❌

Normal view

Today β€” 11 July 2026Main stream

Colibrì proof-of-concept gains frontier-level 1.5-TB AI model — novel approach runs on only 25GB of RAM and shows promise for local AI setups

Running LLMs and agents in home lab setups is steadily gaining popularity due to the rising cost of AI bot subscriptions and concerns about data privacy. Unfortunately, an Nvidia NVL72 rack is ever so slightly out of the financial reach of most people, so enthusiasts have to make do with models that can run in limited amounts of memory. Italian engineer Vincenzo (aka JustVugg) seemingly wanted to have his cake and eat it, so he created ColibrÌ to run the 744-billion-parameter 1.5-TB GLM-5.2 model on a modest CPU, a mere 25 GB of RAM, and a 1 GB/s virtual NVMe drive.

Let's get the elephant out of the way: Colibrì's speed on Vincenzo's setup is only about 0.05 to 0.1 tokens per second on average, a measure that's unusable for practical conversation — imagine just one question taking hours to answer. Higher-end setups provide far better figures, but for now, they still don't meet the 20-30 tokens per second required for real-time use.

Having said that, GLM-5.2 is a Mixture-of-Experts (MoE) model with frontier-level capability, at least somewhere in viewing distance of the finest offerings from Anthropic, OpenAI, et al. This means that the quality of the answers ought to be excellent, and Vincenzo himself says his limited testing produced some impressive results. The way Colibrì works is simple enough to describe, and yet hard to do right: loading the model in slices to RAM. We're going to oversimplify for clarity's sake.

An MoE model like GLM-5.2 includes hundreds of expert sub-models to answer different topics, and these are chosen per token, not per query β€” meaning that when you ask a question, your words get split into tokens (chunks). For each token, the bot activates the best experts for it. The experts might always be the same for the entire question, but more often than not, a query might reel in tens of experts, possibly going into triple digits.

Whereas normally large chunks of the model, or the entire model, are loaded onto interconnected datacenter GPUs, Colibrì takes advantage of the MOE architecture and repeatedly loads/unloads the experts required per token, allowing even a cheap machine to use a large model at a steep performance penalty. For speed and simplicity's sake, Colibrì's expert-selection code is a single C file with very few dependencies. Additionally, the GLM-5.2 model is quantized down (simplified with lossy encoding) to take up less space to begin with.

If you're thinking that loading and unloading data for every piece of a question's words is going to be a hard hit on storage I/O and memory bandwidth, you're exactly on the right track. In this type of setup, NVMe storage speed is the first major bottleneck, but the proverbial funnel varies across configurations. Give it enough storage bandwidth, then you're up against RAM limitations. Fix that, then you need more CPU cores, and so on.

Colibrì is currently a proof-of-concept and doesn't yet run on GPUs, though it's worth noting that even then, shuffling data to/from the card will almost certainly be the biggest constraint. Even still, the project has barely been released, and it's already proving quite popular. Vincenzo is collecting benchmark data and running fixes as we speak, so be sure to visit the repository to contribute if you can. Maybe at some point it'll be feasible to run a really clever model on high-end consumer hardware at a decent enough clip.

Yesterday β€” 10 July 2026Main stream

Chat Control 1.0 sneaks through the EU Parliament, letting companies scan user data without warrants β€” legal tactic used to force a majority-required re-vote on eve of Parliament break

The Chat Control 1.0 law that enables warrantless mass scanning of digital communications has been voted against multiple times by the EU Parliament. And yet, just like a movie zombie, it keeps getting resurrected by various legal sleight-of-hand moves. Yesterday, one of those tricks worked, as Chat Control 1.0 passed (or rather, was not rejected) in a forced re-vote that required an absolute majority (50% + 1) for active refusal. This brings back the law until 2028, and sets a different stage for September's upcoming discussion on Chat Control 2.0.

After the impending publication in the EU Official Journal, online direct-communication platforms will be allowed to mass-scan their users' data without the need for a warrant, under the guise of looking for child sexual abuse material (CSAM).

The scanning is not mandatory, but big tech firms will have a legal mechanism to rifle through user data. EU firms have historically refrained from doing so, presenting privacy and data sovereignty as selling points, but the legal door is nevertheless now officially open.

The obvious platforms where monitoring can now take place will be e-mail and chat services. Immediate examples include Gmail, iCloud, Hotmail, Discord, Instagram, Slack, Teams, Snapchat, Xbox, and Google Chat.

Although the law's scope is for "interpersonal communications services," the legal mechanism might hypothetically extend to some gray areas like Google Drive, where sending someone a link to a cloud file could be within the scope of the law.

It's worth noting that "direct communication" isn't restricted to one-to-one chats, as it includes group chats; just not public or undirected communications. Additionally, EU law enforcement is still beholden to the same warrant requirement as before β€” Chat Control 1.0 does not grant a blank pass to authorities to mass-scan user data, or request companies to do so without a targeted warrant.

Thanks to two amendments in yesterday's vote, end-to-end-encrypted (E2EE) communications means (ex: WhatsApp) stay exempt. That means that for now, Chat Control 1.0 isn't a commandment to break encryption, something that has been regularly suggested by lawmakers around the world.

It's as good a time as any to remind people that Instagram messages are no longer E2EE as of May, and that although WhatsApp's messages are encrypted, the service leaks out every single bit of metadata about them β€” sender, recipient, time, size, etc. As always, Signal is recommended as a privacy-focused communications app.

This latest development in the EU parliament is eliciting widespread public outcry due to the nature of the law itself, but also due to the manner in which it happened. Critics and opponents of the rule are suggesting this move is unprecedented.

Chat Control 1.0 has already been shot down repeatedly, most recently in March. However, European Parliament President Roberta Metsola forced a second reading of the law, and invoked Rule 163's "urgent procedure" mechanism. This had many effects, including bringing up a law that was voted against for discussion yet again; turning the decision into a denial vote (vote-to-deny, not vote-to-pass); exploiting the second-reading requirement that demands an absolute majority vote (50% + 1); and letting the President herself set the schedule. Metsola scheduled the second reading to the very last day before the European Parliament summer recess.

The result was that out of 720 representatives, only 607 actually cast a vote. Of those, 315 (over half) voted against Chat Control 1.0. That figure did not meet the supermajority threshold of 361, which was calculated against a full chamber.

Opponents to Chat Control have posted resources at the Fight Chat Control website, including a breakdown of member-state and individual representative voting positions and contact information.

Minecraft shown running on Game Boy Color and Game Boy in 3D with textures β€” developer coaxed 3D look out of barely-there hardware

Tobias Friedly, also known as Game of Tobi on YouTube, is quite the wizard when it comes to making the seemingly impossible happen on early Nintendo hardware. His latest venture is getting a limited version of Minecraft running on the Game Boy Color (GBC)... but in 3D. As an added bonus, he even got the game working on the original Game Boy in limited fashion, thanks to both machines' interoperability.

Friedly demonstrated his work in a short YouTube video, where it's plainly visible that he managed to coax the GBC's 8x8 sprites into something visually resembling Minecraft in a three-dimensional projection. Although there are no enemies, inventory, or game logic, the feat is exceedingly impressive given that the hardware was never meant to have 3D games.

This is a significant departure from existing Minecraft demakes for old Nintendo gear, seemingly all of which tried implementing the original game's mechanics in a flat two-dimensional space. Friedly's project appears to be an offshoot of his existing Minecraft 3D for the Gameboy Advance.

Even with the limited GBC hardware, he even went as far as adding a map generator that can create flat or bumpy maps. Blocks of various types (including portals) can be placed and removed, and he even added the Nether area of the game. Game saving and loading is included, and there's an option to enable block textures. Predictably the results are a bit iffy given the limited resolution of the display and the inherent difficulty in faking texture mapping with 8x8 tiles.

Despite running at different speeds and color levels, the Game Boy Color and original Game Boy are for the most part compatible, and Friendly even showed that his clone does run on the original black-and-green Game Boy. It's hard to distinguish blocks on that screen β€” but it works. If you're interested in trying it out yourself, download the cart files that Friedly published.

Before yesterdayMain stream

New hack exploits AI hallucinations to trick agents into running malicious code β€” 'HalluSquatting' attack exploits a fundamental weakness in every available model

Ever since the advent of agentic AI, security researchers have been yelling from the top of their lungs about how it's a bad idea to grant user-level permissions to an LLM β€” for all purposes, a program with non-deterministic outputs and inconsistent handling of inputs. A research paper on HalluSquatting from researchers at Tel Aviv University, Technion, and Intuit, shows how easily one can fool modern AI bots and harness them into a massive army of AI agents, with the research showing that agents can hallucinate potentially malicious code repositories up to 85% of the time.

The mechanism for HalluSquatting (aka "adversarial hallucination squatting") is surprisingly simple, and takes advantage of the fact that when met with unfamiliar terms, bots will not know they're incorrect and hallucinate a "correct" answer. Adding to that, the methods the bots use to come up with said answer are predictable, for example, owner/repository or toolname/toolname GitHub URLs. This is different than just standard typo-squatting, as it exploits the hallucination mechanism itself.

An attacker first identifies an application, code repository, programming library, or bot skill that's gained popularity only in recent months or years β€” let's say, a new GitHub repo with the URL OriginalOwner/WindowsTelemetryOff. As the bots' training data is not recent enough to contain information about it, GitHub URLs owner/repo combinations SuperHacker/WindowsTelemetryOff , and WindowsTelemetryOff/WindowsTelemetryOff look just as peachy. Likewise, WindowsTelemetryOf and WindowTelemetryOff (note the typos) will be valid candidates.

The attacker then creates a malicious repository using those generated names. When Claude or another code agent is asked to "run the windowstelemetryoff scripts" or a similar instruction, chances are they'll hallucinate the repo name (sometimes even having run a web search), run into the malicious version that looks like the original, and happily run whatever's in there.

From that point, all bets are off now that the attacker's code is running on the user's machine. The most obvious outcome could be creating a reverse shell (the user's machine opens a command line that's controlled remotely). Now having access to the user's account, the attacker can siphon off their data and passwords, install software, run crypto miners, or harness their AI agent for further malfeasance, all with the power of entire data centers at their disposal.

And here's the kicker: just the one HalluSquatted piece of software has the potential to bait and reel in tens of thousands of bots, if not more, in a proverbial blink of an eye. A crafty attacker would be kind enough to include all the original code in their poisoned version, adding yet another layer of unawareness to the mix.

The research team found that an LLM will hallucinate the location of a recent code repository up to 85% of the time, a figure that can reach 100% for trending agentic skills. Every single model is widely affected, up to and including Anthropic's mighty Claude Opus 4.5. At the application level, the figures are better, but still pretty bad.

The scientists are working on common LLM-backed programming applications, including Cursor, Windsurf, and OpenClaw, among others. In this scenario, the bots stand a better chance given they're working with more context information, but even still, the success rates for hacking ranged from 20%-35% for Cursor, Gemini CLI, and Copilot, and increased massively to close to 80-100% on OpenClaw and its variants. The exploit mechanism doesn't even need to be crafted specifically for any bot; the researchers' results show it's universal and transferable, too.

The mean hallucination rate for names of sample GitHub repositories published in 2025 is 92.4%, while predictably, bots get the URLs wrong 0.9% for those from 2019 or earlier, though that's arguably still a concerning figure. The most effective mitigation is adjusting workflow: instructing bots to always run web searches before installing software, and providing them with additional context. Unfortunately, that's not the default way most people appear to use them.

Cybersecurity professionals have long advocated for not blindly trusting a bot's actions and severely restricting the access level granted to AI agents. And yet it's not uncommon to see bots with wide-ranging permissions over users' machines, API keys, access keys, and service accounts, to name a few β€” all in a bid to make it "easier" for the bot to vibe-code their pointy-haired-boss' latest brilliant idea.

Nvidia touts Vera CPU's single-threaded performance as its agentic AI advantage, reveals next-gen 'Rigel' Arm CPU cores β€” frames chip as a 'max single-threaded CPU at scale,' not a parallel monster

Only a little while back, Phoronix got the chance to test-drive one of Nvidia's upcoming Arm-based Vera CPUs. In certain approved workloads, the chip put up an impressive showing, nipping at the heels of its Xeon and Epyc x86 competitors. In specific single-threaded scenarios, Vera "absolutely dusted the competition" (our words). But AMD had some things to say about the Phoronix test, firing back with its own metrics of a 3.3x performance gain over Vera for the projected output of a 100 kW rack of its hardware.

And Nvidia is already thinking about this future. It revealed that its next-gen Rigel Arm v9.2 CPU core, shipping as part of its Rosa CPU, will deliver even higher per-core performance than Vera's Olympus core within the same silicon footprint via "better instruction delivery," more L2 cache, and better memory handling.

Now, Nvidia is reasserting Vera's advantage for AI work by describing it with a new product category: a "max single-threaded CPU at scale" rather than a parallel-processing beast. Instead of simply maximizing the core count per socket, Nvidia says Vera's monolithic 88-core design is meant to provide strong performance per core under load, enough memory bandwidth per core to keep active cores supplied with data, and predictable latency.

Nvidia describes AI inference workloads as being bound by single-thread speed. For example, a reasoning AI will run the model for one step, and will run the model again as many times as it takes until the answer is generated. Since each step needs the output from the previous one, no amount of parallelism will help β€” the speed at which one thread can run is most important. The situation is similar in agentic workloads, as agent B can't get its work started without knowing what happened with agent A.

Nvidia Vera performance profile

(Image credit: Nvidia)

Vera's design, then, appears to be one aimed at both having and eating the proverbial cake: high single-thread speed with a large number of available threads. Vera is an 88-core design with SMT support for 176 total threads. And to supply each of those cores with adequate bandwidth, Nvidia says Vera talks to LPDDR5X RAM at 1.2 TB/s, and that its monolithic compute die keeps cores well fed and avoids bottlenecks thanks to 3.4 TB/s of core-to-core bandwidth. The company says the latter figure is 3x that of "any other data center CPU."

There are many ways to measure inter-core bandwidth, so direct comparisons are tricky at best, but given the bespoke design of Vera for AI inference tasks, the claim is at least plausible.

The company's latest blog post about the new silicon reiterates this point, claiming its new silicon delivers 1.8x higher performance versus its x86 competition in "loaded CPU workloads that represent agentic execution," 1.5x higher perf in coding workflows, and 3x faster work in database analytics.

The numbers Nvidia touts purportedly come from real-world scenarios, starting with those from Perplexity, whose usage of Vera in coding agent work delivered a claimed 1.5x performance increase over x86, and a 1.9x speedup running concurrent sandboxes.

The claimed speed increases are wider still in database workloads, with Starburst (federated database firm) clocking a 3x uplift in large-scale SQL analytics, while Redpanda's real-time analytics saw a claimed 6x latency drop. According to Nvidia, all this purported performance is delivered by Vera's particular architecture, one that aims to deliver maximal single-thread performance with high thread counts.

We should note that vendor-approved benchmarks should always be taken with a bucket of salt, particularly those for hardware in a field that can shuffle trillions of dollars in a single day. The company doesn't say which precise x86 chips it tested Vera against, but it's a fair guess that they're mid- to high-end Intel Xeon and AMD Epyc models.

Nevertheless, in the blog post, Nvidia describes a conundrum that's familiar to most any server administrator: big-iron server chips can pack obscene amounts of cores, making them ideal for processing many tasks at once. However, the more cores you add, the slower they need to be to keep thermal performance and power draw in check. But that scale is an obstacle for tasks that need to be done now, parallelization be darned.

And the architectural decisions involved in using chiplets to scale to high core counts aren't free, either. Nvidia calls this "chiplet tax", and it says that scaling using chiplets creates memory access and performance inconsistencies that Vera's monolithic design is specifically meant to avoid.

We've long emphasized the importance of high single-threaded performance for a fast and responsive experience for client PCs, and it seems like AI agents are going to end up placing similar demands on hardware as they do their thing. If that's how the agentic AI future plays out, Nvidia's particular design optimizations for Vera make greater sense than prioritizing core count above all, as it might be for a general-purpose server chip meant to satisfy different economic and customer demands.

We'll have to see if Intel and AMD respond with "max single-threaded CPUs at scale" of their own.

Arrest and extradition of Scattered Spider hacker shines light on how Windows telemetry GDIDs can identify and track users β€” Microsoft device identifier is just one digital fingerprint in a software world rife with them

The Internet is buzzing over news that 19-year-old Estonian "hacker" Peter Stokes got nabbed by the authorities and extradited to the U.S. on digital crime charges, mostly thanks to Microsoft Windows' built-in telemetry. The FBI seemingly subpoenaed Microsoft, which coughed up telemetry logs that contained both Stokes' GDID (Global Device Identifier) and websites he visited using his main Windows machine.

The existence of GDID isn't new by itself, as Windows telemetry's data collection has been extensively analyzed and reported on. It's also been known, and publicly explained by Microsoft, that the extended telemetry modes (Full/Optional instead of Required/Basic) can upload lists of URLs analyzed by SmartScreen and Defender, together with the GDID. In fact, using the Edge browser in this setup can even send every visited URL. The court documents do not reveal which exact mechanism triggered the telemetry upload, though.

This data collection has long been the source of heated debate and general public disgust. Even though the data is genuinely useful and necessary for debugging (by Microsoft or systems administrators in enterprise environments), the fact that it comes enabled by default in Windows Home and Professional editions is questionable. The fact that those versions don't have a simple, user-facing "Off" switch to fully disable telemetry also adds insult to injury.

The Peter Stokes arrest appears to be the first public case where these Windows GDIDs were both used as a tracking identifier and contained telemetry data including some of the URLs the defendant visited. The case also prompted a renewed analysis of the GDID by a security researcher that you might want to look into. From what we can ascertain, it's likely Stokes had his Windows telemetry set to Optional/Full, as Required/Basic doesn't appear to transmit URLs by default.

Using the telemetry GDID, the FBI easily connected the dashing rogue to his ngrokaccount, because he used that tool in the same session in which he accessed his Facebook and Snapchat accounts. The agents also established a link between travel records, a New York IP address, and a rental at the Empire Hotel, likely facilitated by the photos Stokes posted of his hotel room. The criminal mastermind was equally sneaky (read: not) in his visit to Thailand.

As many hackers do, he enjoyed some time off playing an obscure game, in this case Ubisoft's Growtopia, shortly before accessing his Apple logins, as well as the aforementioned Facebook and Snapchat logins over the following weeks. Besides Microsoft, Google and Apple also collaborated on the hunting effort, with Google linking Stokes' phishing phone number to the same exact IP address and date where he created the ngrok account. Ever the stealthy craftsman, Stokes had created the ngrok account using the same GMail address connected to a second phone number where he made phishing calls from.

While it's easy and arguably quite necessary to hoist pitchforks at Microsoft for collecting detailed information about billions of computers by default, security professionals will be quick to remind users that Windows' telemetry is merely one of the many ways to track a user. Even if not by malice, a lot of software simply requires GDID-like identifiers for things like tracking usage, subscription and licensing limitations, activation requests, and hardware detection. And every company behind such software can be subpoenaed by authorities, as exemplified in Stokes' case by Microsoft, Google, Apple, ngrok, and others. Even privacy-oriented services like Proton are careful enough to describe what they can and cannot reveal to authorities under a court order.

If you're wondering the steps Stokes took to cover his tracks, though, you'd be looking at a small list. He did route his connections through a VPN hosted at servers from Tzulo along with the developer-oriented ngrok tunneling service and teleport.sh. Unfortunately, the modern digital world allows for many forms of identification, and hiding one's source IP address is merely one of them.

Using a VPN is recommended for digital anonymity, but it's merely the first of many necessary steps and can even backfire when not set up carefully. If misconfigured, a VPN may allow certain applications and operating system features to talk to the outside world using the original IP instead of the hidden one. Plus, the VPN will not stop the operating system or any application from sending out identifying information to begin with.

Perhaps more worryingly still, modern-day device and user fingerprinting is far more insidious and hard to counter. For example, plain web browsers are notorious leakers of personal information, as data-harvesting companies can weaponize features like TLS levels, HTML5 Canvas functionality, the fonts list, and even Widevine DRM in a combination that uniquely identifies a visitor. Stokes now has plenty of time to read up on the EFF's surveillance self-defense guides and get acquainted with the scripts at the Privacy Is Sexy website.

Unix copyright code infringement lawsuit is back from the dead β€” IBM still under fire from Xinuos over 2003-era bytes

No need to pinch yourself β€” it is, in fact, 2026, and there was a court hearing last June 22 about IBM allegedly using copyrighted source code in Unix-like products, yet again for the umpteenth time since 2003, a saga that's part of the Unix wars.

For historical context, Xinuos (formerly SCO) and IBM have been embroiled in legal battles for decades, as the companies cooperated between 1998 and 2001 on developing an Itanium variant of Unix. Since then, SCO has repeatedly and dramatically taken IBM to court, claiming the defendant misused SCO-owned source code from the collaborative effort in its AIX and z/OS products, as well as Linux. Many battles have been fought over who owns the "Unix" name, what code IBM put in Linux, and even FreeBSD.

The latest hearing pertains to a 2021 lawsuit by Xinuos, the company that acquired the remnants of Santa Cruz Operations, more commonly known as SCO. Xinuos' CEO reportedly once stated the group didn't purchase SCO just to acquire the right to sue IBM, but the company eventually changed its mind in 2021 and dragged IBM back to court on claims that its conduct and copyright infringement resulted in great damage to Xinuos' market position.

Xinuos picking a fight with a team of lawyers colloquially known as the NazgΓ»l is questionable on its own β€” yet, in the aforementioned 2021 lawsuit, Xinuos added bold claims, such as stating that IBM's purchase of Red Hat should be reversed under antitrust law, and that the company's strategy in said acquisition was to destroy FreeBSD β€” the variant underpinning Xinuos' wares.

How, exactly, an MIT-licensed operating system would be "destroyed" is an interesting matter. Xinuos stated at the time that "IBM and Red Hat have abused their control over the Unix/Linux operating system market for far too long." One wonders if Linux users with hundreds of distributions at their disposal would agree that IBM has been pulling their strings all along.

The lawsuit dragged on until 2025, when Xinuos voluntarily chose to drop the antitrust claim (presumably after finding little purchase from the court). It also found itself disabused of the merits behind the copyright complaint, as the New York judge in question framed the claim as time-barred: too long had passed for Xinuos to file a complaint, and original ownership of the code is murky at best. Darl McBride, the SCO executive who launched the original lawsuit, passed away from ALS in 2024.

Xinuos did, however, press on with the copyright issue and requested a hearing for an appeal. And on June 22, 2026, the firm argued in front of a three-judge Second Circuit panel that the previous judge miscast a copyright infringement claim as an ownership claim.

Modder builds 8,192-core GPU at home out of RISC-V microcontrollers β€” full "graphics card" draws over 2,000 watts of power, requires a 3D printer to program

Save for the occasional deal, GPU prices are so high these days that they might even get you wondering if you couldn't just roll your own. As it happens, renowned hardware hacker Matthias Balwierz (more commonly known as Bitluni) elected to do precisely that, enlisting the help of a total sum of 8,192 RISC-V microcontrollers (MCUs) for this enterprise.

He originally planned to create a display of some sort, but after careful consideration regarding costs and difficulty, he elected to solder an RGB LED directly to each microcontroller chip, effectively turning his GPU into a GPU-and-monitor combo, if we're getting technical. Going for a 1920x1080 resolution would require over two million chips, so Balwierz aimed for a final-project resolution of 320x200 with 64,000 chips β€” familiar figures to anyone who played games in the DOS days.

Balwierz opted to make boards with 16x32 "pixels" each, in a circular arrangement reminiscent of the Cray-1 supercomputer, though with far more blinkenlights. His option to directly solder each light onto each MCU was borne out of budgetary restrictions, as the addressable-RGB variant would also prove too expensive.

For this initial stage of the project, Balwierz stuck with "only" 8,192 chips, though he made plans for the whole shebang. Perhaps the most impressive figure is the power draw, at a total of 2,161 W, or around 655 amps at 3.3 V. Each MCU only draws 10 mA, a figure that looks innocent enough until you do the actual math. To feed power into the beast, he enlisted the help of a Corsair WS3000 ATX power supply unit along with custom-designed converters to go from 12 V to 3.3 V at high current.

As for the chips themselves, they're QingKe CH570 RISC-V units, each with a 32-bit RISC-V CPU with a limited instruction set, running at up to 100 MHz. The diminutive chip contains an impressive amount of hardware, including a USB controller, a 2.4 GHz transceiver, and Bluetooth 5.0 LE support. Each of these set Balweirz back $0.13, once again a measly looking figure that will add up to well over $8,000 in chips alone for the final 320x200 array. Each set of 32 MCUs is controlled by a beefier CH32V unit.

As habitual, Balwierz custom-designed every single PCB, power delivery circuit, interface board, and testing board himself. This is apparently the first time he's designed a six-layer PCB, and he actually ran up against design limits of the JCLPCB service. He originally planned for the whole project to use immersion cooling, but decided against that for the time being due to environmental and cost concerns, though he did spec out the appropriate acrylic container for it.

Balwierz goes over each chapter of the process in detail in his video, and one of the most clever bits is how he made a 3D-printed three-prong fork-like tool to program each MCU. He then took said tool and attached it to the 3D printer's carriage, and used a Python script issuing direct G-code to the printer to precisely aim it at each MCU in the board.

It'll take a while before this is a functional CPU that can threat Nvidia, but we're looking forward to seeing Doom displayed on it. Also, it's kind of funny how one guy in a lab designed a better power delivery mechanism than the firm's 12V-2x6 connector... using just parts from AliExpress.

Wisconsin residents file class-action lawsuit against Microsoft's 'world's most powerful AI data center' due to data center noise β€” plaintiffs also mention construction noise and extreme light pollution from $7.3 billion facility

Controversy due to AI data center buildouts generally centers around their massive power usage and draining of local water reserves, but noise is a third torment to nearby residents, and one that is arguably much harder to correct. Residents of Sturtevant, slightly south of Milwaukee, Wisconsin, filed a class-action lawsuit against Microsoft due to the excessive noise produced by the company's Fairwater facility. CEO Satya Nadella described the project as "the world's most powerful AI data center," projected to generate 865,000 tokens per second and have a final bill of $7.3 billion.

The Sturtevant residents live just 1.5 miles (2.4 km) from the facility. The lawsuit was filed by three citizens and represents the households within this distance, reportedly amounting to over 1,000 homes, including areas in Mount Pleasant. The filing describes the noise situation as "not only excessive, but consistent and pervasive," and claims Microsoft did not "implement adequate acoustic barriers, shields, or walls that absorb, mitigate, and/or prevent the escape of noise, thereby resulting in the offsite emission of excessive noise beyond its property." One resident claims he had to change his shift at work to be able to sleep at all.

Nearby residents also complain about excessive dust and traffic stemming from the construction work, as well as light pollution. One resident says he often can't see his house coming into town, while another claims that before the data center arrived, the sky was dark and full of stars, now mostly gone due to the bright lights.

To some credit, Microsoft appears to have been trying to improve the situation, judging by a fairly detailed blog post on its community website. On June 18, the company said its engineers applied several measures that "fully resolved the issue," and that it would apply additional mitigations over the following months, including "additional sound reduction components."

The backstory in the post says the firm was aware of the issue back in April, and "[it] did not expect the tonal quality of the sound to travel as far as it has," attributing the decibels to cooling fans operating at too-high speeds, now purportedly corrected. In an earlier project update about the data center, Microsoft says it would have street sweepers working 10 hours a day and limit construction to hours between 6am and 10pm.

The lawsuit was filed on July 1, indicating that either the issue isn't resolved, or that the particularly short distance between Fairwater 1 and Sturtevant might make for a conundrum that's exceedingly tricky to solve. Some Mount Pleasant residents even live across the street from the campus, too. Before the Fairwater data center arrived, the land was already zoned for heavy industrial use back in 2017 to Foxconn, a status that carried over to Microsoft upon purchase. Notably, Wisconsin's "direct legislation" apparently does not allow amending or repealing existing ordinances, and is only available to cities, not towns.

Get an RTX 3060 with 12 GB of VRAM for just $329.99 at Newegg β€” MSI Ventus 2X OC model back in stock with free shipping

Barely a week ago, we reported that Nvidia's notion of bringing back old graphics cards actually became a reality. As a quick heads-up, we just spotted an MSI Ventus 2X 3060 12 GB OC selling at the virtual stand of Newegg for a scant $329.99, with free shipping included. The card was essentially nowhere to be seen for years, and when it showed up, it carried near-$400 price tags.

The 12 GB of VRAM are particularly welcome sight in this day and age, where 8 GB is a significant constraint for contemporary games. That amount also makes this card a viable platform for running AI models locally.

The specific card on hand is the MSI GeForce RTX 3060 Ventus 2X 12 GB OC, a dual-fan variant with a 1087 MHz GPU boost clock. Though the RTX 3060 GPU is quite frugal in its power consumption and heat generation, the steel backplate MSI included is still a welcome sight as it should help keep fan noise low by dissipating heat and avoiding PCB bending. Three DisplayPort outputs and an HDMI 2.1 connector decorate the backplate.

This variant of the RTX 3060 will make short of most any game at 1080p resolution, be quite competent at 1440p with fairly high detail levels, and even play many a title with aplomb at 4K with judicious care with settings.

This amount of VRAM allows it to be used run run many local LLMs, tooView Deal

Given the AI-driven shortages, affordable graphics cards being in stock again is a definitive positive β€” particularly when they're loaded with a good amount of VRAM. This variant of the RTX 3060 will make short work of most any game at 1080p resolution, be quite competent at 1440p with fairly high detail levels, and even play many a title with aplomb at 4K with judicious care with settings. Nvidia's top-notch DLSS 4.5 upscaling will help you in that endeavor.

Additionally, freely available AI models have been getting smarter by the day, and 12 GB of VRAM grants you the ability to run many of them locally without spending a dime or having your data siphoned off. If you were considering this path to replace or supplement commercial bots, $329.99 is a good price, as any, to get the homelab ball rolling.

If you're looking for more savings, check out our Best PC Hardware deals for a range of products, or dive deeper into our specialized SSD and Storage Deals, Hard Drive Deals, Gaming Monitor Deals, Graphics Card Deals, or CPU Deals pages.

Scientists have created a 3D-printed remote-controlled cyborg cockroach equipped with IR cameras β€” living insects fitted with flexible 'diving suit' can survive and move underwater for three hours

Two decades after DARPA first started playing around with cyborg insects in its HI-MEMS program, a team of Singaporean researchers is showing off the latest accomplishment in the area. The productive researchers are proudly presenting their potent new 3D-printed variant: a remote-controlled, cyborg cockroach equipped with IR cameras that can breathe underwater for hours on end.

Although that description sounds like the start of a sci-fi or horror movie, the team led by Hirotaka Sato at Nanyang Technological University has been working with the much-hated pest for a good while, outfitting them with infrared cameras in a bid to help rescue operations by steering the roaches in disaster areas to find survivors. To be clear, as the release notes, Cyborg insects are living insects that have been retrofitted with technology. Sato's team had already demonstrated an orchestrated swarm of the little beasties in 2024, but reportedly wasn't happy with the fact that they couldn't send them through water, and went back to the drawing board to fix that.

The result is an upgraded form that went underwater for three hours in stages, at a depth of 20" (50 cm); enough for most puddles and lightly flooded areas. Quite interestingly, the roaches' speed was only lightly affected, going from 3.5" (8.75 cm) per second on land to 3.1" (7.84 cm) a second while submerged in water. Cockroaches don't swim per se, but they can paddle-float, and are fine navigating water bodies in general, and it's possible they can go deeper than in the test.

To achieve this, the animals wear a spiffy-looking bespoke 3D-printed scuba suit, complete with tubes that attach from the tank to their "nostrils," called spiracles. The tank has a sponge with both hydrogen peroxide and manganese dioxide, in a slow, carefully tuned reaction that outputs oxygen at a controlled rate. This choice was made to avoid the tricky task of providing a heavy, pressurized oxygen tank β€” though imagining a cockroach with a tiny tank backflipping into water from a tiny boat is amusing.

The cockroach is pretty much the ideal platform for this type of endeavor, as their legs are easy to control with electrical impulses, and their locomotion characteristics let them navigate almost every type of terrain, oftentimes better than many miniature robots. Their biological batteries theoretically last for weeks on end, too. One roach needs food only every few weeks, a mission-critical feature given that scientists working with miniaturization of any sort keep butting their heads against energy limitations. The IR cameras and wireless do use an actual mini battery pack, but the insects themselves can find sustenance on their own.

Sato's team aims to use swarms of submarine roaches in rescue ops, but is also looking farther on the horizon for the next challenge, namely harsher environments and extraterrestrial exploration, like the surface of Mars. After this latest result, such an endeavor seems plausible enough, considering that the cockroaches' build maxes out every survival skill, as attested by crestfallen homeowners who've had to deal with the insultingly invulnerable miniature tanks.

For starters, cockroaches can go without food or water for multiple weeks, and they function just fine in respiratory environments that would put a human to a slow death, like those with low O2 or high-CO2 concentrations. They can withstand enough radiation to microwave a human, and closing their spiracles lets them hold their breath for up to 40 minutes.

A roach's diet puts even seagulls to shame, as the list of items they can consume for nourishment is essentially "yes," including human waste. Any wound, including loss of head, doesn't bleed and just clots closed, while their immune systems let them metabolize many pollutants and pesticides. Adding insult to injury, they evolve adaptations rather quickly, and their breeding rate puts that of rabbits to shame.

If you want your own remote-controlled cockroach, there's a ready-made ride-a-roach kit you can buy, complete with a phone app. The kit is pricey but readily available, and we're fairly certain you won't have issues procuring the animal for free. Cockroaches on Mars does sound exactly like a prologue to the Terra Formars manga/anime, and that's quite the scary prospect.

Palantir CEO Alex Karp claims AI companies are stealing customers' data while charging them for unproductive tokens β€” says 'livid' businesses 'are paying for tokens that create no value'

Alex Karp, CEO of well-known AI data analytics company Palantir, delivered quite the bombshell of an interview to CNBC's Squawk Box. Although the interview's topic was about the firm's partnership with Nvidia, apropos the recently launched Sovereign AI OS Architecture, Karp bluntly claimed that frontier AI companies like OpenAI and Anthropic siphon customers' valuable information while delivering questionable value.

He continued by stating that American enterprises are quietly "livid," as "they are paying for tokens that create no value," and that the AI players "are stealing [their customers'] weights and alpha." The latter items refer to customers' business processes and interconnections between their data, along with the data itself. Palantir's shares jumped about 9% the day of the interview, while those of other AI companies experienced a dip.

Palantir's CEO just exposed Sam Altman and Dario Amodei for robbing every Fortune 500 company.Within two minutes, Alex Karp took the entire frontier AI industry apart on national television.His exact words: "Every single enterprise in this country, these people are LIVID.… pic.twitter.com/132b5s6dQGJuly 1, 2026

For context, many of Palantir's products are on-premises solutions or a variation thereof, and they carry a truckload of certifications like the DOD-required CMMC Level 2 or ISO27001/17/18. Karp's business also alleges that it does not train any models and merely utilizes other entities', without retraining them with customer data. Instead, the company's particular approach is coined "ontology" and, as a simplification, focuses on business data classification, entity definitions, and behavior.

Improving the training of an LLM requires an influx of new and improved information, which is why Karp claims that frontier labs are double-dipping by both selling customers LLM utilization all while using their data for improving said LLMs β€” in other words, the risk for a customer is that they're arguably teaching the bots' abilities and information that could get their business easily replicated and potentially replaced.

He puts the value of a token in question by using an old business analogy: if the frontier players supposedly generate so much value for their customers, why don't they treat it as an investment and charge a percentage of said value? Not too long ago, Palantir CTO Shyam Sankar shared the same view in an equally abrasive manner: "more tokens means more slop," questioning the productivity gains of the "tokenmaxxing" fad that tech leaders like Nvidia's Jensen Huang have promoted.

Karp is likewise not too keen on the promises that frontier companies make about data harvesting, calling Silicon Valley's general attitude of "you can trust me because I never lied" straight-up "B.S." He further notes that enterprises want to know who owns the data, where it is cached, and whether the prompts are secure, while also taking a dim view of services that then rely on third parties, as those might not be bound by the same contractual obligations. Furthermore, he described the notion of the Silicon Valley zeitgeist applying its views to defense-related information as effing insane [sic].

A portion of the world has a dim view of Palantir's defense-related business ethics, something that Karp acknowledges, all while displaying at least some self-awareness that Silicon Valley leadership arguably lacks. He plainly states that he too profits from the aforementioned practices, though there's little doubt his talking points serve the interest of selling on-premises services.

Apple's Hide My Email service reportedly reveals users' actual email addresses with little effort β€” Cupertino has seemingly known about the problem for a year but has yet to fix it

If you read or watch any privacy tutorial on the internet, one of the first tips will be to start using anonymized email addresses in some form β€” providing a fake email that redirects to your real one. Many email providers offer this functionality, and so does Apple's basic paid iCloud plan with the Hide My Email feature. But apparently Apple's implementation of the feature is trivial to crack β€” which means anyone can find your real email address with little effort, according to 404 Media.

The privacy vulnerability has been known to Apple for just over a year, and was first reported by Tyler Murphy, co-founder of data removal company EasyOptOuts. The folks at 404 Media claim they tested the vulnerability themselves and that, sure enough, it takes minimal effort to figure out the real address behind the fake alias β€” with a 100% success rate.

Apple doesn't seem to be bothered by the issue, given that Murphy revealed the problem in June 2025, and the company only executed a fix in March 2026. Post-fix, however, Murphy verified the issue remained (and apparently the last time he heard back from Apple back was in May, when the company said said it was still investigating). There are no further updates, it seems, and this is poor optics for a company that talks a big game about user data privacy.

Neither the researcher nor 404 media divulged the exact mechanism, despite the one-year timeframe being well past the common 90-day security vulnerability disclosure window. This is likely to avoid putting a lot of users at risk of exposure, considering that Apple has passed one billion paid subscribers. Even if only 1% of users use Hide My Email, that still accounts for 10 million people.

Given the lack of technical details, it's hard to pin down where the problem could lie. Accidental revelations of aliased emails have happened several times, by the hand of client software trying to be helpful and "fixing" the reply path, and by servers mismanaging email headers.

Perhaps adding insult to injury, Apple recently stated that it's going to move Hide My Email addresses to their own domain, "private.icloud.com", making it easy for websites to reject such addresses in a bid to always have users' real contact info. Murphy suggested that the company stop sales of the Hide My Email feature until the data leak matter is resolved, but, again, there's been no response.

❌
❌