Valve's Steam Deck has sold out again despite a steep price increase that pushed the 1TB OLED model as high as $949 -- about $300 above its original price. "Even with the $300 price bump, the Steam Deck sold out after less than 24 hours back in stock," reports IGN's Jacqueline Thomas. "I don't know how many units Valve was able to stock into its store, but it does seem like Valve spent a couple weeks building up its stock before putting the handheld back on its store." IGN reports: Over the last couple weeks, Valve has been receiving plenty of "game console" shipments from China. At first, I thought this was a sign that the company was getting ready to finally release the Steam Machine, but it looks like at least a portion of these shipments â" if not all of them -- were Steam Deck restocks. That's a lot of Steam Decks to sell through at these inflated prices, but it's also possible that Valve is just staggering its stock so that its delivery infrastructure isn't overwhelmed.

Now its just a question of when the Steam Deck will come back in stock. Before yesterday, the Deck was sold out for months. At the time, it was the most affordable way to get into PC gaming, especially in the face of the RAM crisis. That's no longer true, but it looks like the Steam Deck's popularity is enough to make it sell out regardless. Maybe the higher price will at least help Valve keep it in stock for people who still want to buy it, no matter the cost. Earlier this week, Valve announced a price increase of more than 40% for two of its Steam Deck models, citing "rising memory and storage costs."

The price changes, according to Valve, reflect "the current state of component costs and other global logistical challenges across the industry as a whole."

"The 512GB tier of its OLED handheld gaming PC -- the newer model with an upgraded display -- will now cost $789, an increase of 43%," notes the BBC. "The larger 1TB model will cost $949, an increase of 46%."

An anonymous reader quotes a report from Cybernews: The technology giant Microsoft has been accused of leaking the data of civil servants working for the Netherlands' regulatory agencies to the US House of Representatives. The civil servants affected by the leak work at the Authority for Consumers and Markets (ACM) and the Dutch Data Protection Authority (AP), according to the NL Times. They are involved in implementing the Digital Services Act (DSA), the European Union regulation on online services, aimed at combating illegal content and protecting user rights.

NL Times reports that Microsoft shared emails, minutes, and invitations sent by the civil servants without redacting their names in the documents. Willemijn Aerdts, Dutch State Secretary for Digital Economy and Sovereignty, said she discussed the allegations with US Ambassador to the Netherlands Joe Popolo. [...] The allegations against Microsoft further strengthen concerns over Europe's dependence on American technologies, which poses major risks to data privacy. Further reading: Netherlands Blocks US Takeover of Vital Digital Supplier

IBM and Red Hat are committing $5 billion to a new initiative called "Project Lightwell," which aims to secure open-source software supply chains with AI-assisted vulnerability discovery, triage, patch validation, and upstream maintenance. Longtime Slashdot reader wiggles shares a press release from IBM: IBM and Red Hat today announced Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software. Together, these investments establish a new model for enterprise use of open source software, from upstream development through production environments.

Project Lightwell will establish a trusted enterprise clearinghouse combined with a global force of engineers to identify and fix vulnerabilities at scale. The clearinghouse will serve as a security coordination layer, using advanced AI capabilities to validate and test fixes across an unprecedented volume of open source code. These capabilities will be offered through commercial subscriptions, allowing enterprises to integrate secure patches directly into their existing software supply chains with enterprise-grade validation and lifecycle management.

IBM and Red Hat have already begun collaborating with a select group of early adopters on Project Lightwell, including Bank of America, BNY, Citi, Goldman Sachs, JPMorganChase, Mastercard, Morgan Stanley, Royal Bank of Canada, State Street, Visa and Wells Fargo. The real-world insights from these initial deployments will actively shape how vulnerabilities are identified, validated, and remediated at scale across complex software supply chains.

Robinhood is launching beta support for a new feature that will let AI agents make payments and trade stocks on users' behalf. The company is also rolling out a virtual credit card for AI agents, with spending limits and approval controls. TechCrunch reports: Robinhood said users on its platform can now create a separate account for their AI agents and connect them to a dedicated wallet. While these agents would be able to read and analyze users' portfolios to come up with trading strategies and suggest investments, they'll only be able to access the pre-loaded balance in the dedicated wallet to place orders.

Users will get notifications of all trades their AI agent makes and will be able to monitor their activities within the Robinhood app. For some trades, agents will show a preview that users may have to approve before the order is executed. The company said it has also built in fraud detection protection, in which a team from Robinhood would review suspicious trades and help users resolve disputes.

Robinhood says users can connect their AI agents to its Model Context Protocol (MCP) service to do things like analyze concentration risk and sector exposure, execute trades, or look through analyst notes to identify new investment opportunities across various sectors. The agentic trading feature is launching in beta and only allows stock trading right now. The company says it plans to add support for options, crypto, event contracts, futures, and prediction markets soon.

An anonymous reader quotes a report from CNBC: Federal prosecutors charged a Google employee with fraud on Wednesday, alleging that he made $1.2 million off of bets using insider information on Polymarket. Prosecutors claim that Michele Spagnuolo, a staff information security engineer at Google, used confidential information to place trades correctly betting that singer d4vd would be Google's most searched person in 2025. Spagnuolo has been charged with money laundering, commodities fraud and wire fraud. The complaint, filed in the Southern District of New York, was unsealed on Wednesday.

Spagnuolo was arrested Wednesday morning in New York, ABC reported. "Spagnuolo had access to Google's internal data systems, including a particular Google internal software tool that provided him access to confidential, nonpublic Year in Search data," the prosecutors said in their complaint. Some observers of the Polymarket platform flagged the user "AlphaRaccoon" back in December for suspicious trades on the most searched person contracts. The complaint Wednesday said that Spagnuolo was the person behind that account. "Google officially and publicly announced its Year in Search 2025 results on or about December 4, 2025. Soon after it did so, Spagnuolo's AlphaRaccoon account, profited approximately $1.2 million on his Google Year in Search 2025-related bets," the complaint said.

[...] Spagnuolo is also facing a civil case from the Commodity Futures Trading Commission, where he's charged with insider trading. The complaint detailed that Spagnuolo correctly predicted the outcomes of a slew of other search markets, including contracts like "Will Zohran Mamdani rank in the Top 5 most searched" and "Will Squid Game be the #1 searched TV show." "Spagnuolo misappropriated the material Confidential Information by knowingly or recklessly using it to trade the 2025 Year in Search List Contracts in breach of his duties of trust and confidentiality," the CFTC complaint alleged.

Last.fm announced that it is independent again after separating from Paramount Skydance, nearly two decades after CBS acquired the music-tracking service in 2007. The company says accounts, scrobbles, privacy settings, Pro subscriptions, and billing information will remain intact. Additional details are forthcoming. Engadget reports: "Today, Last.fm begins a new chapter as an independent company," the announcement reads. "Ownership has changed, but the product you use every day has not." It also said that it will keep its current team. Last.fm is a music website that can track what you listen to across platforms, apps and streaming services, including Spotify, YouTube and Apple Music.Â

[...] Last.fm started as an internet radio station in 2002, and it didn't get scrobbling until a few years later when it merged with the original team that created the tracking process. It operated as an independent company until it was acquired by CBS Interactive, which is now part of the merged Paramount Skydance Corporation, for $280 million in 2007. In 2014, it killed off its $3-a-month subscription radio service to focus on tracking your listening habits on other providers. The company promised to share more about what you can expect from the transition in the coming weeks, but everything will work on Last.fm "exactly as it did yesterday" for now.

ETH Zurich researchers say they have generated certified "perfect randomness" for the first time by using a quantum Bell-test setup with two entangled superconducting chips connected by a 30-meter cooled link. "In the long term, this work could play a similar role in digital security as atomic clocks do for timekeeping: a physically certified source of randomness that other systems can rely on," reports Phys.org. "Possible applications range from the encryption of sensitive communications and digital identities to public randomness services for lotteries and blockchain applications." From the report: They call their method randomness amplification. "This was made possible by an improved so-called Bell-Test with simultaneously high quality and high data rate," says [Renato Renner and Andreas Wallraff]. He and his coworkers use a complex setup that consists of two superconducting chips, which they cool down to very low temperatures close to absolute zero. Each chip represents a quantum bit or qubit, which can take on the states "0" or "1" or any arbitrary superposition of these states. A 30-meter-long tube, which is also cooled down, connects the two chips.

Microwave photons can fly back and forth between them, thus creating quantum mechanical entanglement. This means that a quantum measurement on one qubit, which randomly yields the values "0" or "1," influences automatically and at a distance whether "0" or "1" is measured on the second qubit. The separation of 30 meters ensures that, during the measurement, even at the speed of light, no information can be exchanged between the qubits. This would disturb the perfect randomness.

Wallraff and his team made the choice of the exact type of measurement (or "measurement basis" in technical jargon) on the two qubits depending on an imperfect random number generator. Renner's coworkers could then amplify the randomness of the measurement results further using a special algorithm. "The resulting sequence of zeros and ones is now really perfectly random, and we can even certify that," says Renner. He likens this result to crossing a ridge: "The technical improvements allowed us, for the first time, to create random numbers that will remain perfectly random for all eternityâ"no matter what analytical methods are used to assess their randomness." The findings have been published in the journal Nature.

An anonymous reader quotes a report from Ars Technica: Now sites have a new way to spy on their visitors: measuring subtle interactions with their solid-state drives. The technique, named FROST (fingerprinting remotely using OPFS-based SSD timing), allows sites to monitor other sites a visitor is viewing and what apps are open on their devices. The technique, laid out in a research paper (PDF), exploits a side channel, a form of leak resulting from physical manifestations such as electromagnetic emanations, data caches, or the time required to complete a task. By measuring the manifestations, attackers can decrypt encrypted traffic and infer other confidential data.

The attack that FROST uses is known as a contention side channel, which measures the interaction of various processes all using (or competing for) a given resource. By measuring the timing of certain I/O (input-output) operations of the SSD a visitor is using, the researchers were able to determine the websites open in other tabs -- even on other browsers -- and the apps that were open on the visitor's device. FROST requires no interaction from the visitor other than opening the site hosting the attack. [...] Unlike previous contention side-channel attacks on SSDs, FROST runs exclusively in the browser. It uses JavaScript that interacts with the OPFS (origin private file system), an allocated storage space that's reserved for a specific site to run code needed to complete a given task. Websites can create one with no interaction required by the visitor.

While each file system is sandboxed, meaning it's isolated from other websites and from the device system itself, the JavaScript can measure the I/O interactions. Then, by running those interactions through a pretrained convolutional neural network -- a system that uses deep learning to analyze text, audio, and images -- the attacker can deduce various apps and websites open on the device. "The attacker continuously measures SSD contention by performing random reads from a large OPFS file," the researchers explained. "SSD contention caused by user activity causes measurable latency differences for these read operations. By training a convolutional neural network (CNN) on these traces, the attacker can fingerprint user activity on the host system by classifying new traces using the trained model."

Meta will begin testing paid subscriptions for its Meta AI app and website, with a $7.99/month Meta One Plus plan and a more capable $19.99/month Meta One Premium plan offering. The test will start next month in Singapore, Guatemala, and Bolivia as Meta looks for AI revenue beyond advertising while continuing to offer a free tier. CNBC reports: Naomi Gleit, the head of product at Meta, revealed the subscription testing in an Instagram video, announcing that the plans "give people who use Meta AI more to work with, more capacity, bigger, more complex requests, and more room to create for businesses and creators."

Meta One Plus will cost $7.99 a month and the Meta One Premium plan will cost $19.99 a month, the company confirmed. The more expensive version offers users additional computing capacity to produce more comprehensive responses and other advanced features. The company will continue to provide a free version of the app and site.

"We're offering premium tools that allow you to enhance presence, supercharge content, automate tasks, and protect your brand," Gleit said in the post. "We're also thinking about how to bring this all together in a way that makes sense."

Nvidia CEO Jensen Huang says the company plans to spend around $150 billion a year in Taiwan, calling it the "epicenter of the AI revolution." "Four years ago, five years ago, Nvidia was spending about $10, $15 billion dollars a year in Taiwan. Now we're spending $100, going to $150 billion dollars in Taiwan each year," Huang said. Reuters reports: Huang was speaking at a launch celebration in Taipei for the chip company's planned Taiwan headquarters, which he said will break ground this year and aims to become operational in 2030. He did not provide a timeframe for the number of years the company plans to invest $150 billion. The Taiwan headquarters will bring Nvidia closer to TSMC, the world's largest contract chipmaker which makes many of the advanced semiconductors powering the trend towards AI and is a major supplier to the U.S. tech company.

"Taiwan is booming," Huang said on stage at the celebration which was attended by his parents, wife, daughter and son in addition to around 1,000 employees. "Taiwan is the epicentre of the AI revolution. This is where the chips come, packaging comes, this is where the systems are made, this is where AI supercomputers were created. The number of partners we work with here in Taiwan, incredible."

Linux stable kernel maintainer Greg Kroah-Hartman says Rust can help Linux deal with a flood of AI-discovered security bugs (namely Dirty Frag, Copy Fail, and Fragnesia) by preventing common C mistakes around memory, locking, error handling, and untrusted data at build time rather than during human review. It's "not a silver bullet" and does not mean rewriting the whole kernel, but he said new drivers and subsystems will increasingly use Rust as Linux evolves forward. ZDNet reports: Kroah-Hartman illustrated those pitfalls with real C bugs in the kernel, including a 15-year-old Bluetooth bug that dereferenced a pointer without checking it and a Xen bug where "we forgot to unlock" in an error path. "The majority of the bugs in the kernel are this tiny, minor stuff," he explained. "Error conditions aren't checked, locks aren't forgotten, unreleased memories leak, and vulnerabilities add up over time. They crash the kernel. This is what we live with in C. This is why we don't like it." Kroah-Hartman argued that the "best beauty of Rust" is catching those mistakes at build time rather than in review. For example, when it comes to locking, he highlighted Rust's locking abstractions in the kernel: "The only way you can get access to inner pointers of structures is by grabbing that lock, and releasing the lock automatically. The compiler does it, it's guarded, the lock happens, everything's happy. You just can't write code to access these values...without grabbing the lock. The compiler will not let you."

Those properties, he argued, directly remove a huge fraction of the bugs he sees: "This is going to save us those two things. First, 60% of the bugs in the kernel right there, they're gone. Thank you." The payoff is earlier, more automated enforcement: "If this happens at build time, not review time, don't make me a maintainer who has to read your code [and] say, 'Oh, then you properly check that error value. Oh, did you properly grab the locks in the right spot?' Rust gives us that for free. This is the best thing ever." Even if Rust vanished tomorrow, Kroah-Hartman argued, it has already forced the kernel to clean up C code and interfaces. He credited Rust's influence outright: "We stole this from Rust. Thank you. It's a good idea, so if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas. We thank you, you've made Linux better with it just by existing."

[...] What ultimately sold a number of core maintainers, including him, on Rust was how it "makes reviewing code easier." With CI [Continuous Integration] bots enforcing builds and Rust's type system enforcing key invariants, maintainers can "focus on the logic" rather than resource bookkeeping: "I can care about that one function. I don't have to worry about the rest of this stuff, because I assume that it works properly, because it was built properly." Internally, he said, the top maintainers have already made their call on Rust's status: "The Linux kernel maintainers, we get together every year and talk about what the processes are doing. Last year, we said the Rust experiment is over. It's not an experiment. This is for real." The rationale: "The people behind it are real. We trust them. We know what they're doing. They've shown and put in the work to make Rust a viable language in the kernel, and we're going to make this stick. Let's go full speed ahead. And, as always," he said wryly, "world domination proceeds." "If you never remember anything else in my talk, just remember these four words. It came from Microsoft Security many, many years ago," Kroah-Hartman told attendees. "They realized all input is evil. You have to validate all input."

An anonymous reader quotes a report from The Verge: How newsrooms should use AI -- or if they should at all -- has been a recurrent debate within the media industry over the last several years. Increasingly, these rules are being hammered out at the bargaining table between unions and publishers. Right now, employees at The New York Times are gearing up for a fight. Unionized staff with the Tech Guild say Times management has refused to provide the union with information related to how the company has used AI, its plans for AI use in the future, and how it will affect employees' jobs and workflow. (The union filed an unfair labor practice charge earlier this month.) The Tech Guild, a NewsGuild of New York unit of around 700 software engineers, designers, product and project managers, and data analysts, also filed grievances saying Times management violated their collective bargaining agreement when it started using two internal AI tools that track and evaluate employee performance and activity.

[...] Both the Tech Guild and the Times Guild (which represents 1,500 editorial, ad sales, and support staff at the Times) filed unfair labor practice charges against the Times, saying that company violated labor law by refusing to respond to their requests for information around AI use at the outlet. The Times did not respond to specific questions about how it uses DX and Glean, but spokesperson Danielle Rhoades Ha said in an email that the company disagrees with the characterizations made in grievances and that it would respond as part of its "normal contractual process." "Likewise, we will respond to this Request for Information (RFI) in due course as we've done with 80+ other RFIs from the Guild in recent years," Rhoades Ha said.

The Times Guild is currently bargaining a new contract, pushing for robust protections against AI, like requirements that a human is behind any AI tool being used, that any journalism utilizing AI is transparently labeled, and that staff are compensated for AI model training deals the company might make. The Times deploys artificial intelligence tools for some reporting, like using it to parse millions of documents related to Jeffrey Epstein or scan satellite images of Gaza to try to find where Israel had dropped a specific kind of bomb. [...] [Ben Harnett, a software engineer at the Times and chair of the unit's generative AI committee] emphasizes that the unit's position is not that AI shouldn't ever be used, but that workers should have a say in how it's deployed. Metrics like how many tokens an employee uses or how often they're using AI to do their jobs create pressure to do more and incentives that don't align with doing quality work. "It's going to distract [you] from actually doing a good job, which is what we think the company should want," he says. Two of the contentious AI tools mentioned in the report are DX and Glean. DX is an engineering productivity tool that tracks a developer's output, generative AI use, efficiency, and other related metrics. Meanwhile, Glean is an internal knowledge-search tool that indexes materials like wikis, GitHub documents, Google Docs, and emails so employees can query company information.

The concern, according to Times Tech Guild members, is that data meant to measure broader developer experience is now being applied to individuals and cited in performance or disciplinary contexts. There's also worry that it could be used to monitor individual contributions and produce false or misleading results.

YouTube will begin automatically labeling videos when its systems detect "significant" photorealistic AI use, while also making AI-content disclosures more visible below long-form videos and directly on Shorts. "We've heard consistently from our community that they value transparency when it comes to generative AI content," YouTube said in a blog post. "These changes are designed to balance transparency with creator control." Variety reports: Under YouTube's guidelines, creators will still be required to manually disclose when they use realistic AI. But starting this week, it also will roll out a new internal system to help identify AI-generated content. "If a creator doesn't specify whether or not they used AI, but our systems detect significant photorealistic AI use, we will now automatically apply a label," YouTube said.

YouTube creators who believe their content was incorrectly flagged as AI-generated can modify the disclosure status using the YouTube Studio tool. However, according to YouTube, the AI labels will "remain permanent" in some cases, including for content created using YouTube's own AI tools (such as Veo or Dream Screen) and for content that contains C2PA metadata (based on standards from the Coalition for Content Provenance and Authenticity) that indicates it was fully AI-generated.

In addition, YouTube is moving the disclosure label for photorealistic and meaningfully AI-altered or AI-generated content to a more prominent position. Until now, YouTube labeled AI content in a video's expanded description. Going forward, for long-form videos, the AI label will now appear directly below the video player and above the description. For YouTube Shorts, the label will appear as an overlay on the video itself. "The goal here is context at a glance. If it looks real but was made with AI, viewers will know immediately," said Rene Ritchie, YouTube head of editorial and creator liaison. He added that the AI labels alone "do not affect how our videos are recommended or whether they can earn money. This is purely about giving viewers the right information at the right time."

Roku is rolling out its first major homescreen update in a decade. The UI doesn't look too dramatically different, but users will notice more personalization-driven changes, including frequently used apps, "top picks," household-specific layouts, and recommendations based on viewing habits. Rest assured, Engadget adds, "Everything is still in various shades of purple and Roku City is still available as a screensaver." From the report: Today's update certainly brings more clutter into the mix, including a new "marquee" ad spot that takes up a large chunk of the screen. It's worth remembering that Roku makes most of its money on ads and not its hardware. "More than 100 million households will feel the difference the moment they turn on their TV -- and it opens up a better, more powerful experience for our partners as well," CEO Anthony Wood wrote in a blog post.

The update does bring one novel feature, according to The Hollywood Reporter. The company says the new homescreen platform will adapt to how households use Roku devices. This is to accommodate "multiple people living in homes." For instance, a child's bedroom TV might have a different homescreen than TV in the living room, and so forth. This expansion is rolling out right now to US-based customers, though it might take a while to reach every user. Roku says "additional countries will follow in the coming months."

An anonymous reader quotes a report from TechCrunch: There is a certain wildness in the tech industry these days that both mimics previous eras of large changes, like cloud computing (runaway costs in the early days), and is like nothing we've ever seen before (record revenues accompanied by mass layoffs). One possible explanation: tech executives, especially CEOs, are collectively suffering from delusions of AI grandeur. And at least one tech CEO has said as much out loud: Box founder Aaron Levie.

"CEOs are uniquely prone to AI psychosis because they're sufficiently distant from the last mile of work that still has to happen to generate most value with AI," Levie wrote on X. CEOs "play with AI," develop a prototype, or generate a contract, to use Levie's examples, and then make the leap to believing agents can do the work. But these top-level executives aren't the people who have to review code, discover bugs, and identify calls to hallucinated libraries before software is deployed. They aren't responsible for training AI models on a company's idiosyncratic contract terms, nor do they have to spend days combing through contracts to find sneaky terms, as Levie indicates.

In other words, Levie's theory posits, CEOs don't really understand processes well enough to know what really can and can't be automated. But that lack of knowledge doesn't stop them from acting on their beliefs. [...] So what are CEOs to do instead? Levie advises CEOs to use AI "a ton" to really see what it can and can't do, "and come out the other side with an appreciation for both the upside and the real work."