from the words-are-but-wind dept

We’ve noted repeatedly how Trump FCC boss Brendan Carr has been abusing the FCC’s “equal opportunity” (or “equal time”) rule to try and threaten daytime and late night talk shows with government retribution if they refuse to enthusiastically coddle Republicans.

Late night shows had historically been exempt from the dated rules, which required that any airing of a political candidate on “publicly owned” airwaves is countered with the appearance from a candidate from the opposing party. But Carr isn’t interested in equilibrium; he’s interested abusing FCC authority to try and silence critics of Donald Trump and his increasingly unpopular policies.

But folks have increasingly noted that Brendan Carr doesn’t appear to have any interest in enforcing the same standard on radio, where (especially on AM), listeners are constantly served up a lopsided dose of race-baiting agitprop pretending to be news. When he’s been asked about this inconsistency, Carr has been painfully and curiously vague:

“In a press conference after the FCC’s February 18 meeting, Deadline reporter Ted Johnson asked Carr why he has not expressed “the same concern about broadcast talk radio as broadcast TV talk shows.”

The Deadline reporter pointed out that “Sean Hannity’s show featured Ken Paxton in December.” Paxton, the Texas attorney general, is running for a US Senate seat in this year’s election. Carr claimed in response that TV broadcasters have been “misreading” FCC precedents while talk radio shows have not been.

Advertisement

“It appeared that programmers were either overreading or misreading some of the case law on the equal-time rule as it applies to broadcast TV,” Carr replied. “We haven’t seen the same issues on the radio side, but the equal-time rule is going to apply to broadcast across the board, and we’ll take a look at anything that arises at the end of the day.”

It’s of course far worse on the radio side, which has been utterly dominated by outright right wing propaganda since the early 90s. And he will, of course, not be “taking a look at anything that arises,” because, again, he’s not remotely interested in abusing this rule consistently because he’s an authoritarian hack.

Ars Technica spoke to Gigi Sohn, whose appointment to the FCC under Biden was, if you’ll recall, dismantled by a telecom and media company homophobic smear campaign:

“Carr’s claim that TV but not radio broadcasters have misread FCC precedents is “a bunch of nonsense,” said Gigi Sohn, a longtime lawyer and consumer advocate who served as counselor to then-FCC Chairman Tom Wheeler during the Obama era. Carr “was responding to criticism from people like Sean Hannity that the guidance would apply to conservative talk radio just as much as it would to so-called ‘liberal’ TV,” Sohn told Ars. “It doesn’t matter whether a broadcaster is a radio broadcaster or a TV broadcaster, the Equal Opportunities law and however the FCC implements it must apply to both equally.”

This is very typical Carr. The law and earthly logic are malleable constructs that easily bend to whatever his goal is at any given moment. This blatant, mindless inconsistency has always been absolutely central to who he is, even before he became the authoritarian government’s top censor. It was evident way back during the fights over net neutrality and telecom oversight.

It’s why anybody with sense (including this website) recommended that the man be allowed nowhere near actual levers of power and policy-making.

Filed Under: brendan carr, censor, censorship, equal time, fcc, first amendment, partisan hack, radio, sean hannity, tv

Photo credit: Igor Bogdanov
The leaked Quick Start Guide for the DJI Osmo Pocket 4 has finally been discovered, and every page reveals exactly what DJI plans to achieve next with its tiny handheld gimbal camera. At first sight, this update appears to be very similar, however there have been some significant changes. The body remains the same compact design that fits easily into a jacket pocket, but there are a few useful hardware buttons to replace the incessant screen swiping.

A zoom rocker has been added right next to the rotatable 2 inch OLED screen, along with a shutter button that also powers the device, a 5 way joystick for super-precise gimbal motions, some status LEDs, and a C button that you can customize to quickly access your favorite settings. There is a USB-C port for charging and data transfer, and the microSD card remains available in case you need it. These enhancements address widespread complaints from the previous model, in which touchscreen-only navigation simply wasn’t fast enough for rapid-paced photography.

Sale

DJI Osmo Pocket 3, Vlogging Cameras with 1” CMOS & 4K/120fps Vlog Camera, 3-Axis Stabilization, Fast…

• Capture Stunning Footage – This vlogging camera features a 1-inch CMOS sensor and records in 4K resolution at an impressive 120fps. Capture…
• Effortlessly Frame Your Shots – Get the ideal composition with Osmo Pocket 3’s expansive 2-inch touch screen that rotates for both horizontal and…
• Ultra-Steady Footage – Say goodbye to shaky videos. Osmo Pocket 3’s advanced 3-axis mechanical stabilization delivers superb stability. Enjoy smooth…

Video-wise, this little camera actually takes a step forward, since it uses a 1 inch CMOS sensor, with some fairly apparent improvements in low-light handling and dynamic range. Compared to the Pocket 3’s 4K/60fps restriction, you can now record at 4K at 120 frames per second, enabling you to produce gorgeous slow-motion recordings that capture every detail in incredibly fluid motion. Even when your subjects are zooming around a lot, autofocus maintains a solid hold on faces and objects. You can now stroll or turn while still getting smooth footage thanks to stabilization, which is based on their proven three-axis mechanical gimbal, now tuned for steadier handheld results during walks or quick turns. The battery life is increased from 1300 mAh to 1545 mAh, which should allow you to record for more than 200 minutes on a single charge in a variety of situations—what I like to refer to as “all day shoots.”

As Wi-Fi 6 replaces the previous standard, connectivity is evolving. With the DJI Mimo app, you can transfer all of your footage to your phone or tablet really quickly. You can now instantly post to YouTube and stream live using the same app, so your journey from capture to audience is complete.

The Creator Combo adds some useful extras, such as an extended battery handle for longer shots, a wide-angle lens attachment for capturing more of the scene, a mini tripod grip, a protective case, and possibly a magnetic fill light or wireless microphone depending on how the final kit looks. In terms of bundles, the standard version is essentially the essentials for the casual creator. Additionally, the cost of these items appears to be between $599 and $699 for the standard model and between $699 and $749 for the loaded Creator Combo. DJI appears poised to announce the standard Osmo Pocket 4 in China on March 26, 2026, with global availability following shortly after.
[Source]

In their recent announcement, NASA has made official what pretty much anyone following the Artemis lunar program could have told you years ago — humans won’t be landing on the Moon in 2028.

It was always an ambitious timeline, especially given the scope of the mission. It wouldn’t be enough to revisit the Moon in a spidery lander that could only hold two crew members and a few hundred kilograms of gear like in the 60s. This time, NASA wants to return to the lunar surface with hardware capable of setting up a sustained human presence. That means a new breed of lander that dwarfs anything the agency, or humanity for that matter, has ever tried to place on another celestial body.

Unsurprisingly, developing such vehicles and making sure they’re safe for crewed missions takes time and requires extensive testing. The simple fact is that the landers, being built by SpaceX and Blue Origin, won’t be ready in time to support the original Artemis III landing in 2028. Additionally, development of the new lunar extravehicular activity (EVA) suits by Axiom Space has fallen behind schedule. So even if one of the landers would have been ready to fly in 2028, the crew wouldn’t have the suits they need to actually leave the vehicle and work on the surface.

But while the Artemis spacecraft and EVA suits might be state of the art, NASA’s revised timeline for the program is taking a clear step back in time, hewing closer to the phased approach used during Apollo. This not only provides their various commercial partners with more time to work on their respective contributions, but critically, provides an opportunity to test them in space before committing to a crewed landing.

Artemis II Remains Unchanged

Given its imminent launch, there are no changes planned for the upcoming Artemis II mission. In fact, had there not been delays in getting the Space Launch System (SLS) rocket ready for launch, the mission would have already flown by now. Given how slow the gears of government tend to turn, one wonders if the original plan was to announce these program revisions after the conclusion of the mission. The launch is currently slated for April, but could always slip again if more issues arise.

At any rate, the goals for Artemis II have always been fairly well-aligned with its Apollo counterpart, Apollo 8. Just like the 1968 mission, this flight is designed to test the crew capsule and collect real-world experience while in the vicinity of the Moon, but without the added complexity of attempting a landing. Although now, as it was then, the decision to test the crew capsule without its lander wasn’t made purely out of an abundance of caution.

As originally envisioned, Apollo 8 would have seen both the command and service module (CSM) and the lunar module (LM) tested in low Earth orbit. But due to delays in LM production, it was decided to fly the completed CSM without a lander on a modified mission that would put it into orbit around the Moon. This would give NASA an opportunity to demonstrate the critical translunar injection (TLI) maneuver and gain experience operating the CSM in lunar orbit — tasks which were originally scheduled to be part of the later Apollo 10 mission.

In comparison, Artemis II was always intended to be flown with only the Orion crew capsule. NASA’s goal has been to keep the program relatively agnostic when it came to landers, with the hope being that private industry would furnish an array of vehicles from which the agency could chose depending on the mission parameters. The Orion capsule would simply ferry crews to the vicinity of the Moon, where they would transfer over to the lander — either via directly docking, or by using the Lunar Gateway station as a rallying point.

There’s no lander waiting at the Moon for Artemis II, and the fate of Lunar Gateway is still uncertain. But for now, that’s not important. On this mission, NASA just wants to demonstrate that the Orion capsule can take a crew of four to the Moon and bring them back home safely.

Artemis III Kicks the Tires

For Artemis III, the previous plan was to have the Orion capsule mate up with a modified version of SpaceX’s Starship — known in NASA parlance as the Human Landing System (HLS) — which would then take the crew down to the lunar surface. While the HLS contract did stipulate that SpaceX was to perform an autonomous demonstration landing before Artemis III, the aggressive nature of the overall timeline made no provision for testing the lander with a crew onboard ahead of the actual landing attempt — a risky plan even in the best of circumstances.

The newly announced timeline resolves this issue by not only delaying the actual Moon landing until 2028, to take place during Artemis IV, but to change Artemis III into a test flight of the lander from the relative safety of low Earth orbit in 2027. The crew will liftoff from Kennedy Space Center and rendezvous with the lander in orbit. Once docked, the crews will practice maneuvering the mated vehicles and potentially perform an EVA to test Axiom’s space suits.

This new plan closely follows the example of Apollo 9, which saw the CSM and LM tested together in Earth orbit. At this point in the program, the CSM had already been thuroughly tested, but the LM had never flown in space or had a crew onboard. After the two craft docked, the crew performed several demonstrations, such as verifying that the mated craft could be maneuvered with both the CSM and LM propulsion systems.

The two craft then separated, and the LM was flown independently for several hours before once again docking with the CSM. The crew also performed a brief EVA to test the Portable Life Support System (PLSS) which would eventually be used on the lunar surface.

While the Artemis III and Apollo 9 missions have a lot in common, there’s at least one big difference. At this point, NASA isn’t committing to one particular lander. If Blue Origin gets their hardware flying before SpaceX, that’s what they’ll go with. There’s even a possibility, albeit remote, that they could test both landers during the mission.

Artemis IV Takes a Different Path

After the success of Apollo 9, there was consideration given to making the first landing attempt on the following mission. But key members of NASA such as Director of Flight Operations Christopher C. Kraft felt there was still more to learn about operating the spacecraft in lunar orbit, and it was ultimately decided to make Apollo 10 a dress rehearsal for the actual landing.

The CSM and LM would head to the Moon, separate, and go through the motions of preparing to land. The LM would begin its descent to the lunar surface, but stop at an altitude of 14.4 kilometers (9 miles). After taking pictures of the intended landing site, it would return to the CSM and the crew would prepare for the return trip to Earth. With these maneuvers demonstrated, NASA felt confident enough to schedule the history-making landing for the next mission, Apollo 11.

But this time around, NASA will take that first option. Rather than do a test run out to the Moon with the Orion capsule and attached lander, the plan is to make the first landing attempt on Artemis IV. This is partially because we now have a more complete understanding of orbital rendezvous and related maneuvers in lunar orbit. But also because by this point, SpaceX and Blue Origin should have already completed their autonomous demonstration missions to prove the capabilities of their respective landers.

Entering Uncharted Territory

At this point, the plans for anything beyond Artemis IV are at best speculative. NASA says they will work to increase mission cadence, which includes streamlining SLS operations so the megarocket can be launched at least once per year, and work towards establishing a permanent presence on the Moon. But of course none of that can happen until these early Artemis missions have been successfully executed. Until then it’s all just hypothetical.

While Apollo was an incredible success, one can only follow its example so far. Despite some grand plans, the program petered out once it was clear the Soviet Union was no longer in the game. It cemented NASA’s position as the preeminent space agency, but the dream of exploring the lunar surface and establishing an outpost remained unfulfilled. With China providing a modern space rival, and commercial partners rapidly innovating, perhaps Artemis may be able to succeed where Apollo fell short.

TikTok will not introduce end-to-end encryption for direct messages (DMs) on its platform, according to a new report from the BBC. The social media giant says end-to-end encryption would make users less safe, as it believes the technology would prevent police and safety teams from accessing messages when necessary.

TikTok told the outlet that this is a deliberate decision to distinguish itself from rivals and protect users, particularly younger ones, from harm.

With end-to-end encryption, only the sender and recipient of a direct message can view its contents.

The company said direct messages are still protected with standard encryption, similar to services like Gmail. Only authorized employees can access direct messages, and only under specific circumstances, such as in response to a valid law enforcement request or a user report of harmful behavior.

End-to-end encryption is the default technology used in popular apps like Signal, WhatsApp, Facebook Messenger (for 1:1 personal chats and calls), Apple’s Messages, and Google Messages.

The federal directive ordering all U.S. government agencies to cease using Anthropic technology comes with a six-month phaseout window. That timeline assumes agencies already know where Anthropic’s models sit inside their workflows. Most don’t today.

Most enterprises wouldn’t, either. The gap between what enterprises think they’ve approved and what’s actually running in production is wider than most security leaders realize.

AI vendor dependencies don’t stop at the contract you signed; they cascade through your vendors, your vendors’ vendors, and the SaaS platforms your teams adopted without a procurement review. Most enterprises have never mapped that chain.

The inventory nobody has run

A January 2026 Panorays survey of 200 U.S. CISOs put a number on the problem: Only 15% said they have full visibility into their software supply chains, up from just 3% a year ago. And 49% had adopted AI tools without employer approval, according to a BlackFog survey of 2,000 workers at companies with more than 500 employees; 69% of C-suite members said they were fine with it.

That’s where undocumented AI vendor dependencies accumulate, invisible to the security team until a forced migration makes them everyone’s problem.

“If you asked a typical enterprise to produce a dependency graph that includes second- and third-order AI calls, they’d be building it from scratch under pressure,” said Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, in an exclusive interview with VentureBeat. “Most security programs were built for static assets. AI is dynamic, compositional, and increasingly indirect.”

When a vendor relationship ends overnight

The directive creates a forced migration unlike anything the federal government has attempted with an AI provider. Any enterprise running critical workflows on a single AI vendor faces the same math if that vendor disappears.

Shadow AI incidents now account for 20% of all breaches, adding as much as $670,000 to average breach costs, IBM’s 2025 Cost of Data Breach Report found. You can’t execute a transition plan for infrastructure you haven’t inventoried.

Your contract with Anthropic may not exist, but your vendors’ contracts might. A CRM platform could have Claude embedded in its analytics engine. A customer service tool might call it on every ticket you process. You didn’t sign for that exposure, but you inherited it, and when a vendor cutoff hits upstream, it cascades downstream fast. The enterprise at the end of that chain doesn’t know the dependency exists until something breaks or the compliance letter shows up.

Anthropic has said eight of the 10 largest U.S. companies use Claude. Any organization in those companies’ supply chains has indirect Anthropic exposure, whether they contracted for it or not. AWS and Palantir, which hold billions in military contracts, may need to reassess their commercial relationships with Anthropic to maintain Pentagon business.

The supply chain risk designation means any company doing business with the Pentagon now has to prove its workflows don’t touch Anthropic.

“Models are not interchangeable,” Baer told VentureBeat. “Switching vendors changes output formats, latency characteristics, safety filters, and hallucination profiles. That means revalidating controls, not just functionality.”

She outlined a sequence that starts with triage and blast radius assessment, moves to behavioral drift analysis, and ends with credential and integration churn. “Rotating keys is the easy part,” Baer said. “Untangling hardcoded dependencies, vendor SDK assumptions, and agent workflows is where things break.”

The dependencies your logs don’t show

A senior defense official described disentangling from Claude as an “enormous pain in the ass,” according to Axios. If that’s the assessment inside the most well-resourced security apparatus on the planet, the question for enterprise CISOs is straightforward. How long would yours take?

The shadow IT wave that followed SaaS adoption taught security teams about unsanctioned technology risk. Most caught up. They deployed CASBs, tightened SSO, and ran spend analysis. The tools worked because the threat was visible. A new application meant a new login, a new data store, a new entry in the logs.

AI vendor dependencies don’t leave those traces.

“Shadow IT with SaaS was visible at the edges,” Baer said. “AI dependencies are embedded inside other vendors’ features, invoked dynamically rather than persistently installed, non-deterministic in behavior, and opaque. You often don’t know which model or provider is actually being used.”

Four moves for Monday morning

The federal directive didn’t create the AI supply chain visibility problem. It exposed it.

“Not ‘inventory your AI,’ because that’s too abstract and too slow,” Baer told VentureBeat. She recommended four concrete moves that a security leader can execute in 30 days.

1. Map execution paths, not vendors. Instrument at the gateway, proxy, or application layer to log which services are making model calls, to which endpoints, with what data classifications. You’re building a live map of usage, not a static vendor list.

2. Identify control points you actually own. If your only control is at the vendor boundary, you’ve already lost. You want enforcement at ingress (what data goes into models), egress (what outputs are allowed downstream), and orchestration layers where agents and pipelines operate.

3. Run a kill test on your top AI dependency. Pick your most critical AI vendor and simulate its removal in a staging environment. Kill the API key, monitor for 48 hours, and document what breaks, what silently degrades, and what throws errors your incident response playbook doesn’t cover. This exercise will surface dependencies you didn’t know existed.

4. Force vendor disclosure on sub-processors and models. Your AI vendors should be able to answer which models they rely on, where those models are hosted, and what fallback paths exist. If they can’t, that’s your fourth-party blind spot. Ask the questions now, while the relationship is stable. Once a cutoff hits, the leverage shifts, and the answers come too late.

The control illusion

“Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system,” Baer told VentureBeat. “The real dependencies are one or two layers deeper, and those are the ones that fail under stress.”

The federal directive against Anthropic is one organization’s weather event. Every enterprise will eventually face its own version, whether the trigger is regulatory, contractual, operational, or geopolitical. The organizations that mapped their AI supply chain before the storm will recover. The ones that didn’t will scramble.

Map your AI vendor dependencies to the sub-tier level. Run the kill test. Force the disclosure. Give yourself 30 days. The next forced migration won’t come with a six-month warning.

American data analytics company LexisNexis Legal & Professional has confirmed to BleepingComputer that hackers breached its servers and accessed some customer and business information.

The company’s data breach confirmation comes as a threat actor named FulcrumSec leaked 2GB of files on various underground forums and sites.

LexisNexis L&P is a global provider of legal, regulatory, and business information, research tools, and analytics used by lawyers, corporations, governments, and academic institutions in more than 150 countries worldwide.

Cloud breach via unpatched React app

The threat actor says that on February 24 they gained access to the company’s AWS infrastructure by exploiting the React2Shell vulnerability in an unpatched React frontend app.

LexisNexis L&P admitted that hackers breached its network, noting that the stolen information was old and consisted mostly of non-critical details.

“Our investigation has confirmed that an unauthorized party accessed a limited number of servers,” the company told BleepingComputer.

“These servers contained mostly legacy, deprecated data from prior to 2020, including information such as customer names, user IDs, business contact information, products used, customer surveys with respondent IP addresses, and support tickets,” a spokesperson said.

“The impacted information did not contain Social Security numbers, driver’s license numbers, or any other sensitive personally identifiable information; credit card, bank accounts, or any other financial information; active passwords; or customer search queries, customer client or matter information, or customer contracts.”

Based on its investigation, LexisNexis believes that the intrusion has been contained and found no evidence that products or services were impacted by the intrusion.

In a public post detailing the hack, FulcrumSec claims that they stole information related to more than 100 users with .gov email addresses, which included U.S. government employees, federal judges and law clerks, U.S. Department of Justice attorneys, and U.S. SEC staff.

The threat actor detailed the intrusion, saying that they “exfiltrated 2.04 GB of structured data from LexisNexis AWS infrastructure” via a vulnerable React container with access to:

• 536 Redshift tables
• 430+ VPC database tables
• 53 AWS Secrets Manager secrets in plaintext
• 3.9M database records
• 21,042 customer accounts
• 5,582 attorney survey respondents
• 45 employee password hashes
• Complete VPC infrastructure mapping

FulcrumSec said that they also had access to around 400,000 cloud user profiles that included real names, emails, phone numbers, and job functions. According to the hackers, 118 users had .gov addresses belonging to U.S. government employees, federal judges and law clerks, U.S. Department of Justice attorneys, and U.S. SEC staff.

FulcrumSec said that they contacted LexisNexis, but the company “decided not to work with us on this.” They also criticized the company’s security practices that permitted a single ECS task role “read access to every secret in the account, including the production Redshift master credential.”

LexisNexis has notified law enforcement and contracted an external cybersecurity expert to assist with the investigation and implementation of containment measures.

The company has taken responsibility for the breach and informed current and previous customers of the intrusion.

Last year, the company disclosed another breach after hackers compromised a corporate account and accessed sensitive information belonging to 364,000 customers.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Google‘s March Pixel Drop is rolling out now, and it’s giving one of the Pixel‘s best quiet features its own home. The Now Playing tool, which automatically figures out songs playing around you, is now a standalone app. That means your history of discovered tracks finally has a place to live. You can actually revisit that song you heard at the coffee shop last week.

The update turns a background trick into something useful. Now Playing has long been a Pixel thing, silently catching music without needing to Shazam it. The new app adds a history tab that logs everything your phone has picked up. From there, you can play full tracks in Spotify, Apple Music, or whatever you use. The app is on the Google Play Store now as part of the March Pixel Drop. The rollout started March 3 and will continue over the next few weeks.

A history tab that actually does something

The standalone app changes how you deal with songs your phone has ID’d. Before, Now Playing worked almost invisibly. A track name would flash on your lock screen and then vanish. Now the history tab collects every recognized song in one scrollable list. You can see what played at the gym, in that Uber, or during your walk yesterday.

Better yet, tap any track and your phone offers to open it in your streaming service. You go from “what was that song?” to adding it to a playlist in seconds. The app builds a personal soundtrack of your life, then hands it off so you can actually listen. It’s a small shift. But it turns passive recognition into active discovery.

Why a standalone app changes the game

This isn’t just Google painting an old feature. Making Now Playing its own app solves something Pixel owners actually deal with. You’ve had that moment. You hear a great song, see it on your lock screen, and then forget about it by lunch. The new history tab catches those missed moments. It turns ephemeral discoveries into something you keep.

The move also shows how Google thinks about Pixel perks. Now Playing has always been a low-key differentiator. iPhones and Samsung phones don’t really do this. By spinning it into its own app with music service hooks, Google gives you a reason to stick with Pixel. Small moments turn into a lasting library.

How to get the new Now Playing app

If you’ve got a compatible Pixel, the new app is ready now. Hit the Google Play Store and look for the standalone app. It started appearing after the March 3 announcement. The rollout happens in waves, so it might take a week or two to hit your phone. When it lands, your old song history should show up automatically.

This is one of those updates that makes you wonder why it took so long. The old Now Playing was great at identification but terrible at preservation. Now you’ve got a searchable, playable archive of every track your phone ever caught. That’s a subtle upgrade that adds up. Check the Play Store this week. If it’s not there, give it a few days. The March Pixel Drop is rolling out gradual, and this one’s worth waiting for.