Businesses say they’re down tens of thousands of dollars since the Moa Point sewage spill. Read...

She steeled herself for an awkward morning tea, but was delighted by the warm smiling faces of schoolchildren. Read...

Questions raised over KingsWay communications after teacher’s “serious misconduct” ruling. Read...

So you want to stream or capture game video, preferably on a powerful laptop or desktop. What you need, my friend, is a capture card. But after figuring that out, you have another question to answer: Internal or external? PCIE or USB? Will Smith is here to answer it with his latest round of testing on PCWorld’s YouTube channel. And at the risk of spoiling the video: Will says it doesn’t really matter anymore. Unless you’re recording at super massive resolution/framerate well above 4K, or you’re recording on a Linux system. In the former case, the extra bandwidth of a PCIE-connected card can be a major boon (assuming you have a system that can actually handle that recording). And in the latter, the more standardized USB interface is better, because some companies (ahem Elgato ahem) don’t have a great track record of supporting Linux. Naturally if you’re recording on a laptop, you need the external card. The surprising thing is how good all of these cards from Elgato and AverMedia have become. When he’s streaming to Twitch, Will watches footage of his console in the OBS preview window — the kind of thing that used to be unimaginable for most games. But Will says he can handle console play on fast-paced, twitchy games like Bloodbourne and Ghost of Tsushima. There isn’t even much of a price difference at the higher end of the recording card market. For more hands-on testing of PC gear, be sure to subscribe to PCWorld on YouTube. And incidentally, if you’re looking to game or stream on Linux, you might want to head over to our sister channel The Full Nerd Network and check out Dual Boot Diaries. Read...

Bitwarden, LastPass, and Dashlane are less secure than you might expect, at least if you go by the findings of security researchers at ETH Zurich and the Università della Svizzera italiana (USI) in Lugano. They’ve allegedly discovered serious security vulnerabilities in these popular password managers. “In tests, they were able to view and even change stored passwords,” writes the editor (machine translated). Why are they vulnerable? Many password managers store passwords in encrypted form in the cloud. The advantage of this is that you can access your passwords across all your devices, no matter where you are. The important bit is that your passwords are encrypted, which guarantees that those passwords are secure against unauthorized access. Even if hackers gain access to the password manager’s servers, the encryption will thwart them. But Swiss security researchers found vulnerabilities in popular password managers Bitwarden, LastPass, and Dashlane: “[The researchers’] attacks ranged from breaches of the integrity of targeted user vaults to the complete compromise of all vaults of an organization using the service. In most cases, the researchers were able to gain access to the passwords—and even manipulate them.” The researchers demonstrated 12 attacks on Bitwarden, 7 on LastPass, and 6 on Dashlane. To do this, they set up their own servers that behaved like a hacked password manager server. The researchers then initiated “simple interactions that users or their browsers routinely perform when using the password manager, such as logging into the account, opening the vault, viewing passwords, or synchronizing data.” The researchers found “very bizarre code architectures,” which were probably created because the companies were trying to “offer their customers the most user-friendly service possible, for example the ability to recover passwords or share their account with family members.” This not only makes the code architectures more complex and confusing, but ends up increasing the number of potential attack points for hackers. The security researchers warn: “Such attacks don’t require particularly powerful computers and servers, just small programs that can spoof the server’s identity.” Before publishing their findings, the researchers informed each password manager so they’d have enough time to fix the flaws. They all responded positively, but not all fixed the flaws at the same speed. Blame it on outdated encryption methods According to the researchers, the reason for the vulnerabilities is obvious: “Discussions with password manager developers have revealed their reluctance to release system updates, fearing their customers could lose access to their passwords and other personal data. These customers include millions of individuals and thousands of companies that entrust their entire password management to these providers. One can imagine the consequences of suddenly losing access to their data. Therefore, many providers cling to cryptographic technologies from the 1990s, even though these are long outdated.” The only solution to this dilemma is for all password managers to be cryptographically updated, at least for new customers. Existing customers could then decide for themselves “whether they want to migrate to the new, more secure system and transfer their passwords there, or whether they want to remain with the old system—aware of the existing security vulnerabilities.” What should you do? The researchers reassure us that there’s no immediate danger, say they have “no reason to believe that password manager providers are currently malicious or compromised, and as long as this remains the case, your passwords are safe. However, password managers are high-profile targets, and security breaches do occur.” Anyone considering a password manager should choose a password manager “that openly discloses potential security vulnerabilities, is externally audited, and has end-to-end encryption enabled by default.” We recommend: NordPass Best Prices Today: $1.29 at NordPass Further reading: The best password managers, reviewed Read...

Moments after storming to gold in the 1,000m, Dutch speed skater Jutta Leerdam unzipped her racing suit, her eyes welling with tears of relief. Read...

A month ago, practically no one had heard about Peter Steinberger’s personal AI side project. Now it’s taken the AI world by storm, and it just got the backing of none other than OpenAI itself.  First known as Clawdbot and later as Moltbot, the now re-rebranded OpenClaw served as an “I know Kung Fu” moment for its earliest users, who were jolted by the capabilities and potential of the AI-powered tool. Put another way, OpenClaw took what had previously been an abstract concept—”agentic AI”—and made it real.  It’s exciting and even vertiginous stuff, and if this story marks the first time you’ve heard of OpenClaw, you absolutely, positively shouldn’t install it.  Meet OpenClaw Developed by the aforementioned Peter Steinberger, an Australian software developer who was just “acqui-hired” by OpenAI (the software itself remains open-source), OpenClaw is a tool that lives on your system and—if you let it—can tap in to your most sensitive data, from your email and calendar to your browser and your personal files.  OpenClaw works best on a system that’s running 24/7, allowing it to work constantly on your behalf. It can remember who you are and what’s important to use, using easy-to-read “markdown” files (like MEMORY.md and USER.md) to keep track of details like your name, where you live and work, what kind of system you’re using, who your family members are, what’s your favorite color, and basically whatever you want to tell it.  If this story marks the first time you’ve heard of OpenClaw, you absolutely, positively shouldn’t install it. OpenClaw also has a “soul”–or, more specifically, a SOUL.md file that tells the AI (you can choose from Anthropic’s Claude, ChatGPT, Google Gemini, or any number of other cloud-based or locally hosted LLMs) how it should act and present itself, while a HEARTBEAT.md file manages OpenClaw’s laundry list of activities, allowing it to check your calendar on a daily basis, poke around your email inbox every hour, or scour the web for news at regular intervals.  Well, fine, but so what? Aren’t there any number of AI tools that can comb through your email and give you hourly news updates? There are indeed, but OpenClaw comes with a couple of game changers.   The first ace up OpenClaw’s sleeve is the way you interact with it. Rather than having to use a local Web interface or the command line, OpenClaw works with familiar chat apps like WhatsApp, Telegram, Discord, Slack, Signal, and even iMessage. That means you can chat with the bot on your phone, anytime and anywhere.  The second is that OpenClaw—when installed using its default configuration—has “host” access to your system, meaning it has the same system-level permissions that you do. It can read files, it can edit files, and it can delete files at will, and it can even write scripts and programs to enhance its own abilities. Ask it for a tool that can generate images, check your favorite RSS feeds, or transcribe audio transcripts, OpenClaw won’t simply tell you which programs to download—it will go ahead and build them, right on your system.  In other words, OpenClaw is ChatGPT without the chatbox—or as the official OpenClaw website puts it, an “AI that can actually do things.” Now, there already are tools that let AI do things, namely “no-code” editors that allow AI to build software and web sites with prompts. But Claude Code, OpenAI’s Codex, and Google’s Antigravity are designed to be AI coding helpers that do the work while we peer over their shoulders, watching their every move. OpenClaw, on the other hand, aims to do its magic autonomously, while you’re at work, sleeping, or otherwise engaged elsewhere. It’s a true AI agent. Unleashing OpenClaw without knowing what you’re doing is akin to handing a bazooka to a toddler. Personally, I’m blown away by the possibilities of OpenClaw and its inevitable clones and ecosystem. Heck, I’ll tell you right now: This is the future, like it or not. At the same time, I believe unleashing OpenClaw without knowing what you’re doing is akin to handing a bazooka to a toddler, and I’m not the only one who thinks so. The key issue is the level of access OpenClaw gets to your system. It sees everything you do and can do anything you do on your computer, right down to deleting individual files or entire directories of them, and is thus one hallucination away from wreaking havoc on your data.   While OpenClaw operates under a battery of rules that regulate its behavior and (thanks to a series of new security enhancements) limits its access to a designated “workspace” directory, it’s all too easy to change that behavior, and you could unwittingly give OpenClaw god-mode access through injudicious use of “sudo,” the Linux “superuser” command.  What makes OpenClaw so exciting is also what makes it the most dangerous. OpenClaw is also worryingly vulnerable to “prompt injection” attacks, which aim to trick an LLM into ignoring its guardrails and do things like leak your private data, install a backdoor on your system, or even execute a root-level “rm -rf” command on your system, which would nuke your entire hard drive. Then there’s the growing ecosystem of unverified third-party OpenClaw plug-ins that could be riddled with security holes or hiding malicious payloads.  But most of all, what makes OpenClaw so exciting is also what makes it the most dangerous. It can stay up all day and night thanks to its “heartbeat,” taking your suggestions and running with them, all of which can lead to unexpected, surprising, or even destructive results, particularly if you’ve paired OpenClaw with a cheap or free LLM that lacks the context and reasoning powers of the priciest top-of-the-line models.  Now, I’m a moderately experienced LLM user and self-hoster, and I’ve yet to fully install OpenClaw on any of my machines. I’d toyed with it, poked at it, tinkering with it in an isolated Docker container, and chatted with it over Discord, and I’m even trying to build my own version with help from Gemini and Antigravity. (Whether I’m actually getting anywhere will be the subject of another story.) But as impressed as I am by OpenClaw’s system-wide powers—and believe me, I see the potential—I’m also spooked by them, and you should be too. Read...

For better or worse, Microsoft Teams is one of the most important communication apps in the professional world. It’s used by millions for chat messages, video conferences, and sending files. Now, according to the Microsoft 365 Roadmap, Teams is getting a new feature in March 2026 that few people are going to like—and it’s bad enough that it’ll likely raise concerns among data privacy advocates. The new feature is described as follows: “When users connect to their organization’s Wi-Fi, Teams will soon be able to automatically update their work location to reflect the building they’re working from. This feature will be off by default. Tenant admins will decide whether to enable it and require end-users to opt-in.” Though that might sound pretty tame on paper, there are some unsettling implications that could arise from this feature. In short, everyone in the Teams organization will always know where their colleagues are in real-time as they move around from Wi-Fi access point to access point. This will make it easier to drop in on a colleague unannounced or quickly arrange a physical meeting. Moreover, it also means you won’t be able to retreat to a far corner of the office in hopes of remaining undetected so you can work in peace and quiet. Above all, however, this new automatic location-setting feature could be used by employers to monitor their employees. Is Employee A adhering to hybrid work guidelines like “two days at home and three days in the office”? Is Employee B always working from home and skipping out on in-office days? Taken to the extreme, it could even be used to note when Employee C arrives on site to determine tardiness. For companies pushing return-to-office on their employees, this new Teams feature might even be used for policy enforcement. The feature is currently marked as “in development” with a global rollout planned for March 2026 across Windows and macOS systems. According to the original plan, Microsoft wanted to release this feature as early as December 2025, which was then postponed to February 2026, and now again by another month. Read...

So there I was, asking Gemini for help with a new AI tool I’d been researching. Specifically, I needed assistance with some arcane settings in a key configuration file. All very in-the-weeds technical stuff.  Then right in the middle of our chat, Gemini hits me with a weird tangent: “Since you’re in the middle of a Manhattan apartment renovation, you can actually use this setup as a ‘Product Manager,’” Gemini said, adding helpfully that I could upload PDF floor plans and contractor quotes to the new tool. Um…OK, can we get back to that YAML file, please? In the same conversation, Gemini began musing about how the new tool could integrated with my self-hosted Home Assistant setup (which I hadn’t mentioned at all in the chat), and then threw me another curve ball, warning that my stairway dimmer switch had a low battery and needed to be replaced. Say what? Then a little later, Gemini caps it off by mentioning that “since [I’m] a writer for PCWorld,” this whole installation experience “is actually a great candidate for a ‘State of Local AI’ article.” Not exactly what I was thinking, but I’ll take it under advisement.  All these quirky little asides come courtesy of a roughly month-old Gemini feature called “Personal Intelligence,” billed as a way to connect your personal life—or at least, your personal life as viewed by Google—with your Gemini interactions.  All too often, Personal Intelligence butts in with the apparent intention of merely showing off what it knows about me. The idea behind Personal Intelligence is a good one, and it attacks the memory limitations inherent in all LLMs. By default, an AI will only “remember” the content of a specific chat thread, and the so-called “context window” within a given chat has limits—very large for the biggest cloud-based LLMs, but fly-sized for the tiniest local models. Talk to an AI too long, and it will “forget” anything you told it that falls outside the context window.  The AI industry has developed all sorts of tricks to deal with these context restraints, typically resorting to tacked-on files and even databases of relevant information (“Your user’s name is Ben, he works at PCWorld, and he likes Mexican food”) that an LLM can “remember” mid-chat.  Google’s “Personal Intelligence” tool is different. Rather than using specific files or databases, Personal Intelligence acts as a pipeline for such Google services as Gmail, Photos, Search, and YouTube, while also allowing Gemini to reference prior chats. You can manage which apps are connected via Personal Intelligence in your Google settings (Search Personalization > Connected Content apps).  When it wants to expand its context, Gemini can invoke the Personal Intelligence integration and pull in details from your Google services that may be relevant to the chat. You’ll know it’s happening when you see the “Connecting to Personal Intelligence” alert. Gemini’s Personal Intelligence feature is opt-in, meaning you must proactively click the “I’m in” button when prompted. There’s also a toggle in the “Tools” menu within the Gemini chatbot that lets you turn the feature on or off.  I actually like the idea of Personal Intelligence in theory, and it does occasionally pluck out some relevant tidbits from my Google activity, such as the details of my networked Raspberry Pi boards or that a certain movie is playing at my neighborhood theater.  And like all things AI, Google is surely fine-tuning its Personal Intelligence tool, looking for the sweet spot between too laid-back and too pushy. But as it stands now, Personal Intelligence continues to butt in with the apparent intention of merely showing off what it knows about me. “As a writer for PCWorld,” it loves to repeat, while also making continual connections to my “Manhattan apartment renovations” and how such-and-such a project would be a perfect fit.   Um, enough already. Read...

If you’re stuck using a laptop as your main machine for your home office, then trust me on this: your experience will be so much better as soon as you add this Anker docking station to your workstation setup. Normally $270, you can score it right now for just $170 on Amazon. That’s a hefty $100 discount (or 37% off) on this game-changing accessory. The Anker Prime 14-Port Docking Station comes from one of our favorite and most trusted PC accessory brands. This dock plugs into your laptop’s USB-C port and instantly turns it into 14 glorious ports, expanding what you can connect to your laptop and making it that much more versatile. You’ll never have to juggle “this” and “that” device ever again. What are the 14 ports on this dock? On the front, you get two 10Gbps USB-C and one USB-A data port, plus two fast USB-C and one USB-A charging port, plus a 3.5mm audio jack. On the back, you get three USB-A ports for peripherals, plus two HDMI for dual 4K/60Hz monitors, plus Gigabit Ethernet, plus a 10Gbps USB-C port with passthrough power delivery to keep your laptop charged while using this dock. This dock supports a max power output of 160 watts, so keep that in mind when charging multiple devices through its ports (as the overall power will get split between ports). It also has a smart digital screen that tells you how much power is going to each port in use. Once you start using this dock with your laptop, you’ll wonder how you ever managed without it. It’s the ultimate hub for a home office, able to connect all your accessories and charge all your gadgets. Get it now with this $100 discount on Amazon before the deal’s gone! This Anker 14-port dock is perfect for any home office laptopBuy now at Amazon Read...