Slashdot reader rzack writes: Since 1999, I've written a huge amount of PHP code, for dozens of applications and websites. Most of it has been continually updated, and remains active and in-production, in one form or another.

Here's the thing. It's all hand-written using vi, even to this day.

Is there any benefit to migrating this codebase to a more modern PHP framework, like Laravel? And is there an easy and minimally intrusive way this can be done en-masse, across dozens of applications and websites?

Or at this point should I just stick with vi?
Share your thoughts and suggestions in the comments.

What's the best way to transfer legacy PHP code to a modern framework?

Early life exposure to toxic PFAS "forever chemicals" could impact economic success in adulthood, new first-of-its-kind research [PDF] suggests. From a report: The Iowa State University and US Census Bureau working paper compared the earnings, college graduation rates, and birth weights of two groups of children -- those raised around military installations that had firefighting training areas, and those who lived near bases with no fire training site.

The military began using PFAS-laden firefighting foam in the early 1970s, which frequently contaminated the drinking water supplies in and around bases. Those who lived in regions with firefighting training areas earned about 1.7% on average less later in life, and showed a graduation rate about 1% lower. Those born between 1981-1988 earned about $1bn less in today's earnings, or about $1,000 a person on average, compared to those who did not live near the firefighting training sites.

The data also shows lower birth weights among the population -- a factor linked to lower economic success later in life. The findings "highlight the importance of careful scrutiny of novel chemicals," said Irene Jacz, a study co-author and Iowa State economist. "We think that there's a causal effect from PFAS here but it's really hard to say, 'Oh it's all brain chemistry, or health effects' so there's a need for more research" Jacz said. The paper is not yet peer-reviewed, but will soon go through the process.

An anonymous reader quotes a report from 404 Media: Some of the world's most popular apps are likely being co-opted by rogue members of the advertising industry to harvest sensitive location data on a massive scale, with that data ending up with a location data company whose subsidiary has previously sold global location data to US law enforcement. The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games likeCandy Crushand dating apps like Tinder to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection is occurring through the advertising ecosystem -- not code developed by the app creators themselves -- this data collection is likely happening without users' or even app developers' knowledge.

"For the first time publicly, we seem to have proof that one of the largest data brokers selling to both commercial and government clients appears to be acquiring their data from the online advertising 'bid stream,'" rather than code embedded into the apps themselves, Zach Edwards, senior threat analyst at cybersecurity firm Silent Push and who has followed the location data industry closely, tells 404 Media after reviewing some of the data. The data provides a rare glimpse inside the world of real-time bidding (RTB). Historically, location data firms paid app developers to include bundles of code that collected the location data of their users. Many companies have turned instead to sourcing location information through the advertising ecosystem, where companies bid to place ads inside apps. But a side effect is that data brokers can listen in on that process and harvest the location of peoples' mobile phones.

"This is a nightmare scenario for privacy, because not only does this data breach contain data scraped from the RTB systems, but there's some company out there acting like a global honey badger, doing whatever it pleases with every piece of data that comes its way," Edwards says. Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such asCandy Crush,Temple Run,Subway Surfers, andHarry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo's email client; Microsoft's 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy. 404 Media's full list of apps included in the data can be found here. There are also other lists available from other security researchers.

Plaintiffs in Kadrey v. Meta allege that Meta CEO Mark Zuckerberg authorized the team behind the company's Llama AI models to use a dataset of pirated ebooks and articles for training. They further accuse the company of concealing its actions by stripping copyright information and torrenting the data. TechCrunch reports: In newly unredacted documents filed (PDF) with the U.S. District Court for the Northern District of California late Wednesday, plaintiffs in Kadrey v. Meta, who include bestselling authors Sarah Silverman and Ta-Nehisi Coates, recount Meta's testimony from late last year, during which it was revealed that Zuckerberg approved Meta's use of a data set called LibGen for Llama-related training. LibGen, which describes itself as a "links aggregator," provides access to copyrighted works from publishers including Cengage Learning, Macmillan Learning, McGraw Hill, and Pearson Education. LibGen has been sued a number of times, ordered to shut down, and fined tens of millions of dollars for copyright infringement.

According to Meta's testimony, as relayed by plaintiffs' counsel, Zuckerberg cleared the use of LibGen to train at least one of Meta's Llama models despite concerns within Meta's AI exec team and others at the company. The filing quotes Meta employees as referring to LibGen as a "data set we know to be pirated," and flagging that its use "may undermine [Meta's] negotiating position with regulators." The filing also cites a memo to Meta AI decision-makers noting that after "escalation to MZ," Meta's AI team "[was] approved to use LibGen." (MZ, here, is rather obvious shorthand for "Mark Zuckerberg.")

The details seemingly line up with reporting from The New York Times last April, which suggested that Meta cut corners to gather data for its AI. At one point, Meta was hiring contractors in Africa to aggregate summaries of books and considering buying the publisher Simon & Schuster, according to the Times. But the company's execs determined that it would take too long to negotiate licenses and reasoned that fair use was a solid defense. The filing Wednesday contains new accusations, like that Meta might've tried to conceal its alleged infringement by stripping the LibGen data of attribution.

An anonymous reader quotes a report from Ars Technica: A federal judge this week rejected Google's motion to throw out a class-action lawsuit alleging that it invaded the privacy of users who opted out of functionality that records a users' web and app activities. A jury trial is scheduled for August 2025 in US District Court in San Francisco. The lawsuit concerns Google's Web & App Activity (WAA) settings, with the lead plaintiff representing two subclasses of people with Android and non-Android phones who opted out of tracking. "The WAA button is a Google account setting that purports to give users privacy control of Google's data logging of the user's web app and activity, such as a user's searches and activity from other Google services, information associated with the user's activity, and information about the user's location and device," wrote (PDF) US District Judge Richard Seeborg, the chief judge in the Northern District Of California.

Google says that Web & App Activity "saves your activity on Google sites and apps, including associated info like location, to give you faster searches, better recommendations, and more personalized experiences in Maps, Search, and other Google services." Google also has a supplemental Web App and Activity setting that the judge's ruling refers to as "(s)WAA." "The (s)WAA button, which can only be switched on if WAA is also switched on, governs information regarding a user's '[Google] Chrome history and activity from sites, apps, and devices that use Google services.' Disabling WAA also disables the (s)WAA button," Seeborg wrote. But data is still sent to third-party app developers through the Google Analytics for Firebase (GA4F), "a free analytical tool that takes user data from the Firebase kit and provides app developers with insight on app usage and user engagement," the ruling said. GA4F "is integrated in 60 percent of the top apps" and "works by automatically sending to Google a user's ad interactions and certain identifiers regardless of a user's (s)WAA settings, and Google will, in turn, provide analysis of that data back to the app developer."

Plaintiffs have brought claims of privacy invasion under California law. Plaintiffs "present evidence that their data has economic value," and "a reasonable juror could find that Plaintiffs suffered damage or loss because Google profited from the misappropriation of their data," Seeborg wrote. The lawsuit was filed in July 2020. The judge notes that summary judgment can be granted when "there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law." Google hasn't met that standard, he ruled. In a statement provided to Ars, Google said that "privacy controls have long been built into our service and the allegations here are a deliberate attempt to mischaracterize the way our products work. We will continue to make our case in court against these patently false claims."

Telegram's Transparency Report reveals a sharp increase in U.S. government data requests, with 900 fulfilled requests affecting 2,253 users. "The news shows a massive spike in the number of data requests fulfilled by Telegram after French authorities arrested Telegram CEO Pavel Durov in August, in part because of the company's unwillingness to provide user data in a child abuse investigation," notes 404 Media. From the report: Between January 1 and September 30, 2024, Telegram fulfilled 14 requests "for IP addresses and/or phone numbers" from the United States, which affected a total of 108 users, according to Telegram's Transparency Reports bot. But for the entire year of 2024, it fulfilled 900 requests from the U.S. affecting a total of 2,253 users, meaning that the number of fulfilled requests skyrocketed between October and December, according to the newly released data. "Fulfilled requests from the United States of America for IP address and/or phone number: 900," Telegram's Transparency Reports bot said when prompted for the latest report by 404 Media. "Affected users: 2253," it added.

A month after Durov's arrest in August, Telegram updated its privacy policy to say that the company will provide user data, including IP addresses and phone numbers, to law enforcement agencies in response to valid legal orders. Up until then, the privacy policy only mentioned it would do so when concerning terror cases, and said that such a disclosure had never happened anyway. Even though the data technically covers the entire of 2024, the jump from a total of 108 affected users in October to 2253 as of now, indicates that the vast majority of fulfilled data requests were in the last quarter of 2024, showing a huge increase in the number of law enforcement requests that Telegram completed. You can access the platform's transparency reports here.

China's Xiangshan project aims to deliver a high-performance RISC-V processor by 2025. If it succeeds, it could be "enormously significant" for three reasons, writes The Register's Simon Sharwood. It would elevate RISC-V from low-end silicon to datacenter-level capabilities, leverage the open-source Mulan PSL-2.0 license to disrupt proprietary chip models like Arm and Intel, and reduce China's dependence on foreign technology, mitigating the impact of international sanctions on advanced processors. From the report: The prospect of a 2025 debut appeared on Sunday in a post to Chinese social media service Weibo, penned by Yungang Bao of the Institute of Computing Technology at the Chinese Academy of Sciences. The academy has created a project called Xiangshan that aims to use the permissively licensed RISC-V ISA to create a high-performance chip, with the Scala source code to the designs openly available.

Bao is a leader of the project, and has described the team's ambition to create a company that does for RISC-V what Red Hat did for Linux -- although he said that before Red Hat changed the way it made the source code of RHEL available to the public. The Xiangshan project has previously aspired to six-monthly releases, though it appears its latest design to be taped out was a second-gen chip named Nanhu that emerged in late 2023. That silicon ran at 2GHz and was built on a 14nm process node. The project has since worked on a third-gen design, named Kunminghu, and published the image [here] depicting an overview of its non-trivial micro-architecture.

The OnePlus 13 launched in the North American market today, making it the first flagship smartphone of 2025. As the smartphone market continues to consolidate, it has become increasingly difficult for non-Samsung, Google, and Apple devices to gain significant traction in the competitive U.S. market. Nevertheless, OnePlus has continually released premium flagship-tier devices at relatively modest price points, hoping to pry users away from the Big Tech monoliths.

The OnePlus 13 features Qualcomm's latest Snapdragon 8 Elite chipset, up to 16GB of RAM, a 6.82" QHD+ OLED display, a triple Hasselblad-branded camera system, a massive 6,000mAh battery, and support for 5G networks across all major carriers in the U.S. and Canada. A full list of specifications can be found here.

Based on the early reviews, the OnePlus 13 appears to set the bar high with not a lot of faults to highlight among reviewers. Here are some of our favorite reviews published today:

OnePlus 13 review: finally, a flagship that can hang (The Verge)
OnePlus 13 review: I'm dumbfounded, I can't find anything wrong with this phone (TechRadar)
OnePlus 13 Review: Ship Shape? (Michael Fisher)
OnePlus 13 Review: The Bar Has Been Set! (Marques Brownlee)
The OnePlus 13 is finally a OnePlus flagship I trust to do it all (Android Authority)
OnePlus 13 Review: 2025's First Flagship Finds Success (Forbes)
OnePlus 13 review: The complete package (BGR)
The OnePlus 13 sets a new bar for smartphone performance (Business Insider)

This is not a Slashvertisement. We just like shiny, new tech.

Before NASA Administrator Bill Nelson retires in a couple of weeks, he has one final message for the next administration: Don't give up on the agency's Artemis Program to return humans to the Moon. In an interview with Ars Technica's Eric Berger, Nelson discussed his time in office, the major decisions he made, and his concerns for the space agency's future under the Trump administration. Here's an excerpt from the interview: Ars: I wanted to start with the state of Artemis. You all had an event a few weeks ago where you talked about Artemis II and Artemis III delays. And you know, both those missions have slipped a couple of years now since you've been administrator. So I'm just wondering, do you know how confident we should be in the current timeline?

Bill Nelson: Well, I am very confident because this most recent [delay] was occasioned by virtue of the heat shield, and it has been unanimous after all of the testing that they understand what happened to Orion's heat shield. The chunks came off in an irregular pattern from the Artemis I heat shield. With the change in the re-entry profile, they are unanimous in their recommendation that we can go with the Artemis II heat shield as it is. And I must say that of the major decisions that I've made, that was an easy one for me because it was unanimous. When I say it was unanimous, it was unanimous in the IRT, the independent review team, headed by Paul Hill. It wasn't to begin with, but after all the extensive testing, everybody was on board. It was unanimous in the deputy's committee. It was unanimous in the agency committee, and that brought it to me then in the Executive Council, and it was unanimous there. So I'm very confident that you're going to see Artemis II fly on or around April of 2026, and then if the SpaceX lander is ready, and that, of course, is a big if -- but they have met all of their milestones, and we'll see what happens on this next test... If they are ready, I think it is very probable that we will see the lunar landing in the summer of 2027.

Ars: Do you think it's appropriate for the next administration to review the Artemis Program?

Bill Nelson: Are you implying that Artemis should be canceled?

Ars: No. I don't think Artemis will be canceled in the main. But I do think they're going to take a look at the way the missions are done at the architecture. I know NASA just went through that process with Orion's heat shield.

Bill Nelson: Well, I think questioning what you're doing clearly is always an issue that ought to be on the table. But do I think that they are going to cancel, as some of the chatter out there suggests, and replace SLS with Starship? The answer is no.

Ars: Why?

Bill Nelson: Put yourself in the place of President Trump. Do you think President Trump would like to have a conversation with American astronauts on the surface of the Moon during his tenure?

Ars: Of course.

Bill Nelson: OK, let me ask you another question. Do you think that President Trump would rather have a conversation with American astronauts during his tenure rather than listening to the comments of Chinese astronauts on the Moon during his tenure? My case is closed, your Honor, I submit it to the jury. Further reading: Elon Musk: 'We're Going Straight to Mars. The Moon is a Distraction.'

"We're going straight to Mars. The Moon is a distraction," Elon Musk posted Thursday on X.com.

Ars Technica's senior space editor points out that "These are definitive statements that directly contradict NASA's plans to send a series of human missions to the lunar south pole later this decade and establish a sustainable base of operations there with the Artemis Program." And "It would be one thing if Musk was just expressing his opinion as a private citizen..." but Musk "has assumed an important advisory role for the incoming administration. He was also partly responsible for the expected nomination of private astronaut [and former SpaceX flight commander] Jared Isaacman to become the next administrator of NASA. Although Musk is not directing US space policy, he certainly has a meaningful say in what happens." So what does this mean for Artemis? The fate of Artemis is an important question not just for NASA but for the US commercial space industry, the European Space Agency, and other international partners who have aligned with the return of humans to the Moon. With Artemis, the United States is in competition with China to establish a meaningful presence on the surface of the Moon. Based upon conversations with people involved in developing space policy for the Trump administration, I can make some educated guesses about how to interpret Musk's comments. None of these people, for example, would disagree with Musk's assertion that "the Artemis architecture is extremely inefficient" and that some changes are warranted.

With that said, the Artemis Program is probably not going away. After all, it was the first Trump administration that created the program about five years ago. However, it may be less well-remembered that the first Trump White House pushed for more significant changes, including a "major course correction" at NASA... To a large extent, NASA resisted this change during the remainder of the Trump administration, keeping its core group of major contractors, such as Boeing and Lockheed Martin, in place. It had help from key US Senators, including Richard Shelby, the now-retired Republican from Alabama. But this time, the push for change is likely to be more concerted, especially with key elements of NASA's architecture, including the Space Launch System rocket, being bypassed by privately developed rockets such as SpaceX's Starship vehicle and Blue Origin's New Glenn rocket.

In all likelihood, NASA will adopt a new "Artemis" plan that involves initiatives to both the Moon and Mars. When Musk said "we're going straight to Mars," he may have meant that this will be the thrust of SpaceX, with support from NASA. That does not preclude a separate initiative, possibly led by Blue Origin with help from NASA, to develop lunar return plans.
One month ago in a post on X.com, incoming NASA administrator Isaacman described himself as "passionate about America leading the most incredible adventure in human history..."

And he also added that Americans "will walk on the Moon and Mars and in doing so, we will make life better here on Earth."

"My feet are already in the crosswalk," says Geoffrey A. Fowler, a San Francisco-based tech columnist for the Washington Post. In a video he takes one step from the curb, then stops to see if Waymo robotaxis will stop for him. And they often didn't.

Waymo's position? Their cars consider "signals of pedestrian intent" including forward motion when deciding whether to stop — as well as other vehicles' speed and proximity. ("Do they seem like they're about to cross or are they just sort of milling around waiting for someone?") And Waymo "also said its car might decide not to stop if adjacent cars don't yield."

Fowler counters that California law says cars must always stop for pedestrians in a crosswalk. ("It's classic Silicon Valley hubris to assume Waymo's ability to predict my behavior supersedes a law designed to protect me.") And Phil Koopman, a Carnegie Mellon University professor who conducts research on autonomous-vehicle safety, agrees that the Waymos should be stopping. "Instead of arguing that they shouldn't stop if human drivers are not going to stop, they could conspicuously stop for pedestrians who are standing on road pavement on a marked crosswalk. That might improve things for everyone by encouraging other drivers to do the same."

From Fowler's video: I tried crossing in front of Waymos here more than 20 times. About three in ten times the Waymo would stop for me, but I couldn't figure out what made it change its mind. Heavy traffic vs light, crossing with two people, sticking one foot out — all would cause it to stop only sometimes. I could make it stop by darting out into the street — but that's not how my mama taught me to use a crosswalk...

Look, I know many human drivers don't stop for pedestrians either. But isn't the whole point of having artificial intelligence robot drivers that they're safer because they actually follow the laws?
Waymo would not admit breaking any laws, but acknowledged "opportunity for continued improvement in how it interacts with pedestrians."

In an article accompanying the video, Fowler calls it "a cautionary tale about how AI, intended to make us more safe, also needs to learn how to coexist with us." Waymo cars don't behave this way at all intersections. Some friends report that the cars are too careful on quiet streets, while others say the vehicles are too aggressive around schools... No Waymo car has hit me, or any other person walking in a San Francisco crosswalk — at least so far. (It did strike a cyclist earlier this year.) The company touts that, as of October, its cars have 57 percent fewer police-reported crashes compared with a human driving the same distance in the cities where it operates.
Other interesting details from the article:

• Fowler suggests a way his crosswalk could be made safer: "a flashing light beacon there could let me flag my intent to both humans and robots."

• The article points out that Waymo is also under investigation by the National Highway Traffic Safety Administration "for driving in an unexpected and disruptive manner, including around traffic control devices (which includes road markings)."

At the same time, Fowler also acknowledges that "I generally find riding in a Waymo to be smooth and relaxing, and I have long assumed its self-driving technology is a net benefit for the city." His conclusion? "The experience has taught my family that the safest place around an autonomous vehicle is inside it, not walking around it."

And he says living in San Francisco lately puts him "in a game of chicken with cars driven by nothing but artificial intelligence."

Politico asked an "array of thinkers — futurists, scientists, foreign policy analysts and others — to lay out some of the possible 'Black Swan' events that could await us in the new year: What are the unpredictable, unlikely episodes that aren't yet on the radar but would completely upend American life as we know it?"

Here's one from Gary Marcus, a cognitive scientist and author of the book Taming Silicon Valley: How We Can Ensure That AI Works For Us: 2025 could easily see the largest cyberattack in history, taking down, at least for a little while, some sizeable piece of the world's infrastructure, whether for deliberate ransom or to manipulate people to make money off a short on global markets. Cybercrime is already a huge, multi-trillion dollar problem, and one that most victims don't like to talk about. It is said to be bigger than the entire global drug trade. Four things could make it much worse in 2025.

First, generative AI, rising in popularity and declining in price, is a perfect tool for cyberattackers. Although it is unreliable and prone to hallucinations, it is terrific at making plausible sounding text (e.g., phishing attacks to trick people into revealing credentials) and deepfaked videos at virtually zero cost, allowing attackers to broaden their attacks. Already, a cybercrew bilked a Hong Kong bank out of $25 million. Second, large language models are notoriously susceptible to jailbreaking and things like "prompt-injection attacks," for which no known solution exists. Third, generative AI tools are increasingly being used to create code; in some cases those coders don't fully understand the code written, and the autogenerated code has already been shown in some cases to introduce new security holes.
And finally 2025 may see a U.S. government "determined to deregulate as much as possible, slashing costs," Marus speculates, a scenario where "enforcement and investigations will almost certainly decline in both quality and quantity, leaving the world quite vulnerable to ever more audacious attacks."

Elsewhere in Politico's article there's other even less-cheery predictions for 2025. The executive director of an advocacy group for public health professionals describes the possibility of an epidemic "that we had the tools to control" which "winds up killing thousands" (while also "sending the economy back into a Covid-like downward spiral.")

And a law professor predicts 2025 will see a decisive breakthrough in quantum computing. "Those little padlocks you see beside URLs? They would, overnight, become a fiction."

As UK workers face a tougher-than-usual January return to offices, many large employers, including Amazon, BT, PwC, and Santander, are enforcing stricter in-person attendance mandates. The Guardian reports: As of 1 January, BT is requiring its 50,000 office-based employees across the UK and several other countries to attend three days a week in what it calls a "three together, two wherever" approach. Workers at the telecoms company have been told that office entry and exit data will be used to monitor attendance. The accountancy firm PwC is also clamping down on remote working; the Spanish-owned bank Santander is formalizing attendance requirements for its 10,000 UK staff; the digital bank Starling has ordered staff back to the office more regularly; and the supermarket chain Asda has made a three-day office week compulsory for thousands of workers at its Leeds and Leicester sites. The international picture is similar. [...]

Multiple studies suggest that the future of work is flexible, with time split between the office and home or another location, in what has been called "the new normal" by the Office for National Statistics. The ONS found in its latest survey that hybrid was the standard pattern for more than a quarter (28%) of working adults in Great Britain in autumn 2024. At the same time, working entirely remotely had fallen since 2021, it found. One of the most frequently reported business reasons for hybrid working was "improved staff wellbeing," the ONS found, while those who worked from home saved an average of 56 minutes each day by dodging the commute.

UK staff have been slower to return to their desks after the pandemic than their counterparts in France, Germany, Italy, Spain and the US. London, in particular, has lagged behind other global cities including Paris and New York, according to recent research from the Centre for Cities thinktank, where workers spent on average 2.7 days a week in the office, attendance levels similar to Toronto and Sydney. It cited the cost, and average length of the commute in and around the UK capital as one of the main reasons for the trend. Despite this, there has been a "slow but steady increase in both attendance and desk use" in British offices, according to AWA, which tracked a 4% rise in attendance, from 29% to 33%, between July 2022 and September 2024. "Hybrid working is here, it's not going away," said Andrew Mawson, the founder of Advanced Workplace Associates (AWA), a workplace transformation consultancy. "Even though companies are trying to mandate, foolishly in my view, to have their people in the office on a certain number of days, the true reality of it is different."

Cornell Tech researchers have developed a portable device called SoilScanner that uses radio frequency signals and machine learning to detect lead contamination in soil. It offers a cost-effective alternative to traditional methods of testing that "generally involves either sending samples to a lab for analysis, which relies upon harsh chemicals and can be expensive, or using a portable X-ray fluorescence device," notes Phys.org. From the report: "In recent years, especially during COVID, a lot of us got excited about having our own backyard garden, or spending more time at home," said [Rajalakshmi Nandakumar, assistant professor at the Jacobs Technion-Cornell Institute at Cornell Tech] who's also a member of the Department of Information Science in the Cornell Ann S. Bowers College of Computing and Information Science. "But if you look at instructions for how to grow tomatoes, no one actually tells you that you have to check your soil for lead," she said. "It's all about pH levels. A lot of us, even though we interact very often with soils, are totally unaware of possible lead contamination."

[Yixuan Gao, a doctoral candidate in computer science] said the group was motivated by a map of lead contamination in New York City that Cheng's Urban Soils Lab (USL) had produced over the course of several years of testing for hundreds of soil samples throughout the five boroughs. The testing revealed dangerously high levels of lead in many locations, most notably in northern Brooklyn. About 45% of the soil samples tested by USL had lead levels above 400 parts per million (ppm), the previous EPA recommended screening level (revised a year ago to 200 ppm for residential soils). "This means there is a significant risk when gardening in these urban soils," Gao said. You can learn more about the device here (PDF).

An anonymous reader writes: Guillermo Rauch, CEO of Vercel, a frontend-as-a-service product, just used the company's AI site builder to come up with a new twist on CAPTCHAs, one that invites users to play the classic single-player game DOOM and killing at least three monsters. You can check it out here.

An anonymous reader quotes a report from Electrek: A new study published in the journal Renewable Energy (PDF) uses data from the state of California to demonstrate that no blackouts occurred when wind-water-solar electricity supply exceeded 100% of demand on the state's main grid for a record 98 of 116 days from late winter to early summer 2024 for an average (maximum) of 4.84 (10.1) hours per day. Compared to the same period in 2023, solar output in California is up 31%, wind power is up 8%, and batteries are up a staggering 105%. Batteries supplied up to 12% of nighttime demand by storing and redistributing excess solar energy.

And here's the kicker: California's high electricity prices aren't because of wind, water, and solar energy. (That issue is primarily caused (PDF) by utilities recovering the cost of wildfire mitigation, transmission and distribution investments, and net energy metering.) In fact, researchers from Stanford, Lawrence Berkeley National Laboratory, and the University of California, Berkeley found that states with higher shares of renewable energy tend to see lower electricity prices. The takeaway -- and the data backs it up -- is that a large grid dominated by wind, water, and solar is not only feasible, it's also reliable.

"Every single one of the top ten box office hits of 2024 was a sequel, a remake... or a prequel," writes The Hollywood Reporter.

Here's the list of 2024's top-grossing films published by the movie blog SlashFilm:

10. Beetlejuice Beetlejuice
9. Venom: The Last Dance
8. Kung Fu Panda 4
7. Godzilla x Kong: The New Empire
6. Wicked
5. Dune: Part Two
4. Moana 2
3. Despicable Me 4
2. Deadpool & Wolverine
1. Inside Out 2


2024 was the year Godzilla celebrated its 70th year as a franchise — but it wasn't the only long-running franchise. "When the Marvel Cinematic Universe went R-rated with Deadpool & Wolverine... it was literally more successful than any other R-rated movie in history," SlashFilm points out, while Venom: The Last Dance was the year's 9th highest-earner. (But several other big superhero movies flopped and "the misses outweighed the hits this year, while DC sat it out entirely as the world waits for Superman to usher in James Gunn's new DC Universe.")

They also marvel that Wicked earned $572 million after opening on the same day as Ridley Scott's Gladiator II....

But in the end SlashFilm describes 2024 as "a banner year for animation," with computer-animated movies filling four of the top ten spots (Kung Fu Panda 4, Moana 2, Despicable Me 4, and Inside Out 2). And another interesting trend? Though the world flocked to Tim Burton's first sequel to Beetlejuice after 36 years, Warner Bros. was, "at one point, pushing for Beetlejuice 2 to go directly to streaming on Max." And Disney original had the same idea for Moana 2, leading SlashFilm to conclude that 2024's box office "should be the death of the big direct-to-streaming movie." SlashFilm notes that Disney also sent several Pixar originals to Disney+ between 2020 and 2022, which "did immeasurable damage to the brand, something that even CEO Bob Iger has acknowledged." And then after a theatrical debut Pixar's Inside Out 2 became "the eighth biggest movie ever at the box office, with $1.698 billion to its name" — and the highest-grossing animated film ever made.

And Dune: Part Two? Denis Villeneuve accomplished nothing shy of a miracle with 2021's "Dune," an adaptation of Frank Herbert's cherished sci-fi novel that was faithful to the material, massive in scale, but still felt like an auteur film... The only downside? 2021 was a terrible time to release a movie, particularly a Warner Bros. movie, as all of the studio's films were going to HBO Max the same day they hit theaters. Yet, "Dune" made $400 million in its original run, which was enough to justify a sequel. Evidently, the audience for this franchise grew exponentially in the years before "Dune: Part Two" hit theaters in early March... All told, Villeneuve's sweeping, epic sequel pulled in $714.4 million worldwide, all while garnering tons of acclaim once again. Also, not for nothing, Villeneuve got it made for less than $200 million...

Without "Dune: Part Two" making what it made, the box office might have been in truly dire shape. As a relatively dead April and very weak May followed, this overperformance helped keep theaters afloat until greener pastures arrived in the back half of the year. The Spice must flow, as it were.
The Hollywood Reporter offers another take on the significance of 2024: Total domestic box office revenue appears to be heading toward around $8 billion, down from 2023's exhilarating post-COVID turnaround of $9 billion, but the National Association of Theatre Owners prefers to accentuate the positive, attributing the dip to a shortage of product due to the labor strikes and taking encouragement from the renewal of the movie habit...

Interestingly, or thankfully, the cinematic universes of Marvel, DC, and Star Wars failed to expand: except for Deadpool & Wolverine, not one of the huge hits came from a comic book franchise or a galaxy far, far away.
The article then complains about people using their phones during the movie for texting, talking, and photographing the movie itself. (Though it applauds a PSA against the practice in which Deadpool and Wolverine "delivered the message in laudably blunt terms.")

And on Wikipedia, Deadpool & Wolverine and Dune: Part Two were the eighth and 23rd most popular articles of 2024.

"Over the course of 2024, Python has proven again and again why it's one of the most popular, useful, and promising programming languages out there," writes InfoWorld: The latest version of the language pushes the envelope further for speed and power, sheds many of Python's most decrepit elements, and broadens its appeal with developers worldwide. Here's a look back at the year in Python.

In the biggest news of the year, the core Python development team took a major step toward overcoming one of Python's longstanding drawbacks: the Global Interpreter Lock or "GIL," a mechanism for managing interpreter state. The GIL prevents data corruption across threads in Python programs, but it comes at the cost of making threads nearly useless for CPU-bound work. Over the years, various attempts to remove the GIL ended in tears, as they made single-threaded Python programs drastically slower. But the most recent no-GIL project goes a long way toward fixing that issue — enough that it's been made available for regular users to try out.

The no-GIL or "free-threaded" builds are still considered experimental, so they shouldn't be deployed in production yet. The Python team wants to alleviate as much of the single-threaded performance impact as possible, along with any other concerns, before giving the no-GIL builds the full green light. It's also entirely possible these builds may never make it to full-blown production-ready status, but the early signs are encouraging.

Another forward-looking feature introduced in Python 3.13 is the experimental just-in-time compiler or JIT. It expands on previous efforts to speed up the interpreter by generating machine code for certain operations at runtime. Right now, the speedup doesn't amount to much (maybe 5% for most programs), but future versions of Python will expand the JIT's functionality where it yields real-world payoffs.
Python is now more widely used than JavaScript on GitHub (thanks partly to its role in AI and data science code).

Magnus Carlsen quit the World Rapid Chess Championship on Friday, reports CNN, "after he refused to change out of the jeans he was wearing..."

"Carlsen, the world champion from 2013 until 2023, allegedly replied, 'I'm out, f*** you,' after being informed that he would not be permitted to continue," reports the Hindustan Times.

The International Chess Federation (or FIDE) "said in a statement that Carlsen breached the tournament's dress code by wearing jeans," reports CNN: As a result, Carlsen would not have been paired for round nine, though he could have returned for the rest of the tournament had he not decided to walk away, per Chess.com. Since he had performed poorly in the earlier rounds, there was little chance that Carlsen could have defended his title regardless....

The standoff became "a matter of principle" for Carlsen, he told chess channel Take Take Take. "I haven't appealed, honestly I'm too old at this point to care too much, if this is what they want to do ... nobody wants to back down, if this is where we are, that's fine by me," he said. "I'll probably head off to somewhere where the weather is a bit nicer than here and that's it." He explained that he had been at a lunch meeting before heading to the tournament's second day and "barely had time to go the room, change, put on a shirt, jacket and honestly I didn't even think about the jeans."
Carlsen was also fined $200, according to the article. He has now also withdrawn from the World Blitz Championship which follows this tournament.

In a statement, the FIDE said their dress code and other regulations "are designed to ensure professionalism and fairness for all participants," and that the federation "remains committed to promoting chess and its values, including respect for the rules that all participants agree to follow."

The group's CEO added "Rules are applicable to all the participants, and it would be unfair towards all players who respected the dress-code, and those who were previously fined." (They added that "We gave Magnus more than enough time to change. But as he had stated himself in his interview — it became a matter of principle for him.")

CNN notes that Carlsen has already won five world rapid and seven world blitz titles in the last 10 years...

Thursday New York's governor signed new legislation "to hold polluters responsible for the damage done to our environment" by establishing a Climate Superfund that's paid for by big fossil-fuel companies.

The money will be used for "climate change adaptation," according to New York state senator Liz Krueger, who notes that the legislation follows "the polluter-pays model" used in America's already-existing federal and state superfund laws. Spread out over 25 years, the legislation collects an average of $3 billion each year — or $75 billion — "from the parties most responsible for causing the climate crisis — big oil and gas companies."

"The Climate Change Superfund Act is now law, and New York has fired a shot that will be heard round the world: the companies most responsible for the climate crisis will be held accountable," said Senator Krueger. "Too often over the last decade, courts have dismissed lawsuits against the oil and gas industry by saying that the issue of climate culpability should be decided by legislatures. Well, the Legislature of the State of New York — the 10th largest economy in the world — has accepted the invitation, and I hope we have made ourselves very clear: the planet's largest climate polluters bear a unique responsibility for creating the climate crisis, and they must pay their fair share to help regular New Yorkers deal with the consequences.

"And there's no question that those consequences are here, and they are serious," Krueger continued. "Repairing from and preparing for extreme weather caused by climate change will cost more than half a trillion dollars statewide by 2050. That's over $65,000 per household, and that's on top of the disruption, injury, and death that the climate crisis is causing in every corner of our state. The Climate Change Superfund Act is a critical piece of affordability legislation that will deliver billions of dollars every year to ease the burden on regular New Yorkers...."

Starting in the 1970s, scientists working for Exxon made "remarkably accurate projections of just how much burning fossil fuels would warm the planet." Yet for years, "the oil giant publicly cast doubt on climate science, and cautioned against any drastic move away from burning fossil fuels, the main driver of climate change."
"The oil giant Saudi Aramco of Saudi Arabia could be slapped with the largest annual assessment of any company — $640 million a year — for emitting 31,269 million tons of greenhouse gases from 2000 to 2020," notes the New York Post.

And "The law will also standardize the number of emissions tied to the fuel produced by companies," reports the Times Union newspaper. "[F]or every 1 million pounds of coal, for example, the program assigns over 942 metric tons of carbon dioxide. For every 1 million barrels of crude oil, an entity is considered to have produced 432,180 metric tons of carbon dioxide." Among the infrastructure programs the superfund program aims to pay for: coastal wetlands restoration, energy efficient cooling systems in buildings, including schools and new housing developments, and stormwater drainage upgrades.
New York is now the second U.S. state with a "climate Superfund" law, according to Bloomberg Law, with New York following the lead of Vermont. "Maryland, Massachusetts, and California are also considering climate Superfund laws to manage mounting infrastructure costs." The American Petroleum Institute, which represents about 600 members of the industry, condemned the law. "This type of legislation represents nothing more than a punitive new fee on American energy, and we are evaluating our options moving forward," an API spokesperson said in an emailed statement... The bills — modeled after the federal Comprehensive Environmental Response, Compensation, and Liability Act, known as Superfund — would almost certainly spur swift litigation from fossil fuel companies upon enactment, legal educators say.