📰 English IT Daily · 2026-06-17

A security researcher says he found a serious weakness in systems connected to the 2026 FIFA World Cup. According to his blog post, he first created an account on FIFA’s public agent platform by submitting his ID and email. After registration, his account was added to the same identity tenant used by FIFA’s internal platforms. This meant a public user could sign in to services that were meant for staff, although the user was supposed to have no real permissions.

When the researcher opened another FIFA web app, he saw an access-denied message saying he had no role assigned. However, he says this check happened only in the browser. In other words, the page itself looked blocked, but the backend APIs still returned data. A backend API is the server-side system that sends data to the app. If it does not verify the user’s permissions, attackers may bypass the visible restrictions and reach sensitive tools.

After bypassing the client-side controls, the researcher says he reached a live streaming management panel for World Cup matches. He reported seeing production stream information, including several camera feeds for each match, preview links, output links, and RTMP ingest URLs. An RTMP ingest URL is the address used to send live video into a streaming system. He also says he could open a preview stream in VLC and confirm that it was live, which suggested the issue was not a test environment.

The researcher wrote that the problem was eventually fixed, although he says he did not receive a direct response at first. He also described contacting several organizations to get urgent attention. The case is a strong example of broken access control, one of the most common and dangerous security problems. It also shows why companies must protect both the front end and the backend, separate public registration from internal identity systems, and review permissions carefully in production environments.

A Scientific American article says U.S. science is in chaos because the long relationship between politics and research is breaking down. For many years, the federal government has provided a large share of the money for basic research, meaning early-stage studies that may not bring quick profits but can lead to major discoveries later. When political priorities change suddenly, scientists and research centers can lose stability.

One example is AXIS, a proposed NASA space telescope designed to study the early universe, including the first black holes and the formation of galaxies. The project used a new mirror technology based on single-crystal silicon. After years of planning, the team received a grant in 2024 to improve the idea. Researchers then worked with engineers at NASA Goddard to move the mission forward.

But the project was hit by what one scientist called programmatic chaos. NASA offered buyouts, paid leave and early retirement, and thousands of employees reportedly left. The AXIS team lost key experts, including engineers, managers and scientists connected to the telescope’s design. According to the article, the team was left trying to continue the work with limited guidance after important staff members were gone.

At the same time, a presidential budget proposal called for major cuts to science funding, and the program that might have funded AXIS was removed from the request. Even before Congress made final decisions, some leaders started adjusting to the proposed budget. This caused delays in cost estimates, schedules and design reviews. The story shows how changes in funding, staffing and policy can quickly affect complex scientific projects that depend on long-term planning and teamwork.

A story shared on The Old New Thing describes an unusual moment in software history. A Windows x86-32 emulator team found a program with code so inefficient that they decided to fix it while the program was being translated. The emulator used binary translation, which means it converted x86-32 instructions into native code for another processor. This method was faster than using an interpreter, which reads and executes instructions one by one.

The problem appeared when one program needed to reserve about 64KB of memory on the stack and then initialize it. Normally, software would first perform a stack probe to make sure enough stack space was available. Then it would reduce the stack pointer and fill the memory with a small loop. A loop is efficient because the same few instructions repeat many times.

In this case, however, the compiler did something very different. Instead of creating a loop, it unrolled the operation into 65,536 separate instructions, each writing one byte to memory. As a result, the program used about 256KB of code just to initialize 64KB of data. The emulator team thought this output was so wasteful that they added special logic to detect that specific function and replace it with an equivalent tight loop during translation.

The story is a reminder that compilers and generated code are not always ideal. It also shows that emulation can involve more than simple compatibility. In some cases, engineers improve performance by recognizing bad patterns and translating them into better ones. Although the exact processor in this story was not identified, the example still highlights a practical lesson for programmers: low-level code quality can have a major effect on speed, memory use, and system behavior.

Google’s move from Manifest Version 2, or MV2, to Manifest Version 3, or MV3, has caused debate in the browser extension world. Many users and ad blocker companies worried that the change would make ad blockers less effective. Their main concern was Google’s decision to reduce the use of the WebRequest API, a tool that lets extensions examine and control network requests in detail, and replace it with the more limited DeclarativeNetRequest API.

A recent research paper studied whether these worries were correct. The researchers compared MV2 and MV3 versions of four widely used ad blockers in browser-based tests. They used several samples of ad-supported websites to measure how well each version blocked ads and trackers. Trackers are technologies that follow user activity across websites, often for advertising or data collection. Because many people use ad blockers for privacy as well as convenience, this question is important for both users and developers.

The study reports that there was no statistically significant drop in ad-blocking or anti-tracking effectiveness when the tools moved from MV2 to MV3. In some cases, the MV3 versions even showed slight improvements in blocking trackers. These results suggest that, at least for popular ad blockers tested in the study, the newer extension system still provides strong protection against intrusive ads and privacy-related threats.

The findings may reassure Chrome users, but they do not end the discussion. The paper notes that some uncertainties remain, and future changes in browser rules or extension design could still affect performance. Still, the overall message is clear: ad blocker providers seem to have adapted to MV3 and found ways to preserve core functionality. For the wider tech industry, this case shows how platform policy changes can create fears, but real-world testing is necessary before drawing final conclusions.

US battery manufacturing output continues to reach new records, according to a Federal Reserve industrial production series that tracks battery production. The trend shows that factories in the US are making more batteries than before. Batteries are a key part of modern technology because they store electricity for devices, electric vehicles, and energy systems connected to the power grid.

Several forces are supporting this growth. Demand for electric vehicles has increased interest in battery supply, while companies and governments also want stronger domestic production. In this context, domestic means making products inside the country instead of depending heavily on imports. A larger local battery industry can help reduce supply risk and support jobs, investment, and long-term industrial planning.

Battery manufacturing is a complex process. It includes sourcing materials, producing cells, testing quality, and moving products through a large supply chain. A supply chain is the network of companies involved in making and delivering a product. When output rises, manufacturers often need better automation, more reliable equipment, and stronger data systems to manage operations efficiently and keep quality standards high.

The record-setting trend does not mean every challenge has been solved. Battery makers still face questions about raw materials, cost, recycling, and future demand. Even so, rising output is an important signal for hardware and energy technology. For engineers and technology professionals, it shows how manufacturing, software, and infrastructure are becoming more closely connected in modern industry.

Firefox now uses zlib-rs for gzip compression and decompression. This change arrived in Firefox 151.0.0 after about two years of work between the zlib-rs team and Mozilla engineers. The project is important because it promises two benefits at the same time: better performance and better safety. In simple terms, compression reduces file size, while decompression restores the original data. Gzip is a very common format used on the web, so even a small improvement can matter to many users.

However, replacing a well-known library inside a large browser was not a simple task. zlib-rs is designed to be a drop-in compatible replacement, meaning developers can use it without changing everything around it. Still, there were differences. At some compression levels, zlib-rs uses algorithms that can produce slightly different output bytes or output length from older zlib. Firefox had tests that checked exact bytes in some cases and rough output length in others, so those tests needed updates. Firefox also adds a prefix to symbol names to avoid symbol clashes, and zlib-rs had to support that configuration.

After the integration work, a more serious problem appeared: crashes on some Intel Raptor Lake CPUs. Engineers saw a bounds check failure that should not have happened. A bounds check is a safety test that makes sure a program does not read or write outside valid memory. This was a useful warning, because in C the same issue could have caused silent data corruption instead of a visible crash. Reports suggested that zlib-rs was triggering a known hardware instability problem affecting some 13th- and 14th-generation Intel processors.

Later, the team connected the issue to a particular instruction used while writing Huffman coding results to memory. Huffman coding is a method for compressing data by using shorter codes for common patterns. According to the report, the hardware bug could sometimes cause the wrong byte to be written. To work around this, developers used a small amount of unsafe code so the compiler would avoid generating the problematic instruction. Mozilla then shipped a patch. The story shows that software quality depends not only on code design, but also on testing, compilers, and even CPU behavior.

Lore is an open source version control system maintained by Epic Games. It is designed for projects that need to manage both source code and large binary assets, such as game files, images, audio, or video. The company says Lore focuses on scalability, meaning it aims to keep working well as repositories and teams grow. It is available under the MIT license, and developers can access its code, documents, and community channels online.

According to its public description, Lore uses a centralized architecture. In simple terms, this means a service helps store and deliver repository data instead of relying only on direct sharing between users. Lore also uses content-addressed storage, where data is identified by its content hash rather than only by file name or location. The repository state is represented with Merkle trees, a structure that helps systems compare data quickly and check integrity.

Lore also describes an immutable revision chain. This means each revision is linked to earlier revisions using hash-based signatures, making changes tamper-evident. For teams, this can improve trust in project history. Another key idea is chunked storage for large files. By breaking files into reusable pieces, the system can reduce duplication and support faster transfer of binary assets. It also offers on-demand hydration and sparse workspaces, so users do not need to download all file data at the start.

The project highlights practical features such as lightweight branching, fast switching, a command-line interface, and APIs for languages including C/C++, C#, Rust, Go, Python, and JavaScript. This suggests Lore is built not only for developers but also for broader tool integration. If Lore gains adoption, it could become an interesting option for teams that struggle with very large repositories and mixed asset types. Its release also reflects a wider industry interest in version control systems that can support larger workloads without major slowdowns.

GPT-NL is a project to build a sovereign language model for the Netherlands. A language model is an AI system that learns from large amounts of text and can generate or understand language. TNO is developing the project together with SURF and the Netherlands Forensic Institute. The goal is to create an independent Dutch model and a wider ecosystem for responsible AI use in work, education, and public services.

The project focuses on an important question: who controls AI that affects daily life? Many popular AI tools are provided by large foreign companies. GPT-NL offers a different approach by aiming for more digital autonomy in the Netherlands and Europe. Its team says control over the model, the data, and key decisions is necessary to protect public values such as privacy, copyright, and transparency.

Another key idea is openness. The developers plan to document how data is collected and how the model is trained. They also want to explain how they handle risks such as bias and other ethical concerns. According to the project description, the source code will be open source, while model weights will be shared under a controlled licence. This balance is meant to support transparency without reducing security or breaking regulations.

GPT-NL also says it is training the model from scratch instead of building on an existing model. This is intended to reduce problems with unclear data provenance, copyright issues, and personal data from earlier systems. The project describes strict rules for data collection, including anonymising personal data, excluding confidential or harmful content, and avoiding duplication. It also highlights reciprocal agreements with data providers and attention to energy efficiency, showing that AI development is not only technical but also legal, social, and environmental.

A new research report suggests that many US consumers do not react positively when brands highlight AI in their public messaging. According to the study, 60% of consumers say that seeing “AI” in brand messaging is a turnoff rather than a benefit. The same report also says 61% of consumers cannot name a brand that uses AI well in its messaging. This shows a gap between company strategy and customer feeling.

The report argues that the internet feels less human than it did 10 years ago. In the survey, 74% of consumers said the web now feels less human, and the average time before people experience “bot fatigue” was reported as 40 minutes. Bot fatigue means users become tired of content or interactions that feel too automated or unnatural. In other words, people may accept AI tools, but they still want communication that feels honest, useful, and personal.

The study also discusses AI brand visibility. This means how often a brand appears in answers generated by AI systems such as ChatGPT, Claude, Gemini, or Perplexity. It is different from search engine visibility, which measures how high a website appears on a results page. A company may rank well in traditional search but still not be mentioned by AI systems. The report says there is still no single dashboard that tracks this clearly across all major AI engines.

For businesses, the message is not to avoid AI completely, but to use it carefully. The report suggests that brands should build content for two audiences at the same time: AI systems need clean, structured data, while human readers need a reason to stay and trust the site. This is especially important for enterprise teams that spend time improving visibility. In the current market, being technically discoverable is important, but sounding human may matter even more.

KDE has released Plasma 6.7, the latest version of its desktop environment for Linux. A desktop environment is the main visual system that lets users open apps, manage files, and control settings. According to the announcement, this release focuses on productivity, smoother daily use, and better performance. Instead of changing everything at once, Plasma 6.7 adds practical features that solve common problems for both home users and professionals.

One of the biggest updates is per-screen virtual desktops. This means users with more than one monitor can manage virtual desktops separately on each screen. KDE says this feature has been requested for many years. Plasma 6.7 also adds a microphone test tool, so users can quickly check if their audio level is too high or too low. Another useful change is press-and-hold support for special characters on the virtual keyboard, which can make text input easier in different languages.

The release also improves widgets and system tools. Users can now switch between light and dark mode more quickly with a simple toggle. Plasma 6.7 also adds the Vietnamese lunar calendar as another non-Gregorian calendar option. In the System Tray, background apps using a newer system are now shown more clearly, especially apps packaged with Flatpak. Printing support has also matured, with job counts shown on the printer icon and easier access to shared printers on Windows networks.

Many smaller usability updates are designed to save time. In the Overview screen, users can switch virtual desktops faster by scrolling or using keyboard keys. It is now easier to add or remove favorite apps with drag and drop in several app launchers. The Discover software center has a clearer Install button, redesigned app cards, and better sorting. Plasma 6.7 also helps users compare time zones more easily and offers a type-ahead option on the desktop for faster file selection. Overall, the update shows KDE’s effort to refine everyday computing, not just add new features.