AWS Rex adds runtime guardrails for agentic AI, but security leaders still need data-layer controls to satisfy compliance and audit demands.
The post AWS Rex Is a Big Step for Agentic AI Security, But Not the Final Layer appeared first on TechRepublic.
Windows 10 support has ended. These four products and alternatives can help older PCs stay useful with ChromeOS Flex, SSDs, RAM upgrades, or Linux Mint.
The post 4 Products That Could Keep Old PCs Useful After Windows 10 appeared first on TechRepublic.
Explore the top humanoid robots from Tesla, Unitree, Agility Robotics, UBTech, and more, ranked by momentum, real-world use, and commercial potential.
The post The Top 10 Humanoid Robots, Ranked: Tesla, Unitree, and More appeared first on TechRepublic.
Apple’s camera-equipped AirPods have reportedly reached advanced testing, but Siri readiness and privacy concerns could affect the launch.
The post Apple’s Camera-Equipped AirPods Reportedly Reach Late-Stage Testing appeared first on TechRepublic.
See what you missed in Daily Tech Insider from May 4–8.
The post AI Agents, Data Breaches, and Workforce Shifts Define This Week in Tech appeared first on TechRepublic.
Google is turning the Fitbit app into Google Health, adding Gemini-powered coaching, medical record tools, and the new screenless Fitbit Air tracker.
The post Google Rebrands Fitbit App as ‘Google Health’ in Major AI Wellness Push appeared first on TechRepublic.
Samsung’s One UI 8.5 rollout began in Korea on May 6, bringing Galaxy AI upgrades to select flagship phones and tablets in phased markets.
The post Samsung One UI 8.5 Rollout Begins: Eligible Galaxy Devices and How to Check appeared first on TechRepublic.
Vous avez confiance dans le nom qui est affiché à côté d'un commit GitHub ?
Bah vous pouvez arrêter tout de suite car le chercheur Shani Lavi a documenté il y a quelques années ce que les devs Git sérieux savent depuis longtemps : N'importe qui peut publier un commit avec n'importe quelle identité, et bien sûr, on peut systématiquement compter sur GitHub pour lier ce commit au profil correspondant sans broncher.
Allez, petite démonstration récente... Sur le repo no-as-a-service , il y a par exemple un commit signé "torvalds" qui ajoute un témoignage humoristique de Linus Torvalds dans le README. L'avatar de Linus s'affiche, et GitHub considère ça comme un commit parfaitement valide. Sauf que Linus n'a évidemment jamais touché ce projet humoristique qui est une petite API qui sort des excuses créatives pour dire "non".
Et ce qui est fou, c'est que vous pouvez faire pareil en dix secondes, et c'est ce qu'on va faire ensemble. Mais avant...
Git, à la base, c'est un système distribué. Quand vous faites un commit, votre client local prend alors deux infos dans votre config : user.name et user.email. Ces deux champs sont libres, et jamais validés côté client. Vous pouvez donc écrire ce que vous voulez dedans, et Git s'en fiche.
Côté GitHub, l'attribution se fait par l'email. Le service regarde alors l'email présent dans les métadonnées du commit, le compare aux emails enregistrés sur les comptes, et affiche le profil + l'avatar Gravatar correspondant. En fait, il n'y a aucune vérification que la personne qui a poussé le commit possède réellement cette adresse email.
Du coup, n'importe qui qui connaît votre email public (et il est public si vous avez déjà commit en clair sur un repo) peut publier des commits avec votre identité affichée.
Avant de paniquer, faisons l'exercice nous-mêmes pour bien comprendre. Dans un repo de test que vous contrôlez :
Connexion# 1. Visualiser un commit cible pour récupérer name + email
git log --format='%an <%ae>' | head -3
# 2. Reconfigurer Git avec une fausse identité
git config --global --replace-all user.name "Linus Torvalds"
git config --global --replace-all user.email "[email protected]"
# 3. Vérifier la config
git config --global --list | grep user
# 4. Faire un commit normal
echo "Hello from Linus" >> README.md
git add README.md
git commit -m "Important kernel fix"
# 5. Pousser sur votre repo
git push origin main
Allez voir le commit sur GitHub. Vous verrez l'avatar de Linus, son nom cliquable qui mène vers son profil, et surtout aucun avertissement. Pas de mot de passe demandé ni de token compromis... non, non, non, c'est juste une config locale modifiée.
Et si quelqu'un fait un fork de votre repo, ou si un mainteneur peu attentif valide un PR sur cette base, l'illusion est complète.
Pour ça, le badge Verified reste l'indicateur le plus utile. À côté du SHA d'un commit, GitHub affiche surtout une étiquette verte "Verified" si le commit est cryptographiquement signé avec une clé GPG ou SSH enregistrée sur le compte de l'auteur. Sinon, y'a rien du tout (par défaut). Attention quand même, l'absence de badge ne veut pas dire qu'un commit est malveillant mais juste qu'on ne peut pas garantir qui l'a écrit.
Par exemple, si vous regardez le commit e6b4218 sur no-as-a-service, vous remarquerez l'absence totale de badge. C'est le signal mais il faut encore savoir le chercher car par défaut, GitHub n'affiche AUCUN avertissement pour les commits non signés. C'est surtout ça le problème...
Alors pour vous protéger de ça, ça commence chez vous. Plus simple que GPG, la signature SSH utilise une clé que vous avez probablement déjà. Générez une clé Ed25519 si ce n'est pas fait :
ssh-keygen -t ed25519 -C "[email protected]"
Configurez Git pour signer automatiquement avec cette clé :
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/id_ed25519.pub
git config --global commit.gpgsign true
git config --global tag.gpgsign true
Dernière étape, ajoutez votre clé publique sur GitHub dans Settings → SSH and GPG keys (1), mais cette fois en sélectionnant le type Signing Key (pas Authentication Key, c'est différent) (2). Vos prochains commits afficheront le badge "Verified" en vert.
Si vous préférez GPG, le principe est identique avec gpg.format gpg et une clé GPG. Pour le détail GPG complet, j'avais déjà couvert le sujet dans
le tuto sur Thunderbird et GPG
.
Là, on passe à l'offensive. Vigilant Mode (3) force GitHub à afficher un statut sur tous vos commits. Les signés deviennent "Verified", les non signés deviennent "Unverified" en gros et bien visible. Plus de zone grise comme ça.
Direction même endroit dans Settings → SSH and GPG keys → Vigilant mode → Flag unsigned commits as unverified. Cochez la case. À partir de là, n'importe quel commit que GitHub vous attribue (via votre email vérifié) sans signature sera affiché comme "Unverified", ce qui rend le spoofing beaucoup plus difficile à dissimuler. Petite limite par contre, ça ne protège que votre propre identité et pas celle des contributeurs qui n'ont pas activé le mode.
GitHub considère ce comportement comme un non-bug. Sur leur page bug bounty, l'usurpation par email Git est explicitement listée comme ineligible. Leur argument c'est que ça ne donne pas accès aux repos ni de privilèges supplémentaires, donc ce n'est pas une faille au sens strict.
Sauf que dans la vraie vie, l'identité affichée influence les décisions. Par exemple, un mainteneur qui voit un PR signé d'un contributeur connu va l'examiner avec moins de paranoïa, un journaliste qui couvre un scandale va citer "le commit de tel développeur" sans vérifier la signature, et combiné à d'autres vecteurs, ça peut devenir redoutable ! Je pense surtout aux attaques supply chain récentes type Shai-Hulud où une fois le code piégé, l'attribution Git aide à le faire passer pour légitime.
Bref, dire "ce n'est pas un bug" parce qu'il faut un autre vecteur derrière, c'est un peu facile, je trouve. Voilà, donc ne comptez pas sur Github pour vous défendre et signez vos commits, activez Vigilant Mode, et apprenez à vos collègues et amis dev à vérifier le badge "Verified" avant de merger quoi que ce soit en venant d'un inconnu... même si c'est ce bon cher Linus qui propose de réécrire le kernel en Rust avec systemd intégré ^^.
Wheelhome is a budding compact camping solutions enterprise in the United Kingdom. It is changing the way camping is perceived and how all-electric camping trips can be made more convenient. First, it launched the electric rooftop camper for the Tesla’s popular Model 3, and now it is offering other lighter vehicle owners an alternative for solo or two-person camping with the new Dashaway ECT micro camping trailers.
Designed for efficient electric camping trips, the Dashaway ECT trailer comes in two variants: a solo version and a two-person model. The campers are packed with all the amenities and facilities one needs, from a lounge to beds and a toilet to a kitchen, so they can be fully packed for all sorts of camping requirements.
Designer: Wheelhome
A provided awning is one of the major highlights of the Dashaway ECT series. It is part of the trailer and delivers an additional outer space that can be used for a portable toilet. Of course, it is optional, but with awning rolled up on the front of the trailer when riding, you have the option of expanding the living space. It can unfurl easily and attach to the roof and two side poles to create a sizable space. Besides the awning, the trailer is otherwise similar to the other options on the market, measuring 12.5 feet long and about 5.3 feet wide, but it differentiates itself in the convenience campers can have inside.
When in drive mode, the Dashaway ECTS one berth and the ECT 2 two berth pack down to a height of 3.8 feet. At the camp, both models can pop up to the height of 6 feet. Setting up the trailers is as easy as it can get. No additional tools or any specific training is necessary. The process takes a few minutes. First, using a motorized mover the trailer can be positioned using a remote control, without even the tow vehicle. When in place, the stabilizer legs are lowered and the roof can be lifted up using a gas strut-assisted crank and the fabric side-walled camp is ready to live.
However, before you start living, you can access the camper via single rear entry and layout the furniture and furnishing inside (which folds down when the camper is packed for the road). The interior has the kitchen setup at the entrance complete with an induction hob, kettle, air fryer, and microwave, and then is the seating lounge facing outward, toward the camp entry. The seat also accommodates a 12L fridge underneath. The lounge – depending on the berth configuration you have picked – is either one seat or two. the seats flatten down into a single or double bed at night. The sides are provided with large windows covered with mesh, which light up the interior.
Wheelhome provides the ECT series with ample storage cabinets and compartments under the seat(s). The trailer features a 3-kWh lithium battery, 200-watt rooftop solar panel connected to a 3,000 W inverter. Dashaway ECTS is available for a starting price of £19,750 (roughly $26,000), and the ECT2 is priced at £26,225 (about $35,000).
The post This Expandable Popup Micro Camper Turns Your EV Into a Fully Equipped Tiny Home for Off-Grid Escapes first appeared on Yanko Design.
Phone cases have largely settled into two camps: the ones that protect your phone without anyone noticing they exist, and the ones that make a statement with printed graphics, colors, or textures. Neither approach has found a way to make the back of a phone genuinely interesting rather than just decorated. Designer Daniel Idle found a third option that neither camp seems to have considered.
The Terrarium Phone Case is a clear resin case for the iPhone 16 Pro Max with an actual planted environment sealed inside the back cavity. Moss, small-leafed plants, and a stabilized soil substrate are embedded within the transparent shell, creating a thin cross-section of living terrain that you carry around with you wherever the phone goes. It’s a working phone case, a functional terrarium, and an oddly calming thing to have in your pocket all at once.
Designer: Daniel Idle
The construction involved 3D modeling and fabrication in clear resin, producing a case with enough depth in the back wall to house soil, roots, and plant matter. The plants are packed using a stabilized substrate that keeps the arrangement intact when the phone is picked up, rotated, tilted, or slipped into a bag. The camera cutout is fully preserved; the charging port at the bottom remains accessible; the phone continues to work exactly as it always did.
What keeps everything alive inside the sealed cavity is a closed-loop moisture system. The plants and soil generate humidity, which evaporates toward the inner surface of the resin, condenses back into droplets, and cycles down again. Light passing through the clear shell feeds the plants from outside, while the substrate provides gradual nutrient release. The whole thing is, in a fairly literal sense, a miniature ecosystem that sustains itself without any intervention from the person carrying it.
The condensation that forms on the inside of the shell during high-humidity moments is part of the visual appeal rather than a flaw to be engineered away. Seeing that vapor cycle through the case is a reminder that something in there is alive, actively breathing and responding to its environment, in the same pocket or bag as a device specifically engineered to minimize all biological interference.
There’s a running thread through design culture about bringing nature back into objects and spaces that have drifted too far from it. Biophilic design has become a recognizable term for everything from moss walls in offices to plant-filled shelving in apartments. Most of those applications treat plants as decoration layered on top of an existing design. Idle’s approach is different because the plant system isn’t decoration; it’s structural, sealed directly into the object’s body as a core component rather than an afterthought.
Of course, there will be some reservations about putting moisture and soil so close to your phone, which might be resistant to water and dust, but only from brief encounters. Good thing, then, that it’s still a concept project right now. But as a thought experiment about what a phone case could reasonably contain, it lands somewhere between genuinely novel and gently absurd, which is probably the most honest place for a good idea to start.
The post Phone Cases Are Boring, This One Puts a Living Terrarium Inside first appeared on Yanko Design.
The split air conditioner is one of the least loved objects in any home, which is a strange thing to say about something most people couldn’t live without. It works, technically, but it tends to make its presence known in all the wrong ways. The air is too direct, the noise is a constant background irritant, and the plastic box on the wall rarely belongs in any thoughtfully designed interior.
From that frustration comes WellFlow, a concept that reframes what air conditioning is supposed to do for the people living around it. Rather than engineering a better cooling box, the designers built something closer to a wellness device. It’s a concept that received validation through the iF Design Award in 2026 and was first revealed at IFA Berlin 2025.
Designer: Merve Nur Sökmen, Zehra Sarıarslan
The most immediate shift is in how air actually moves. Conventional units push output in one direction, landing directly on whoever is in the room. WellFlow uses four-way diffusion to spread conditioned air from all sides without targeting anyone in particular. Sensors also monitor occupancy and steer airflow accordingly, so the unit quietly adapts to the room rather than expecting the room to tolerate it.
Beyond airflow, the system also handles humidity, air purity, ambient lighting, and sound. A built-in humidifier balances moisture levels rather than leaving the air artificially dry, which is one of the most common complaints about running a conventional unit through the night. Circadian lighting and integrated speakers complete the picture, creating conditions that support sleeping, concentrating, or quietly winding down, depending on what the moment calls for.
All of this adjusts automatically. The system continuously monitors temperature, humidity, and air quality, then fine-tunes its output without any manual input. A baby’s room needs different conditions than a home office or a gym corner, and WellFlow is designed to recognize those differences. Its behavior was shaped through user research spanning new parents, older adults, and people with respiratory sensitivities, groups that conventional air conditioners routinely fail to address.
The physical form is just as deliberate as the behavior. Most air conditioners are conspicuously technical, with plastic housings that fight against any interior aesthetic. WellFlow uses a woven textile front panel with rounded corners and a matte finish, giving it a material quality far more associated with furniture than appliances. An ambient light halo behind the unit softly signals its presence on the wall without demanding any attention.
A pull-out front filter makes maintenance visible and intuitive, addressing something the design team identified as a recurring trust issue with conventional units. People often aren’t sure when or how to clean their filters, and that uncertainty quietly chips away at confidence in the device. WellFlow removes that ambiguity. For a machine designed around human comfort, even that seemingly small detail ends up mattering quite a lot.
The post This AC Does 5 Jobs at Once and Looks Like Furniture on Your Wall first appeared on Yanko Design.
Broken stained glass resembles a shattered Microsoft logo alongside an OpenAI logo on a rough concrete floor.
Microsoft's partnership with OpenAI just became non-exclusive.
Apple reportedly removed several high-memory Mac Studio and Mac mini options as AI demand and memory shortages strain desktop Mac supply.
The post Mac Studio, Mac mini Buyers Are Losing Options Amid AI Demand appeared first on TechRepublic.
Alphabet is closing in on Nvidia’s market value as Google Cloud growth, AI investments, and custom chips fuel Wall Street optimism.
The post Alphabet Poised to Overtake Nvidia as the World’s Most Valuable Public Company appeared first on TechRepublic.
New Texas filings suggest Elon Musk’s proposed Terafab chip plant could cost up to $119 billion, raising stakes for AI and semiconductor supply chains.
The post Elon Musk’s Texas Chip Plant Could Cost $119B, Filings Show appeared first on TechRepublic.
Google reportedly proposed EU search changes to address concerns about news rankings, publisher revenue, and potential fines under the Digital Markets Act.
The post Google Seeks EU Deal Over ‘Parasite SEO’ News Rankings appeared first on TechRepublic.
Android 17 rumors point to Motion Assist, App Bubbles, native app locking, Gemini updates, and Android XR news ahead of Google I/O 2026.
The post Android 17: Everything We Know About Google’s Biggest Year Yet appeared first on TechRepublic.
Apple’s proposed $250M Siri settlement could pay eligible iPhone buyers. See who qualifies, how much they could receive, and what comes next.
The post Apple’s $250M Siri Settlement Could Pay Eligible iPhone Buyers appeared first on TechRepublic.
Find the best Apple deals in May 2026, including discounts on AirPods, Apple Watch, iPad Air, MacBook Air, AirTag, and Studio Display.
The post Best Apple Deals in May: AirPods, iPads, MacBooks, and More appeared first on TechRepublic.
