Jeffrey P.

❗️🚨 BREAKING: Security researchers are now handing Nightmare-Eclipse vulnerabilities for free, in what looks like both a show of support and a reaction to how Microsoft treats researchers. First up: "Bitskrieg," violates Secure Boot trust and fully bypasses BitLocker. It seems aimed squarely at Microsoft's recent blog, where the company said its Digital Crimes Unit would bring cases against threat actors "and those that enable their criminal activity," language many researchers read as a threat pointed at them.

A studio made a video game where your whole job is putting 3,072 messy books back on the right shelves. There's no fighting and barely a story. It's now a hit on Steam, where 94% of reviews are positive, and there's a brain reason it feels so good. Back in 1927, a psychologist named Bluma Zeigarnik noticed something odd about waiters. They could remember a table's whole order perfectly, right up until the bill was paid. The moment it was settled, the order fell out of their heads. She tested the idea and found we all work this way. A job you haven't finished keeps poking at you, like a tab you left open in your browser. Finish it and the tab closes. The poking stops. The trouble is, normal life almost never lets you finish anything. You empty your inbox and it fills back up. You do the laundry and next week it's there again. The pile of stuff hanging over you never quite hits zero, so part of your brain is always quietly holding all of it. Researchers have linked all those open, unfinished jobs to a busy head, weaker focus, and that feeling of not being able to switch off at night. A stack of 3,072 books is different, because it actually ends. The number only ever goes down, never up. Every shelf you fill is one job your brain gets to close for good, and finishing things gives you a small hit of dopamine, the feel-good chemical your brain releases when you make progress. You watch the floor slowly come back into view under the mess as you go. You get that reward right away, which the bigger goals in your life almost never hand you. There's a second thing going on too. A messy room is a stack of tiny questions: where does this go, do I even need it, should I deal with it now. Putting things in order answers every one of them and quiets your brain down. We're wired to like order, because order means less to keep track of, and less to keep track of just feels calmer. This kind of game has a long track record. PowerWash Simulator, where all you do is spray dirt off things until they're clean, has been played by more than 17 million people, and its sequel earned two BAFTA award nominations this year. Unpacking, a quiet little game about taking things out of boxes and finding a place for them, sold over a million copies and won two BAFTAs of its own. You can't lose either one. The whole appeal is a mess that actually ends. Your own to-do list never does.

Blue Origin just vaporized a rocket, a launch pad, and Amazon's entire satellite deployment timeline in nine seconds. NG-4 was supposed to fly June 4 carrying 48 Amazon Leo satellites. That mission was the first of 24 contracted Blue Origin launches Amazon needs to build its Starlink competitor. Amazon has roughly 240 satellites in orbit against an FCC requirement of 1,618 by July 2026. They already filed for a two-year extension because they were falling short. Losing your primary heavy-lift rocket on the pad doesn't help that math. The pad damage is the part people aren't thinking about. New Glenn carries roughly 2.4 million pounds of propellant. The explosion toppled one of LC-36's lightning protection towers. That launch complex took years to build and billions to outfit. You can manufacture a new rocket in months. You cannot rebuild a launch pad in months. The cascade gets worse. Blue Origin's Blue Moon MK1 lunar lander is supposed to launch on New Glenn this fall for NASA's CLPS program. That mission is the pathfinder for Artemis III, which needs Blue Moon MK2 to fly on New Glenn in mid-2027 to land astronauts at the lunar south pole. Every month LC-36 sits damaged pushes Artemis further into the late 2020s. Jeff Bezos has two companies betting on the same rocket. Amazon Leo needs 24 New Glenn launches to close the gap with Starlink. NASA needs New Glenn for Artemis. Both timelines just broke simultaneously, and LC-36 is on fire.

“When you throw money at a problem without fixing the underlying structure, you do not solve the problem. You only create a well-funded problem.” At this point, we may need state capacity to overhaul the entire system. A few things stand out from that table. First, the projects keep getting bigger (from $100m in 2001 to $750m by 2020-2023), which suggests earlier, smaller interventions didn't work, so they kept scaling up funding rather than fixing the underlying bottlenecks. Second, the spread across generation, transmission, renewables, and guarantees suggests there's no single chokepoint; the entire system is dysfunctional. Will we ever have a stable power supply in our lifetime, bayi?

🚨 California's State Assembly approved a Stop Killing Games bill targeting games that need a server connection to play. Before shutting those servers down, developers would have to give 60 days' notice, then either release a patch that makes the game playable offline or refund players. Only applies to games released after Jan 1, 2027. The Senate still has to approve it. Stop Killing Games is an international consumer campaign (started in 2024 by YouTuber Ross Scott) pushing to stop publishers from making purchased games unplayable. It's pursued an EU Citizens' Initiative and backs related bills like California's AB 1921.

Active Directory Hardening Awesomeness! These are all no-brainers with all of them residing within IT's easy reach with absolutely _no excuses_ for any of them NOT to be done! List Add: At #1 or #2: 1: Enable UAC for _all_ elevation requests _including administrator_ on the Secure Desktop. No exceptions. ** IT get used to the initial prompt for Server Manager then open a PowerShell window from there. *** Start CMD *** Start TaskMgr *** Start ResMon NOTE 1: Yes, this includes UserVille. Use LAPS (Local Administrator Password Solution) for the credentials prompt. NOTE 2: Train users that an out of the blue UAC Prompt is _EVIL_ and should be reported to IT STAT! NOTE 3: For Remote Desktop Services Session Hosts and RemoteApps hosts all users should be set to DENY elevation requests! NOTE 4: For all sites we manage UAC prompts on server system desktops also hit a DUO digits MFA request. No exceptions. Spencer List Highlights for me: ** Train the Human - this is always the weakest link ** Run the Disaster Recovery Plan over and over ** Test restore backups fully - spot file/folder does NOT count ** MFA integration (we use DUO)

This is an excellent example of AI training poisoning. Microsoft's Forza Horizon series contains "Drivatars". These are bots which train off of your data. They learn how you drive and behave. They use your Xbox Live Gamertag. This technology exists to give single player and story-mode missions a more authentic feel. Unbeknownst to Microsoft at the time, there is a player named "Bowie Knife99" This player is incredibly aggressive, often times intentionally targets players, helps random other players, ... they basically don't follow the rules for anything. This player is incredibly chaotic. Microsoft has been training off of this deranged persons behavior. Recently Forza Horizon 6 players have encountered this AI Drivator. People have been angry online about it. This AI agent has been intentionally targeting players, crashing into them, intentionally crashing the entire race or ruining the race for everyone (including the other AI agents). The chaos has gotten to such an extreme people are making meme compilations about this AI agent. tldr some random guy named Bowie Knife99 is such a crazy player unironically their AI agent is ruining the Forza Horizon 6 experience. It's plays like an angry younger brother.

The lineup is live—and AI Skills Fest is shaping up to be unmissable. 🚀 From conversations with industry leaders to hands-on hackathons to live learning and role-based skilling playlists, this is more than an event—it’s a full week to build the AI skills that matter right now. Check out what we’re preparing, and don't miss out! Register for the event: https://t.co/J4U0teVwMA

GitLab has apparently taken down the Nightmare-Eclipse account just days after the researcher moved there following the GitHub ban. The drama started after Nightmare-Eclipse released several Windows exploits and Defender bypass tools, including BlueHammer, RedSun, and UnDefend. GitHub removed the account earlier this week over concerns that the tools could be misused and weaponized. Security company Huntress says some of the tools have already been seen in real-world intrusion cases, showing how quickly proof-of-concept research can end up being used in actual attacks.

‼️𝗠𝗲𝘁𝗮 𝗮𝗻𝗱 𝗪𝗵𝗮𝘁𝘀𝗔𝗽𝗽 𝘀𝘂𝗲𝗱 𝗼𝘃𝗲𝗿 𝗮𝗹𝗹𝗲𝗴𝗲𝗱 𝗺𝗶𝘀𝗹𝗲𝗮𝗱𝗶𝗻𝗴 𝗲𝗻𝗰𝗿𝘆𝗽𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗽𝗿𝗶𝘃𝗮𝗰𝘆 𝗰𝗹𝗮𝗶𝗺𝘀 Texas Attorney General Ken Paxton sued Meta and WhatsApp, alleging they misled users about WhatsApp’s encryption and privacy protections. The lawsuit claims WhatsApp falsely presents communications as fully secure while allegedly retaining broad access to user data. Meta denied the allegations, stating WhatsApp cannot access encrypted messages. The case is part of broader Texas privacy actions against major tech companies and also prompted criticism from Telegram CEO Pavel Durov.