Active since 1995, the Comprehensive Perl Archive Network (or CPAN) hosts 221,742 Perl modules written by 14,548 authors. This week they announced that the CPAN Security Group "was authorized by the CVE Program as a CVE Numbering Authority (CNA)" to assign and manage CVE vulnerability identifications for Perl and CPAN Modules.

"This is great news!" posted Linux kernel maintainer Greg Kroah-Hartman on social media, saying the announcement came "Just in time for my talk about this very topic in a few weeks about how all open source projects should be doing this" at the Linux Foundation Member Summit in Napa, California. And Curl creator Daniel Stenberg posted "I'm with Greg Kroah-Hartman on this: all Open Source projects should become CNAs. Or team up with others to do it." (Also posting "Agreed" to the suggestion was Seth Larson, the Python Software Foundation's security developer-in-residence involved in their successful effort to become a CNA in 2023.)

444 CNAs have now partnered with the CVE Program, according to their official web site. The announcement from PerlMonks.org: Years ago, a few people decided during the Perl Toolchain Summit (PTS) that it would be a good idea to join forces, ideas and knowledge and start a group to monitor vulnerabilities in the complete Perl ecosystem from core to the smallest CPAN release. The goal was to follow legislation and CVE reports, and help authors in taking actions on not being vulnerable anymore. That group has grown stable over the past years and is now known as CPANSec.

The group has several focus areas, and one of them is channeling CVE vulnerability issues. In that specific goal, a milestone has been reached: CPANSec has just been authorized as a CVE Numbering Authority (CNA) for Perl and modules on CPAN

The Ninth Circuit Court of Appeals is set to review a California district court's ruling in Neo4j v. PureThink, which upheld Neo4j's right to modify the GNU AGPLv3 with additional binding terms. If the appellate court affirms this decision, it could set a precedent allowing licensors to impose unremovable restrictions on open-source software, potentially undermining the enforceability of GPL-based licenses and threatening the integrity of the open-source ecosystem. The Register reports: The GNU AGPLv3 is a free and open source software (FOSS) license largely based on the GNU GPLv3, both of which are published by the Free Software Foundation (FSF). Neo4j provided database software under the AGPLv3, then tweaked the license, leading to legal battles over forks of the software. The AGPLv3 includes language that says any added restrictions or requirements are removable, meaning someone could just file off Neo4j's changes to the usage and distribution license, reverting it back to the standard AGPLv3, which the biz has argued and successfully fought against in that California district court.

Now the matter, the validity of that modified FOSS license, is before an appeals court in the USA. "I don't think the community realizes that if the Ninth Circuit upholds the lower court's ruling, it won't just kill GPLv3," PureThink's John Mark Suhy told The Register. "It will create a dangerous legal precedent that could be used to undermine all open-source licenses, allowing licensors to impose unexpected restrictions and fundamentally eroding the trust that makes open source possible."

Perhaps equally concerning is the fact that Suhy, founder and CTO of PureThink and iGov (the two firms sued by Neo4j), and presently CTO of IT consultancy Greystones Group, is defending GPL licenses on his own, pro se, without the help of the FSF, founded by Richard Stallman, creator of the GNU General Public License. "I'm actually doing everything pro se because I used up all my savings to fight it in the lower court," said Suhy. "I'm surprised the Free Software Foundation didn't care too much about it. They always had an excuse about not having the money for it. Luckily the Software Freedom Conservancy came in and helped out there."

Mozilla has denied allegations that its new Firefox browser terms of service allow it to harvest user data for artificial intelligence training, following widespread criticism of the recently updated policy language. The controversy erupted after Firefox introduced terms that grant Mozilla "a nonexclusive, royalty-free, worldwide license to use that information" when users upload content through the browser, prompting competitor Brave Software's CEO Brendan Eich to suggest a business pivot toward data monetization.

"These changes are not driven by a desire by Mozilla to use people's data for AI or sell it to advertisers," Mozilla spokesperson Kenya Friend-Daniel told TechCrunch. "Our ability to use data is still limited by what we disclose in the Privacy Notice." The company clarified that its AI features operate locally on users' devices and don't send content data to Mozilla. Any data shared with advertisers is provided only on a "de-identified or aggregated basis," according to the spokesperson. Mozilla explained it used specific legal terms -- "nonexclusive," "royalty-free," and "worldwide" -- because Firefox is free, available globally, and allows users to maintain control of their own data.

President Trump has directly criticized the UK government's approach to encryption, comparing recent actions to those of China. Speaking to The Spectator, Trump said he confronted UK Prime Minister Keir Starmer about the Home Office's request for "backdoor access" to encrypted iCloud data, which led Apple to remove its Advanced Data Protection feature from British services entirely.

"We told them you can't do this... That's incredible. That's something, you know, that you hear about with China," Trump said after his meeting with Starmer. The remarks come as the Trump administration has directed Treasury and Commerce officials to examine UK tech regulations, including the Online Safety Act, for potential free speech violations and discrimination against US companies.

UPDATE (3/1/2025): "We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla explained Wednesday in a clarification a recent Terms of Use update. "Without it, we couldn't use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

But Friday they went further, and revised those new Terms of Use "to more clearly reflect the limited scope of how Mozilla interacts with user data," according to a Mozilla blog post. ("You give Mozilla the rights necessary to operate Firefox... This does not give Mozilla any ownership in that content.")

Slashdot's original post below...

New submitter SharkByte writes: Mozilla just updated its Terms of Use and Privacy Policy for Firefox with a very disturbing "You Give Mozilla Certain Rights and Permissions" clause:

H/T to reader agristin as well, who also wrote about this.

Citigroup credited a client's account with $81 trillion when it meant to send only $280, an error that could hinder the bank's attempt to persuade regulators that it has fixed long-standing operational issues. Financial Times: The erroneous internal transfer, which occurred last April and has not been previously reported, was missed by both a payments employee and a second official assigned to check the transaction before it was approved to be processed at the start of business the following day.

A third employee detected a problem with the bank's account balances, catching the payment 90 minutes after it was posted. The payment was reversed several hours later, according to an internal account of the event seen by the Financial Times and two people familiar with the event. No funds left Citi, which disclosed the "near miss" to the Federal Reserve and Office of the Comptroller of the Currency, according to another person with knowledge of the matter.

Blue Origin on Thursday announced the crew for its next mission. "The crew most notably includes popstar Katy Perry and broadcast journalist Gayle King. They will be joined by two scientists -- Aisha Bowe and Amanda Nguyen -- as well as Jeff Bezos' fiancee, TV personality Lauren Sanchez and film producer Kerianne Flynn," reports TechCrunch. From the report: Blue Origin says this marks the first all-female space crew since Soviet astronaut Valentina Tereshkova's 1963 solo mission, which made her the first woman ever to go to space. For the company's New Shepard rocket, this is its 31st trip to space, and its 11th with a crew. This journey is expected to last around 10 to 12 minutes; and if you're willing to drop a $150,000 deposit, you too can reserve a future spot on a short space jaunt.

EA has released the source code for several classic Command & Conquer games, including Tiberian Dawn, Red Alert, Renegade, and Generals & Zero Hour. "They're being released under the GPL license, meaning folks can mix, match, and redistribute them to their hearts' content without EA lawyers smashing down the door," adds PC Gamer. Additionally, Steam Workshop support has been added for multiple C&C titles, along with updated mission editor tools and a modding support pack. From the report: As for the Steam Workshop? That's getting switched on for C&C Renegade, C&C Generals and Zero Hour, C&C 3 Tiberium Wars and Kane's Wrath, and C&C 4 Tiberium Twilight (they can't all be winners). EA's also gone and "updated all the Mission Editor and World Builder tools so you can publish maps directly to the Steam Workshop." Plus, it's putting out a modding support pack that "contains the source Xml, Schema, Script, Shader and Map files for all the games that use the SAGE engine."

Per C&C producer Jim Vessella, EA commissioned C&C community veteran Luke 'CCHyper' Feenan to officially research improvements to many of the games in the Ultimate Collection," and this is the fruit of his labor.

More than 100,000 seeds from across Africa have been deposited in the Svalbard Global Seed Vault, the world's repository for specimens intended to preserve crop diversity in the event of disaster. From a report: Among the latest additions are seeds critical to building climate resilience, such as the tree Faidherbia albida, which turns nitrogen into ammonia and nitrates, and Cordia africana, the Sudan teak, a tree renowned for its strength and durability. The seeds, from 177 different species, were delivered to the Norwegian vault on Tuesday by Dr Eliane Ubalijoro, the chief executive of the Center for International Forestry Research and World Agroforestry (Cifor-Icraf).

"For me, seeds are about hope," Ubalijoro said. "They're about moving beyond survival, particularly when you come from places that have gone through really difficult times. When I think of my country of Rwanda and what happened in 1994, seed banks were critical when it came to rebuilding after the genocide." Ubalijoro said countries that had experienced disaster and conflict could emerge as leaders in the fight against climate breakdown.

Derek Harris, born the same year as the iconic K6 red phone box he's fighting to save, has launched what he calls a "David and Goliath" campaign against BT in the Norfolk village of Sharrington. The phone box is among 10 in North Norfolk marked for removal, having logged fewer than 10 calls last year. Harris argues the box remains vital in an area with poor mobile coverage, high elderly population, and proximity to an accident-prone stretch of the A148.

He recounts how it once saved a driver trapped in a snowstorm when mobile networks failed. BT's regulator, Ofcom, protects phone boxes that meet specific criteria, including emergency usage and location in signal-poor areas. Of the UK's original 100,000 phone boxes, only 14,000 remain functional, with 3,000 being the classic red design. For Harris, the fight transcends practicality. "It would be alive, wouldn't it? I feel an empathy for a living thing," he told The Guardian. "The nearer you get to the end, the more you want to see things live."

Sophisticated electronic devices used by criminals to steal cars are set to be banned under new laws in England and Wales. From a report: More than 700,000 vehicles were broken into last year -- often with the help of high-tech electronic devices, including so-called signal jammers, which are thought to play a part in four out of 10 vehicle thefts nationwide.

Until now, police could only bring a prosecution if they could prove a device had been used to commit a specific offence, but under new laws in the Crime and Policing Bill the onus will be on someone in possession of a device to show they had it for a legitimate purpose. Making or selling a signal jammer could lead to up to five years in prison or an unlimited fine.

YouTube has surpassed 1 billion monthly active viewers of podcast content, the video platform announced on Wednesday, cementing its position as the most frequently used podcast service in the United States. The Google-owned platform reported viewers watched over 400 million hours of podcasts monthly on living room devices last year.

U.S. Director of National Intelligence Tulsi Gabbard has condemned a British order requiring Apple to break its encrypted storage worldwide as an "egregious" violation of American rights that could breach the CLOUD Act facilitating cross-border investigations. In a letter [PDF] to Senator Ron Wyden and Representative Andy Biggs, Gabbard revealed she has directed a legal review of the secret order, which she learned about through media reports.

"This would be a clear and egregious violation of Americans' privacy and civil liberties, and open up a serious vulnerability for cyber exploitation by adversarial actors," Gabbard wrote. The UK Home Office, under the Investigatory Powers Act, prohibited Apple from disclosing the order to Congress or U.S. regulators. The directive would have forced Apple to compromise its Advanced Data Protection encryption, enabling officials to access individual data. Apple refused compliance, instead withdrawing the secure storage option from UK customers while maintaining it elsewhere globally. Despite Apple's pullback, the UK demand for backdoor creation remains. Gabbard pledged to ensure UK actions protect American privacy rights "consistent with the CLOUD Act and other applicable laws."

BP has announced it will cut its renewable energy investments and instead focus on increasing oil and gas production. The energy giant revealed the shift in strategy on Wednesday following pressure from some investors unhappy its profits and share price have been lower than its rivals. From a report: BP said it would increase its investments in oil and gas by about 20% to $10bn a year, while decreasing previously planned funding for renewables by more than $5bn. The move comes as rivals Shell and Norwegian company Equinor have also scaled back plans to invest in green energy and US President Donald Trump's "drill baby drill" comments have encouraged investment in fossil fuels.

More than 90% of UK undergraduate students now use AI in their studies, up from two-thirds a year ago, according to a Higher Education Policy Institute survey released Wednesday. The poll of 1,041 full-time undergraduates found 88% used generative AI such as ChatGPT for assessments, compared with 53% in 2024, with science students more likely to use the technology than humanities peers. Half of students cited "saving time" and "improving work quality" as their primary motivations.

The proportion considering it acceptable to include AI-generated text after editing rose to 25% from 17% last year, while only 6% approved using AI content without editing. "Every assessment must be reviewed in case it can be completed easily using AI," said Josh Freeman, policy manager at Hepi. The report identified "persistent digital divides" in AI competency, with men and students from wealthier backgrounds more likely to be frequent users.

British iPhone users have shown minimal reaction to Apple's decision to disable end-to-end encryption for UK iCloud customers, challenging the company's assumption about privacy priorities, a Bloomberg columnist notes. Rather than create a government-accessible backdoor demanded under Britain's Investigatory Powers Act, Apple chose to eliminate its Advanced Data Protection feature entirely for UK customers, effectively giving both authorities and potential hackers easier access to stored emails, photos and documents.

The near absence of public outcry from British consumers points to what researchers call the "privacy paradox," where stated concerns about data security rarely translate to action. According to cited research, while 92% of American consumers believe they should control their online information, only 16% have stopped using services over data misuse. The quiet reception suggests Apple's principled stand against backdoors may have limited impact if customers don't understand or value encrypted protection, potentially undermining privacy's effectiveness as a marketing differentiator for the tech giant.

An anonymous reader quotes a report from Reuters: Meta Platforms is in discussions to construct a new data center campus for its artificial intelligence projects, with potential costs exceeding $200 billion, The Information reported on Tuesday, citing people familiar with the matter. Meta executives have informed data center developers that the company is considering building the campus in states including Louisiana, Wyoming or Texas, with senior leaders having visited potential sites this month, the report said.

Asteroid 2024 YR4, once considered a significant impact risk, has been reassigned to Torino Scale Level Zero and therefore poses no hazard to Earth. "The NASA JPL Center for Near-Earth Object Studies (CNEOS) now lists the 2024 YR4 impact probability as 0.00005 (0.005%) or 1-in-20,000 for its passage by Earth in 2032," Richard Binzel, Professor of Planetary Science at the Massachusetts Institute of Technology (MIT) and creator of the Torino scale exclusively told Space.com. "That's impact probability zero folks!" From the report: Discovered in Dec. 2024, 2024 YR4 quickly climbed to the top of NASA's Sentry Risk table, at one point having a 1 in 32 chance of hitting Earth. This elevated it to Level 3 on the Torino scale, a system used since 1999 to categorize potential Earth impact events. Level 3, which falls within the yellow band of the Torino Scale, is described as: "A close encounter, meriting attention by astronomers. Current calculations give a 1% or greater chance of collision capable of localized destruction."

This conforms to the second part of the Torino scale level 3 description, which states: "Most likely, new telescopic observations will lead to re-assignment to Level 0. Attention by public and by public officials is merited if the encounter is less than a decade away." "Asteroid 2024 YR4 has now been reassigned to Torino Scale Level Zero, the level for 'No Hazard' as additional tracking of its orbital path has reduced its possibility of intersecting the Earth to below the 1-in-1000 threshold," Binzel continued. "1-in-1000 is the threshold established for downgrading to Level 0 for any object smaller than 100 meters; YR4 has an estimated size of 164 feet (50 meters)."

[...] While 2024 YR4 poses no threat, it will still have a major scientific impact when it passes Earth in 2028 and again in 2032. On Dec. 17, the asteroid will come to within 5 million miles of Earth. Then, on Dec.22, 2032, 2024 YR4 will pass within just 167,000 miles of our planet. For context, the moon is 238,855 miles away.

An anonymous reader quotes a report from Gizmodo: As part of a settlement announced by the state of New York's Attorney General, Letitia James, DoorDash has agreed to pay $16.75 million to more than 60,000 Dashers who were supposed to receive that money in the form of tips but instead, the company used it to cover base pay and pocketed the rest. New York's lawsuit alleged that between May 2017 and September 2019, tens of thousands of Dashers were misled by DoorDash's pay model. At the time, the company offered a guaranteed wage to drivers -- the minimum amount that they could expect to make from a job. But instead of paying that guarantee and letting drivers keep their tips, DoorDash counted the tip toward their base pay and kept what was left. [...]

Per the AG's lawsuit, DoorDash showed a message to customers that said "Dashers will always receive 100 percent of the tip" -- a statement that is technically true but does not clarify that "tip" is actually the delivery drivers' wage. New York argued that disclosures explaining how tips worked were buried in online documents and "customers had no way of knowing that DoorDash was using tips to reduce its own costs." DoorDash did eventually change its payment model to ensure "earnings will increase by the exact amount a customer tips on every order," but New York's case represents drivers finally getting those tips they earned during the period when the company was less transparent about who was actually pocketing that extra cash. Dashers eligible for the settlement will be contacted by the settlement administrator so they can get their piece of the pie that was rightfully theirs in the first place.

Most American workers are not embracing AI chatbots in their jobs, with 55% rarely or never using these tools and 29% completely unfamiliar with them, according to a Pew Research Center survey released Tuesday.

Only 16% of workers report regular use of AI chatbots like ChatGPT, Gemini or Copilot. Adoption is highest among younger workers (23% of those aged 18-29) and those with post-graduate degrees (26%). Among users, research (57%), editing content (52%), and drafting reports (47%) top the list of applications. While 40% find chatbots extremely or very helpful for working faster, just 29% say they significantly improve work quality.

For the majority who don't use AI chatbots, 36% cite lack of relevance to their job as the primary reason. Employer attitudes remain largely neutral, with half neither encouraging nor discouraging usage. The technology sector leads in workplace adoption, with 36% of employers actively promoting chatbot use, followed by financial services (24%).