This week Google's Open Source Security Team announced "a new project to strengthen trust in open source package ecosystems" — by reproducing upstream artifacts.

It includes automation to derive declarative build definitions, new "build observability and verification tools" for security teams, and even "infrastructure definitions" to help organizations rebuild, sign, and distribute provenance by running their own OSS Rebuild instances. (And as part of the initiative, the team also published SLSA Provenance attestations "for thousands of packages across our supported ecosystems.") Our aim with OSS Rebuild is to empower the security community to deeply understand and control their supply chains by making package consumption as transparent as using a source repository. Our rebuild platform unlocks this transparency by utilizing a declarative build process, build instrumentation, and network monitoring capabilities which, within the SLSA Build framework, produces fine-grained, durable, trustworthy security metadata. Building on the hosted infrastructure model that we pioneered with OSS Fuzz for memory issue detection, OSS Rebuild similarly seeks to use hosted resources to address security challenges in open source, this time aimed at securing the software supply chain... We are committed to bringing supply chain transparency and security to all open source software development. Our initial support for the PyPI (Python), npm (JS/TS), and Crates.io (Rust) package registries — providing rebuild provenance for many of their most popular packages — is just the beginning of our journey...

OSS Rebuild helps detect several classes of supply chain compromise:

- Unsubmitted Source Code: When published packages contain code not present in the public source repository, OSS Rebuild will not attest to the artifact.

- Build Environment Compromise: By creating standardized, minimal build environments with comprehensive monitoring, OSS Rebuild can detect suspicious build activity or avoid exposure to compromised components altogether.

- Stealthy Backdoors: Even sophisticated backdoors like xz often exhibit anomalous behavioral patterns during builds. OSS Rebuild's dynamic analysis capabilities can detect unusual execution paths or suspicious operations that are otherwise impractical to identify through manual review.


For enterprises and security professionals, OSS Rebuild can...

— Enhance metadata without changing registries by enriching data for upstream packages. No need to maintain custom registries or migrate to a new package ecosystem.

— Augment SBOMs by adding detailed build observability information to existing Software Bills of Materials, creating a more complete security picture...

- Accelerate vulnerability response by providing a path to vendor, patch, and re-host upstream packages using our verifiable build definitions...


The easiest (but not only!) way to access OSS Rebuild attestations is to use the provided Go-based command-line interface.
"With OSS Rebuild's existing automation for PyPI, npm, and Crates.io, most packages obtain protection effortlessly without user or maintainer intervention."

Liquefied CO2 will be transported by ship to "the world's first carbon shipping port," reports the Washington Post — an island in the North Sea where it will be "buried in a layer of spongy rock a mile and a half beneath the seabed."

Norway's government is covering 80% of the $1 billion first phase, with another $714 million from three fossil fuel companies toward an ongoing expansion (with an additional $150 million E.U. subsidy). As Europe's top oil and gas producer, Norway is using its fossil fuel income to see if they can make "carbon dumping" work. The world's first carbon shipment arrived this summer, carrying 7,500 metric tons of liquefied CO2 from a Norwegian cement factory that otherwise would have gone into the atmosphere... If all goes as planned, the project's backers — Shell, Equinor and TotalEnergies, along with Norway — say their facility could pump 5 million metric tons of carbon dioxide underground each year, or about a tenth of Norway's annual emissions...

[At the Heidelberg Materials cement factory in Brevik, Norway], when hot CO2-laden air comes rushing out of the cement kilns, the plant uses seawater from the neighboring fjord to cool it down. The cool air goes into a chamber where it gets sprayed with amine, a chemical that latches onto CO2 at low temperatures. The amine mist settles to the bottom, dragging carbon dioxide down with it. The rest of the air floats out of the smokestack with about 85 percent less CO2 in it, according to project manager Anders Pettersen. Later, Heidelberg Materials uses waste heat from the kilns to break the chemical bonds, so that the amine releases the carbon dioxide. The pure CO2 then goes into a compressor that resembles a giant steel heart, where it gets denser and colder until it finally becomes liquid. That liquid CO2 remains in storage tanks until a ship comes to carry it away. At best, operators expect this system to capture half the plant's CO2 emissions: 400,000 metric tons per year, or the equivalent of about 93,000 cars on the road...

[T]hree other companies are lined up to follow: Ørsted, which will send CO2 from two bioenergy plants in Denmark; Yara, which will send carbon from a Dutch fertilizer factory; and Stockholm Exergi, which will capture carbon from a Swedish bioenergy plant that burns wood waste. All of these projects have gotten significant subsidies from national governments and the European Union — essentially de-risking the experiment for the companies. Experts say the costs and headaches of installing and running carbon-capture equipment may start to make more financial sense as European carbon rules get stricter and the cost of emitting a ton of carbon dioxide goes up. Still, they say, it's hard to imagine many companies deciding to invest in carbon capture without serious subsidies...

The first shipments are being transported by Northern Pioneer, the world's biggest carbon dioxide tanker ship, built specifically for this project. The 430-foot ship can hold 7,500 metric tons of CO2 in tanks below deck. Those tanks keep it in a liquid state by cooling it to minus-15 degrees Fahrenheit and squeezing it with the same pressure the outside of a submarine would feel 500 feet below the waves. While that may sound extreme, consider that the liquid natural gas the ship uses for fuel has to be stored at minus-260 degrees. "CO2 isn't difficult to make it into a liquid," said Sally Benson, professor of energy science and engineering at Stanford University. Northern Pioneer is designed to emit about a third less carbon dioxide than a regular ship — key for a project that aims to eliminate carbon emissions. The ship burns natural gas, which emits less CO2 than marine diesel produces (though gas extraction is associated with methane leaks). The vessel uses a rotor sail to capture wind power. And it blows a constant stream of air bubbles to reduce friction as the hull cuts through the water, allowing it to burn less fuel. For every 100 tons of CO2 that Northern Lights pumps underground, it expects to emit three tons of CO2 into the atmosphere, mainly by burning fuel for shipping.
Eventually the carbon flows into a pipeline "that plunges through the North Sea and into the rocky layers below it — an engineering feat that's a bit like drilling for oil in reverse..." according to the article.

"Over the centuries, it should chemically react with the rock, eventually being locked away in minerals."

"Google has signed its first partnership with a long-duration energy storage company," reports Data Center Dynamics. "The tech giant signed a long-term partnership with Energy Dome to support multiple commercial deployments worldwide to help scale the company's CO2 battery technology."

Google explains in a blog post that the company's technology "can store excess clean energy and then dispatch it back to the grid for 8-24 hours, bridging the gap between when renewable energy is generated and when it is needed." Reuters explains the technology: Energy Dome's CO2-based system stores energy by compressing and liquefying carbon dioxide, which is later expanded to generate electricity. The technology avoids the use of scarce raw materials such as lithium and copper, making it potentially attractive to European policymakers seeking to reduce reliance on critical minerals and bolster energy security.
"Unlike other gases, CO2 can be compressed at ambient temperatures, eliminating the need for expensive cryogenic features," notes CleanTechnica, calling this "a unique new threat to fossil fuel power plants." Google's move "means that more wind and solar energy than ever before can be put to use in local grids." Pumped storage hydropower still accounts for more than 90% of utility scale storage in the US, long duration or otherwise... Energy Dome claims to beat lithium-ion batteries by a wide margin, currently aiming for a duration of 8-24 hours. The company aims to hit the 10-hour mark with its first project in the U.S., the "Columbia Energy Storage Project" under the wing of the gas and electricity supplier Alliant Energy to be located in Pacific, Wisconsin... [B]ut apparently Google has already seen more than enough. An Energy Dome demonstration project has been shooting electricity into the grid in Italy for more than three years, and the company recently launched a new 20-megawatt commercial plant in Sardinia.
Google points out this is one of several Google clean energy initiatives :

• In June Google signed the largest direct corporate offtake agreement for fusion energy with Commonwealth Fusion Systems.

• In October Google agreed to purchase "advanced nuclear" power from multiple small modular reactors being developed by Kairos Power.

• Google also partnered with a clean-energy startup to develop a geothermal power project that contributes carbon-free energy to the electric grid.

An anonymous reader quotes a report from Ars Technica: Two recent incidents involving AI coding assistants put a spotlight on risks in the emerging field of "vibe coding" -- using natural language to generate and execute code through AI models without paying close attention to how the code works under the hood. In one case, Google's Gemini CLI destroyed user files while attempting to reorganize them. In another, Replit's AI coding service deleted a production database despite explicit instructions not to modify code. The Gemini CLI incident unfolded when a product manager experimenting with Google's command-line tool watched the AI model execute file operations that destroyed data while attempting to reorganize folders. The destruction occurred through a series of move commands targeting a directory that never existed. "I have failed you completely and catastrophically," Gemini CLI output stated. "My review of the commands confirms my gross incompetence."

The core issue appears to be what researchers call "confabulation" or "hallucination" -- when AI models generate plausible-sounding but false information. In these cases, both models confabulated successful operations and built subsequent actions on those false premises. However, the two incidents manifested this problem in distinctly different ways. [...] The user in the Gemini CLI incident, who goes by "anuraag" online and identified themselves as a product manager experimenting with vibe coding, asked Gemini to perform what seemed like a simple task: rename a folder and reorganize some files. Instead, the AI model incorrectly interpreted the structure of the file system and proceeded to execute commands based on that flawed analysis. [...] When you move a file to a non-existent directory in Windows, it renames the file to the destination name instead of moving it. Each subsequent move command executed by the AI model overwrote the previous file, ultimately destroying the data. [...]

The Gemini CLI failure happened just days after a similar incident with Replit, an AI coding service that allows users to create software using natural language prompts. According to The Register, SaaStr founder Jason Lemkin reported that Replit's AI model deleted his production database despite explicit instructions not to change any code without permission. Lemkin had spent several days building a prototype with Replit, accumulating over $600 in charges beyond his monthly subscription. "I spent the other [day] deep in vibe coding on Replit for the first time -- and I built a prototype in just a few hours that was pretty, pretty cool," Lemkin wrote in a July 12 blog post. But unlike the Gemini incident where the AI model confabulated phantom directories, Replit's failures took a different form. According to Lemkin, the AI began fabricating data to hide its errors. His initial enthusiasm deteriorated when Replit generated incorrect outputs and produced fake data and false test results instead of proper error messages. "It kept covering up bugs and issues by creating fake data, fake reports, and worse of all, lying about our unit test," Lemkin wrote. In a video posted to LinkedIn, Lemkin detailed how Replit created a database filled with 4,000 fictional people.

The AI model also repeatedly violated explicit safety instructions. Lemkin had implemented a "code and action freeze" to prevent changes to production systems, but the AI model ignored these directives. The situation escalated when the Replit AI model deleted his database containing 1,206 executive records and data on nearly 1,200 companies. When prompted to rate the severity of its actions on a 100-point scale, Replit's output read: "Severity: 95/100. This is an extreme violation of trust and professional standards." When questioned about its actions, the AI agent admitted to "panicking in response to empty queries" and running unauthorized commands -- suggesting it may have deleted the database while attempting to "fix" what it perceived as a problem. Like Gemini CLI, Replit's system initially indicated it couldn't restore the deleted data -- information that proved incorrect when Lemkin discovered the rollback feature did work after all. "Replit assured me it's ... rollback did not support database rollbacks. It said it was impossible in this case, that it had destroyed all database versions. It turns out Replit was wrong, and the rollback did work. JFC," Lemkin wrote in an X post.

At least 759 US hospitals experienced network disruptions during the CrowdStrike outage on July 19, 2024, with more than 200 suffering outages that directly affected patient care services, according to a study published in JAMA Network Open by UC San Diego researchers. The researchers detected disruptions across 34% of the 2,232 hospital networks they scanned, finding outages in health records systems, fetal monitoring equipment, medical imaging storage, and patient transfer platforms.

Most services recovered within six hours, though some remained offline for more than 48 hours. CrowdStrike dismissed the study as "junk science," arguing the researchers failed to verify whether affected networks actually ran CrowdStrike software. The researchers defended their methodology, noting they could scan only about one-third of America's hospitals, suggesting the actual impact may have been significantly larger.

Sir Keir Starmer's government is seeking a way out of a clash with the Trump administration over the UK's demand that Apple provide it with access to secure customer data, Financial Times reported Monday, citing two officials. From the report: The officials both said the Home Office, which ordered the tech giant in January to grant access to its most secure cloud storage system, would probably have to retreat in the face of pressure from senior leaders in Washington, including Vice President JD Vance.

"This is something that the vice president is very annoyed about and which needs to be resolved," said an official in the UK's technology department. "The Home Office is basically going to have to back down." Both officials said the UK decision to force Apple to break its end-to-end encryption -- which has been raised multiple times by top officials in Donald Trump's administration -- could impede technology agreements with the US.

Seagate has released its first heat-assisted magnetic recording hard drives for individual buyers, marking the commercial debut of technology the company has developed for more than two decades. The 30TB IronWolf Pro and Exos M drives cost $600, while 28TB models are priced at $570.

The drives use HAMR technology, which uses tiny lasers to heat and expand drive platter sections within nanoseconds to write data at higher densities. Seagate announced delivery of HAMR drives up to 36TB to datacenter customers in late 2024. The consumer models use conventional magnetic recording technology and are built on Seagate's Mosaic 3+ platform, achieving areal densities of 3TB per disk.

Western Digital plans to release its first HAMR drives in 2027, though it has reached 32TB capacity using shingled magnetic recording. Toshiba will sample HAMR drives for testing in 2025 but has not announced public availability dates.

Brian Witten, VP/CSO of automotive technology supplier Aptiv, warns that "While seven to 10 years may sound like a long way off, preparation for quantum threats must begin now, not once they have already materialized." Organizations need time to implement post-quantum cryptography (PQC) transition plans methodically — and that applies both to anyone with an IT infrastructure and to anyone building software-defined systems. "Current encryption, such as RSA and ECC [elliptic curve cryptography], will become obsolete once quantum computing matures," said Cigent cofounder John Benkert. "Management often assumes cybersecurity threats are only present-day problems. But this is a future-proofing issue — especially relevant for industries dealing with sensitive, long-lifespan data, like healthcare, finance or government." Remediation requires long-term planning. Organizations that wait until quantum computers have broken encryption to address the threat will find that it is too late.
Start by building an inventory of what needs to change, Witten recommends. (Fortunately, "It's a matter of using newer and different chips and algorithms, not necessarily more expensive components," he writes, also suggesting requests for proposals "should ask vendors to include a PQC update plan.")

Firmware will also need quantum-resistant digital signatures. ("Broken authentication lets bad things happen. Someone could remotely take over a vehicle, for instance, or send malicious code for autonomous execution later, even after the vehicle has gone offline.") And remember that post-quantum key sizes are larger, requiring more storage space. "In some cases, digitally signed messages with security information could triple in size, which could impact storage and bandwidth."

Thanks to Esther Schindler (Slashdot reader #16,185) for sharing the article.

"GParted Live is a Linux distro with a focused purpose," writes Slashdot reader BrianFagioli. "It exists solely to give users a simple and effective way to manage disk partitions. Whether you're resizing drives, prepping for dual boot, or recovering data, this live operating system has you covered."

But "The 1.7.0 release brings a few key changes, starting with the end of 32-bit support." If you're still using old hardware, you're officially out of luck. This decision follows Debian's move to drop i386 kernel packages from its Sid repository. Because GParted Live is built on Debian Sid, it now ships only in 64-bit (amd64) versions.

This release also includes GParted 1.7.0 along with an updated Linux kernel, version 6.12.37. Another important tweak is the addition of a mechanism that helps avoid random ordering of block devices at boot. That change can prevent users from selecting the wrong disk by mistake, especially in systems with multiple drives.

HGP Storage is a (real) Texas company providing distributed battery-based, utility-scale energy storage systems. Founded in 2013, it has "successfully developed over 20+ sites and closed over 200 MW of distributed energy projects," according to its web site.

And they just teamed up with Enron, reports the Houston Chronicle: The company that took over the defunct Enron brand, led by a "Birds Aren't Real" cofounder [28-year-old Connor Gaydos], held a mostly satirical quarterly earnings call Thursday afternoon but gave updates to an application to become a legitimate Texas energy provider... DJ Withee, chief operating officer and legal counsel at HGP Storage, a company developing utility-scale battery storage farms, was introduced as Enron's vice president of energy service. Withee said he was brought on by Gaydos to set up the customer-facing energy services business.

Enron Energy Texas LLC, a subsidiary of Enron, filed to become a Texas retail electric provider in January. Gaining this designation would allow Enron to sell electricity plans to Texas consumers. "Our business model is actually going to be very simple," Withee said. "We buy wholesale electricity, just like everybody else, but because of our efficiency, because of our use of technology, we are going to have lower costs than our competitors. Lower costs means greater savings that we can pass back to our customers...." According to Withee, Enron's goal is to provide energy at a competitive lower cost that will not only make energy more accessible but also push other Texas retail companies to drop their own prices...

Enron's filing in January included sworn and notarized affidavits from a man named Gregory Forero, who was identified in the documents as vice president of Enron Texas Energy LLC. Forero is the founder and CEO of HGP Storage.
"Forero, who signed his name to three sworn affidavits attesting to the accuracy of the application, could risk perjury charges if the statements of intention to start a legitimate retail electric company are found to be false, according to the Texas Penal Code..."

But does this replace Enron's plan to sell egg-shaped home nuclear reactors?

In June 2025, solar power became the leading source of electricity in the EU for the first time, surpassing nuclear and wind, while coal hit a record low. CBC reports: Solar generated 22.1 percent of the EU's electricity last month, up from 18.9 percent a year earlier, as record sunshine and continued solar installations pushed output to 45.4 terawatt hours. Nuclear followed closely at 21.8 percent and wind contributed 15.8 percent of the mix. At least 13 EU countries, including Germany, Spain and the Netherlands, recorded highest-ever monthly solar generation, [data from energy think tank Ember showed on Thursday.]

Coal's share of the EU electricity mix fell to a record low of 6.1 percent in June, compared to 8.8 percent last year, with 28 percent less electricity generated than a year earlier. Germany and Poland, which together generated nearly 80 percent of the 27-country bloc's coal-fired electricity in June, also saw record monthly lows. Coal accounted for 12.4 per cent of Germany's electricity mix and 42.9 percent of Poland's. Spain, nearing a full phase-out of coal, generated just 0.6 per cent of its electricity from coal in the same period.

Wind power also set new records in May and June, rebounding after poor wind conditions resulted in a weak start to the year. But despite record solar and wind output in June, fossil fuel usage in the first half of 2025 grew 13 percent from last year, driven by a 19 percent increase in gas generation to offset weak hydro and wind output earlier in the year. Electricity demand in the EU rose 2.2 percent in the first half of the year, with five of the first six months showing year-on-year increases. The next challenge for Europe's power system is to expand battery storage and grid flexibility to reduce its reliance on fossil fuels during non-solar hours, Ember said in the report.

The UK police plan to spend up to 75 million pounds ($102 million) to digitize their vast archive of VHS tapes, aiming to preserve evidence by converting analog media into digital files integrated with evidence management systems. The procurement includes both in-house solutions and outsourced services, with additional funding earmarked for converting other legacy formats like microfiche and DVDs. The Register reports: According to a tender notice published last week, Bluelight Commercial - a not-for-profit buyer that acts on behalf of the emergency services - says the police force requires either in-house technology or outsourced services to convert the arcane magnetic tape format to digital storage. The notice, which sets out procurement plans, says the framework agreement will help forces with the "conversion of analog media to digital records, including metadata for integration with a digital evidence management system."

In the first lot of the framework, Bluelight asks for in-house VHS media digitization software, hardware, and training to "enable a Police Force to convert VHS tapes to digital files." This chunk of the arrangement could be worth 50 million pounds ($68 million) for four years, excluding VAT. The second lot asks for outsourced VHS media digitization "for the provision of conversion services delivered completely by a third party with electronic files being returned securely to the customer force." The output is also set to be ingested by a digital evidence management solution. It could be worth up to 25 million pounds ($34 million) over the same period. In addition, Bluelight Commercial is looking for a provider to help with more niche media digitization, including converting microfiche, CD, DVDs to an electronic file format, in an arrangement which could be worth a total of up to 25 million pounds ($34 million).

Arizona has activated one of its largest grid battery storage projects to help meet peak summer energy demand. Electrek reports: Recurrent Energy, a subsidiary of Canadian Solar, just brought its 1,200 MWh Papago Storage facility in Maricopa County into commercial operation. The big grid battery is now supplying stored electricity to Arizona Public Service (APS), the state's largest utility, in time for peak air-conditioning season. Papago is the first of three Recurrent projects with APS. Together, they'll provide 1,800 MWh of storage and 150 MW of solar power. That's enough to run about 72,000 homes for four hours and provide year-round solar for another 24,000 homes.

"Tesla has launched its new Oasis Supercharger," reports Electrek, "the long-promised EV charging station of the future, with a solar farm and off-grid batteries." Early in the deployment of the Supercharger network, Tesla promised to add solar arrays and batteries to the Supercharger stations, and CEO Elon Musk even said that most stations would be able to operate off-grid... Last year, Tesla announced a new project called 'Oasis', which consists of a new model Supercharger station with a solar farm and battery storage enabling off-grid operations in Lost Hills, California.

Tesla has now unveiled the project and turned on most of the Supercharger stalls. The project consists of 168 chargers, with half of them currently operational, making it one of the largest Supercharger stations in the world. However, that's not even the most notable aspect of it. The station is equipped with 11 MW of ground-mounted solar panels and canopies, spanning 30 acres of land, and 10 Tesla Megapacks with a total energy storage capacity of 39 MWh. It can be operated off-grid, which is the case right now, according to Tesla.

With off-grid operations, Tesla was about to bring 84 stalls online just in time for the Fourth of July travel weekend. The rest of the stalls and a lounge are going to open later this year.
The article makes that point that "This is what charging stations should be like: fully powered by renewable energy."

An anonymous reader shares a report: Lorde [a popular New Zealand singer and songwriter] fans are clearly struggling to play the CD version of her new album. Customers who purchased the special edition of Virgin released on a transparent plastic disc are reporting on Reddit and TikTok that many CD players, car stereos, and other sound systems they've tried are unable to play it.

Apple has filed (PDF) a lawsuit against former Vision Pro engineer Di Liu, accusing him of stealing thousands of confidential files related to his work on Apple's augmented reality headset for the benefit of his new employer Snap. The company alleges Liu misled colleagues about his departure, secretly accepted a job offer from Snap, and attempted to cover his tracks by deleting files -- actions Apple claims violated his confidentiality agreement. The Register reports: Liu secretly received a job offer from Snap on October 18, 2024, a role the complaint describes as "substantially similar" to his Apple position, meaning Liu waited nearly two weeks to resign from Apple, per the lawsuit. "Even then, he did not disclose he was leaving for Snap," the suit said. "Apple would not have allowed Mr. Liu continued access had he told the truth." Liu allegedly copied "more than a dozen folders containing thousands of files" from Apple's filesystem to a personal cloud storage account, dropping the stolen bits in a pair of nested folders with the amazingly nondescript names "Personal" and "Knowledge."

Apple said that data Liu copied includes "filenames containing confidential Apple product code names" and files "marked as Apple confidential." Company research, product design, and supply chain management documents were among the content Liu is accused of stealing. The complaint also alleges that Liu deleted files to conceal his activities, a move that may hinder Apple's ability to determine the full scope of the data he exfiltrated. "Mr. Liu additionally took actions to conceal his theft, including deceiving Apple about his job at Snap, and deleting files from his Apple-issued computer that might have let Apple determine what data Mr. Liu stole," the complaint noted.

Whatever he has, Apple wants it back. The company demands a jury trial on a single count of breach of contract under a confidentiality and intellectual property agreement Liu was bound to. It also asks the court to compel Liu to return all misappropriated data, award damages to be determined at trial, and reimburse Apple's costs and attorneys' fees.

Tech enthusiast Matt Cole has created a comprehensive MicroSD card testing database, writing over 18 petabytes of data across nearly 200 cards since July 2023. Cole's "Great MicroSD Card Survey" uses eight machines running 70 card readers around the clock, writing 101 terabytes daily to test authenticity, performance, and endurance.

The 15,000-word report covering over 200 different cards reveals significant quality disparities. Name-brand cards purchased from Amazon performed markedly better than identical models from AliExpress, while cards with "fake flash" -- inflated capacity ratings -- performed significantly worse than authentic storage. Sandisk and Kingston cards averaged 4,634 and 3,555 read/write cycles before first error, respectively, while Lenovo cards averaged just 291 cycles. Some off-brand cards failed after only 27 cycles. Cole tested 51 cards to complete destruction during the endurance testing phase.

Psylo, a new privacy-focused iOS browser by Mysk, aims to defeat digital fingerprinting by isolating each browser tab with its own IP address, unique fingerprinting defenses, and proxy-based encryption. "Psylo stands out as it is the only WebKit-based iOS browser that truly isolates tabs," Tommy Mysk told The Register. "It's not only about separate storage and cookies. Psylo goes beyond that."

"This is why we call tabs 'silos.' It applies unique anti-fingerprinting measures per silo, such as canvas randomization. This way two Psylo tabs opening the same website would appear as though they originated on two different devices to the opened website." From the report: The company claims Psylo therefore offers better privacy than a VPN because the virtual networks mask the user's IP address but generally don't alter the data used for fingerprinting. Psylo, for example, will adjust the browser's time zone and browser language to match the geolocation of each proxy, resulting in more entropy that means fingerprints created by gathering data from silos will appear to be different.

The Mysk devs' post states that some privacy-focused browsers like Brave also implement anti-fingerprinting measures like canvas randomization, but those are more effective on the desktop macOS app due to Apple's iOS restrictions. They claim that they were able to achieve better results on iOS by using a client-side JavaScript solution. Mysk designed Psylo to minimize the information available to its maker. It doesn't log personally identifiable information or browsing data that the curious could use to identify the user, the company claims, noting that it also doesn't have customer payment information, which is handled by Apple. There are no user accounts, only randomized identifiers to indicate active subscriptions. According to Tommy Mysk, the only subscriber data kept is bandwidth usage, which is necessary to prevent abuse.

"We aggregate bandwidth usage based on a randomly generated ID that is created when a subscription is made," Mysk said. "The randomly generated ID is associated with the Apple subscription transaction. Apple doesn't share the identity of users making App Store purchases with developers." Asked whether Apple could identify users, Mysk said, "Theoretically and given a court order, Apple can figure out the randomly generated ID of the user in question. If we were to hand out the data associated with the randomly generated ID, it would only be the bandwidth usage of that user in the current month, and two months in the past. Older data is automatically deleted. "We don't associate any identifiable information with the randomly generated ID. We don't store IP addresses at all in every component of our system. We don't store websites visited by our users at all." The browser is only available on iOS and iPadOS, but Mysk says an Android version could be developed if there's enough interest. It costs $9.99 per month or $99 per year in the U.S.

Microsoft has released a modern, open-source version of its classic MS-DOS Editor -- built with Rust and compatible with Windows, macOS, and Linux. It's now simple called "Edit." Ars Technica reports: Aside from ease of use, Microsoft's main reason for creating the new version of Edit stems from a peculiar gap in modern Windows. "What motivated us to build Edit was the need for a default CLI text editor in 64-bit versions of Windows," writes [Christopher Nguyen, a product manager on Microsoft's Windows Terminal team] while referring to the command-line interface, or CLI. "32-bit versions of Windows ship with the MS-DOS editor, but 64-bit versions do not have a CLI editor installed inbox." [...]

Linux users can download Edit from the project's GitHub releases page or install it through an unofficial snap package. Oh, and if you're a fan of the vintage editor and crave a 16-bit text-mode for your retro machine that actually runs MS-DOS, you can download a copy on the Internet Archive. [...]

At 250KB, the new Edit maintains the lightweight philosophy of its predecessor while adding features the original couldn't dream of: Unicode support, regular expressions, and the ability to handle gigabyte-sized files. The original editor was limited to files smaller than 300KB depending on available conventional memory -- a constraint that seems quaint in an era of terabyte storage. But the web publication OMG! Ubuntu found that the modern Edit not only "works great on Ubuntu" but noted its speed when handling gigabyte-sized documents.

Western Digital has succeeded in having the sum it owed from a patent infringement case reduced from $553 million down to just $1 in post-trial motions, when the judge found the plaintiff's claims had shifted during the course of the litigation. From a report: The storage biz was held by a California jury to have infringed on data encryption patents owned by SPEX Technologies Inc in October, relating to several of its self-encrypting hard drive products.

WD was initially told to pay $316 million in damages, but District Judge James Selna ruled the company owed a further $237 million in interest charges earlier this year, bringing the total to more than half a billion dollars. In February, WD was given a week to file a bond or stump up the entire damages payment. Selna granted Western Digital's post-trial motion to reduce damages, writing that "SPEX's damages theory changed as certain evidence and theories became unavailable" and there was "insufficient evidence from which the Court could determine a reasonable royalty."