GitHub is offering a limited run of 1,000 CD-ROM copies of public repositories as a pro-physical-media jab at Sony’s plan to stop producing PlayStation game discs in 2028. Tom’s Hardware reports: The coding and collaboration platform, owned by Microsoft, states that “In light of recent developments in physical media, GitHub is proud to announce that you can now obtain your public repo on CD-ROM.” Moreover, it appeals to the human side of computing, adding the emotive line “Keep it. Lend it to friends. Pass it on to your children.” It isn’t April 1st, so thankfully this is no joke. However, if you check out the above-linked GitHub Your Code, On a CD offer page, it quickly becomes clear this is a very limited in time/scope stunt.
“Order a burned CD of your own public GitHub repo. Yes, a real physical disc you can hold in your hands, no download required,” begins the spiel. But this is a very limited run of 1,000 discs, with applications required between July 2 and July 6 (inclusive). Limit one per person, with availability varying between country/region.
“Your code is physically yours, forever. Until you lose it, let’s be real,” says GitHub. At best, these CDs will be framed and put on a wall, some becoming collector’s items or eBay money spinners (discs like 0001 or 0888 would be good ones, if they are numbered). Also, many will be lost or eventually/accidentally discarded, as GitHub seems to know. So this ‘protest’ is arguably 1,000 doses of expensively shipped e-waste.
Everyone else must opt out manually if they don’t fancy settings data shipped off-device
Microsoft is enabling Windows Backup for Organizations by default in Windows 11 26H2 everywhere except the EU, meaning businesses elsewhere with sovereignty and privacy concerns will be forced opt out instead.
Now dubbed “Windows settings backup and restore,” the service backs up a device’s settings and a list of installed Microsoft Store apps, which can then be restored to a new device.
Advertisement
Microsoft gave a use case for the technology: “Imagine a lost laptop, a hardware refresh, or an unexpected reset. These are some of the moments when your users need backup most. And that’s rarely when anyone wants to discover that backup was never turned on.”
However, some organizations might not want it on. Perhaps those with strict privacy or data sovereignty requirements, or those regulated by the EU Digital Markets Act (DMA), for whom the default-on behavior won’t apply. Windows 11 25H2 and earlier are also excluded, as is any device with a backup policy that explicitly disables the setting. Everything else running Windows 11 26H1 will get switched on after a feature update, and the same applies to 26H2, currently with Windows Insiders in the Experimental channel.
Administrators might reasonably be wary of this being opt-out rather than opt-in. Backups are useful, but Microsoft is clear that this is not a comprehensive backup solution, calling it only “one step in a broader Windows resiliency effort.” The implications still need consideration.
An opt-out setting that quietly ships settings data off-device is exactly the sort of thing that adds to administrators’ workloads rather than lightening them.
Advertisement
Microsoft’s recommendation is to leave things as they are. “Eligible devices with the backup policy in a Not Configured state under Windows settings backup and restore will enable backup automatically at general availability of Windows 11, version 26H2.”
Anyone who doesn’t want that must explicitly disable the policy, which “always takes precedence over the default,” Microsoft added.
Before crediting Microsoft for making this feature default to on, consider its stated objectives for Windows Backup for Organizations: to “Help organizations accelerate PC refresh cycle or the transition to Windows 11 or deploying AI-powered PCs,” and to “Allow organizations to transition to a cloud-first approach for managing devices and user settings.” ®
New Zealand’s Education Minister denies any plans to restrict or ban VPNs
Reports previously alleged it was part of the teen social media ban package
Prime Minister Christopher Luxon also confirmed “no plan to ban VPNs”
The New Zealand government has officially denied any plans to restrict or ban VPN apps as part of its upcoming under-16 social media ban, putting an end to intense speculation and a rapid backlash from digital privacy advocates.
The saga began following a report from The Post that Education Minister Erica Stanford said the government was considering any restrictions on VPNs as part of the country’s under-16 social media ban.
Because a Virtual Private Network (VPN)can easily spoof a user’s location and bypass local network blocks, the technology was viewed by some officials as a potential roadblock to enforcing age verification mandates.
Advertisement
New Zealand VPN ban’s privacy backlash
The notion of banning vital encryption software sparked immediate political and public pushback. Coalition partners quickly distanced themselves from the idea, with the ACT party reportedly marking any anti-encryption measures as a strict red line — The Post reported.
The Free Speech Union also lambasted the concept. Critics warned that a VPN ban would undermine digital free speech and put New Zealand in the same category as oppressive regimes that strictly control internet access.
“The Government wants the power to prohibit technologies New Zealanders use every day, because those technologies make it harder for the state to control what we see and say online. That is not child protection, it is censorship infrastructure,” the organisation said in a statement.
Advertisement
Following the uproar, the government changed its tune.
In a recent media stand-up, Prime Minister Christopher Luxon put the rumors firmly to rest. “I can reject that outright. There’s no plan to ban VPNs at all,” Luxon said. “I don’t know where that reporting or where that story came from, but I can reassure you that’s not the case”.
Shortly after the Prime Minister’s remarks, Stanford’s office officially clarified its position, stating that the Government is “not looking at restricting or banning VPNs”. For anyone relying on the best VPN to secure their personal data, the rapid reversal is a significant victory.
Advertisement
(Image credit: BlackJack3D/via Getty Images)
The brief controversy in New Zealand highlights a growing global debate surrounding age verification laws and privacy tools. As governments worldwide attempt to regulate how minors interact with the internet, VPNs have increasingly found themselves in the crosshairs of lawmakers seeking foolproof ways to enforce their legislation.
Because a VPN encrypts your internet connection and masks your IP address, it is commonly used to bypass geo-blocks and content filters. This makes it an obvious workaround for teenagers looking to dodge age gates.
However, treating VPNs purely as circumvention software fundamentally misrepresents what they do. They are essential security tools used by millions of businesses, journalists, and everyday citizens to protect sensitive data from hackers, intrusive ISPs, and mass surveillance.
Ultimately, lawmakers must strike a delicate balance. Enforcing a social media ban should never come at the cost of weakening the cybersecurity infrastructure that protects the wider population.
Imagine your refrigerator sits in another building, 100 metres from your kitchen. Every time you cook, you walk over for each ingredient, then walk back to check that you closed the fridge door. That could be another long walk back if you forgot the milk for your morning coffee.
Until the agentic era, this was the norm. Data could live in that fridge and get pulled when needed. Applications and humans didn’t need millisecond or even live data to make important decisions; humans can work on copies. But that era is ending. Agents think and act in instants, in context. And very soon billions of them will be working 24/7/365. They don’t pull a copy and decide later. They need to be governed in the moment, in the context of that moment, and they need to act fast and at reasonable cost. Agents cannot run to a lakehouse, or a fridge, and still meet those requirements.
That means intelligence has to be where the agents and data are acting.
Think about the exponential rise in digital fraud in payment systems, or the volume of retail returns from digital purchasing. We live in a more complex, integrated data world, and we expect real-time resolutions, solutions, and choices.
Advertisement
The lake was never built to run a business (or agents)
Your AI and your data need to be available the moment an agent acts: Petabyte-scale data, served in real time, live, not copies, without a walk to the fridge every time. You cannot retrofit a lakehouse to deliver that.
Everyone now agrees that the old separation between transactional and analytical systems had to end. The interesting question is what replaces it. This month Databricks offered its answer: LTAP, or Lake Transactional/Analytical Processing. Built on Lakebase, its serverless Postgres®, LTAP puts transactions and analytics on a single copy of data in the lakehouse. It is interesting engineering, but built from the wrong end.
The reason is straightforward: the only gravity that matters is the data. Action happens at the data layer, governance has to happen at the data layer, so the data layer is where you build rather than somewhere you move data to. Pulling transactions up into the lakehouse is like moving the house and kitchen to the building with the fridge.
A lakehouse is, at bottom, built on a data lake, and the lake was built for analytical work: Large scans, append-heavy patterns, eventual consistency, object-storage economics. Transactions want the opposite: Low-latency reads and writes, strict consistency, row-level locking, the hard ACID guarantees that operational applications have relied on for 40 years. You can engineer a transactional layer onto object storage credibly enough, but you are swimming against the substrate the entire way. The lakehouse is a magnificent place to analyze data, but a strange place to run your order book.
Advertisement
The operational database is where transactions already live. It is consistent, governed, the system of record. Agents don’t act on copies. They act on the real thing, live and governed, right where it sits. The durable architecture doesn’t haul that into the analytical world and re-solve consistency from scratch. It starts from the operational core, the place the business actually runs, and extends analytics, vector search, and agents outward from there, against the same live, governed data, without moving it.
The destination everyone is describing is the same: one copy, no pipelines, one governed surface for every workload, whether OLTP, HTAP, or agents. The divergence is the starting point. A lakehouse-first model decides in advance that the data belongs in the lake, then pulls transactions up to meet it. Starting from the operational core presumes nothing: The data stays where it already is, and everything comes to it.
Opposite starting points compound: the gap between the two only widens the further you build.
For regulated enterprises, true sovereignty is nonnegotiable
A lakehouse is a cloud service, on the cloud’s object storage, under the cloud’s control. For an enormous share of the enterprises that most need agentic AI (banks, hospitals, telcos, governments), “move your transactional system of record into our cloud” is not a deployment detail. It is a nonstarter. These organizations operate under data-residency rules, sovereignty requirements, and, in some cases, air-gap mandates that no amount of elegant lakehouse architecture can make go away. You cannot regulate your way around where the bytes physically sit.
Advertisement
This is not only about what regulators permit. Where data does its work should be the enterprise’s choice in the moment, not a destination a vendor decided in advance.
The moment an autonomous agent can act on regulated data, sovereignty stops being a preference and becomes a constraint. An operational core built on open Postgres runs wherever the data has to be: on-premises, hybrid, across clouds, air-gapped if the regulator demands it. A lakehouse, cloud-bound by design, runs where the vendor’s cloud runs. For the regulated enterprise, that single fact settles the question before any benchmark is run.
Govern where the data is, not in a catalog above it
Governance works the same way. The lakehouse model governs through a catalog, a policy layer administered above a collection of engines. That is a reasonable design for a platform assembled from many parts. For an autonomous agent acting directly on data, a governance layer that lives somewhere other than the data is a governance layer with a path around it.
Governance has to be enforced by the database itself, through the same roles, row-level security, and audit trail that already govern human access. Govern where the data is, at the moment of action, not in a catalog hovering above it.
Advertisement
The market is already moving
This is the shift, and the market is confirming it. The most prominent name in the lakehouse world is now racing to embed an operational Postgres core, spending roughly $1 billion to acquire Neon to get there. When the company that defined the lakehousestarts building toward the operational database, the direction of travel is no longer in dispute. The only question left is which end you build from.
The enterprises that get this right will build from the operational core outward, on open Postgres, on infrastructure they own. Transactions, consistency, governance, and sovereignty are the hard constraints; analytics is the part that should come to them, not the reverse. Your AI, your data, your rules, on infrastructure you control.
Probably EarFun’s most impressive budget true wireless yet, delivering good comfort levels, strong noise cancellation and the best sound I’ve heard from one of its true wireless. This is less a box ticking exercise and a pair of earbuds that deliver a consistent strong performance.
Improved sound tuning over previous EarFun earbuds
Strong noise cancellation
Good comfort
AI Translation works well
Well-featured for the money
Call quality is ok outdoors
Sony WF-C710N edges on the sound front
Key Features
Advertisement
AI Transation
Use the app translate languages in real-time
Advertisement
Nano Side-Fitted Acoustic Architecture
Aims to improve sound clarity
Advertisement
Sound
FeatherBA armature/10mm dynamic driver for deeper bass and crisper treble
Introduction
Virtually every area of the headphone market is keenly contested. Time and advances in technology have led to features once found in premium headphones costing as much as £299 trickling down to headphones less than £99.
Advertisement
But is that a case of just ticking the spec box and calling it a day? After all, having the feature is one thing, but actually delivering on the performance is something else.
It’s something the EarFun Air Pro 4+ looks to do. On paper, they’re absurd value with specs that would put Sony’s excellent WF-C710N to shame. But do they sound good? Do they cancel noise well? Do the features work as advertised? I’ve spent plenty of time finding out if these EarFun wireless earbuds deliver.
Advertisement
Design
IP55 rating
Three colour finishes
Touch controls
The EarFun Air Pro 4+ aren’t flashy and they do feel their budget price, sporting a glossy plastic coating with a two-tone finish (grey and black) that’s become EarFun’s distinct look. The form factor of earbuds has been well established, and the Air Pro 4+ don’t deviate from the stem design that’s become very popular.
But it’s not all about aesthetics, and function is key, as the Air Pro 4+ provide good comfort levels. I’ve worn them for a few hours, and aside from a slight oiliness (which doesn’t happen all the time), I’ve not had significant issues. The fit doesn’t come loose, and they don’t feel a burden to wear.
Advertisement
Image Credit (Trusted Reviews)
Touch controls work fine but the responsiveness has not always been the best – they can be a bit slow to react and I’ve resorted to using the controls on the phone instead most of the time.
Advertisement
The IP rating is IP55, making them resistant to water and dust. There’s a choice of four ear-tip sizes, from extra-small to extra-large, and the charging case itself is pretty compact, easily pocketable, with an LED on the front to show the headphones’ status.
Black, blue, and white are the choice of colours.
Image Credit (Trusted Reviews)
Features
Bluetooth 6
Snapdragon Sound
AI Translation
What does the EarFun Air Pro 4+ have at its disposal when it comes to features? Bluetooth-wise, they connect over Bluetooth 6, but you’ll only get the advantages if you have a smartphone (or mobile device) that’s compatible with Bluetooth 6.
Sony’s LDAC and Qualcomm’s Snapdragon Sound (aptX Lossless), both of which are rare to see for less than £100 / $100, and they’re joined by SBC, as well as LE Audio and LC3, the latter two aim to deliver higher quality audio than SBC but use less power in the process. There’s no mention of AAC support, which would suggest these are better suited to Android smartphones.
Advertisement
Advertisement
Image Credit (Trusted Reviews)
I haven’t found the Bluetooth connection to fall off, at least when using aptX Adaptive; though I have experienced an odd problem during playback when audio pauses, the earphones revert to transparency mode and then ANC boots back up and music starts. Weird.
If you choose to use LDAC instead of aptX, you can’t get LDAC and Bluetooth multipoint at the same time. The EarFun Air Pro 4+ also support Auracast to broadcast audio to other compatible devices, and Google Fast Pair to connect to Android devices quickly.
Jump into the app (available on iOS and Android), and there’s a Game Mode, EQ adjustments (presets, 10-band custom EQ, sound test, and… Influencers’ Pick).
Image Credit (Trusted Reviews)
You can disable the in-ear detection, disable the controls or customise if you find they’re not quite your speed (volume control is included by default). There’s also a Hearing Health option where you can limit volume levels, and a ‘Find Headphones’ function if you lose them.
Advertisement
Advertisement
Most interesting is AI Translation, which annoyingly seems to be the only feature locked behind account sign-up. Using it is pretty cool.
I can’t tell how accurate it is (I can’t speak Mandarin, or any other language well enough to gauge), but it understands what you’ve said accurately, and fires back a response in the language of choice quickly. For travel overseas, I can see this being useful.
Image Credit (Trusted Reviews)
Battery Life
Long battery life
USB-C and wireless charging
EarFun claims 54 hours in total with the Air Pro 4+, broken down into 12 hours per charge and 42 in the charging case. With noise cancellation, the 12 hours fall to 8.
An hour of streaming a Spotify playlist saw the headphones drop to 90%, which suggests they’re good for about 10 hours per charge (at least on aptX Adaptive).
Advertisement
Advertisement
Image Credit (Trusted Reviews)
The charging case covers USB-C and wireless charging – again, another feature that’s not altogether common at this price. In terms of convenience, the Air Pro 4+ scores big points.
Noise Cancellation
Strong ANC
Average call quality
You’ve a choice of AI Ear Adaptive ANC or AI Environment Adaptive ANC, which both seem to do the same thing. You can choose to manually adjust the noise cancellation and enable Wind Noise Cancelling too.
I’ve tested the EarFun Air Pro 4+’s ANC in several places: on a plane, public transport, in windy conditions, and walking around cities. Throughout all of those various scenarios, it’s been impressively strong.
On a plane, it doesn’t remove every decibel of noise; it does remove a considerable amount to make a plane ride much more comfortable. On buses and trains, the level of suppression applied is strong – traffic is consistently reduced to a hum, and there’s no need to bump the volume up, which is always a good sign of strong ANC.
Advertisement
Image Credit (Trusted Reviews)
On a blustery day it handles wind noise without amplifying it or affecting the sound. Walking around cities and the ANC’s impact is enough that it reduces people’s voices. You’ll still hear some, but conversations are harder to accidentally pick up.
The Transparency mode is fine. It’s not the clearest, but it allows you to hear and be aware of what’s around you. It’s on a similar level to Sony’s WF-C710N.
Advertisement
Call quality is a weaker area. The person on the other end said noises managed to get through and my voice sounds quiet, so the EarFun sound like another pair that work better indoors than outdoors.
Sound Quality
Clear, balanced sound
Not the most energetic or dynamic
One aspect I found about the Air 4 model was that it had a similar level of features, but when it came to a rich, warm sound, it lacked much detail. While it’s great to have features such as aptX and LDAC at this low price, if you’re not hearing the detail because of the way the headphones are tuned, there’s not much point to having them.
Advertisement
The EarFun Air Pro 4+ make a better fist of carrying that detail and clarity over.
It’s a more mature sound than I was expecting, helped by EarFun’s Nano Side-Fitted Acoustic Architecture (NSAA), which apparently reduces interference for clearer treble and more accurate sound.
Advertisement
Image Credit (Trusted Reviews)
Comparing the EarFun to the Sony WF-C710N and the more expensive Cambridge A100, its sonic signature becomes clearer. It’s a balanced sound that’s slightly warm, but less of an energetic, full-bodied listen than the A100 and similar to the Sony in terms of clarity and detail.
You might expect budget earphones to be bassy but the EarFun resist going in that direction fully, bringing power to the lows with Warren G’s Regulate without affecting midrange clarity, though the lows don’t translate as big in size as the A100.
The soundstage isn’t as wide as the Cambridge either, though it’s big enough and the highs sound crisper, clearer than the Sony in some cases.
Advertisement
Image Credit (Trusted Reviews)
Instruments and vocals are clearly communicated on the EarFun, though I’ve heard a slight crispness to the midrange that I can’t quite describe properly, and it might be down to the combination of the dual-driver system with FeatherBA armature and 10mm dynamic driver. When I hear it, it strikes me as sounding just a little artificial in tone.
The Sony strikes a natural tone – things sound as they should, especially in the midrange area, whether it’s instruments or vocals; the Sony offers a little more insight, and that’s where the WF-C710N have the upper hand. But it’s not a massive difference.
Advertisement
The Air Pro 4+ aren’t the most energetic, though they carry a good sense of rhythm with Lakeside Drive’s Hypotheticals, and their dynamism isn’t the strongest.
Regardless, this is the best sound I’ve heard from any EarFun true wireless so far, and it definitely gives the Sony WF-C710N, which I still consider to be the class leaders, a run for their money.
Advertisement
Should you buy it?
Advertisement
If you’re looking to save money
At £10 cheaper than the Sony WF-C710N, they’re a strong rival and the AI Translation feature could be very useful if you go abroad a lot.
Advertisement
You use them for calls a lot
The EarFun sound fine, but the Sony WF-C710N eke out a better performance with calls.
Advertisement
Final Thoughts
It’s all well and good having an impressive spec sheet, but you have to deliver on it, and I feel that with the Air Pro 4+, EarFun has finally delivered on it with the audio performance.
This could have been another box-ticking exercise, but the sound quality is not far off the Sony WF-C710N, and you add that with good comfort levels, strong noise cancellation, and an interesting AI Translation mode, and you have a pair of budget wireless earbuds that are a match for any.
The Sony buds are still, for my money, better and show that you don’t need LDAC or aptX Lossless to deliver impressive sound, and they also feature better call quality.
But the EarFun have some interesting features to differentiate from Sony, such as AI Translation in particular, the convenience of wireless charging, and that slightly lower price may be enough to sway some to take a chance on the EarFun. Very much recommended if you’re looking for a well-featured budget true wireless.
How We Test
Tested for a month with real-world use, and compared to similarly priced wireless earbuds.
Noise cancellation was compared to others in a pink noise test, while battery drain was carried out over an hour.
The Note Air is one of the best larger-screen colour ereaders, particularly for those who don’t want to be hemmed in by proprietary software systems. It doesn’t bring particularly striking generational improvements, though, and suffers from the same display limitations as other colour E Ink devices of the moment.
Versatile Android OS
Large enough for a good magazine and comic experience
Ambitious laptop aspirations
Not all that affordable
Limited generational improvements
No official water resistance
Limited colour and contrast
Key Features
Advertisement
Review Price:
£499
Colour E Ink screen
Advertisement
A Kaleido 3 screen allows for 4096 rendered shades, with a bit to a contrast hit in the bargain
Keyboard connector
Advertisement
This generation’s biggest change is support for a keyboard add-on, for more laptop-like use
Stylus support
Advertisement
This reader can be bought with a stylus that supports 4096 pressure levels.
Introduction
The Boox Note Air5 C is a large reader from one of the pioneers of the category. It’s colour, it supports a stylus, and it can run Android apps, making it far more versatile than a Kindle Scribe.
This generation is arguably not much of an upgrade over the Boox Note Air 4C, though. It has the same generation of screen, Kaleido 3, it looks familiar and it has the same fundamental skills.
Advertisement
What’s new? The Boox Note Air5 C has a microSD slot and support for a keyboard add-on. Boox mines the versatility of the Android software to let it become a low-key laptop-a-like.
Advertisement
Long-term typing is likely to feel a little cramped, though. For most it’s best thought of as a secondary skill for a top larger-screen colour e-reader.
Design
Metal casing
Plastic display cover
Supports keyboard accessory
The Boox Note Air5 C is a large, very thin E Ink tablet. It’s just 4.6mm thick and, like the previous generations, has a heathy border on one side for your thumb. You can easily rotate the interface, so there’s no worries for left-handers here.
Image Credit (Trusted Reviews)
This feels like a high-end piece of tech too. It’s dense as well as thin, and has a metal outer casing with a fairly sharp sense of style. A bold stripe of orange sits across the back, but it manages to avoid seeming juvenile or overly attention-grabbing.
Advertisement
Advertisement
Image Credit (Trusted Reviews)
There are a couple of design parts missing, though. The Boox Note Air5 C does not have any official water resistance rating, and its top-most screen layer is plastic rather than an etched glass. As such, it’s more likely to pick up display scratches in general use than, say, an iPad.
Changes you can actually see for this generation amount to a pop-out microSD slot and a set of metal pins on the back. These interface with an official keyboard case designed to turn the Boox Note Air5 C into something like a low-distraction laptop replacement.
I have not had a chance to try this out, but it’s demonstrative of how Boox is pushing a little more aggressively at the borders of what these devices might be used for, compared to Amazon’s Kindle Scribe series.
Image Credit (Trusted Reviews)
Screen
Familiar Kaleido 3 panel
Very good sharpness
Lesser contrast than B&W ereaders
Advertisement
The Boox Note Air5 C has a 10.3-inch colour E Ink screen. There is no major hardware change here over the previous generation Air 4C.
They both have Kaleido 3 screens, the current top option for mainstream colour ereaders. Its resolution and perceived sharpness are great. 2480 x 1860 resolution works out at 300ppi, enough for excellent, Kindle Paperwhite-matching text smoothness.
Advertisement
Like all of these colour ereaders, colour resolution is much lower (1240 x 930). But I don’t find this much of an issue.
Image Credit (Trusted Reviews)
There are some points to note, though, especially if you have experience with classic black and white ereaders. The Boox Note Air5 C’s “white” page is darker, more mottled-looking, than that of a monochome model. And that leads to lower contrast, and a greater need to rely on the front light to get a nice white-looking page.
Image Credit (Trusted Reviews)
Advertisement
And as with all these colour E Ink devices, colour saturation is limited. The number of colours it can render is super-limited too, at 4096. This means gradients are going to look crude. Smooth transitions aren’t the forte, although the limited colour pop is far more obvious.
Image Credit (Trusted Reviews)
To be clear: these issues apply to the Boox Note Air5 C’s rivals too. And while there’s an alternative tech called E Ink Gallery 3 with better colour, but there’s a trade-off in the refresh style that has seemingly put most manufacturers off using it.
At the time of the Boox Note Air5 C’s release Kaleido 3 remains the most practical all-round solution for colour E Ink.
This is also a far better screen for PDFs and reading comics and graphic novels than 7-inch and smaller ereaders. While the Boox Note Air5 C isn’t as large as the average comic page, you can comfortably look at a smaller form factor version on this display.
Advertisement
Image Credit (Trusted Reviews)
Advertisement
Stylus support really helps for note-taking too. This is a proper pressure-sensitive stylus, and the tablet screen has a textured surface to make doodling and scrawling feel more natural. There’s minimal lag until you start trying to aggressively sketch in an app that challenges the CPU, although I would recommend a tablet with stylus like the Samsung Galaxy Tab S10 FE or S10 Lite over this for digital art.
The colour and responsiveness benefits of OLED and LCD versus E Ink are just too great in that situation.
Software and Reading
The Boox Note Air5 C runs Android and has full access to Google Play. But a bunch of apps come preloaded and there are some important customisations to the interface.
Alongside the usual navigation soft keys at the bottom of the screen you’ll find two extras. One performs a manual full refresh of the screen, to get rid of any ghosting. The other lets you comprehensively alter the refresh behaviour of the screen, and this can be set per app.
Advertisement
Image Credit (Trusted Reviews)
Boox offers a “store” app that features free, out-of-copyright books. And you are free to use whatever other app you like, including Amazon Kindle, Kobo or the Libby app – among others.
Advertisement
The general reading experience here is excellent, with the main potential issue being the flip side of one of its great strengths. The Boox Note Air5 C is a larger tablet that weighs a good bit more than a Kindle Paperwhite and isn’t the best fit for breezy bedtime reading – for many, anyway.
Image Credit (Trusted Reviews)
Just as I’d take this tablet over a Kindle Paperwhite or Colorsoft any day for graphic novels and PDFs, I’d much rather use a smaller e-reader to read a novel – particularly for bedtime reading.
Unlike most ereaders these days, though, it does have physical page-turn buttons, after a fashion, anyway. The pair that act as volume controls and sit where such buttons usually do on a phone, but not on a tablet, turn into page buttons when in a book.
Image Credit (Trusted Reviews)
Features and performance
Weak processor does the job just fine
Short battery life when used for apps rather than reading
Can run most Android apps
Advertisement
One of the Boox Note Air5 C’s apparent key upgrades is a processor upgrade. This really isn’t worth getting excited about.
Advertisement
The tablet has a Qualcomm Snapdragon 690 processor with 6GB RAM, whereas the Note Air 4C used a Snapdragon 750G at launch, but some batches had a Snapdragon 690 anyway.
I tried the Boox Note Air5 C with benchmarking tool Geekbench 6, and not only did the process take an inordinately long time, the scores were poor too. It’s no great surprise. The Snapdragon 690 was mostly used by affordable phones half a decade ago.
It has enough power for an e-reader – no problem there – but if this were a standard Android tablet I’d be laying into it for its lack of power.
Testing out of the Boox Note Air5 C’s comfort zone shows it’s still a modern and capable processor, though. For example, you can run Fortnite. The frame rate is really too low for comfort, milling around the teens of frames per second with default settings, but it does work.
Advertisement
This is not an all-rounder entertainment device, though. Fast motion, colour content like Fortnite doesn’t look great on the Boox Note Air5 C. And the tablet’s speakers are quieter and much thinner-sounding than more conventional tablets at a similar price.
Advertisement
The Boox Note Air5 C also has a far lower capacity battery than more conventional tablets of this size. It’s a 3700mAh cell, where the 11in Samsung Galaxy Tab A11+ has a 7040mAh battery, for example. It matches its predecessor in this respect.
Lower capacity is used because E Ink screens don’t consume significant energy when simply displaying a page of text. Of course, it also has a somewhat more demanding operating system than a Kindle too – it’s full Android 15.
Advertisement
Boox doesn’t make any grand claims about battery life, but it’s not going to be terrific when used actively, as the product page contends you might. When playing video at high screen brightness, the Boox Note Air5 C lasts only about 3.5 hours – less than you might expect given the fuss made about how energy-efficient E Ink readers can be.
Squirrel Widget
Should you buy it?
Buy if you want a more free-wheeling large colour reader
Advertisement
Android apps, a first-party keyboard add-on and dynamic display control opens you up to far more with this Boox than Kindle or Remarkable devices.
Advertisement
Don’t buy if you want an E Ink PC
Weak general performance, limited colour depth, contrast and responsiveness mean the Boox still shines in its traditional role as a low-glare reading device than a PC-replacement.
Advertisement
Final Thoughts
The Boox Note Air family’s relatively regular upgrades mean there’s not huge amount here for those who already own an older model. But the Boox Note Air5 C see it push further into the ways it differs from the Kindle Scribe Colorsoft.
It’s a less streamlined, more open kind of device that can even be used like a tablet-laptop hybrid thanks to a new optional keyboard case.
This aside, the Note Air 5 C has largely all the same strengths and weakness as the last couple entries in this series. A larger, colour E-Ink display makes this one of the best ereaders in the world for graphic novels, comics and PDFs.
However, that Kaleido 3 screen tech still reigns supreme in this area does mean we’re still left with the same limited colour saturation and lower contrast (versus B&W alternatives) that’s been in place since colour E Ink went mainstream.
Advertisement
Advertisement
How We Test
We test every e-reader we review thoroughly. We use the device over the review period. We’ll always tell you what we find and we never, ever, accept money to review a product.
Tested for over two weeks
Compared against similar devices
FAQs
What’s new in the Boox Note Air5 C?
Compared to its predecessor it is based on a newer version of Android and has POGO pins for an optional keyboard case.
Advertisement
Is the Boox Note Air5 C water resistant?
It has no water resistance rating so should be used carefully around liquids.
In the weeks since the EU Pay Transparency rules came into full effect, how have organisations responded to the change?
In early June, changes were made to how companies in EU member states are required to disseminate employee-relevant information. The EU Pay Transparency Directive is a policy that aims to reduce the gender pay gap, ensure fairer pay structures and create an atmosphere in which professionals and jobseekers can have open conversations about pay and other topics.
Having first been passed in 2023, countries were given three years to align themselves with the new rules and make any necessary changes. A month has gone by now since that final deadline, but what has changed?
Job search platform Mokaru analysed 1,776,876 global job listings posted between April and June, on the career sites of 48,758 employers, across more than 46 applicant tracking systems. What was discovered is that one month after the EU Pay Transparency Directive deadline, only 6.6pc of EU job ads are disclosing salary information. This is compared to nearly 40pc in the US.
Advertisement
Mokaru’s experts said, “If you are job hunting in Europe, you already know the ritual, read the listing, scan for the salary, find nothing, apply anyway and hope the number at the end of four interview rounds does not waste everyone’s time. Our data shows exactly how bad it is and how different it could be.”
With US figures notably higher than the available European data, Mokaru said, “Here is the uncomfortable timing, the EU Pay Transparency Directive, the law that, among other things, gives applicants the right to salary information before the interview, had its implementation deadline on 7 June, 2026. One month later, European employers’ job ads are still overwhelmingly silent.”
Evolving landscapes
Canada and the US are setting the pace as research found that salaries are disclosed in more than one-third of listings. For comparison, the UK trailed behind at 21pc, the Netherlands at 12pc, Ireland at 10pc, France at 9pc and Austria also at 9pc.
Mokaru also found that numbers varied dramatically, even in cases where employers from different regions were utilising the same job promotion platforms. Germany is one such example as on Workday only 2.8pc of employers chose to disclose salary information, compared to more than 40pc of US-based employers.
Advertisement
Sweden lies at the bottom of the list, having the least transparent jobs market, at just 0.4pc, or fewer than one in 200 job listings. Despite the law coming into effect and the European Commission sticking to the timeline, many countries have elected to ‘postpone’ implementation, with Sweden pausing it completely for the time being.
Mokaru said, “To be fair to the directive, it is early days. Four weeks is not enough time to rewrite hiring workflows and in most member states the national law that actually binds employers is not yet in force, the bulk of implementations will land between now and January 2027, with enforcement and sanctions following later.
“The honest conclusion from this data is not that the directive has failed, it is that, one month in, employer behaviour has not yet started to move.”
Rising trends
The research highlighted other patterns and trends that stand out, such as the impact the policy has had so far on remote job listings. What the data uncovered is that remote job listings in the EU are almost twice as likely to disclose salary as on-site listings, at 11.5pc and 6.2pc respectively.
Advertisement
The report said, “Employers hiring remotely compete in an international talent pool, one where US-style transparency is increasingly the norm. Competition is currently doing more for European pay transparency than regulation. In the US, the remote/on-site gap barely exists (39.5pc versus 37.4pc), transparency laws there apply regardless of where the work happens.”
Looking at the data that is specific to Ireland, Mokaru also found that as seniority rises, transparency has a tendency to fall, as junior roles disclose at around 32pc, compared to 11pc of senior roles and 9pc of lead roles.
The report said, “more than four in five Irish job ads keep candidates guessing and the higher the role, the quieter the ad, junior positions disclose pay three times more often than senior ones.”
Ultimately, Mokaru’s experts are of the opinion that the burden of the European information gap falls largely on those who have the least negotiating power, mainly invested candidates who cannot afford to walk away from multiple rounds of interviews when the offer finally lands below their floor.
Advertisement
And “until the directive has teeth”, European candidates should be aware of the factors that best indicate whether the role they are applying for is at a company likely to embrace the change in policy.
So, until then be aware of your rights, look into remote friendly opportunities and research market rates because even if your employer plans to keep you in the dark, the information is likely available elsewhere.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
Chemistry Ventures, the VC firm launched two years ago by Bessemer, Index Ventures and Andreessen Horowitz alums, is raising $500 million for its second fund, according to an SEC filing.
Founded by Mark Goldberg, Ethan Kurzweil and Kristina Shen, Chemistry launched with a $350 million fund, and invests in early-stage startups building developer tools, fintech and infrastructure. Its portfolio companies include Granola, Decagon, Persona, Serval and Nova Intelligence.
Goldberg previously worked at Index Ventures, Kurzweil with Bessemer, and Shen with a16z. The trio launched the firm to combine their experience working at large venture capital firms.
The Wall Street Journal reports that the second fund is already oversubscribed and the fundraise is expected to close soon.
Advertisement
Chemistry did not immediately return a request for comment.
An aerial view of Shasta Dam in California. After a July 4 visit, computer scientist Daphne Koller argued that America’s signature achievement is taking what was scarce and making it abundant: water into power at Shasta, electricity into a grid anyone could plug into, computation into a pocket. AI, she reasons, is the next chapter, “making abundant one of the world’s scarcest resources: powerful reasoning.” (Flickr Photo via Bureau of Reclamation)
America just turned 250. The founders designed self-government for a world of pamphlets and town meetings, and we now run their political architecture on AI.
The birthday question is whether AI bolsters democracy or undercuts it. Serious thinkers have lined up on both sides with substantial arguments.
Here is my scorecard, distilled from five books and seven articles, and then the question neither side asks: which is growing faster, power over AI or access to it?
Start with surveillance.
Yuval Noah Harari argues in Nexus that a democracy is a distributed information network with self-correcting mechanisms: a free press, opposition parties, and courts that catch mistakes and fix them. A dictatorship is a centralized network that suppresses correction. For two centuries, centralization carried a built-in cost, because total surveillance required armies of human informants, and armies are expensive. AI removes the cost. It watches everyone, all the time, for pennies. The evidence is no longer hypothetical. A study in the Quarterly Journal of Economics documented the feedback loop in China: local unrest leads to government purchases of facial-recognition AI, and those purchases suppress subsequent unrest. The authors titled their paper “AI-tocracy.”
The second argument is economic.
Advertisement
Past technologies replaced particular workers, the switchboard operator, the toll collector, while creating jobs for the people who ran the new machines. AI’s ambition targets the entire workforce. Daron Acemoglu and Simon Johnson devoted a book, Power and Progress, to this worry, writing that “the current path of AI is neither good for the economy nor for democracy.” Acemoglu, a 2024 Nobel laureate, sharpened the point in Fortune this February, warning that on the current path of job destruction and rising inequality, “U.S. democracy is not going to survive.”
The third argument targets the machinery of self-government itself.
I sounded this alarm in Harvard Business Review back in 2019, warning that AI was poised to make high-fidelity forgery of video, audio, and documents cheap and automated, with potentially disastrous consequences for democracy. Forgery is ancient. AI industrializes it. Security technologist Bruce Schneier predicts that AI will optimize lobbying and draft “micro-legislation,” tiny provisions that quietly benefit one group, and he observes that the technology mostly makes the powerful more powerful. He and Nathan Sanders began worrying in earnest when an AI-written letter opposing AI regulation ran in the New York Times. Marietje Schaake supplies the institutional capstone in The Tech Coup: unelected companies now perform functions that once belonged to governments.
The prosecution rests. Now comes the defense.
Advertisement
On July 4, computer scientist Daphne Koller marked the country’s 250th birthday, and her own 37th anniversary as an immigrant, with a visit to Shasta Dam. In a reflection posted that day, she argued that America’s signature achievement is taking what was scarce and making it abundant: water into power at Shasta, electricity into a grid anyone could plug into, computation into a pocket. She has done it herself; Coursera, which she co-founded, put an elite education in front of more than 150 million learners. AI, she wrote, is the next chapter, “making abundant one of the world’s scarcest resources: powerful reasoning.” The judgment once reserved for credentialed specialists now belongs to anyone who can frame the right question. Lawyers and doctors bill by the hour. AI answers by the second.
The economic counter comes from Acemoglu’s MIT colleague David Autor, who argues in Noema that AI can extend expertise to workers without elite credentials and thereby rebuild the hollowed-out middle of the labor market. Early evidence points his way. When a Fortune 500 firm gave its customer-support agents an AI assistant, productivity rose 15% on average, and the gains went overwhelmingly to the newest and least skilled workers, who improved in both speed and quality. The study, published in the Quarterly Journal of Economics, found that the most experienced agents gained little. If the pattern holds, AI could compress the very gaps Acemoglu fears it will widen.
Reid Hoffman and Greg Beato’s Superagency states the optimistic case in general form: AI amplifies individual agency so broadly that the real danger lies in democracies ceding its development to less benevolent actors. In Plurality, Taiwan’s first digital minister Audrey Tang and economist Glen Weyl describe a decade of digital tools that found consensus across a polarized public on live legislation, from ride-sharing rules to pandemic policy. A controlled experiment backs them up. Google DeepMind researchers built an AI mediator, tested it on 5,734 Britons deliberating questions like Brexit and immigration, and reported in Science that participants preferred the AI’s group statements to a human mediator’s, rating them clearer and less biased. The groups also ended up less divided. A town hall has never fit a million people. It might now.
I set the two columns side by side and noticed something odd: they never meet. The pessimists are arguing about who controls AI. The optimists are arguing about who gets to use it. Power and access are different questions, and both camps can be right at the same time.
Advertisement
Koller’s dam makes the point physically. Generation is concentrated, a handful of turbines owned by a few. The grid is distributed, and anyone can plug in. One machine does both at once. AI shares that anatomy: anyone can plug into a frontier model for $20 a month, while the frontier weights and the data centers that train them belong to a half-dozen companies.
Gutenberg adds the time dimension. The press broke Rome’s monopoly on scripture, and four centuries later it built Hearst’s empire; access and power traded places on the same machine. Both forces are real. The open question is which one moves faster, and the current fights over open weights, chip exports, and model ownership are fights that will help settle this question.
The founders faced a similar question about concentrated power and answered it by distributing the vote, narrowly at first, and later to nearly everyone. Koller ended her post with an obligation that fits the country’s 250th year: anyone given more than their share owes the work of making sure the next scarce thing does not stay scarce for long. Intelligence is the next scarce thing. Koller’s dam is already built, along with the frontier models and the data centers that train them. The choice in front of us is whether we also build the grid, providing broad, cheap access to AI for all Americans.
A green pipeline is not a governed one, and agentic coding is widening the gap faster than review can close it.
By Shane Warden, Principal Architect, ActiveState
In June 2026, researchers at Novee Security disclosed a class of CI/CD weakness they named Cordyceps. They scanned roughly 30,000 high-impact repositories across the npm, PyPI, crates.io, and Go ecosystems, then flagged 654 and confirmed more than 300 as fully exploitable.
The affected build tooling included projects published by Microsoft,Google, Apache, Cloudflare, and the Python Software Foundation, and the entry requirement for an attacker is a free GitHub account. No org membership, no elevated privileges.
Advertisement
Every one of those pipelines was green. The scanners ran, the checks passed, and the dashboards reported healthy results the entire time the exposure existed. The scanners were never built to see this danger.
The Vulnerability Is in the Composition, Not the File
GitHub Actions workflows are usually triggered by pull_request, which runs in the untrusted context of the fork, without repository secrets and with a read-only token. The trouble starts with pull_request_target and workflow_run, which run in the context of the base repository with access to secrets and a read and write GITHUB_TOKEN.
An attacker can induce both to act on attacker-controlled content from the pull request that triggered them. GitHub Security Lab calls this the pwn request.
Three primitives do the damage. Command injection interpolates attacker-controlled data, a branch name, a title, a comment, straight into a run step, so it lands unescaped inside a shell command and executes. Code injection through actions/github-script evaluates attacker input as JavaScript at runtime.
Advertisement
And cross-workflow privilege escalation lets a low-privilege workflow write untrusted data into an artifact or output, which a second, high-privilege workflow then reads and acts on with the maintainer’s token. Neither workflow is exploitable alone.
The vulnerability exists because of how they connect, which is exactly why the scanners stay green: a SAST or DAST tool pattern-matches a single file, and each file here is valid, well-formed YAML doing exactly what it was told.
“A scanner sees a workflow. An attacker sees a four-step chain to a permanent credential,” explains Warden.
There is no single line to flag, because no single line is wrong.
Advertisement
That is the worst version of a measurement failure, because a red light sends someone to look for a problem and a green light sends everyone home.
Cordyceps passed every check because no single workflow file was wrong, it was the composition that was exploitable.
See how to close that gap by governing what enters your build at the source, not just what passes the scan.
One Pull Request, Persistent Write Access to Shipped Security Content
On Microsoft’s Azure Sentinel repository, Novee showed that a comment on a pull request could run anonymous attacker code on Microsoft’s CI and steal a non-expiring GitHub App key, confirmed by Microsoft’s Security Response Center.
Advertisement
Sentinel is Microsoft’s SIEM, and its Content Hub ships detection rules and automated playbooks directly into customer workspaces.
A stolen key there offers persistent write access to the security content thousands of organizations rely on to detect attacks, quietly weakened and shipped downstream as a trusted update.
Google’s AI Agent Development Kit sample repository is a reference thousands of developers copy when building agents on Google Cloud. A single pull request could execute code in Google’s CI and escalate to roles/owner on the associated Google Cloud project, permanent owner-level access, confirmed by Google.
Apache Doris had a comparable path to credential theft, confirmed and fixed by the Apache Security Team. Three organizations, one composition problem, no line of code that a scanner could point to.
Advertisement
Nobody Decided to Trust That Pull Request
The phrase that should stop an engineering leader is “trust boundary that no one audited.” Someone configured a workflow to treat an outsider’s input as if it came from a maintainer. No human made that call on purpose.
This risk accreted, one reasonable-looking commit at a time, and it increases with AI-generated workflows, where the moment of decision may never be audited at all.
I have put AI tooling into production engineering work and measured what it changed, so I will say plainly that the leverage is real and I am not arguing to slow it down.
But Novee is explicit that agentic coding is the multiplier: AI tools generate CI/CD configuration quickly and reproduce the same insecure patterns, so one mistake compounds across potentially millions of repositories, emitted with confidence and no provenance signal.
Advertisement
The volume of workflow decisions an organization now absorbs has outrun a review process sized for human-speed output.
Our standard security systems aren’t ready for this either. Cordyceps is not a CVE, so it never enters the enumeration model. Furthermore, NIST acknowledged in April 2026 that it can no longer enrich every CVE, with submissions up 263% since 2020. Risks are multiplying.
Fortunately, Novee found no evidence of exploitation in the wild, and the named vendors have hardened or patched. However, this is a proven, exploitable pattern, not one single specific breach, and it is largely unpatched by default across the industry.
The immediate fixes are worth doing now: prefer pull_request over pull_request_target for untrusted contributions, never check out pull request head code inside a privileged workflow, pass event data through a quoted env variable rather than inlining it, default permissions to read-only, pin third-party actions to a commit SHA rather than a moving tag, and gate privileged workflows behind manual approval for first-time contributors.
Advertisement
Do all of that and you have closed today’s problems, but not the class of problems. The next pattern will build from individually correct steps, and it will also pass the scan. AI-driven development is widening this software supply chain governance gap, and it’s accelerating.
The durable control is to govern what your build can trust at the source, so the components and workflows entering your pipeline come from a governed origin with verifiable provenance, built from source rather than trusted on faith.
A hijacked upstream that publishes a poisoned package must meet and fail a check at the point of ingestion. A human owns the trust boundaries. That ownership has to operate at the speed AI is now generating decisions, because manual review at the far end of the pipeline cannot catch up.
Cordyceps did not defeat anyone’s security tools. It walked past them, because every individual piece worked exactly as designed. That is the measurement trap in its purest form: the number stayed green while the thing it was supposed to guarantee stopped being true, if it was ever true at all.
Advertisement
Those pipelines were not exposed because the scanners failed. They were exposed because passing the scan didn’t mean they were governed. For a while, nobody went looking.
Robot vacuums that clean and mop in a single pass have always carried a serious premium, but this deal turns that long standing assumption completely on its head this week.
That saving buys genuine engineering rather than a stripped back budget alternative, since dual mop pads and PerfectEdge design reach along skirting boards and corners, covering 18% more floor area than standard cleaning.
Advertisement
That extra coverage matters even more once you consider how little hands on effort the AutoWash Dock actually demands, since it empties debris automatically for up to seventy five days before it needs any attention.
The same dock also washes and heat dries the mop pads after every single run, delivering up to four weeks of hands free mopping so results stay fresh rather than dragging dirt through the house.
That fresh start matters even more given the Roomba 505X also brings up to seventy times more suction than older six hundred series models, tackling scattered cereal and muddy pawprints with real confidence.
Advertisement
That confidence extends into navigation too, since PrecisionVision AI recognises cords, shoes, and even pet accidents in real time, steering around them instead of dragging mess through the whole home.
Mapping is handled by ClearView Pro LiDAR, which charts the layout of a home precisely enough to clean efficiently by day or by night, while built in cliff sensors guard against falls near stairs.
Dried on messes get the same attention, since SmartScrub applies extra pressure exactly where stains have set in, breaking down muddy footprints and kitchen splatter without any scrubbing by hand.
Cleaning style stays flexible throughout, since the Roomba Home App lets you vacuum, mop, or combo clean room by room, automatically lifting the mop pads whenever it crosses from hard floor onto carpet.
Advertisement
Advertisement
The one thing worth planning for is space, since the AutoWash Dock needs a dedicated spot near a wall alongside room for its water tank, rather than tucking into a small cupboard.
Anyone tired of manual mopping and frequent bin emptying now has a genuine case for upgrading to the Roomba 505X, and can check our best Vacuum Cleaner guide to see it sit alongside the market’s strongest robot cleaners for exactly this kind of comparison.
You must be logged in to post a comment Login