]. The change has turned extreme rainfall into a recurrent source of catastrophe across the Arabian Peninsula. In the 126 years between 1881 and 2007, just six hurricane-strength storms hit Oman or came within 60 miles of the country. At least four more have made landfall in the past 15 years alone.

Research from Sultan Qaboos University analyzing 8,000 storms across 69 rainfall stations found that half of all rain in Oman falls within the first 90 minutes of a 24-hour storm. These intense bursts quickly overwhelm the desert's ability to absorb water and send flash floods racing through wadis -- normally dry riverbeds where many communities are built. In response, Dubai is constructing an $8 billion underground stormwater network spanning more than 120 miles. Oman has agreements to build 58 new dams and is studying 14 major wadis that funnel to its al-Batinah coastline.

The Black Hat Europe hacker conference in London included a session titled "Don't Judge an Audiobook by Its Cover" about a two critical (and now fixed) flaws in Amazon's Kindle. The Times reports both flaws were discovered by engineering analyst Valentino Ricotta (from the cybersecurity research division of Thales), who was awarded a "bug bounty" of $20,000 (£15,000 ). He said: "What especially struck me with this device, that's been sitting on my bedside table for years, is that it's connected to the internet. It's constantly running because the battery lasts a long time and it has access to my Amazon account. It can even pay for books from the store with my credit card in a single click. Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network or even to other devices that are registered with your Amazon account."

Ricotta discovered flaws in the Kindle software that scans and extracts information from audiobooks... He also identified a vulnerability in the onscreen keyboard. Through both of these, he tricked the Kindle into loading malicious code, which enabled him to take the user's Amazon session cookies — tokens that give access to the account. Ricotta said that people could be exposed to this type of hack if they "side-load" books on to the Kindle through non-Amazon stores.
Ricotta donated his bug bounties to charity...

Steven J. Vaughan-Nichols files this report from Tokyo: At the invitation-only Linux Kernel Maintainers Summit here, the top Linux maintainers decided, as Jonathan Corbet, Linux kernel developer, put it, "The consensus among the assembled developers is that Rust in the kernel is no longer experimental — it is now a core part of the kernel and is here to stay. So the 'experimental' tag will be coming off." As Linux kernel maintainer Steven Rosted told me, "There was zero pushback."

This has been a long time coming. This shift caps five years of sometimes-fierce debate over whether the memory-safe language belonged alongside C at the heart of the world's most widely deployed open source operating system... It all began when Alex Gaynor and Geoffrey Thomas at the 2019 Linux Security Summit said that about two-thirds of Linux kernel vulnerabilities come from memory safety issues. Rust, in theory, could avoid these by using Rust's inherently safer application programming interfaces (API)... In those early days, the plan was not to rewrite Linux in Rust; it still isn't, but to adopt it selectively where it can provide the most security benefit without destabilizing mature C code. In short, new drivers, subsystems, and helper libraries would be the first targets...

Despite the fuss, more and more programs were ported to Rust. By April 2025, the Linux kernel contained about 34 million lines of C code, with only 25 thousand lines written in Rust. At the same time, more and more drivers and higher-level utilities were being written in Rust. For instance, the Debian Linux distro developers announced that going forward, Rust would be a required dependency in its foundational Advanced Package Tool (APT).

This change doesn't mean everyone will need to use Rust. C is not going anywhere. Still, as several maintainers told me, they expect to see many more drivers being written in Rust. In particular, Rust looks especially attractive for "leaf" drivers (network, storage, NVMe, etc.), where the Rust-for-Linux bindings expose safe wrappers over kernel C APIs. Nevertheless, for would-be kernel and systems programmers, Rust's new status in Linux hints at a career path that blends deep understanding of C with fluency in Rust's safety guarantees. This combination may define the next generation of low-level development work.

Stanford researchers spent much of the past year building an AI bot called Artemis that scans networks for software vulnerabilities, and when they pitted it against ten professional penetration testers on the university's own engineering network, the bot outperformed nine of them. The experiment offers a window into how rapidly AI hacking tools have improved after years of underwhelming performance.

"We thought it would probably be below average," said Justin Lin, a Stanford cybersecurity researcher. Artemis found bugs at a fraction of human cost -- just under $60 per hour compared to the $2,000 to $2,500 per day that professional pen testers typically charge. But its performance wasn't flawless. About 18% of its bug reports were false positives, and it completely missed an obvious vulnerability on a webpage that most human testers caught. In one case, Artemis found a bug on an outdated page that didn't render in standard browsers; it used a command-line tool called Curl instead of Chrome or Firefox.

Dan Boneh, a Stanford computer science professor who advised the researchers, noted that vast amounts of software shipped without being vetted by LLMs could now be at risk. "We're in this moment of time where many actors can increase their productivity to find bugs at an extreme scale," said Jacob Klein, head of threat intelligence at Anthropic.

schwit1 shares a report from CBS News: perm from a donor who unknowingly carried a cancer-causing gene has been used to conceive nearly 200 babies across Europe, an investigation by 14 European public service broadcasters, including CBS News' partner network BBC News, has revealed. Some children conceived using the sperm have already died from cancer, and the vast majority of those who inherited the gene will develop cancer in their lifetimes, geneticists said. The man carrying the gene passed screening checks before he became a donor at the European Sperm Bank when he was a student in 2005. His sperm has been used by women trying to conceive for 17 years across multiple countries.

The cancer-causing mutation occurred in the donor's TP53 gene -- which prevents cells in the body from turning cancerous -- before his birth, according to the investigation. It causes Li Fraumeni syndrome, which gives affected people a 90% chance of developing cancers, particularly during childhood, as well as breast cancer in later life. Up to 20% of the donor's sperm contained the mutated TP53 gene. Any children conceived with affected sperm will have the dangerous mutation in every cell of their body. The affected donor sperm was discovered when doctors seeing children with cancers linked to sperm donation raised concerns at this year's European Society of Human Genetics.

At the time, 23 children with the genetic mutation had been discovered, out of 67 children linked to the donor. Ten of those children with the mutation had already been diagnosed with cancer. Freedom of Information requests submitted by journalists across multiple countries revealed at least 197 children were affected, though it is not known how many inherited the genetic mutation. More affected children could be discovered as more data becomes available.

NASA has lost contact with its MAVEN Mars orbiter after it passed behind Mars. When it remerged from behind the planet, the spacecraft never resumed communications. SpaceNews reports: MAVEN launched in November 2013 and entered orbit around Mars in September 2014. The spacecraft's primary science mission is to study the planet's upper atmosphere and interactions with the solar wind, including how the atmosphere escapes into space. That is intended to help scientists understand how the planet changes from early in its history, when it had a much thicker atmosphere and was warm enough to support liquid water on its surface.

MAVEN additionally serves as a communications relay, using a UHF antenna to link the Curiosity and Perseverance rovers on the Martian surface with the Deep Space Network. NASA's Mars Odyssey and Mars Reconnaissance Orbiter spacecraft also serve as communications relays for the rovers, but are both significantly older than MAVEN. The spacecraft has suffered some technical problems in the past, notably with its inertial measurement units (IMUs) used for navigation. In 2022, MAVEN switched to an "all-stellar" navigation system to minimize the use of the IMUs.

MAVEN has enough propellant to maintain its orbit through at least the end of the decade. NASA's fiscal year 2026 budget proposal, though, zeroed out funding for MAVEN, which cost $22.6 million to operate in 2024. MAVEN was one of several missions "operating well past the end of prime mission" the proposal would terminate, despite MAVEN's role as a communications relay.

A startup called Operation Bluebird is petitioning the US Patent and Trademark Office to strip X Corp of the "Twitter" and "tweet" trademarks, hoping to relaunch a new Twitter with the old brand, bird logo, and "town square" vibe. "The TWITTER and TWEET brands have been eradicated from X Corp.'s products, services, and marketing, effectively abandoning the storied brand, with no intention to resume use of the mark," the petition states. "The TWITTER bird was grounded." Ars Technica reports: If successful, two leaders of the group tell Ars, Operation Bluebird would launch a social network under the name Twitter.new, possibly as early as late next year. (Twitter.new has created a working prototype and is already inviting users to reserve handles.)

Michael Peroff, an Illinois attorney and founder of Operation Bluebird, said that in the intervening years, more Twitter-like social media networks have sprung up or gained traction -- like Threads, Mastodon, and Bluesky. But none have the scale or brand recognition that Twitter did prior to Musk's takeover. "There certainly are alternatives," Peroff said. "I don't know that any of them at this point in time are at the scale that would make a difference in the national conversation, whereas a new Twitter really could."

Similarly, Peroff's business partner, Stephen Coates, an attorney who formerly served as Twitter's general counsel, said that Operation Bluebird aims to recreate some of the magic that Twitter once had. "I remember some time ago, I've had celebrities react to my content on Twitter during the Super Bowl or events," he told Ars. "And we want that experience to come back, that whole town square, where we are all meshed in there." "Mere 'token use' won't be enough to reserve the mark," said Mark Lemley, a Stanford Law professor and expert in trademark law. "Or [X] could defend if it can show that it plans to go back to using Twitter. Consumers obviously still know the brand name. It seems weird to think someone else could grab the name when consumers still associate it with the ex-social media site of that name. But that's what the law says."

Longtime Slashdot reader Randseed writes: With the likes of Google Nest, Ring, and others cooperating with law enforcement, I started to look for affordable wireless IP security cameras that I can put around my house. Unfortunately, it looks like almost every thing now incorporates some kind of cloud-based slop. All I really want is to put up some cameras, hook them up to my LAN, and install something like ZoneMinder. What are the most economical, wireless IP security cameras that I can set up with my server?

An investigation has revealed how stablecoins -- cryptocurrencies pegged to the US dollar that exist largely beyond traditional financial oversight -- have become a practical tool for criminals and sanctioned individuals to move funds across borders almost instantly and convert them back into spendable money, often without detection.

A Chainalysis report from February estimated that up to $25 billion in illicit transactions involved stablecoins last year. A New York Times reporter tested the system by converting $40 cash at a crypto ATM in Weehawken, New Jersey, into stablecoins and then using a Telegram bot to generate a Visa payment card without any identity verification. The card-issuing service, WantToPay, is incorporated in Hong Kong and led by a Russian entrepreneur in Thailand; it advertises to Russians blocked by US sanctions. Britain last month arrested members of a billion-dollar money laundering network that had purchased a bank in Kyrgyzstan to convert proceeds from drug trafficking and human trafficking into Tether, the most popular stablecoin.

Further reading: China's Central Bank Flags Money Laundering and Fraud Concerns With Stablecoins.

Tech giants including Meta, Alphabet, Microsoft and Amazon have all extended the estimated useful lives of their servers and AI equipment over the past five years, sparking a debate among investors about whether these accounting changes are artificially inflating profits. Meta this year increased its depreciation timeline for most servers and network assets to 5.5 years, up from four to five years previously and as little as three years in 2020. The company said the change reduced its depreciation expense by $2.3 billion for the first nine months of 2025. Alphabet and Microsoft now use six-year periods, up from three in 2020. Amazon extended to six years by 2024 but cut back to five years this year for some servers and networking equipment.

Michael Burry, the investor portrayed in "The Big Short," called extending useful lives "one of the more common frauds of the modern era" in an article last month. Meta's total depreciation expense for the nine-month period was almost $13 billion against pretax profit exceeding $60 billion.

India is weighing a proposal to mandate always-on satellite tracking in smartphones for precise government surveillance -- an idea strongly opposed by Apple, Google, Samsung, and industry groups. Reuters reports: For years, the [Prime Minister Narendra Modi's] administration has been concerned its agencies do not get precise locations when legal requests are made to telecom firms during investigations. Under the current system, the firms are limited to using cellular tower data that can only provide an estimated area location, which can be off by several meters.

The Cellular Operators Association of India (COAI), which represents Reliance's Jio and Bharti Airtel, has proposed that precise user locations should only be provided if the government orders smartphone makers to activate A-GPS technology -- which uses satellite signals and cellular data -- according to a June internal federal IT ministry email. That would require location services to always be activated in smartphones with no option for users to disable them. Apple, Samsung, and Alphabet's Google have told New Delhi that should not be mandated, said three of the sources who have direct knowledge of the deliberations.

A measure to track device-level location has no precedent anywhere else in the world, lobbying group India Cellular & Electronics Association (ICEA), which represents both Apple and Google, wrote in a confidential July letter to the government, which was viewed by Reuters. "The A-GPS network service ... (is) not deployed or supported for location surveillance," said the letter, which added that the measure "would be a regulatory overreach." Earlier this week, Modi's government was forced to rescind an order requiring smartphone makers to preload a state-run cyber safety app on all devices after public backlash and privacy concerns.

Netflix is buying Warner Bros. Discovery in an $82.7 billion deal that gives it HBO, iconic franchises, and major studio infrastructure. "Warner Bros. shareholders will receive $27.75 a share in cash and stock in Netflix," notes Bloomberg. "The total equity value of the deal is $72 billion, while the enterprise value of the deal is about $82.7 billion." From the report: Prior to the closing of the sale, Warner Bros. will complete the planned spinoff of its networks division, which includes cable channels such as CNN, TBS and TNT. That transaction is now expected to be completed in the third quarter of 2026, Netflix said in a statement. With the purchase, Netflix becomes owner of the HBO network, along with its library of hit shows like The Sopranos and The White Lotus. Warner Bros. assets also include its sprawling studios in Burbank, California, along with a vast film and TV archive that includes Harry Potter and Friends.

Netflix said it expects to maintain Warner Bros.' current operations and build on its strengths, including theatrical releases for films, a point that had been a cause of concern in Hollywood. Netflix said the deal will allow it to "significantly expand" US production capacity and invest in original content, which will create jobs and strengthen the entertainment industry. Still, the combination is also expected to create "at least $2 billion to $3 billion" in cost savings per year by the third year, according to the statement. U.S. Senator Mike Lee, a Republican from Utah who leads the Senate antitrust committee, said the acquisition "should send alarm to antitrust enforcers around the world."

"Netflix built a great service, but increasing Netflix's dominance this way would mean the end of the Golden Age of streaming for content creators and consumers," Lee wrote in a post on X.

U.S. Senator Elizabeth Warren called it an antitrust "nightmare" that would harm workers and consumers. "A Netflix-Warner Bros would create one massive media giant with control of close to half of the streaming market -- threatening to force Americans into higher subscription prices and fewer choices over what and how they watch, while putting American workers at risk," Warren said on Friday. "It would mean more price hikes, ads, & cookie cutter content, less creative control for artists, and lower pay for workers," she said in a post on X. "The media industry is already controlled by a few corporations with too much power to censor free speech. The gov't must step in."

An anonymous reader quotes a report from the New York Times: A few years ago, Paul Wieland, a 44-year-old information technology professional living in New York's Adirondack Mountains, was wrapping up a home renovation when he ran into a hiccup. He wanted to be able to control his new garage door with his smartphone. But the options available, including a product called MyQ, required connecting to a company's internet servers. He believed a "smart" garage door should operate only over a local Wi-Fi network to protect a home's privacy, so he started building his own system to plug into his garage door. By 2022, he had developed a prototype, which he named RATGDO, for Rage Against the Garage Door Opener. He had hoped to sell 100 of his new gadgets just to recoup expenses, but he ended up selling tens of thousands. That's because MyQ's maker did what a number of other consumer device manufacturers have done over the last few years, much to the frustration of their customers: It changed the device, making it both less useful and more expensive to operate.

Chamberlain Group, a company that makes garage door openers, had created the MyQ hubs so that virtually any garage door opener could be controlled with home automation software from Apple, Google, Nest and others. Chamberlain also offered a free MyQ smartphone app. Two years ago, Chamberlain started shutting down support for most third-party access to its MyQ servers. The company said it was trying to improve the reliability of its products. But this effectively broke connections that people had set up to work with Apple's Home app or Google's Home app, among others. Chamberlain also started working with partners that charge subscriptions for their services, though a basic app to control garage doors was still free.

While Mr. Wieland said RATGDO sales spiked after Chamberlain made those changes, he believes the popularity of his device is about more than just opening and closing a garage. It stems from widespread frustration with companies that sell internet-connected hardware that they eventually change or use to nickel-and-dime customers with subscription fees. "You should own the hardware, and there is a line there that a lot of companies are experimenting with," Mr. Wieland said in a recent interview. "I'm really afraid for the future that consumers are going to swallow this and that's going to become the norm." [...] For Mr. Wieland, the fight isn't over. He started a company named RATCLOUD, for Rage Against the Cloud. He said he was developing similar products that were not yet for sale.

During last month's KubeCon North America in Atlanta, Kubernetes maintainers announced the upcoming retirement of Ingress NGINX. "Best-effort maintenance will continue until March 2026," noted the Kubernetes SIG Network and the Security Response Committee. "Afterward, there will be no further releases, no bugfixes, and no updates to resolve any security vulnerabilities that may be discovered." In a recent op-ed for The Register, Steven J. Vaughan-Nichols reflects on the decision and speculates about what might have prevented this outcome: Ingress NGINX, for those who don't know it, is an ingress controller in Kubernetes clusters that manages and routes external HTTP and HTTPS traffic to the cluster's internal services based on configurable Ingress rules. It acts as a reverse proxy, ensuring that requests from clients outside the cluster are forwarded to the correct backend services within the cluster according to path, domain, and TLS configuration. As such, it's vital for network traffic management and load balancing. You know, the important stuff.

Now this longstanding project, once celebrated for its flexibility and breadth of features, will soon be "abandonware." So what? After all, it won't be the first time a once-popular program shuffled off the stage. Off the top of my head, dBase, Lotus 1-2-3, and VisiCalc spring to my mind. What's different is that there are still thousands of Ingress NGINX controllers in use. Why is it being put down, then, if it's so popular? Well, there is a good reason. As Tabitha Sable, a staff engineer at Datadog who is also co-chair of the Kubernetes special interest group for security, pointed out: "Ingress NGINX has always struggled with insufficient or barely sufficient maintainership. For years, the project has had only one or two people doing development work, on their own time, after work hours, and on weekends. Last year, the Ingress NGINX maintainers announced their plans to wind down Ingress NGINX and develop a replacement controller together with the Gateway API community. Unfortunately, even that announcement failed to generate additional interest in helping maintain Ingress NGINX or develop InGate to replace it." [...]

The final nail in the coffin was when security company Wix found a killer Ingress NGINX security hole. How bad was it? Wix declared: "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, which could lead to complete cluster takeover." [...] You see, the real problem isn't that Ingress NGINX has a major security problem. Heck, hardly a month goes by without another stop-the-presses Windows bug being uncovered. No, the real issue is that here we have yet another example of a mission-critical open source program no one pays to support...

An anonymous reader shares a report: India's telecoms ministry has privately asked all smartphone makers to preload all new devices with a state-owned cyber security app, a government order showed, a move set to spark a tussle with Apple, which typically dislikes such directives.

[...] The November 28 order, seen by Reuters, gives major smartphone companies 90 days to ensure that the government's Sanchar Saathi app is pre-installed on new mobile phones, with a provision that users cannot disable it. [...] In the order, the government said the app was essential to combat "serious endangerment" of telecom cyber security from duplicate or spoofed IMEI numbers, which enable scams and network misuse.