WordPress hosting service WP Engine on Monday sent a cease-and-desist letter to Automattic after the latter's CEO Matt Mullenweg called WP Engine a "cancer to WordPress" last week. From a report: The notice asks Automattic and Mullenweg to retract their comments and stop making statements against the company. WP Engine, which (like Automattic itself) commercializes the open-source WordPress project, also accused Mullenweg of threatening WP Engine before the WordCamp summit held last week. "Automattic's CEO Matthew Mullenweg threatened that if WP Engine did not agree to pay Automattic -- his for-profit entity -- a very large sum of money before his September 20th keynote address at the WordCamp US Convention, he was going to embark on a self-described 'scorched earth nuclear approach' toward WP Engine within the WordPress community and beyond, the letter read. "When his outrageous financial demands were not met, Mr. Mullenweg carried out his threats by making repeated false claims disparaging WP Engine to its employees, its customers, and the world," the letter added.

Read more of this story at Slashdot.

Google is getting ready to show off updated Street View imagery in nearly 80 countries. The Verge: In a now-removed blog post seen by The Verge, Google announced that the new images are coming to countries like Australia, Brazil, Denmark, Japan, the Philippines, Rwanda, Serbia, South Africa, and more. Google is also bringing Street View to a handful of countries where it's never been available, including Bosnia, Namibia, Lichtenstein, and Paraguay. The company said its more portable Street View camera, which launched in 2022, will help offer images of "even more places in the future." Google Maps and Google Earth are getting sharper satellite imagery as well, thanks to the company's cloud-removal AI tool that takes out clouds, shadows, haze, and mist. This should result in "brighter, more vibrant" images, according to Google.

Read more of this story at Slashdot.

Speaking of California, its governor Gavin Newsom has signed into law a a bill that requires schools to limit or ban the use of smartphones, amid a growing consensus that excess usage can increase the risk of mental illness and impair learning. From a report: Thirteen other states this year have banned or restricted cellphones in school or recommended local educators do so, after Florida led the way by banning phones in class in 2023, according to Education Week. California, with nearly 5.9 million public school students, has followed the lead of its own Los Angeles County, whose school board banned smartphones for its 429,000 students in June. That same month U.S. Surgeon General Vivek Murthy called for a warning label on social media platforms, akin to those on cigarette packages, likening the problem to a mental health emergency. Murthy cited a study in the medical journal JAMA showing adolescents who spend more than three hours a day on social media may be at heightened risk of mental illness, while referring to a Gallup poll showing the average teen spends 4.8 hours per day on social media. California's bill, which passed 76-0 in the state assembly and 38-1 in the senate, requires school boards or other governing bodies to develop a policy to limit or prohibit student use of smartphones on campus by July 1, 2026, and update the policy every five years.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the New York Times: Paper or paper? In California, shoppers will have only one bag option at the checkout line starting in 2026. A decade ago, California became the first U.S. state to ban single-use plastic bags, the flimsy sacks that regularly blew into waterways, littered streets and collected in landfills. The prohibition, in the nation's most populous state, was considered a turning point in the effort to reduce plastic waste. But the move backfired in a way that few supporters expected. Californians in 2021 actually tossed nearly 50 percent more plastic bags, by weight, than when the law first passed in 2014, according to data from CalRecycle, California's recycling agency. A loophole in the initial ban allowed retailers to provide thick-walled plastic bags and charge 10 cents a piece for them. Though technically reusable and recyclable, the heavier-duty sacks still ended up in many trash cans after a shopping trip. Gov. Gavin Newsom signed legislation on Sunday banning the sale at grocery checkouts of all plastic bags (Warning: source may be paywalled; alternative source), regardless of thickness. The only option for customers who lack their own reusable shopping bags will be buying paper bags for 10 cents each. "We deserve a cleaner future for our communities, our children and our earth," said Rebecca Bauer-Kahan, a Democratic assemblywoman and co-author of the bill, in a statement. "It's time for us to get rid of these plastic bags and continue to move forward with a more pollution-free environment." Plastic bags are typically used for 12 minutes before being discarded, according to the California Public Interest Research Group, a consumer advocacy group. But those bags live in oceans and landfills for hundreds of years, and can contaminate drinking water and food in the form of microplastics. SB 1053 will go into effect on January 1st, 2026. It also changes the definition of a "recycled paper bag," requiring all bags with that label to be made of at least 50% post-consumer recycled materials starting January 1st, 2028.

Read more of this story at Slashdot.

schwit1 shares a report SpaceNews with the caption: "Failures aren't failures if you learn from them." From the report: Chinese commercial rocket firm Deep Blue Aerospace conducted a first-stage rocket hop test Sunday, experiencing a partial failure during the final moments of landing. Deep Blue Aerospace carried out the test at 1:40 a.m. Eastern (0540 UTC) Sept. 22 at the firm's Ejin Banner Spaceport in Inner Mongolia using a Nebula-1 rocket first stage. Footage of the vertical liftoff, vertical landing test shows the rocket ascending to a predetermined altitude before shutting off two of the three engines used for the 179-second flight. Landing legs deployed as planned, and the stage hovered above its planned landing spot. However an anomaly during the final engine shutdown phase led to a higher-than-expected landing altitude, leading to partial damage. You can watch the landing attempt and explosion here.

Read more of this story at Slashdot.

A startup called Amogy has successfully converted a 67-year-old diesel tugboat to run on clean ammonia, marking a significant milestone in the transition to zero-emissions propulsion in the maritime industry. The Associated Press reports: Amogy's system uses ammonia to make hydrogen for a fuel cell, making the tug an electric-powered ship. The International Maritime Organization set a target for international shipping to reach net-zero greenhouse gas emissions by, or close to, 2050. Shipping needs to cut emissions rapidly and there are no solutions widely available today to fully decarbonize deep-sea shipping, according to the Global Maritime Forum, a nonprofit that works closely with the industry. There is a lot of interest in ammonia as an alternative fuel because the molecule doesn't contain carbon, said Jesse Fahnestock, who leads the forum's decarbonization work. Ammonia is widely used for fertilizer, so there is already infrastructure in place for handling and transporting it. Ton for ton, it can hold more energy than hydrogen, and it can be stored and distributed more easily. The tugboat ran on green ammonia produced by renewable electricity. A 2,000-gallon tank fits in the old fuel tank space, for a 10-to 12-hour day at sea. It splits liquid ammonia into its constituents, hydrogen and nitrogen, then funnels the hydrogen into a fuel cell that generates electricity for the vessel without carbon emissions. The process does not burn ammonia like a combustion engine would, so it primarily produces nitrogen in its elemental form and water as emissions. The company says there are trace amounts of nitrogen oxides that it's working to completely eliminate. Amogy first used ammonia to power a drone in 2021, then a tractor in 2022, a semi-truck in 2023, and now the tugboat to prove the technology. Woo said their system is designed to be used on vessels as small as the tugboat and as large as container ships, and could also make electricity on shore to replace diesel generators for data centers, mining and construction, or other heavy industries. The company has raised about $220 million. Amazon, an enterprise with immense needs for shipping, is among the investors. Nick Ellis, principal of Amazon's $2 billion Climate Pledge Fund, said the company is excited and impressed by what Amogy is doing. By investing, Amazon can show ship owners and builders it wants its goods delivered with zero emissions, he added.

Read more of this story at Slashdot.

Governments have a difficult relationship with cryptography. Certainly, they benefit from having secure, reliable and fast encryption. Arguably, their citizens also benefit- I would argue that being able to, say, handle online banking transactions securely is a net positive. But it creates a prisoner's dilemma: malicious individuals may conceal their activity behind encryption. From the perspective of a state authority, this is bad.

Thus, you get the regular calls for a cryptosystem which allows secure communications but also allows the state to snoop on those messages. Of course, if you intentionally weaken a cryptographic system so that some people can bypass it, you've created a system which anyone can bypass. You can't have secure encryption which also allows snooping, any more than you can have an even prime number larger than two.

This leaves us in a situation where mathematicians and cryptography experts are shouting, "This isn't possible!" and cops and politicians are shouting "JUST NERD HARDER!" back.

Well, today's anonymous submitter found a crypto library which promises to allow secure communications and allow nation states to break that encryption. They've nerded harder! Let's take a look at some of their C code.

unsigned long int alea(void) { FILE * f1 = 0; unsigned char val = 0; /*float rd = 0;*/ unsigned long int rd = 0; f1 = fopen("/dev/random","r"); fread(&val,sizeof(unsigned char),1,f1); /*rd = (float)(val) / (ULONG_MAX);*/ rd = (unsigned long int)((val) / (UCHAR_MAX)); fclose(f1); return rd; }

This function reads a byte from /dev/random to get us some random data for key generation. Unfortunately, it's using the XKCD algorithm: this function always returns 0. Note that they divide val by UCHAR_MAX before casting val to an unsigned long int. Which, there's also the issue here that 8 bits of entropy are always going to be 8 bits of entropy- casting it to an unsigned long int isn't going to be any more random than just passing back the 8-bits, because you only read 8 bits of randomness. There's also no reason why they couldn't have simply read an unsigned long's worth of random data.

I appreciate the comment which indicates that rd used to be a floating point number. It doesn't make this code any better, but it's nice to see that they keep trying.

Let's also take a peek at a use-after-free waiting to happen:

void MY_FREE(void *p) { if (p == NULL) return; free(p); p = NULL; }

They wrote their own MY_FREE function, which adds a NULL check around the pointer- don't free the memory if the pointer points at NULL. Nothing wrong with that (though this is better enforced structurally with clear ownership of memory, and not through conditional checks, so actually, yes, there's something wrong with that). After we free the memory pointed to by the pointer, we set the pointer equal to NULL.

Except we don't. We set the local variable to NULL. So when the code does things like:

if(v->aliveness == NULL) { MY_FREE(v); return(v); }

v is a pointer to our struct. If the aliveness value is NULL, we want to delete that data from memory, so we call MY_FREE, and then we return our pointer to the struct- which is unchanged and definitely not null. It's pointing to what is now freed memory. If anyone touches it, the whole program blows up.

Here's the upshot: it's almost a guarantee that this program has undefined behavior in there, someplace. This means the compiler is free to do anything, include implement a dual custody cryptographic algorithm which is magically secure and prevents abuse by state actors. It's as likely as nasal demons.

.comment { border: none; } [Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

An anonymous reader quotes a report from CNN: California Attorney General Rob Bonta filed a lawsuit against ExxonMobil on Monday alleging the company carried out a "decades-long campaign of deception" in which the oil and gas giant misled the public on the merits of plastic recycling. The complaint accuses the company of using slick marketing and misleading public statements for half a century to claim recycling was an effective way to deal with plastic pollution, according to a press release from Bonta's office published Monday. It alleges the company continues to perpetuate the "myth" of recycling today. The case, filed in the San Francisco County Superior Court, seeks to compel ExxonMobil "to end its deceptive practices that threaten the environment and the public," the statement said. Bonta is also asking the court to rule ExxonMobil must pay civil penalties, among other payments, for the harm inflicted by plastic pollution in California. "Plastics are everywhere, from the deepest parts of our oceans, the highest peaks on earth, and even in our bodies, causing irreversible damage -- in ways known and unknown -- to our environment and potentially our health," Bonta said. "For decades, ExxonMobil has been deceiving the public to convince us that plastic recycling could solve the plastic waste and pollution crisis when they clearly knew this wasn't possible. ExxonMobil lied to further its record-breaking profits at the expense of our planet and possibly jeopardizing our health," he said. [...] Lawsuits against oil and gas companies for their role in climate change and air pollution are becoming more common, but Monday's is the first in the country to take on a fossil fuel company for its messaging around plastic recycling. The statement said that ExxonMobil "falsely promoted all plastic as recyclable, when in fact the vast majority of plastic products are not and likely cannot be recycled, either technically or economically." The lawsuit also alleges Exxon "continues to deceive the public by touting "advanced recycling" as the solution to the plastic waste and pollution crisis." Advanced -- or chemical -- recycling is a technology promoted by many oil companies, but which has been plagued by missed targets, closed or shelved plants and reports of fires and spills. [...] At the heart of the suit is the allegation ExxonMobil's messaging caused consumers to buy and use more single-use plastic than they otherwise would have. In response to the lawsuit, ExxonMobil pointed the finger back at California, which it said has an ineffective recycling system that officials have known about for decades: "They failed to act, and now they seek to blame others. Instead of suing us, they could have worked with us to fix the problem and keep plastic out of landfills." ExxonMobil contends chemical recycling does work. "We're bringing real solutions, recycling plastic waste that couldn't be recycled by traditional methods," the company said in a statement. A copy of the Attorney General's complaint can be found here (PDF).

Read more of this story at Slashdot.

rPlus Energies has broken ground on a $1 billion solar + battery storage project in east-central Utah. Electrek reports: The Green River Energy Center in Emery County, Utah, is a 400-megawatt (MW) solar and 400 MW/1,600-megawatt-hour battery storage project that will supply power to western electric utility PacifiCorp under a power purchase agreement. EliTe Solar is supplying solar panels, and Tesla is providing battery storage. Sundt Construction is the engineering, procurement, and construction contractor for the project. Securing over $1 billion in construction debt financing in July, the Green River project is expected to create around 500 jobs. Salt Lake City-based rPlus Energies gives the target completion date as 2026.

Read more of this story at Slashdot.

In a rare blog post today, OpenAI CEO Sam Altman laid out his vision of the AI-powered future, which he refers to as "The Intelligence Age." Among the most notable claims, Altman said superintelligence might be achieved in "a few thousand days." VentureBeat reports: Specifically, Altman argues that "deep learning works," and can generalize across a range of domains and difficult problem sets based on its training data, allowing people to "solve hard problems," including "fixing the climate, establishing a space colony, and the discovery of all physics." As he puts it: "That's really it; humanity discovered an algorithm that could really, truly learn any distribution of data (or really, the underlying "rules" that produce any distribution of data). To a shocking degree of precision, the more compute and data available, the better it gets at helping people solve hard problems. I find that no matter how much time I spend thinking about this, I can never really internalize how consequential it is." In a provocative statement that many AI industry participants and close observers have already seized upon in discussions on X, Altman also said that superintelligence -- AI that is "vastly smarter than humans," according to previous OpenAI statements -- may be achieved in "a few thousand days." "This may turn out to be the most consequential fact about all of history so far. It is possible that we will have superintelligence in a few thousand days (!); it may take longer, but I'm confident we'll get there." A thousand days is roughly 2.7 years, a time that is much sooner than the five years most experts give out.

Read more of this story at Slashdot.

Steam has broken its record for the most PC players online, with 38,366,479 concurrent gamers. As IGN notes, that figure is a million more than the previous record, set last month. From the report: So, what helped propel Steam to new heights over the weekend? All the usual suspects were in the top 10 most-played games on Valve's platform, including Counter-Strike 2, Dota 2, Banana (yes, Banana has yet to split), and PUBG, with this year's Black Myth: Wukong, Satisfactory 1.0, Space Marine 2, and Valve's own Deadlock putting in work. Last week saw PlayStation exclusives God of War Ragnarok and Final Fantasy 16 both launch on Steam for the first time, which will have provided a modest boost, too. The popularity of Steam is gradually increasing as Valve's vice-like grip on the PC market tightens ever further. Competitors such as the Epic Games Store and CD Projekt's GOG occupy a relatively small piece of the PC gaming pie, with Steam continuing to enjoy record-breaking success even amid perceived downturns in the video game industry. The release of Steam Deck is yet another platform on which Steam operates.

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: With the perennial tensions between proprietary and open source software (OSS) unlikely to end anytime soon, a $3 billion startup is throwing its weight behind a new licensing paradigm -- one that's designed to bridge the open and proprietary worlds, replete with new definition, terminology, and governance model. Developer software company Sentry recently introduced a new license category dubbed "fair source." Sentry is an initial adopter, as are some half dozen others, including GitButler, a developer tooling company from one of GitHub's founders. The fair source concept is designed to help companies align themselves with the "open" software development sphere, without encroaching into existing licensing landscapes, be that open source, open core, or source-available, and while avoiding any negative associations that exist with "proprietary." However, fair source is also a response to the growing sense that open source isn't working out commercially. "Open source isn't a business model -- open source is a distribution model, it's a software development model, primarily," Chad Whitacre, Sentry's head of open source, told TechCrunch. "And in fact, it places severe limits on what business models are available, because of the licensing terms." Sure, there are hugely successful open source projects, but they are generally components of larger proprietary products. Businesses that have flown the open source flag have mostly retreated to protect their hard work, moving either from fully permissive to a more restrictive "copyleft" license, as the likes of Element did last year and Grafana before it, or ditched open source altogether as HashiCorp did with Terraform. "Most of the world's software is still closed source," Whitacre added. "Kubernetes is open source, but Google Search is closed. React is open source, but Facebook Newsfeed is closed. With fair source, we're carving a space for companies to safely share not just these lower-level infrastructure components, but share access to their core product." Further reading: As Companies Try 'Open Source Rug Pull', Open Source Foundations Considered Helpful

Read more of this story at Slashdot.

Ars Technica's Dan Goodin reports: Five years ago, researchers made a grim discovery -- a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising revenue. With that, the app was infected with code that caused 100 million infected devices to connect to attacker-controlled servers and download secret payloads. Now, history is repeating itself. Researchers from the same Moscow, Russia-based security firm reported Monday that they found two new apps, downloaded from Play 11 million times, that were infected with the same malware family. The researchers, from Kaspersky, believe a malicious software developer kit for integrating advertising capabilities is once again responsible. [...] The researchers found Necro in two Google Play apps. One was Wuta Camera, an app with 10 million downloads to date. Wuta Camera versions 6.3.2.148 through 6.3.6.148 contained the malicious SDK that infects apps. The app has since been updated to remove the malicious component. A separate app with roughly 1 million downloads -- known as Max Browser -- was also infected. That app is no longer available in Google Play. The researchers also found Necro infecting a variety of Android apps available in alternative marketplaces. Those apps typically billed themselves as modified versions of legitimate apps such as Spotify, Minecraft, WhatsApp, Stumble Guys, Car Parking Multiplayer, and Melon Sandbox. People who are concerned they may be infected by Necro should check their devices for the presence of indicators of compromise listed at the end of this writeup.

Read more of this story at Slashdot.

Amazon, Meta, and Tesla were named by the International Trade Union Confederation (ITUC) as some of the worst corporate underminers of democracy . These companies were accused of union busting, monopolizing media and technology, violating human rights, contributing to climate change, and fostering political movements that threaten democratic institutions. The full list of "corporate underminers of democracy for 2024" is Amazon, Blackstone Group, ExxonMobil, Glencore, Meta, Tesla and the Vanguard Group. The Register reports: The International Trade Union Confederation (ITUC) today published a list of seven companies it said were "emblematic" of the ways large international corporations have begun tossing their weight around to influence global affairs. Those businesses, ITUC noted, violate trade union and alleged human rights, monopolize media and technology, exacerbate the climate catastrophe and try to privatize public services in a way that "protects and expands [their] own profits by undermining democracy." "These companies deploy complex lobbying operations to undermine popular will and disrupt existing or nascent global policy that could hold them accountable," ITUC wrote. The desire for greater corporate power, the Confederation added, invariably puts corporate interests in bed with anti-democratic political movements like the modern far-right. Right-wing politicians, ITUC noted, tend to lower taxes, undercut higher wages for workers, crack down on trade unions, and the like - all things sure to please the likes of corporations like Amazon, Tesla, and Meta as evidenced by plenty of prior reporting and research. For Amazon, the ITUC criticized the company for becoming "notorious for its union busting and low wages, monopoly in e-commerce, egregious carbon emissions through its AWS [datacenters], corporate tax evasion and lobbying." Meta was accused of exploiting user data, undermining privacy laws, manipulating global information, and failing to regulate harmful content on its platforms. "Meta's algorithms can quite literally alter humanity's perceptions of reality," ITUC said. "Its revenue model exploits trillions of personalized data points to deliver highly effective advertising." Some have referred to the company as "a foreign state, populated by people without sovereignty, ruled by a leader with absolute power." As for Tesla, it was condemned for poor labor practices, anti-union politics, unsafe working conditions, human rights violations, and environmental damage in its supply chain. "The world's most highly-valued automaker has quickly become known as one of its most belligerent employers. Tesla's rapid market success has been outpaced only by the descent of its corporate leaders into anti-democratic, anti-union politics."

Read more of this story at Slashdot.

An anonymous reader quotes a report from TechCrunch: Cloudflare announced plans on Monday to launch a marketplace in the next year where website owners can sell AI model providers access to scrape their site's content. The marketplace is the final step of Cloudflare CEO Matthew Prince's larger plan to give publishers greater control over how and when AI bots scrape their websites. "If you don't compensate creators one way or another, then they stop creating, and that's the bit which has to get solved," said Prince in an interview with TechCrunch. As the first step in its new plan, on Monday, Cloudflare launched free observability tools for customers, called AI Audit. Website owners will get a dashboard to view analytics on why, when, and how often AI models are crawling their sites for information. Cloudflare will also let customers block AI bots from their sites with the click of a button. Website owners can block all web scrapers using AI Audit, or let certain web scrapers through if they have deals or find their scraping beneficial. A demo of AI Audit shared with TechCrunch showed how website owners can use the tool, which is able to see where each scraper that visits your site comes from, and offers selective windows to see how many times scrapers from OpenAI, Meta, Amazon, and other AI model providers are visiting your site. [...]

Read more of this story at Slashdot.

joshuark shares a report: Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. This move isn't surprising, as Microsoft first listed WSUS as one of the "features removed or no longer developed starting with Windows Server 2025" on August 13. In June, the company also revealed that it would also soon deprecate WSUS driver synchronization. While new features and development for WSUS will cease, Microsoft said today that it plans to continue supporting the service's existing functionality and updates, which will still be distributed, even after deprecation. "Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS," Microsoft's Nir Froimovici said on Friday. "However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel."

Read more of this story at Slashdot.

Customers of Kaspersky antivirus in the United States found out in the last few days that their cybersecurity software was automatically replaced with a new one called UltraAV, according to several customers. And while Kaspersky said earlier this month that its U.S. customers would be transitioned to UltraAV, many of its customers said they had no idea this was going to happen and that it would automatically be forced upon them. From a report: "Woke up to Kasperky [sic] completely gone from my system with Ultra AV and Ultra VPN freshly installed (not by me, just automatically while I slept)," a user on Reddit wrote. Others reported having the same experience in the same Reddit thread, as well as in other threads. A reseller, who until recently sold Kaspersky products prior to the recent sales ban, told TechCrunch that he was left "annoyed" by the move to automatically remove Kaspersky software and replace it with an entirely different antivirus. A former senior U.S. government cybersecurity official said that this was an example of the "huge risk" posed by the access granted by Kaspersky software. It's worth noting that, on the other hand, other customers did report receiving an email from Kaspersky about the transition to UltraAV.

Read more of this story at Slashdot.

The government of Bhutan is currently holding over $828 million in bitcoin, according to onchain data by Arkham Intelligence. From a report: "Unlike most governments, Bhutan's BTC does not come from law enforcement asset seizures, but from bitcoin mining operations, which have ramped up dramatically since early 2023," the crypto intelligence firm explained. Crypto intelligence firm Arkham highlighted the Kingdom of Bhutan's bitcoin holdings on social media platform X last week. Bhutan is a small, landlocked kingdom located in the eastern Himalayas, bordered by China to the north and India to the south. The country currently has a population of less than 800,000 people. We learned last year that Bhutan had been secretly mining bitcoin using its abundant hydroelectric resources since around 2019. The operation, which began when bitcoin was priced at approximately $5,000, aims to harness the country's vast renewable energy reserves to power mining rigs. Hydroelectricity already accounts for 30% of Bhutan's GDP and powers nearly all of its 800,000 residents. The government claimed last year that mining profits are used to subsidize power and hardware costs. This revelation makes Bhutan one of the few countries globally to run a state-owned bitcoin mine, alongside El Salvador. At over $800 million in Bitcoin holdings, the reserve accounts for nearly a third of Bhutan's 2022-calculated GDP.

Read more of this story at Slashdot.

Industrial civilisation is close to breaching a seventh planetary boundary, and may already have crossed it, according to scientists who have compiled the latest report on the state of the world's life-support systems. From a report: "Ocean acidification is approaching a critical threshold," particularly in higher-latitude regions, says the latest report on planetary boundaries. "The growing acidification poses an increasing threat to marine ecosystems." The report, from the Potsdam Institute for Climate Impact Research (PIK), builds on years of research showing there are nine systems and processes -- the planetary boundaries -- that contribute to the stability of the planet's life-support functions. Thresholds beyond which they can no longer properly function have already been breached in six. Climate change, the introduction of novel entities, change in biosphere integrity and modification of biogeochemical flows are judged to be in high-risk zones, while planetary boundaries are also transgressed in land system change and freshwater change but to a lesser extent. All have worsened, according to the data. Stratospheric ozone depletion has remained stable, however, and there has been a slight improvement in atmospheric aerosol loading, the research says. At a briefing outlining the findings, Levke Caesar, a climate physicist at PIK and co-author of the report, said there were two reasons the levels of ocean acidification were concerning.

Read more of this story at Slashdot.

Microsoft unveiled detailed security reforms Monday, five months after CEO Satya Nadella pledged to prioritize cybersecurity following major breaches. The 25-page Secure Future Initiative report [PDF] outlines technical and governance changes addressing criticisms in an April 2024 Cyber Safety Review Board report that deemed Microsoft's security culture "inadequate." Microsoft said it implemented significant security upgrades to its Entra ID and Microsoft Account systems, introducing Azure-managed hardware security modules for access token signing keys. The company has also purged 5.75 million inactive tenants to minimize potential attack vectors and adopted a new testing system with secure defaults to prevent legacy-related security issues. Concurrently, Microsoft has enhanced its network tracking capabilities, now monitoring over 99 percent of its physical network through a centralized inventory system, which aids in firmware compliance and logging. Internal security measures have been tightened, with engineering teams facing stricter access controls. Personal access tokens are now limited to seven days, SSH access has been disabled for internal engineering repositories, and access to critical engineering systems has been restricted to fewer groups. Additionally, Microsoft has extended its audit log retention period to a minimum of two years, bolstering its ability to investigate and respond to potential security incidents.

Read more of this story at Slashdot.