A botched DNSSEC key rotation knocks German domains offline, Zuckerberg accused of personally authorizing Meta's AI copyright piracy, and AI rewrites call-center voices in real time

Variety

Publishers Allege Zuckerberg Personally Authorized Meta's AI Copyright Piracy

Five major book publishers and novelist Scott Turow filed suit against Meta and Mark Zuckerberg personally, alleging the company deliberately downloaded 267 TB of pirated books and articles from shadow library sites to train its Llama AI models. The lawsuit distinguishes itself from previous AI copyright cases in an important way: rather than relying on fair-use defenses, the complaint alleges intentional circumvention of copyright protection measures, which carries separate statutory penalties. The accusation of personal authorization also pierces the usual corporate shield, making this litigation structurally different from suits filed against OpenAI or Google. The choice to pirate rather than license appears, according to the complaint, to have been a deliberate business decision — the lawsuit implies that Meta evaluated the cost of licensing and decided infringement was the cheaper path. If courts accept this framing, the precedent would affect how AI companies approach training data acquisition across the industry.

Reflex.dev Blog

Computer Use Is 45x More Expensive Than Structured APIs

A direct benchmark from Reflex found that vision-based computer use agents consume 551,000 input tokens across 53 steps and take 17 minutes to complete a task that an API-based agent finishes in 12,000 tokens, 8 calls, and 20 seconds. The cost differential is 45x before accounting for latency. The vision agent also initially failed the task because a required UI element was below the fold — a category of failure that never affects structured API calls. The Reflex team's argument is that computer use is best framed as a fallback for systems you cannot instrument, not a general-purpose approach; when the application is yours to modify, auto-generating API endpoints is both achievable and dramatically more economical. This matters beyond the specific numbers: there is a tendency in the AI tooling space to treat vision-based agent interaction as inevitable, partly because it requires no changes to the target application. The benchmark makes the cost of that convenience concrete.

Let's Data Science

TELUS Deploys AI to Alter Offshore Call-Agent Accents in Real Time

TELUS Digital is deploying Tomato.ai technology to modify the accents of offshore call-center agents during live customer calls, framing it as a tool to reduce 'accent-related friction.' The backlash was immediate: labor advocates called the practice dehumanizing and deceptive, and both Rogers and Bell publicly stated they would not adopt similar systems. The ethical surface area here is considerable. Workers are having their voices altered without necessarily choosing to disclose that to customers; customers are hearing a voice that has been processed without their knowledge; and the underlying problem — customer hostility toward accented agents — is being addressed by masking the worker rather than addressing the hostility. There is also a disclosure question that regulators have not yet resolved: does real-time voice transformation constitute a form of misrepresentation? TELUS's competitive peers apparently decided the risk of that question was not worth taking.

mxsasha.eu

1,000 Third Parties Could Have Stolen RIPE NCC Session Tokens — By Design

RIPE NCC's single sign-on authentication cookie was scoped to *.ripe.net — a wildcard that covers every HTTPS server under that domain, including over 1,000 third-party hosted services. Any one of those services could have silently harvested authenticated session tokens from logged-in users. The systems exposed through a successful token theft include the RPKI dashboard and the RIPE Database, which govern internet routing for Europe, the Middle East, and Central Asia. An attacker with a valid session token could have added unauthorized admin users or API keys without alerting the compromised account holder. The flaw is not an obscure edge case; it is a direct consequence of a common SSO deployment pattern where cookie domain scoping is not treated as a security boundary. RIPE NCC manages infrastructure that is foundational to internet routing integrity — the potential blast radius from persistent access to those systems is difficult to overstate.

Microsoft DevBlogs (Old New Thing)

IBM Refused to Let Microsoft Use the Tab Key to Navigate Dialog Boxes

Raymond Chen recounts a story from Microsoft's OS/2 co-development with IBM in which a dispute over whether the Tab key should move focus between dialog fields escalated to the executive level at IBM — only to be deflected by a Microsoft engineer quipping that 'Bill Gates's mother is not interested in the Tab key.' The anecdote is funny, but Chen's real subject is organizational structure: IBM required executive sign-off on UI decisions that Microsoft engineers could resolve in an afternoon. The story is a concrete example of how the IBM partnership failed at the cultural level before it failed at the product level. Microsoft's flat decision-making structure allowed it to ship and iterate where IBM's hierarchy created bottlenecks on every substantive question. The Tab key became standard UI behavior; OS/2 did not survive.

NIST CMVP

Go's Cryptographic Module Achieves FIPS 140-3 Certification

The Go cryptographic module received FIPS 140-3 Level 1 certification on April 27, 2026, valid through April 2031. This is a meaningful milestone for Go adoption in regulated industries — federal government, healthcare, and financial services have historically required FIPS 140-3 validated cryptography as a procurement condition, which effectively blocked Go from those markets. The certification covers Go's standard library cryptographic implementations when operating in approved mode. There are caveats worth understanding: the certificate validates the module's behavior in approved mode, not the security of externally loaded or managed keys. Developers working in regulated environments will need to verify their specific usage patterns against the security policy documentation, particularly around key management and module initialization. The five-year validity window also means Go's FIPS compliance will need renewal before 2031.

bal-e.org

Krabby: Building a Fast Rust Compiler From Scratch

Krabby is a new Rust compiler implementation designed from first principles with compilation speed as the primary objective, rather than trying to optimize rustc incrementally. The author's central argument is that meaningful speed improvements now require architectural changes that are incompatible with rustc's existing API and data structure constraints — optimizations that could unlock significant gains are blocked by design decisions made early in rustc's history. Krabby explores what those architectural choices would look like without legacy constraints. Rust compilation speed is a persistent and well-documented friction point: even with incremental compilation, large Rust projects can take minutes to build, which affects iteration speed and CI costs at scale. Krabby is early-stage research rather than a production compiler, but the approach of building a clean-room implementation to explore the performance ceiling is the same strategy that has produced results in other compiler research contexts.

Star Labs Systems

Star Labs Launches StarFighter: A Premium 16-Inch Linux Laptop With Open Firmware

Star Labs announced the StarFighter, a 16-inch Linux laptop featuring a 4K 120Hz matte display, coreboot/edk II open firmware with a five-year update commitment, hardware kill switches for wireless and the webcam, and a PEO-coated chassis claimed to be four times harder than steel. The warranty explicitly permits user repairs and OS modifications without voiding coverage — a direct contrast to most consumer and even enterprise laptop policies. The StarFighter targets professionals and security-conscious users who want flagship hardware without the closed firmware and proprietary constraints that come with mainstream options. The open firmware commitment is particularly notable: coreboot eliminates a category of supply-chain and firmware-level attack surface that is otherwise invisible to users, and a five-year update commitment makes it a credible long-term choice rather than an early-adopter experiment.

Micron

Micron Ships 245TB Data Center SSD in a Single Drive

Micron announced that its 6600 ION data center SSD — a single drive with 245TB of capacity in the E3L form factor — is now shipping. The drive delivers 13,700 MB/s sequential read and 2,700 MB/s sequential write speeds, targeting hyperscalers optimizing for storage density and power efficiency per rack unit. The asymmetry between read and write performance (5:1 ratio) reflects the QLC NAND architecture underlying the drive, which trades write endurance and speed for dramatically lower cost-per-bit and higher density. At these capacities, a single chassis can hold petabytes of storage; the practical implications for backup, cold storage, and AI training dataset management are significant. The estimated $300–400 per TB pricing positions this as a hyperscaler and enterprise product rather than a general-purpose storage option — consumer-grade high-density SSDs remain a different market that Micron has largely deprioritized.