The team behind the AI Octopus Euro 2024 predictor has updated its simulator for the 2026 FIFA World Cup, this time allowing users to throw natural-language scenarios at the model and see how the tournament might shake out. "Sensible questions work – a red card, a key injury, a heat wave, a squad switching base camp – but so do the daft ones, e.g. 'What if the tournament were played with rugby rules?'" said Luzmo CTO and co-founder Haroen Vermylen. The system is simple: enter a scenario in a prompt box, and the predictor spits out how the results might go. The raw data includes squad quality based on player information, heat and altitude factors, injury data, and so on. A Monte Carlo simulation of the tournament is used to generate win/lose/draw probabilities, and the score line is derived from 5,000 match runs. The engine behind the Euro 2024 AI Octopus was written in TypeScript. This time around, the team used Rust. "We moved to Rust to also be able to run things more quickly, as now there is a real-time component to this," Vermylen told The Register. "Before it could run for five minutes or so. Now we want the predictions to actually come out within two to three seconds of actual simulation time." OpenAI models parse the request and generate summaries, and an agent is used to create or transform scenarios, call the calculation engine, answer questions, and so on. A user doesn't need to be a data scientist to ask questions and understand the answers. It's certainly rapid, recalculating the results based on suggested scenarios (even one in which we pondered the effect of politically dubious emissions from a certain world leader). Not that all scenarios will work. Vermylen told us that filtering was in place to ignore profanities and "to avoid scenarios that would just be harmful to certain groups." And then there is the age-old issue of an AI parser simply not understanding the prompt. Clarity is key. Using natural language is a great alternative to a UI with settings and sliders, but that ease of use can result in misunderstandings. As the tournament progresses, the data will be refined. At the time of writing, the baseline reckons that Spain will beat England in the final. Spain currently has an 18 percent chance of lifting the trophy and a 26.8 percent chance of reaching the finals. Those figures can, of course, be altered by feeding in scenarios. For example, we asked: "What if the Spanish team eats a bad paella?" Spain's chance of winning the tournament then dropped to 1.5 percent, with France as the projected champion. We also asked it what would happen if we replaced the England team with Register writers. Suffice to say that scenario did not end well. We asked Vermylen what was next. "The Olympics would be nice… or the Eurovision. We'd like to give the United Kingdom a win." ®

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

Amazon has developed a new networking topology that's up to a third faster and up to 40 percent more energy efficient than traditional hierarchical network designs. The novel architecture, called Resilient Network Graphs (RNG), is based on random graph theory. "Traditional networks have always been hierarchical," explained Matt Rehder, VP of global network engineering at AWS, in a recent interview. "They're sort of like an org chart where one network device will talk to the boss network device which will talk to the next boss network device and you gotta go up the chain of command in order to talk to someone else in another department." There are reasons for that, Rehder said. Hierarchy creates structure and makes data routing rules simpler. "You don't have to know how to talk to everyone in the organization, you just talk to the person above you," he said. But that creates inefficiencies. The tree-like structure creates points of contention where data flow bottlenecks can occur. At the same time, other parts of the network may be underutilized. Rehder said that academics in 2012 proposed a random graph topology for networks. But that design, as detailed [PDF] by Amazon researchers, had issues. The reimagined network structure, dubbed Jellyfish, relied on truly random graphs and called for removing routers from server racks and locating them centrally to simplify cabling. But that approach ended up increasing latency between servers within a rack. Rehder said no one has been able to put that design into production. "It requires much more complicated routing rules to figure out how to program every device – you can't just program every device to know who everyone is, they have limited memory space," he said. "And then the other [issue] is that the cabling actually is very complicated. Part of that hierarchy is about simplifying how you build the network in the datacenter and with a random graph it's literally random and you can't just have cable spaghetti all over a datacenter. So you could build it in a lab but you could never really do it at scale." Nonetheless, said Rehder, AWS has been solving these problems over the past few years. "The only reason we were able to even think about tackling them is that 15-year history of iteratively improving our hardware development and software ownership of our network," he said. Less random Inspired by other academic networking research, AWS managed to succeed with random network topology by making it not entirely random. RNG relies on a flat graph where routers interconnect through a mix of deterministic and randomized cabling. RNG began taking shape three years ago when Seshadhri Comandur, an Amazon Scholar and professor at the University of California, Santa Cruz, answered an internal Slack message from Ratul Mahajan, a fellow Amazon Scholar, datacenter networking expert, and professor at the University of Washington, who was looking for an expert on graph theory and routing. With help from AWS principal applied scientist Giacomo Bernardi and other colleagues, AWS has become the first company to deploy a flat datacenter network at scale. AWS expects the technology will offer better performance and reliability for Amazon customers while also saving billions of dollars in hardware and reducing CO2 emissions. The reimagined network structure was referred to as Penrose internally because the original design involved Penrose tiles. But as the project evolved, AWS settled on Resilient Network Graphs "to reflect the customer benefit and that primarily is a more resilient and performant network," as a company spokesperson put it. RNG relies on a routing algorithm called Spraypoint to identify node paths and an optical device called a Shufflebox for mixing connections between routers. Rehder said the Shufflebox is one of the pieces of magic that makes RNG work. "In a random graph network you don't have that hierarchical structure where you can have all the cables neatly aligned," he explained. "So how do you do that? How do you basically make a random network feel more structured? Well, you have the Shufflebox and the idea is that you plug fiber in here and inside of this it will randomize or basically scramble the fiber. So the ports you plug in get scrambled around and come out on some random port around the other side." RNG is AWS's new network for its core database servers. Machine learning hardware uses the company's UltraServer network, because the machine learning workloads need full bandwidth. "The core server networks can be oversubscribed more efficiently," said Rehder. "Everyone's not talking to each other at the same time." RNG has been rolled out in Ireland, Germany, and Spain, and the plan is to deploy it in the majority of company datacenters by the end of the year. ®

Patients in England cannot stop their data being processed by the Palantir-built NHS Federated Data Platform (FDP), but individual NHS trusts can choose not to use it, health minister Preet Kaur Gill has told MPs. The minister, who was appointed last month to cover health innovation and safety, told fellow Labour MP Neil Duncan-Jordan that patients can only opt out of secondary uses of data such as planning and research. On the main opt-out mechanism, she said: "The National Data Opt-Out does not currently apply to products used in the NHS FDP. In most cases, this is because data is being used for the purpose of direct care." Last month, NHS England confirmed it had changed policy so some Palantir staff can access identifiable patient data through a new "admin" role. A briefing document seen by The Financial Times and confirmed by The Register warned that granting access could create a "risk of loss of public confidence" in NHS England's assurances about safeguarding patient data. Answering a separate question from Labour MP Rachael Maskell, Gill confirmed that NHS trusts running hospitals, mental health and other services can opt out. "Where NHS organizations would like to use alternative solutions, they retain the ability to procure locally, provided solutions meet applicable standards and support the delivery of national priorities," she said. According to NHS England statistics, 168 of 214 NHS trusts have signed up to use the FDP, with 123 live and 80 reporting benefits. All but one of England's 42 integrated care boards, Greater Manchester, have also joined. Palantir's role in the FDP, which followed similar pandemic-era work for NHS England, has become increasingly contentious. Last week, Parliament's Science, Innovation and Technology Committee said the NHS should end Palantir's involvement, and MPs have tabled 40 written questions about the supplier, which also works for intelligence agencies and US Immigration and Customs Enforcement (ICE), in the last month. Responding to a question from Labour MP Mark Sewards, Gill said the government will decide this year whether to extend Palantir's current FDP contract beyond its February 2027 expiry. She noted the program was among just 14 percent of major government projects to get a green rating from the National Infrastructure and Service Transformation Authority, "indicating that the NHS FDP is on track." In a further answer to Neil Duncan-Jordan, Gill said the contract includes an exit management process covering intellectual property rights. "In addition, the contract includes controls to support transition and continuity of services in the event of termination, ensuring that operational delivery and patient services are protected," she said. "In principle, another supplier could provide equivalent functionality in the future," Gill added, signaling that even if Palantir's contract is not renewed, the government wants to retain the FDP. "It would take planning, time, and resources to run a compliant procurement and then move services and data across safely." ®

BORK!BORK!BORK! We're big fans of retro computing here at Vulture Central, and so it is with a certain delight that we can report XP-era Windows has been spotted disgracing itself on London's Docklands Light Railway. Spotted by Register reader Tim Hayward, the wonderfully named DaisySignApp.exe has thrown up an application error. While the Windows shell might be shorn of all of XP's fripperies, the Recycle Bin icon hints at the operating system's origins. Hayward reckoned that XP was stalking the DLR, but it could also be Windows Server 2003. Support for Windows Server 2003 finally ended in 2015. XP was sunset in 2014, so the DLR display is rather out of date. Then again, as any IT administrator would admit, if something isn't broken, there's no point fixing it, no matter how much Microsoft would encourage them to. In this case, it is unlikely that the operating system is at fault (although one could argue that it should handle a misbehaving application more discreetly), and DaisySignApp.exe should be dealing with its own dirty laundry rather than throwing an exception in commuters' faces at Limehouse station. Limehouse connects London's Docklands Light Railway (DLR) to the UK's National Rail services. It was one of the first DLR stations and predates the borked operating system by more than a decade. Indeed, at the time of the DLR's opening in 1987, Microsoft was preparing to inflict Windows 2.0 upon the world – the delights of later versions and the company's GUI dominance were still a few years in the future. The DLR also seemed like a glimpse into the future back in the 1980s. However, a fair chunk of its underpinnings, such as formerly disused railway viaducts, hark back to an earlier era. Anyone looking at today's iteration of Windows might wonder how much of it dates back to what's on display at Limehouse. ®

Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend

Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no

@Chocobozzz Hey, so recently I received some issues for my native Peertube tvOS client, PeerTV, regarding an inability for them to login to their accounts on specific instances that require either OpenID or OAuth. I tried implementing that, but I found out that in order to use passkeys from the apple device I need to coordinate with specific instances and have the accept some sort of credential from my app (which seems rather difficult). I tried using only the user and password to sign in with SSO but there were challenges and it wasn’t consistently logging in the users.

Did you face a similar issue with the Peertube iOS app? Can you share what you were able to do to get that working (if it even works with SSO at all)?

1 message - 1 participant(e)

Lire le sujet en entier

NanoClaw, a secure agent framework, has partnered with supply chain platform JFrog to allow AI agents to fetch resources from JFrog's reviewed registries. Gavriel Cohen, creator of NanoClaw and co-founder of NanoCo AI, announced the tie-up on Thursday evening in San Francisco at a JFrog event that concluded with a World Cup watch party. Cohen explained that one of the features of Claw agents – OpenClaw and variations like NanoClaw – is that they can improve themselves by fetching tools and resources that they don't have. That works fine, he explained, when there's a manual approval process for accessing known local data. But it's not ideal for npm packages, even when the agent involved is sandboxed and isolated as it is in NanoClaw. Malicious code within a container may still be able to take harmful actions, even if the scope of potential activity is constrained. Developers, Cohen said, may not be familiar with a given package and it can take time to thoroughly assess whether a package is legitimate and uncompromised. "So we teamed up with JFrog and we integrated NanoClaw with JFrog's registries," said Cohen. The arrangement provides a way to reduce the agent's exposure to untrusted content. When the agent downloads new tools and libraries, the software comes from a vetted source. Cohen also announced the availability of what he called an agent factory, his company's homegrown system used to handle pull requests (PRs) using NanoClaw agents. The agent factory, he explained, is an attempt to triage pull requests, which have surged thanks to AI coding agents. "It's very easy now to point a coding agent at a repo and say, 'open a pull request for this repo,'" he explained. "And it's very difficult as a maintainer to tell the difference between a high quality contribution from somebody who's really using the open source project versus someone who's just trying to build up the reputation [using automated methods]. So to help us tackle this, we built an agent factory that helps us review every single contribution to NanoClaw." The agent factory is referred to as the PR Factory in the actual pull request. It's built with NanoClaw and hosted on exe.dev, a service that provides VMs with persistent storage. "When a PR opens, the factory spins up a dedicated worker agent for it, posts a thread to Slack, and the worker triages the change, reviews the diff, and proposes a test plan," Cohen explains in the documentation. "Nothing consequential happens on its own: merges, test runs, and credentialed GitHub actions each surface as an approval card in the thread, and only fire when a human clicks approve." Cohen acknowledged that some developers will think it's madness to process unsanitized PRs that could contain prompt injections or unsafe code. And he asked the assembled audience of developers how many had seen the phrase on the projected slide: "Never, ever, ever do this." Anyone who has spent time using and configuring AI agents in a development context has seen something of the sort in configuration files like Claude.md, which gets loaded as instructions to the underlying agent and model. "If you see something like this in the Claude.md file and the agent instructions say, 'Important: Never run drop database production,' it tells you two things. You know that that agent has deleted a production database before. And you know that it can actually still do it again. That's why the instruction is there." This elicited a knowing laugh from the audience. Cohen went on to say that the agent will do it again because instructions are not a way of enforcing security or safety. "Instructions help steer an agent AI towards valuable output, but it's not a safety mechanism," he said. "The only way to reliably prevent an agent from taking undesired action is not allowing it to take that action, not giving it the ability to take the action." That is the purpose of NanoClaw. ®

Amid the unrelenting demand for AI infrastructure, SK Hynix, the world’s largest supplier of HBM memory used in high-end GPUs, now expects to triple its wafer capacity. You'll just have to wait through two more US presidential elections and then some. All that capacity won’t come online until 2034, SK Group Chairman Chey Tae-won told Nikkei Asia in a recent interview. SK Hynix’s valuation has soared in recent months. The company is one of three major producers of NAND flash and DRAM memory, large quantities of which are required to support the burgeoning AI inference market. Samsung and Micron are the other two major players in this space. This demand has led to skyrocketing memory prices for consumer DRAM and SSDs, some of which have more than tripled in price compared to this time last year. SK Hynix and the other major memory makers meanwhile have seen their revenues explode. Chey's comments come just a week after SK Hynix said that it planned to double its production capacity within the next five years. “Our calculations show that our wafer capacity will double within five years. But honestly once all these facilities are built, it won’t just double, it will triple by around 2034,” Chey told Nikkei. SK is in the process of bringing four additional wafer fabs online, with the first phase reportedly on track to come online as early as 2027. The South Korean memory slinger had previously planned to ramp production of these facilities over the next two decades, but has pulled in its timeline in hopes of satiating AI’s memory addiction. “There is currently no way to move faster than this,” Chey told the newswire. While much of this capacity will be built on SK’s home turf, the company is exploring its options for overseas manufacturing, with Japan being one of the potential destinations, with Chey calling it an “excellent” candidate due to its robust semiconductor supply chains. Unfortunately, the buildout is unlikely to drive down memory prices for consumers any time soon. As we previously reported, memory prices are not expected to peak until later this year at the earliest. Analysts warn that memory prices are more likely to plateau going into 2027 rather than plummeting like we’ve seen in past DRAM and NAND boom-bust cycles. These boom-bust cycles have been a fact of life for commodity electronics manufacturers, like SK Hynix and Samsung, for years. Prices typically spike as inventories are drawn down and crater as new capacity is brought online. On the one hand, AI infrastructure demand has helped to stabilize this to some extent. On the other hand, the AI boom kicked off in 2022 at what was arguably the worst possible time. "This demand started in the Valley for the DRAM industry. That makes financially trying to build additional capacity really challenging," TechInsights analyst James Sanders told El Reg late last year. Business is once again booming for memory vendors presenting ample opportunities for labor disputes over competition as well as fab expansions. Unfortunately, there’s no changing the fact that the fastest anyone can bring a leading edge memory fab online is about three years. ®