Technology

1452 readers
5 users here now

A tech news sub for communists

founded 4 years ago
MODERATORS
76
77
78
79
80
81
82
83
 
 

Apparently with improved memory (no compression) and what it calls "dream and distil": background organising of its understanding of a project's code base and the user's workflow habits, and writing skills for itself to support your workflow.

It'll be interesting to see how that latter option turns out.

84
 
 

cross-posted from: https://hexbear.net/post/8738152

Full article text

Hundreds of millions of Pokémon Go players spent years filming the streets, parks, and buildings around them to earn in-game rewards. Those roughly 30 billion environmental scans are now owned by Niantic Spatial, and they helped train a camera-based navigation model that a U.S. defense contractor is preparing to put into drones and other military robots. Most of the players had no idea.

The pipeline runs from a mobile game to the battlefield in three steps. Players scanned the physical world. Niantic Spatial turned those scans into a 3D map that lets a machine locate itself by sight when satellite signals fail. And in December 2025, Niantic Spatial announced a partnership with Vantor, the defense and intelligence firm formerly known as Maxar Intelligence, to fuse that ground-level system with Vantor’s aerial navigation software for use in GPS-denied operations.

I have spent years covering how drones lose their way the moment an electronic warfare unit switches on a jammer, a problem that has spread from the battlefield into civilian airspace, from Ukrainian workshops cycling through navigation generations to American programs scrambling for alternatives. The unsettling part of this story is not the technology. It is where the training data came from, and whether the people who supplied it would have agreed had anyone explained the destination.

Pokémon Players Filmed Their Surroundings for Rewards and Fed a 3D Map

Since 2021, Pokémon Go has asked players to record short videos of real-world locations, called Pokéstops, to earn extra in-game items. Scanning all the buildings, streets, and trees in a 360-degree sweep was optional, and Niantic asked separately for permission to keep the footage. Granting it meant agreeing to extra terms.

Those terms handed Niantic a transferable, sublicensable license to the scans, meaning the company could resell the imagery to third parties. Floris De Hingh, a 34-year-old Dutch player who downloaded the game on its first available day in 2016, told Trouw he never connected the footage he captured to a system that would steer military drones. “I was just playing a game,” he said. He had even scanned the inside of his own apartment.

The collected scans, around 30 billion of them according to Trouw, became the raw material for a Visual Positioning System, or VPS. Where GPS depends on a satellite signal, VPS works out where a camera is by matching what it sees against a detailed 3D model of the world. Two recognizable reference points a few pixels wide can be enough to fix a location. Niantic Spatial CTO Brian McClendon, who previously led the team behind Google Maps, Google Earth, and Street View, has said the approach suits robots operating where GPS regularly drops out, such as dense cities, and where signals are deliberately blocked, such as war zones.

Vantor Will Pair the Ground Map With Aerial Drone Navigation

The Vantor partnership, announced on December 16, 2025, joins two positioning systems into one. Niantic Spatial handles localization on the ground by aligning a camera feed against its model. Vantor’s Raptor software, launched in February 2025, does the same job in the air using a drone’s camera and Vantor’s proprietary 3D terrain data. Combined, the companies say, a drone overhead and a vehicle or dismounted operator below can share the same coordinates in real time with no satellite link. The principle is already turning up on the other side of the front, where a downed Russian drone was found matching live camera feeds against preloaded terrain imagery rather than trusting a single GPS module.

Vantor’s own framing is blunt about the problem it targets. The joint release names GPS “unavailability, spoofing, interference, and jamming” as the vulnerability, and lists autonomous drones, vehicles, augmented reality glasses, and other field assets as the platforms meant to run on the shared system. Niantic Spatial’s go-to-market lead told defense outlet Tectonic the goal is thousands of devices operating on one coordinate framework in an electronic-warfare-heavy environment. Field testing of the integrated system is planned for early 2026.

Vantor is not a startup dabbling in defense. Rebranded from Maxar Intelligence on October 1, 2025, it is a prime contractor to the National Geospatial-Intelligence Agency, holding a follow-on award worth $70 million under the agency’s Global Enhanced GEOINT Delivery program, which serves more than 400,000 U.S. government users. This is a company built around national security imagery, now adding GPS-independent navigation to its catalog.

Vantor Denies Using the Pokémon Game Data, Then Declines to Rule It Out

Asked directly whether the military-bound system relies on Pokémon Go imagery, Vantor told Trouw it would not use the game’s data. The company then declined to say whether the model it plans to deploy was trained on those scans in the past. Niantic Spatial, responding to earlier questions about a separate deal, said the scans were used to train an “early version” of its navigation model. On the defense partnership specifically, the company said it had no new information to share.

That gap is the heart of the dispute. Jeroen van den Hoven, a professor of ethics and technology at TU Delft, told Trouw the conclusion is hard to avoid. “Without the huge number of scans from all those gamers, the development of this system would never have progressed so quickly,” he said. He added that AI models begin with a dataset and then absorb far more data until the original contributions blur into patterns that can no longer be traced. Once a scan is folded into the model, in other words, proving it is or is not in there becomes nearly impossible.

Van den Hoven did not condemn battlefield VPS outright. If it helps Ukraine win a just war against an aggressor, he said, that is a good development. His worry is the system falling into the wrong hands, and the broader pattern of players being misled about where their data goes. He called the episode a red flag.

Niantic’s Roots Run Back to a CIA-Backed Mapping Firm

The military turn looks less like a swerve once you trace the company’s lineage. Niantic grew out of Keyhole, a geographic data firm that took funding in 2003 from In-Q-Tel, the venture arm financed by the CIA. An In-Q-Tel release from that year stated Keyhole’s services were used to support U.S. troops during the Iraq War. Google bought Keyhole the following year, and Keyhole CEO John Hanke went on to lead the team behind Google Maps, Google Earth, and Street View.

Hanke formed Niantic Labs inside Google in 2010, then spun it out in 2015. The company collected camera imagery from players once before, through its 2014 game Ingress, using the same method later applied in Pokémon Go. In 2025 the structure split again: Scopely, owned by Saudi Arabia’s Savvy Games Group and ultimately the kingdom’s Public Investment Fund, acquired Niantic’s games business for $3.5 billion in a deal that closed in late May, while the technology platform spun off as the standalone Niantic Spatial under Hanke. The games went to a Saudi sovereign wealth fund. The map went to defense.

The Consent Question Reaches Far Beyond One Game

Pokémon Go is not the only camera in your pocket feeding a map. Meta’s smart glasses continuously scan a wearer’s surroundings, Apple’s AR hardware builds 3D models of interiors, and Waymo’s self-driving cars reconstruct detailed street layouts. Niantic Spatial has signaled interest in more indoor footage specifically, and in March 2025 it announced a deal with Coco Robotics to guide delivery robots already rolling through U.S. cities and Helsinki.

Iris Muis, a data-ethics expert at Utrecht University’s Data School, framed the trap plainly: a user cannot picture how their data might be used later. Maybe in five years there is an application with effects you fundamentally disagree with. British game designer Adrian Hon has gone further, advising Pokémon Go players to stop making scans and consider smaller games less likely to resell data. De Hingh, who quit the game over a year ago because he was tired of the updates rather than the data terms, called the news an enormous eye-opener. “A game should stay a game,” he said.

spoiler DroneXL’s Take [This section is just warmonger puke only included for the sake of mirroring completely]

The navigation problem this solves is real, and DroneXL has documented it from the trenches. When I wrote about Ukraine’s FirePoint in March, the detail that stuck was not the 200 strike drones a day. It was that the company had built seven generations of navigation systems in roughly three years, landing on a terrain-matching setup that uses a cheap night camera to fly without GPS. Russia can jam GPS. It cannot jam a drone that does not need it. Visual positioning is the same insight, scaled up and packaged for export.

So I am not going to pretend GPS-denied navigation is sinister on its face. It is one of the most important capability gaps in the industry, the reason Shield AI’s V-BAT keeps flying when radio links die, the reason the Pentagon’s Drone Dominance evaluations are adding GPS denial to Phase II this year. The discomfort here is narrower and sharper. The training data came from people who thought they were catching Pikachu, under a license most never read, sold up a chain that ends at a sovereign wealth fund and a defense prime. Consent obtained for a game is not consent for a weapons program, even if the end use turns out to be defensible.

Vantor’s non-answer is what I would watch. The company says it will not use Pokémon Go data and refuses to say whether the model it is fielding was already trained on it. Those are not the same statement, and the difference is the whole story. Van den Hoven is right that once scans are baked into a model, tracing them back is close to impossible, which conveniently makes the denial unfalsifiable. The early-2026 field tests will tell us whether this air-to-ground system is real or a press release. They will not tell us whose footage is inside the model, and so far nobody at either company will. :::

Sources: Trouw, Volkskrant.

DroneXL uses automated tools to support research and source retrieval. All reporting and editorial perspectives are by Haye Kesteloo. :::

85
86
87
 
 

There is now a "slopware" list on Codeberg cataloging FOSS projects that have used AI in any capacity—not adopted it necessarily, just used it. The entries are often absurd: one older commit reportedly listed a project because "the dev learned something from Claude once." It's not about code quality or security concerns, it's about chastising and othering people for daring to open a chat window.

As if developing FOSS was not thankless enough already lol.

Some people are now refusing to use any "slopware" at all. A recent example: rsync's developer fixed long-standing security issues that kept getting reported by people who used AI. So, he used AI to find the bugs, fixed them himself, and then also used AI to update the unit tests based on his particular needs for the tests rsync needs.

The fixes he pushed introduced regressions, which is implicit behavior that was never explicitized before. The security updates broke these behaviors, and so for a handful of people rsync stopped working.

The thing is, if you have two users with a very particular edge case and one million users without it, and all face the same security vulnerabilities, who takes precedence? Security issues need to be fixed. That's not really negotiable.

The weirdest part about people suddenly jumping ship because there's "AI" is that FOSS devs make no money from user engagement. Whether one person or one hundred thousand use their software means the exact same to them. A few people jumping ship will not hurt sales figures or sponsors... it's all very capitalistic in understanding.

Anyway, rsync is a segue to the real problem: security. When the bugs were introduced in the new rsync, there was outrage. People started recommending openrsync, or forked rsync from before there were mentions of AI in the commits.

As the rsync maintainer pointed out though, openrsync fails most of the tests that rsync uses. A test is basically "does the software do this particular thing correctly: yes/no". The fact that openrsync fails tests that rsync doesn't means that:

  • it doesn't have feature parity,
  • it might not work for your particular usecase, and
  • it doesn't fix the critical security issues the AI pointed out that rsync fixed.

This is where we are at today. You can open any agentic interface, put five dollars of credit on DeepSeek or whatever else, download the git repo and tell the AI: "find security vulnerabilities." That is all you need to do. It will also helpfully write you a script that exploits the vulnerabilities it found.

This is why rsync had to push the security update. The problems were real, and the maintainer kept getting flooded by reports that any old joe found with their AI.

So okay, openrsync doesn't use AI. That means it doesn't correct security bugs that will take an AI fifteen minutes to find. It will probably never even know about these vulnerabilities unless someone is kind enough to report it on the repo, and they do fear getting put on the slopware list for committing the unforgivable sin of patching a vulnerability in their software.

If I were a hacker... I would target that slopware list (thanks for listing software that is easy to exploit btw). I would send an agent on it, find vulnerabilities that I know the maintainers will not be able to patch because they refuse to use AI to find the patterns, and then hack whatever I can with what I find.

I am far from the first person who has thought of that, I can confidently say that much.

The rsync vulnerabilities were there for twenty years. It's just that they were so improbable to figure out that nobody did in those twenty years. AI does not work like a person. It can ingest your entire codebase and connect patterns. It doesn't tire out either. Once it finds a thread, it can pull on it forever, trying all sorts of different ways to activate the vulnerability.

The people that forked rsync to "before the AI slop" are basically saying: "yeah, there are security vulnerabilities that everyone knows about in this fork."

I would compare it to a firewall. A firewall prevents machines from connecting to your computer when they should not be allowed to. If you do not have a firewall, any machine can try connecting to you. Refusing to use a firewall because of some purity statement, e.g. "but I feel like hackers should not be allowed to just connect to my home computer. Before we had the internet they could not do that, so why should I change?", is basically advertising free parking to everyone. Hackers use new methods, and you need to match those methods.

It's not theoretical either. In May 2026, researchers found they could privilege escalate to root on any Linux machine in just ten lines of Python. They partially found it with AI. Ten lines of Python is something a "helpful" forum user can add to the end of a cracked software file they're uploading for you and you wouldn't even catch it.

Yes, vulnerabilities have always existed. But what AI does is allow anyone to find really improbable, deeply-buried vulnerabilities. And having a list of software that "does not use AI," and using that software, is basically saying "come hack me."

I don't mean to make you paranoid about the software you use. Vulnerabilities are being exploited all the time, and it's a game of cat and mouse where hackers find a method, and security researchers patch that method. You won't even always have the latest patches.

What I'm saying rather is that actively refusing to use software that used AI is basically digging your own security grave. It's like refusing to use a firewall, or refusing to move on from Windows XP.

I mean, the "slopware" repo even admits some of this:

Name: espeak-ng. Alternative to consider: espeak

¹espeak may be considered heavily outdated and very bad from a modern standpoint.

Amazing.

88
89
90
91
92
 
 

A new paper from Moonshot AI tackles a key bottleneck in how language models handle depth. Standard residual connections just add up the outputs of all previous layers using fixed uniform weights, and uniform addition creates a problem where hidden states grow uncontrollably as the network gets deeper. As a result, the contributions of early layers end up getting completely buried and diluted by the time the data reaches the end of the model.

This happens to be the exact same issue older recurrent neural networks faced over time before attention mechanisms came along. Naturally, they tackle the problem in a similar way using attention residuals instead of a fixed accumulation and applying a softmax attention mechanism over the outputs of preceding layers. Now, every single layer gets a learned pseudo query vector that lets it selectively pick and choose which earlier representations it actually needs to look at. This allows the network to naturally retrieve information from anywhere in its depth depending on the specific input.

However, applying this over every individual layer is called Full AttnRes and it comes with a massive catch which is that saving all those individual layer outputs creates memory and communication bottlenecks during large scale distributed training because the overhead scales linearly with the number of layers. So, in order to make the architecture actually usable they grouped the layers into chunks and summed up the outputs inside each block. The cross layer attention is then only applied over these compressed block level summaries rather than every single layer drastically reducing the memory and communication footprint.

By combining a block structure with a smart cross stage caching system and a two phase computation strategy the setup becomes a practical drop in replacement with practically zero training overhead. Their experimental results show that the performance boost holds up consistently across different model sizes.

93
1
submitted 1 month ago* (last edited 1 month ago) by yogthos@lemmygrad.ml to c/technology@lemmygrad.ml
 
 

Xidian University, China announced their successful breakthrough in several critical technologies regarding the construction of a solar power plant in space and wireless power transmission by microwave, reaching kilowatt output across a hundred meters, and succeeded in testing one-on-many moving targets microwave wireless power transmission on the ground.

94
95
96
97
98
99
100
view more: ‹ prev next ›