When developers boast "I could write that in a weekend," they're missing the painful reality that haunts software maintainers for years. In [1]a candid blog post , Construct developer Ashley explains why maintaining large software projects is a burden most programmers fail to appreciate. "Writing the initial code for a feature is only a fraction of the work," Ashley explains, estimating it represents just "25% of the total work" in Construct's 750,000-line codebase. The rest? A grinding cycle of "testing, diagnosing and fixing bugs, optimizing performance, upgrading it to work with other changes, refactoring, customer support, writing documentation and similarly revising the documentation over time."

Ashley describes how accepting code contributions feels like someone offering to build you a free extension -- initially attractive until the roof starts leaking years later and the original builder is nowhere to be found. Meanwhile, your tenants (users) are furious, and you're stuck with "no good options." The post recounts Construct's own bruises: a community-contributed storage plugin still causing compatibility headaches a decade later, and third-party libraries that became maintenance nightmares after their creators vanished.

These experiences explain why seasoned maintainers eye large code contributions with deep suspicion rather than gratitude. "If you suggest some software project uses some code -- even a small amount -- will you be there in literally 10 year's time sorting out all the issues that arise from it?" Ashley asks. "Usually the answer is no."



[1] https://www.construct.net/en/blogs/ashleys-blog-2/reality-long-term-software-1892

The JavaScript package world is heating up as startups [1]attempt to challenge npm's long-standing dominance . While npm remains the backbone of JavaScript dependency management, Deno's JSR and vlt's vsr have entered the scene with impressive backing and even more impressive leadership -- JSR comes from Node.js creator Ryan Dahl, while npm's own creator Isaac Schlueter is behind vsr. Neither aims to completely replace npm, instead building compatible layers that promise better developer experiences.

Many developers feel GitHub has left npm to stagnate since its 2020 acquisition, doing just enough to keep it running while neglecting innovations. Security problems and package spam have only intensified these frustrations. Yet these newcomers face the same harsh reality that pushed npm into GitHub's arms: running a package registry costs serious money -- not just for servers, but for lawyers handling trademark fights and content moderation.



[1] https://redmonk.com/kholterhoff/2025/01/30/is-npm-enough/

What Chris Horsley expected to be a 10-minute washing machine installation [1]stretched to four hours and required five trips to the hardware store . The CTO of security consultancy firm documented how unexpected obstacles -- drilling through shelves, replacing incompatible hoses, and removing hidden caps -- derailed his timeline.

Horsley draws a direct parallel to software development, where estimation regularly fails despite experience. "While 90% of the project will be the same, there's going to be one critical difference between the last 5 projects and this project that seemed trivial at the time of estimation but will throw off our whole schedule," he writes in a blog.

These disruptions often appear as unmaintained frameworks, obsolete development tools, or incompatible infrastructure components that weren't visible during planning. The software development environment changes rapidly, creating what Horsley describes as "unknown unknowns." Despite thorough requirements gathering, developers inevitably encounter unanticipated blockers, transforming familiar-looking tasks into complex challenges.



[1] https://www.cosive.com/blog/my-washing-machine-refreshed-my-thinking-on-software-effort-estimation

Derek Harris, born the same year as the iconic K6 red phone box he's fighting to save, has launched what he calls a "David and Goliath" campaign against BT in the Norfolk village of Sharrington. The phone box is [1]among 10 in North Norfolk marked for removal , having logged fewer than 10 calls last year. Harris argues the box remains vital in an area with poor mobile coverage, high elderly population, and proximity to an accident-prone stretch of the A148.

He recounts how it once saved a driver trapped in a snowstorm when mobile networks failed. BT's regulator, Ofcom, protects phone boxes that meet specific criteria, including emergency usage and location in signal-poor areas. Of the UK's original 100,000 phone boxes, only 14,000 remain functional, with 3,000 being the classic red design. For Harris, the fight transcends practicality. "It would be alive, wouldn't it? I feel an empathy for a living thing," he told The Guardian. "The nearer you get to the end, the more you want to see things live."



[1] https://www.theguardian.com/society/2025/feb/27/battle-save-last-phone-box-norfolk-village

Sophisticated electronic devices used by criminals to steal cars are [1]set to be banned under new laws in England and Wales. From a report:

> More than 700,000 vehicles were broken into last year -- often with the help of high-tech electronic devices, including so-called signal jammers, which are thought to play a part in four out of 10 vehicle thefts nationwide.

>

> Until now, police could only bring a prosecution if they could prove a device had been used to commit a specific offence, but under new laws in the Crime and Policing Bill the onus will be on someone in possession of a device to show they had it for a legitimate purpose. Making or selling a signal jammer could lead to up to five years in prison or an unlimited fine.



[1] https://bbc.com/news/articles/c2046qlwzz3o

In an interview with CNBC's Jon Fortt on Wednesday, Nvidia CEO Jensen Huang said next-gen AI will [1]need 100 times more compute than older models as a result of new reasoning approaches that think "about how best to answer" questions step by step. From a report:

> "The amount of computation necessary to do that reasoning process is 100 times more than what we used to do," Huang told CNBC's Jon Fortt in an interview on Wednesday following the chipmaker's fourth-quarter earnings report. He cited models including DeepSeek's R1, OpenAI's GPT-4 and xAI's Grok 3 as models that use a reasoning process.

>

> Huang pushed back on that idea in the interview on Wednesday, saying DeepSeek popularized reasoning models that will need more chips. "DeepSeek was fantastic," Huang said. "It was fantastic because it open sourced a reasoning model that's absolutely world class." Huang said that company's percentage of revenue in China has fallen by about half due to the export restrictions, adding that there are other competitive pressures in the country, including from Huawei.

>

> Developers will likely search for ways around export controls through software, whether it be for a supercomputer, a personal computer, a phone or a game console, Huang said. "Ultimately, software finds a way," he said. "You ultimately make that software work on whatever system that you're targeting, and you create great software." Huang said that Nvidia's GB200, which is sold in the United States, can generate AI content 60 times faster than the versions of the company's chips that it sells to China under export controls.



[1] https://www.cnbc.com/2025/02/26/nvidia-ceo-huang-says-next-generation-ai-will-need-more-compute.html

A German nuclear fusion startup called [1]Proxima Fusion has [2]unveiled its "Stellaris" fusion power plant [3]designed to operate reliably and continuously without the instabilities of tokamaks . It's backed by $65 million in funding, with plans to build a fully operational fusion reactor by 2031. TechCrunch reports:

> Tokamaks and stellarators are types of fusion reactors that use electromagnets to contain fusion plasma. Tokamaks rely on external magnets and an induced plasma current but are known for instability. Stellarators, by contrast, use only external magnets, which, in theory, enable better stability and continuous operation. However, according to Dr. Francesco Sciortino, co-founder and CEO of Proxima Fusion, Proxima's "Stellaris" design is the first peer-reviewed fusion power plant concept that demonstrates it can operate reliably and continuously, without the instabilities and disruptions seen in tokamaks and other approaches.

>

> Proxima published its findings in Fusion Engineering and Design, choosing to share this information publicly to support open-source science. "Our American friends can see it. Our Chinese friends can see it. Our claim is that we can execute on this faster than anyone else, and we do that by creating a framework for integrated physics, engineering, and economics. So we're not a science project anymore," Sciortino told TechCrunch over a call. "We started out as a group of founders saying it's going to take us two years to get to the Stellaris design ... We actually finished after one year. So we've accelerated by a year," he added.



[1] https://www.proximafusion.com/

[2] https://www.sciencedirect.com/science/article/pii/S0920379625000705?via%3Dihub

[3] https://techcrunch.com/2025/02/25/german-startup-wins-accolade-for-its-fusion-reactor-design/

Lucid CEO Peter Rawlinson has [1]stepped down , with COO Marc Winterhoff taking over as interim CEO. The company also announced its fourth-quarter financial results and revealed plans to [2]more than double vehicle production to 20,000 units in 2025 . CNBC reports:

> Winterhoff told CNBC on Tuesday that it was Rawlinson's decision to resign as of Friday, however he declined to elaborate on any additional details. "It was Peter's decision after 12 years of, let's say, daily grind or daily activities and bringing the company where it is today ... that it is time to step aside and pass the baton," said Winterhoff, who joined Lucid from Roland Berger in December 2023. In a statement [3]posted Tuesday on LinkedIn, Rawlinson said he decided it was "finally the right time" to step down after "successfully" launching the company's second product, a three-row SUV called the Gravity. He did not elaborate further on the decision in the lengthy post.

>

> The CEO change and production target were announced in conjunction with the automaker's fourth-quarter financial results. For the period ended Dec. 31, the company reported a net loss attributable to common stockholders of $636.9 million, or a loss of 22 cents per share, on revenue of $234.5 million. Analysts surveyed by LSEG expected a loss of 25 cents per share on revenue of $214 million. During the same period last year, Lucid reported a net loss attributable to common stockholders of $653.8 million, or a loss of 29 cents per share, on revenue of $157.2 million. The production target for 2025 announced Tuesday is compared with production of 9,029 vehicles and deliveries of 10,241 reported for 2024. Winterhoff said production of the Gravity SUV will gradually build during the year. He declined to speculate on what percentage of the 20,000-unit production target the vehicle would represent.



[1] https://ir.lucidmotors.com/news-releases/news-release-details/lucid-announces-fourth-quarter-and-full-year-2024-financial

[2] https://www.cnbc.com/2025/02/25/lucid-ceo-peter-rawlinson-steps-down-ev-maker-plans-to-double-production.html

[3] https://www.linkedin.com/in/peter-rawlinson-lucid/

An anonymous reader quotes a report from Fortune:

> Starting in April, the Tokyo Metropolitan government, one of the country's largest employers, is [1]set to allow its employees to work only four days a week . It is also adding a new "childcare partial leave" policy, which will allow some employees to work two fewer hours per day. The goal is to help employees who are parents balance childcare and work, said Tokyo Gov. Yuriko Koike. "We will continue to review work styles flexibly to ensure that women do not have to sacrifice their careers due to life events such as childbirth or child-rearing," Koike said in a speech during the Tokyo Metropolitan Assembly's regular session, the Japan Times [2]reported .

>

> Moving to a four-day workweek could help address some of the core issues associated with Japan's heavy work culture, which can especially weigh on working women. The gap between men and women when it comes to housework is [3]one of the largest among OECD countries , with women in Japan engaging in five times more unpaid work, such as childcare and elder care, than men, according to the [4]International Monetary Fund . More than half of women who had fewer children than they would have preferred said they had fewer children because of the increased housework that another child would bring, according to the IMF. In some cases, moving to a four-day workweek has been shown to improve housework equity. Men reported spending 22% more time on childcare and 23% more time on housework during a four-day workweek trial conducted across six countries by 4 Day Week Global, which advocates for the issue.

>

> It would take a major societal change for the four-day workweek to catch on more broadly, but years of experiments have shown that working one day less a week improves employee productivity and well-being, said Peter Miscovich, the global future of work leader at real estate services company JLL. "The upside from all of that has been less stress, less burnout, better rest, better sleep, less cost to the employee, higher levels of focus and concentration during the working hours, and in some cases, greater commitment to the organization as a result," Miscovich told Fortune.



[1] https://www.yahoo.com/news/tokyo-turning-4-day-workweek-091900893.html

[2] https://www.japantimes.co.jp/news/2024/12/04/japan/society/tokyo-four-day-work-week/

[3] https://www.elibrary.imf.org/view/journals/002/2024/119/article-A002-en.xml#:~:text=The%20authorities%20have%20announced%20initiatives,GDP)%20per%20year%20by%20FY2028.

[4] https://www.elibrary.imf.org/view/journals/002/2024/119/article-A002-en.xml#:~:text=The%20authorities%20have%20announced%20initiatives,GDP)%20per%20year%20by%20FY2028.

Google has [1]received FDA clearance for the Pixel Watch 3's [2]Loss of Pulse Detection feature, which will [3]start rolling out to U.S. devices around the end of March . The Verge reports:

> The Loss of Pulse Detection feature is exactly what it sounds like: if the Pixel Watch 3 senses that you've lost your pulse through an event like a heart attack or an overdose, it'll send you a prompt. If you don't respond, it'll automatically call emergency services on your behalf. Back in August, Sandeep Waraich, Google's senior director of product manager for Pixel wearables, told The Verge that the Pixel Watch 3 is capable of differentiating between a genuine loss-of-pulse event and a person simply taking the watch off.



[1] https://blog.google/feed/pixel-watch-3-loss-of-pulse-detection-fda/

[2] https://support.google.com/fitbit/answer/15250403?hl=en

[3] https://www.theverge.com/news/619929/google-pixel-watch-3-loss-of-pulse-fda-clerance-smartwatch

Inception, a Palo Alto-based AI company founded by Stanford professor Stefano Ermon, claims to have developed a novel diffusion-based large language model (DLM) that [1]significantly outperforms traditional LLMs in speed and efficiency . "Inception's model offers the capabilities of traditional LLMs, including code generation and question-answering, but with significantly faster performance and reduced computing costs, according to the company," reports TechCrunch. From the report:

> Ermon hypothesized generating and modifying large blocks of text in parallel was possible with diffusion models. After years of trying, Ermon and a student of his achieved a major breakthrough, which they detailed in a [2]research paper published last year. Recognizing the advancement's potential, Ermon founded Inception last summer, tapping two former students, UCLA professor Aditya Grover and Cornell professor Volodymyr Kuleshov, to co-lead the company. [...]

>

> "What we found is that our models can leverage the GPUs much more efficiently," Ermon said, referring to the computer chips commonly used to run models in production. "I think this is a big deal. This is going to change the way people build language models." Inception offers an API as well as on-premises and edge device deployment options, support for model fine-tuning, and a suite of out-of-the-box DLMs for various use cases. The company claims its DLMs can run up to 10x faster than traditional LLMs while costing 10x less. "Our 'small' coding model is as good as [OpenAI's] GPT-4o mini while more than 10 times as fast," a company spokesperson told TechCrunch. "Our 'mini' model outperforms small open-source models like [Meta's] Llama 3.1 8B and achieves more than 1,000 tokens per second."



[1] https://techcrunch.com/2025/02/26/inception-emerges-from-stealth-with-a-new-type-of-ai-model/

[2] https://arxiv.org/pdf/2310.16834

An anonymous reader quotes a report from Ars Technica:

> Following up on [1]Microsoft's announcement of a qubit based on completely new physics, Amazon is [2]publishing a paper describing a very different take on quantum computing hardware. The system [3]mixes two different types of qubit hardware to improve the stability of the quantum information they hold. The idea is that one type of qubit is resistant to errors, while the second can be used for implementing an error-correction code that catches the problems that do happen. While there have been more effective demonstrations of error correction in the past, a number of companies are betting that Amazon's general approach is the best route to getting logical qubits that are capable of complex algorithms. So, in that sense, it's an important proof of principle.

Amazon's quantum computing approach combines cat qubits for data storage and transmons for error correction.

Cat qubits are quantum bits that distribute their superposition state across multiple photons in a resonator, making them highly resistant to bit flip errors. Transmons are superconducting qubits that help detect and correct phase flip errors by enabling weak measurements without destroying the quantum state. Meanwhile, a phase flip is a quantum error that alters the relative phase of a qubit's superposition state without changing its probability distribution. Unlike a bit flip, which swaps a qubit's state probabilities, a phase flip changes how the quantum states interfere, potentially disrupting quantum computations.

By alternating cat qubits with transmons, Amazon reduces the number of hardware qubits needed for error correction. Their tests show that increasing qubits lowers the error rate, proving the system's effectiveness. However, rare bit flips still cause entire logical qubits to fail, and transmons remain prone to both bit and phase flips. If you're still entangled in this story without decohering into pure quantum chaos, kudos to you!



[1] https://tech.slashdot.org/story/25/02/19/1651235/microsoft-reveals-its-first-quantum-computing-chip-the-majorana-1

[2] http://dx.doi.org/10.1038/s41586-025-08642-7

[3] https://arstechnica.com/science/2025/02/amazon-details-its-take-on-quantum-computing-two-types-of-qubits-1-chip/

Microsoft CEO Satya Nadella argues that AI's success should be [1]measured by its impact on economic growth rather than achieving artificial general intelligence (AGI), emphasizing that true progress will come when AI finds a transformative application akin to email or Excel. The Register reports:

> "Us self-claiming some AGI milestone, that's just nonsensical benchmark hacking," the chief executive said during [2]an appearance on podcaster Dwarkesh Patel's YouTube show this month. Nadella thinks a better benchmark for AI's success should be its ability to boost a country's gross domestic product. "When we say: 'Oh, this is like the industrial revolution,' let's have that industrial revolution type of growth. That means to me, 10 percent, seven percent for the developed world. Inflation adjusted, growing at five percent, that's the real marker."

>

> Nadella suggested that growth hasn't eventuated because it's going to take time before folks understand how to use AI effectively, assuming they find a use for it -- just as it took some years for the personal computer to find its feet. "Just imagine how a multinational corporation like us did forecasts pre-PC, and email, and spreadsheets. Faxes went around, somebody then got those faxes and then did an inter-office memo that then went around, and people entered numbers, and then ultimately a forecast came out maybe just in time for the next quarter," Nadella explained. "Then somebody said: 'Hey, I'm just going to take an Excel spreadsheet, put it in an email, send it around, people will go edit it, and I'll have a forecast.' The entire forecasting business process changed because the work artifact and the workflow changed. That is what needs to happen with AI being introduced into knowledge work," the CEO said. [...]

>

> "Don't conflate knowledge worker with knowledge work," he said. "The knowledge work of today could probably be automated, [but] who said my life's goal is to triage my email?" Instead, he argues AI agents will allow workers to focus on higher-value tasks. Whether this is actually how it'll play out, or whether enterprises will take this as an opportunity to reduce costs by cutting staff remains to be seen. ... "Today, you cannot deploy these intelligences unless and until there's someone indemnifying it as a human," he said.



[1] https://www.theregister.com/2025/02/26/microsofts_nadella_wants_to_see/

[2] https://www.youtube.com/watch?v=4GLSzuYXh6w

Google has [1]updated its Results About You tool with a redesigned hub, [2]easier removal requests directly from Search , and the ability to refresh outdated results. Engadget reports:

> Today, the tech giant is announcing the latest changes, including a redesigned hub and the ability to update outdated search results to reflect the latest changes.

>

> The redesign isn't only for show. You can now submit removal requests directly from Search with fewer actions by clicking or tapping the three dots beside a search result. If you manage to have content about you deleted or changed from a website but Google Search hasn't caught up, you can refresh the search, which will "recrawl the page and obtain the latest information." In other words, you can always see the most up-to-date results about you.



[1] https://blog.google/feed/results-about-you-new-design/

[2] https://www.engadget.com/cybersecurity/google-is-making-it-even-easier-to-remove-your-personal-information-on-search-145326075.html

ZDNet's Steven Vaughan-Nichols shares [1]some of the latest improvements to ExpressVPN following its codebase transition from C to Rust. An anonymous reader quotes an excerpt from the report:

> ExpressVPN is one of ZDNET's favorite Virtual Private Networks (VPNs). The popular VPN's transformation of its Lightway codebase from C to Rust promises to make the service faster and more secure. For now, the updated [2]Lightway 2.0 is only available via ExpressVPN's Aircove router with the February 4 AircoveOS v5 update. The Aircove, which we rate as the best VPN router, costs $189. With this device, you can protect your tech from unwanted snoopers without installing a VPN on each gadget. So, how much faster is the updated ExpressVPN? In my tests, I connected to the internet via my updated router over my 2 Gigabit per second (Gbps) AT&T Internet using a 2.5 Gbps Ethernet-connected Linux Mint desktop with a Wi-Fi 6 connection over my Samsung Galaxy 25 Plus smartphone.

>

> Without the VPN engaged, I saw 1.6 Gbps speeds, which is about par. With the VPN switched on and using Lightway 2.0, I saw speeds in the 290 to 330 Megabit per second (Mbps) range to Toronto and London, England. Farther afield, I saw speeds around 250 to 280Mbps to Hong Kong and Seoul. That's about 20% faster than I had seen with earlier Lightway versions. I was impressed. This version of the VPN should also be more secure. As Pete Membrey, ExpressVPN's chief research officer, said in a statement: "At ExpressVPN, we innovate to solve the challenges of tomorrow. Upgrading Lightway from its previous C code to Rust was a strategic and straightforward decision to enhance performance and security while ensuring longevity."

>

> The updated Lightway VPN protocol also uses ML-KEM, the newly finalized NIST standard for post-quantum encryption. This feature, wrote Membray in a blog post, "ensures your connection is secured by encryption designed not just for today's threats but for the quantum-powered challenges of the future." To ensure the integrity of the recoded Lightway protocol, ExpressVPN commissioned two independent security audits from cybersecurity firms Cure53 and Praetorian. Both audits yielded positive results, with only minor vulnerabilities identified and promptly addressed by ExpressVPN. In short, ExpressVPN is technically about as safe a VPN as they come.



[1] https://www.zdnet.com/article/expressvpn-gets-faster-and-more-secure-thanks-to-rust/

[2] https://www.expressvpn.com/blog/lightway-in-rust

Cellebrite says it has [1]stopped Serbia from using its technology following allegations that Serbian police and intelligence used Cellebrite's technology to unlock the phones of a journalist and an activist, and then plant spyware. From a report:

> In December 2024, Amnesty International published a report that accused Serbian police of using Cellebrite's forensics tools to hack into the cellphones of a local journalist and an activist. Once their phones were unlocked, Serbian authorities then installed an Android spyware, which Amnesty called Novispy, to keep surveilling the two.

>

> In a statement, Cellebrite said that "after a review of the allegations brought forth by the December 2024 Amnesty International report, Cellebrite took precise steps to investigate each claim in accordance with our ethics and integrity policies. We found it appropriate to stop the use of our products by the relevant customers at this time."



[1] https://techcrunch.com/2025/02/26/cellebrite-suspends-serbia-as-customer-after-claims-police-used-firms-tech-to-plant-spyware/

An anonymous reader [1]shares a report :

> People now watch so many programs at so many different times in so many different ways -- with an antenna, on cable, in an app or from a website, as well as live, recorded or on demand -- that it is increasingly challenging for the industry to agree on the best way to measure viewership. In some cases, media executives and advertisers are even uncertain whether a competitor's show is a hit or something well short of that.

>

> The scramble to sort out a suitable solution began nearly a decade ago, as Netflix rose to prominence. It has only intensified since. "It is more chaotic than it's ever been," said George Ivie, the chief executive of the Media Rating Council, a leading industry measurement watchdog. For decades, there was no dispute -- Nielsen's measurement was the only game in town.

>

> But things started to go sideways after the emergence of streaming services like Netflix, Hulu and Amazon Prime Video. Nielsen had no ability -- at least at first -- to measure how many people clicked play on those apps. The streamers, of course, knew exactly how many people were watching on their own service but they either selectively disclosed some data or did not bother releasing it at all.

>

> Over the past two years, as nearly all the major streaming services have introduced advertising, they have released more data. But the data they release makes apples-to-apples comparisons difficult. Netflix discloses what it calls "hours viewed" and "views" for its shows. Prime Video and Max prefer to describe how many million "viewers" watched a hit of their choosing. The disclosures can be helpful to compare one show with another on the same streaming service. Yet those figures, too, can lead to disagreements.



[1] https://www.nytimes.com/2025/02/10/business/media/tv-ratings-streaming.html

YouTube has surpassed [1]1 billion monthly active viewers of podcast content , the video platform announced on Wednesday, cementing its position as the most frequently used podcast service in the United States. The Google-owned platform reported viewers watched over 400 million hours of podcasts monthly on living room devices last year.



[1] https://blog.youtube/news-and-events/1-billion-monthly-podcast-users/

U.S. Director of National Intelligence Tulsi Gabbard has [1]condemned a British order requiring Apple to break its encrypted storage worldwide as an "egregious" violation of American rights that could breach the CLOUD Act facilitating cross-border investigations. In [2]a letter [PDF] to Senator Ron Wyden and Representative Andy Biggs, Gabbard revealed she has directed a legal review of the secret order, which she learned about through media reports.

"This would be a clear and egregious violation of Americans' privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors," Gabbard wrote. The UK Home Office, under the Investigatory Powers Act, [3]prohibited Apple from disclosing the order to Congress or U.S. regulators . The directive would have forced Apple to compromise its Advanced Data Protection encryption, enabling officials to access individual data. Apple refused compliance, instead [4]withdrawing the secure storage option from UK customers while maintaining it elsewhere globally. Despite Apple's pullback, the UK demand for backdoor creation remains. Gabbard pledged to ensure UK actions protect American privacy rights "consistent with the CLOUD Act and other applicable laws."



[1] https://www.msn.com/en-us/news/technology/intelligence-chief-tulsi-gabbard-will-fight-egregious-apple-back-door-order/ar-AA1zQg9M

[2] https://dw-wp-production.imgix.net/2025/02/DNI-Wyden-Biggs-Response-1.pdf

[3] https://apple.slashdot.org/story/25/02/07/1150200/uk-orders-apple-to-let-it-spy-on-users-encrypted-accounts

[4] https://apple.slashdot.org/story/25/02/21/1529255/apple-removes-cloud-encryption-feature-from-uk-after-backdoor-order

A Disney employee's download of an AI image generation tool from GitHub [1]led to a massive data breach in July 2024 , exposing over 44 million internal Slack messages. The software contained infostealer malware that [2]compromised Matthew Van Andel's computer [ [3]non-paywalled source ] for five months, giving hackers access to his 1Password manager.

The attackers used the stolen credentials to access Disney's corporate systems, publishing sensitive information including customer data, employee passport numbers, and revenue figures from Disney's theme parks and streaming services. The breach also devastated Van Andel personally. Hackers exposed his Social Security number, financial login details, and even credentials for his home's Ring cameras. Shortly after the incident, Disney fired Van Andel following a forensic analysis of his work computer, citing misconduct he denies. Security researchers believe the attacker, who identified as part of a Russia-based hacktivist group called Nullbulge, is likely an American individual.



[1] https://it.slashdot.org/story/24/07/16/1832237/hackers-claim-to-have-leaked-11-tb-of-disney-slack-messages

[2] https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931

[3] https://www.wsj.com/tech/cybersecurity/disney-employee-ai-tool-hacker-cyberattack-3700c931