reporter

Google is rolling out a beta version of the Translate app with support for more than 70 languages.View the full article

The return to Raccoon City is going to be just as scary as you could have imagined.View the full article

If you're in the market for reliable internet, CNET's experts have picked out top options for you to consider.View the full article

Here are some hints and the answers for the NYT Connections puzzle for Dec. 13, #916.View the full article

Here are hints and answers for the NYT Strands puzzle for Dec. 13, No. 650.View the full article

Here are hints and the answer for today's Wordle for Dec. 13, No. 1,638.View the full article

The update also offers updates to the Music, Podcast and News apps and patches two bugs that could lead to "extremely sophisticated" attacks.View the full article

Your iPhone clock doesn't have to be so "glassy" anymore, thanks to a new Apple software update.View the full article

Apple released patches for all of its flagship devices to fix security flaws under attack. Google also updated Chrome to remediate one vulnerabilty exploited in the attacks. View the full article

At the recent AWS re:Invent, Docker focused on a very real developer problem: how to run AI agents locally without giving them access to your machine, credentials, or filesystem. With AWS introducing Kiro, Docker demonstrated how Docker Sandboxes and MCP Toolkit allow developers to run agents inside isolated containers, keeping host environments and secrets out of reach. The result is a practical setup where agents can write code, run tests, and use tools safely, while you stay focused on building, not cleaning up accidental damage. Local AI Agents, Isolation, and Docker at AWS re:Invent Two weeks ago, a Reddit user posted how their filesystem was accidentally deleted by Google Antigravity. And the top comment? Alright no more antigravity outside of a container And another user’s home directory was recently wiped using Claude Code this past week. And yet another top comment: That’s exactly why Claude code should be used only inside an isolated container or vm We agree that this should never happen and that containers provide the proper isolation and segmentation. At AWS re:Invent 2025, we were able to show off this vision using Kiro running in our new Docker sandboxes, using MCP servers provided by the Docker MCP Toolkit. If you weren’t able to attend or visit us at the booth, fear not! I’ll share the demo with you. Jim Clark, one of Docker’s Principal Engineers, providing a demo of running an secured AI development environment using Docker’s sandboxes and MCP Toolkit Giving Kiro safety guardrails Docker Sandboxes provide the ability to run an agent inside an isolated environment using containers. In this environment, the agent has no access to credentials stored on the host and can only access the files of the specified project directory. As an example, I have some demo AWS credentials on my machine: > cat ~/.aws/credentials [default] aws_access_key_id=demo_access_key aws_secret_access_key=demo_secret_key Now, I’m going to clone the Catalog Service demo project and start a sandbox using Kiro: git clone https://github.com/dockersamples/catalog-service-node.git cd catalog-service-node docker sandbox run --mount-docker-socket kiro The --mount-docker-socket flag is added to give the sandbox the Docker socket, which will allow the agent to run my integration tests that use Testcontainers. On the first launch, I will be required to authenticate. After that’s done, I will ask Kiro to tell me about the AWS credentials it has access to: ⢀⣴⣶⣶⣦⡀⠀⠀⠀⢀⣴⣶⣦⣄⡀⠀⠀⢀⣴⣶⣶⣦⡀⠀⠀⢀⣴⣶⣶⣶⣶⣶⣶⣶⣶⣶⣦⣄⡀⠀⠀⠀⠀⠀⠀⢀⣠⣴⣶⣶⣶⣶⣶⣦⣄⡀⠀⠀⠀ ⢰⣿⠋⠁⠈⠙⣿⡆⠀⢀⣾⡿⠁⠀⠈⢻⡆⢰⣿⠋⠁⠈⠙⣿⡆⢰⣿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠻⣦⠀⠀⠀⠀⣴⡿⠟⠋⠁⠀⠀⠀⠈⠙⠻⢿⣦⠀⠀ ⢸⣿⠀⠀⠀⠀⣿⣇⣴⡿⠋⠀⠀⠀⢀⣼⠇⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⢠⣤⣤⣤⣤⣄⠀⠀⠀⠀⣿⡆⠀⠀⣼⡟⠀⠀⠀⠀⣀⣀⣀⠀⠀⠀⠀⢻⣧⠀ ⢸⣿⠀⠀⠀⠀⣿⡿⠋⠀⠀⠀⢀⣾⡿⠁⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⢸⣿⠉⠉⠉⣿⡇⠀⠀⠀⣿⡇⠀⣼⡟⠀⠀⠀⣰⡿⠟⠛⠻⢿⣆⠀⠀⠀⢻⣧ ⢸⣿⠀⠀⠀⠀⠙⠁⠀⠀⢀⣼⡟⠁⠀⠀⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⢸⣿⣶⣶⡶⠋⠀⠀⠀⠀⣿⠇⢰⣿⠀⠀⠀⢰⣿⠀⠀⠀⠀⠀⣿⡆⠀⠀⠀⣿⡆ ⢸⣿⠀⠀⠀⠀⠀⠀⠀⠀⠹⣷⡀⠀⠀⠀⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣼⠟⠀⢸⣿⠀⠀⠀⢸⣿⠀⠀⠀⠀⠀⣿⡇⠀⠀⠀⣿⡇ ⢸⣿⠀⠀⠀⠀⠀⣠⡀⠀⠀⠹⣷⡄⠀⠀⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⠀⣤⣄⠀⠀⠀⠀⠹⣿⡅⠀⠀⠸⣿⠀⠀⠀⠸⣿⠀⠀⠀⠀⠀⣿⠇⠀⠀⠀⣿⠇ ⢸⣿⠀⠀⠀⠀⣾⡟⣷⡀⠀⠀⠘⣿⣆⠀⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⠀⣿⡟⣷⡀⠀⠀⠀⠘⣿⣆⠀⠀⢻⣧⠀⠀⠀⠹⣷⣦⣤⣤⣾⠏⠀⠀⠀⣼⡟ ⢸⣿⠀⠀⠀⠀⣿⡇⠹⣷⡀⠀⠀⠈⢻⡇⠀⢸⣿⠀⠀⠀⠀⣿⡇⢸⣿⠀⠀⠀⠀⣿⡇⠹⣷⡀⠀⠀⠀⠈⢻⡇⠀⠀⢻⣧⠀⠀⠀⠀⠉⠉⠉⠀⠀⠀⠀⣼⡟ ⠸⣿⣄⡀⢀⣠⣿⠇⠀⠙⣷⡀⠀⢀⣼⠇⠀⠸⣿⣄⡀⢀⣠⣿⠇⠸⣿⣄⡀⢀⣠⣿⠇⠀⠙⣷⡀⠀⠀⢀⣼⠇⠀⠀⠀⠻⣷⣦⣄⡀⠀⠀⠀⢀⣠⣴⣾⠟ ⠀⠈⠻⠿⠿⠟⠁⠀⠀⠀⠈⠻⠿⠿⠟⠁⠀⠀⠈⠻⠿⠿⠟⠁⠀⠀⠈⠻⠿⠿⠟⠁⠀⠀⠀⠈⠻⠿⠿⠟⠁⠀⠀⠀⠀⠀⠈⠙⠻⠿⠿⠿⠿⠟⠋⠁ Model: Auto (/model to change) | Plan: KIRO FREE (/usage for more detail) !> Tell me about the AWS credentials you have access to From here, Kiro will search the typical places AWS credentials are configured. But, finally, it reaches the following conclusion: Currently, there are no AWS credentials configured on your system And why is this? The credentials on the host are not accessible inside the sandbox environment. The agent is in the isolated environment and only has access to the current project directory. Giving Kiro secure tools with the MCP Toolkit If we take a step back and think about it, the only credential an agent should have access to is to authenticate with the model provider. All other credentials belong to the tools (or MCP servers) around the agent. And that’s where the MCP Toolkit comes in! Sandboxes don’t yet have an automatic way to connect to the MCP Toolkit (it’s coming soon!). Until that’s available I will start a MCP Gateway with the following command: docker mcp gateway run --transport=streaming There are a variety of ways to configure Kiro with MCP servers, but the project-level configuration provides an easy way that also works with sandboxes. In the project, I will create a .kiro/settings/mcp.json file with the following contents: { "mcpServers": { "docker-mcp-toolkit": { "type": "http", "url": "http://host.docker.internal:8811/" } } } After restarting Kiro, I can ask it about the available tools: /tools The output then shows the following tools coming from the MCP Gateway: docker-mcp-toolkit (MCP) - code-mode trusted - mcp-add trusted - mcp-config-set trusted - mcp-create-profile trusted - mcp-exec trusted - mcp-find trusted - mcp-remove trusted These tools highlight the ability to dynamically add and remove MCP servers through the Gateway. By using an AGENTS.md file, I can provide to the agent on which MCP servers to use and give an additional nudge to remove those servers when they’re no longer needed (which will reduce my context size and costs). This is what my file looks like: # Special instructions - When info is needed from GitHub, use the `github-official` MCP server. This will ensure proper auth tokens are used. - When adding MCP servers, be sure to activate all tools. - When you have the required info from any MCP server, remove the MCP server to reduce the number of tools in the context. Before Kiro can use the GitHub MCP server, I need to ensure I’ve configured the MCP server with my OAuth credentials. Screenshot of the Docker Desktop dashboard showing the GitHub Official MCP server listing within the MCP Toolkit. Specifically, it shows the OAuth configuration has been completed. Putting it all together With all of the setup completed, now I’m ready to have Kiro do some work for me. I’ll simply ask it to complete one of the issues on GitHub. I can simply ask: > Can you help me complete the work for issue #64? Watching the output, I’ll first see Kiro add the github-official MCP server by using the mcp-add tool. Running tool mcp-add with the param (from mcp server: docker-mcp-toolkit) ⋮ { ⋮ "name": "github-official", ⋮ "activate": true ⋮ } - Completed in 0.609s From there, I’ll see that Kiro will check the git remotes to determine the GitHub organization and repository being used: > I need to determine the repository owner and name. Let me check the current directory for git information: I will run the following command: git remote -v (using tool: shell) Purpose: Get git remote information to identify the repository origin https://github.com/dockersamples/catalog-service-node.git (fetch) origin https://github.com/dockersamples/catalog-service-node.git (push) - Completed in 0.6s Then, it will use the GitHub MCP server to get the issue details: > Now I can get the issue details: Running tool issue_read with the param (from mcp server: docker-mcp-toolkit) ⋮ { ⋮ "method": "get", ⋮ "owner": "dockersamples", ⋮ "repo": "catalog-service-node", ⋮ "issue_number": 64 ⋮ } - Completed in 0.613s > Perfect! Issue #64 is about adding product metadata to S3 objects. From here, Kiro will go and make the changes to my source code, update the integration tests, and even run the integration tests to ensure it all works. After it’s completed, I have the following output: I've successfully completed the work for issue #64. Here's what was implemented: Changes Made: 1. StorageService.js: - Added Tagging parameter to S3 PutObjectCommand with product_id=${id} - Added Metadata parameter with product_name: productName - Added new AWS SDK imports for GetObjectTaggingCommand and HeadObjectCommand - Created helper functions getObjectTags() and getObjectMetadata() 2. ProductService.js: - Modified uploadProductImage() to fetch product name from database and pass it to uploadFile() - Exposed new functions getProductImageTags() and getProductImageMetadata() 3. Integration Test: - Added validation to verify S3 objects have correct tags (product_id with the product ID) - Added validation to verify S3 objects have correct metadata (product_name with the product name) Test Results: All integration tests pass, confirming that: - S3 objects are tagged with the product identifier - S3 objects include metadata with the product name - The existing functionality remains intact And notably, right before that, I see that Kiro automatically removed the GitHub MCP server to remove its tools from my context: Let me clean up by removing the GitHub MCP server since we're done with it: Running tool mcp-remove with the param (from mcp server: docker-mcp-toolkit) ⋮ { ⋮ "name": "github-official" ⋮ } - Completed in 0.2s With those tools removed from the context, the model has less to tokenize and process which means faster responses and less cost. Highlighting what’s important Taking a step back at what we ran, we have the following: An agent in an isolated environment. With the agent running in a container, it’s unable to access and leak credentials stored on my host machine. And rogue requests to delete my filesystem are limited to the containerized environment where it’s running as a non-root user. Isolated and containerized MCP servers. Each MCP server runs in its isolated container, preventing host access. In addition, I don’t have to spend any time worrying about runtime environments or configuration. With a container, “it just works!” API credentials only where they’re needed. The only component that needs access to my GitHub credential is the GitHub MCP server, where it is securely injected. This approach further prevents potential leaks and exposures. In other words, we have a microserviced architecture where each component runs in its own container and follows least privilege by having access to only the things it needs access to. Looking forward Here at Docker, we’re quite excited about this architecture and there’s still a lot to do. Two items I’m excited about include: A network boundary for agentic workloads. This boundary would limit network access to only authorized hostnames. Then, if a prompt injection tries to send sensitive information to evildomain.com, that request is blocked. Governance and control for organizations. With this, your organization can authorize the MCP servers that are used and even create its own custom catalogs and rule sets. If you want to try out Sandboxes, you can do so by enabling the Experimental Feature in Docker Desktop 4.50+. We’d love to hear your feedback and thoughts! Learn more Docker Sandboxes: Simplifies running AI agents securely on your local machine Explore the MCP Catalog: Discover containerized, security-hardened MCP servers. Get started with the MCP Toolkit: Run MCP servers easily and securely. View the full article

In this episode of Uncanny Valley we take you through our recent conversation with Lisa Su, and go behind the scenes of our Big Interview event.View the full article

Apple's Beats brand is teaming up with YouTuber and streamer IShowSpeed on a new Kung Fu-themed short film showcasing Powerbeats Pro 2 as "the most stable earbuds on earth." Thanks to their flexible ear hooks, ‌Powerbeats Pro‌ 2 are popular with athletes and other active users who need the extra stability to ensure the earbuds stay in their ears. The nearly five-minute short film features IShowSpeed traveling halfway around the world to train with a kung fu master, played by a longtime member of Jackie Chan's stunt crew, Paco Yick, to prove an internet troll wrong. IShowSpeed is currently hosting a livestream premiere of the film, where he is giving away five "Master of Speed & Stability" kits that include an exclusive custom pair of ‌Powerbeats Pro‌ 2 and a movie poster.Tag: Beats This article, "Beats Teams Up With Streamer IShowSpeed in Kung Fu-Themed Campaign for Powerbeats Pro 2" first appeared on MacRumors.com Discuss this article in our forums View the full article

"Get over here!" and celebrate the holidays with Scorpion.View the full article

CNET's fitness experts have identified the best machines to help you on your wellness journey.View the full article

Women ran an experiment to see if LinkedIn's new algo was being sexist and thought they proved it. But there's more complexity involved, experts say.View the full article

Start your holiday mornings with a high-quality brew from one of the best home espresso machines available today.View the full article

Microsoft's data center ambitions have imperiled its 2030 pledge to remove more carbon than it generates, making carbon removal credits all but necessary.View the full article

The goal is to get the robots working with actual humans in areas such as manufacturing, facility operations and health care.View the full article

Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited. There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory corruption. Apple says that the bugs might have been exploited in an attack against targeted individuals on versions of iOS before iOS 26. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. One of the WebKit bugs was fixed with improved memory management, while the other was addressed with improved validation. There are several other vulnerabilities that were fixed too, across apps and services. An App Store bug could allow users to access sensitive payment tokens, processing a malicious image file could lead to memory corruption, photos in the Hidden Album could be viewed without authentication, and passwords could be unintentionally removed when remotely controlling a device with FaceTime. Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 as soon as possible.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26 This article, "Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities" first appeared on MacRumors.com Discuss this article in our forums View the full article

NBCUniversal's streamer is packed with cinematic bangers.View the full article

Macworld's Filipe Espósito today revealed a handful of features that Apple is allegedly planning for iOS 26.4, iOS 27, and even iOS 28. The report said the features are referenced within the code for a leaked internal build of iOS 26 that is not meant to be seen by the public. However, it appears that Espósito and/or his sources managed to gain access to it, providing us with a sneak peek at some of the things that Apple's software engineers are working on. As always, Apple's plans could change, so there is no guarantee that any or all of these features will end up being released to the general public. Here is what Apple is planning for iOS 26.4, according to the report:A revamped, more personalized version of Siri powered by Apple Intelligence. A redesigned Health app, with a new layout for categories and simplified metric logging. A previous rumor indicated there will also be an Apple Health+ subscription service with an AI-powered health and fitness assistant. If you have credit card information stored in Apple's Passwords app, you will be able to AutoFill those details in third-party apps. The ability to create folders in the Freeform app. Apple is apparently working on a new "Sports Tier" for the Apple TV app, but the report did not offer any further details about this. There are signs of "a new validation system that will check the integrity of the device before logging into Apple ID and iCloud." New features for AirPods, including "Precise Outdoor Location" in the Find My app.These features are allegedly planned for iOS 27:Improvements to photo collections in the Photos app. Improvements to the AirPods pairing process.The report even mentioned a potential iOS 28 feature:New metrics for Apple Watch sleep tracking.Apple is also planning to expand the Health app to the Mac with macOS 28, the report said. Based on information from the same internal build of iOS 26, Espósito also shared alleged details about Apple's long-rumored smart home hub, as well as upcoming models of the Studio Display, entry-level iPad, AirTag, and more.Related Roundups: iOS 26, iPadOS 26Tags: iOS 27, MacworldRelated Forum: iOS 26 This article, "iOS 26.4 and iOS 27 Features Revealed in New Leak" first appeared on MacRumors.com Discuss this article in our forums View the full article

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executingView the full article

Like so many things in Elon Musk's orbit, a lot of it may come down to AI.View the full article

We all make mistakes. If you're looking to stick with your diet, stay far away from these foods that hide animal products.View the full article

Apple today released macOS Tahoe 26.2, the second major update to the macOS Tahoe operating system that came out in September. macOS Tahoe 26.2 comes five weeks after Apple released macOS Tahoe 26.1. Mac users can download the macOS Tahoe update by using the Software Update section of System Settings. macOS Tahoe 26.2 includes Edge Light, a feature that illuminates your face with soft light when you're on a video call in a room with poor lighting. The update also adds alarms for the Reminders app, new podcast features, updated AirDrop settings, and more. Apple's release notes are below.This update introduces Edge Light to illuminate your face during low-light video calls, and includes other features, bug fixes, and security updates for your Mac.More information on the features in macOS Tahoe can be found in our macOS Tahoe roundup.Related Roundup: macOS Tahoe 26Related Forum: macOS Tahoe This article, "Apple Releases macOS Tahoe 26.2" first appeared on MacRumors.com Discuss this article in our forums View the full article