Bitwarden describes itself as an "open source password manager for business." But it also made a change to its build requirement which led to an issue on the project's GitHub page titled "Desktop version 2024.10.0 is no longer free software."

In the week that followed Bitwarden's official account on X.com promised a fix was coming. "It seems a packaging bug was misunderstood as something more, and the team plans to resolve it. Bitwarden remains committed to the open source licensing model in place for years, along with retaining a fully featured free version for individual users." And Thursday Bitwarden followed through with new changes to address the concerns.

The Register reports the whole episode started because of a new build requirement added in a pull request a couple of weeks ago titled "Introduce SDK client." This SDK is required to compile the software from source — either the Bitwarden server or any of its client applications... [But the changed license had warned "You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK."]
Phoronix picks up the story: The issue of this effectively not making the Bitwarden client free software was raised in this GitHub issue... Bitwarden founder and CTO Kyle Spearrin has commented on the ticket... "Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug." The ticket was subsequently locked and limited to collaborators.
And Thursday it was Bitwarden founder and CTO Kyle Spearrin who again re-appeared in the Issue — first thanking the user who had highlighted the concerns. "We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included." The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

An anonymous reader quotes a report from TechCrunch: Ahead of the debut of Apple's private AI cloud next week, dubbed Private Cloud Compute, the technology giant says it will pay security researchers up to $1 million to find vulnerabilities that can compromise the security of its private AI cloud. In a post on Apple's security blog, the company said it would pay up to the maximum $1 million bounty to anyone who reports exploits capable of remotely running malicious code on its Private Cloud Compute servers. Apple said it would also award researchers up to $250,000 for privately reporting exploits capable of extracting users' sensitive information or the prompts that customers submit to the company's private cloud.

Apple said it would "consider any security issue that has a significant impact" outside of a published category, including up to $150,000 for exploits capable of accessing sensitive user information from a privileged network position. "We award maximum amounts for vulnerabilities that compromise user data and inference request data outside the [private cloud compute] trust boundary," Apple said. You can learn more about Apple's Private Cloud Computer service in their blog post. Its source code and documentation is available here.

Joe Biden's administration is investigating alleged Chinese efforts to hack US telecoms infrastructure amid reports hackers had targeted the phones of former president Donald Trump and his running mate JD Vance. Financial Times: The FBI and the Cybersecurity and Infrastructure Security Agency said they were investigating "unauthorised access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China."

The statement followed a report in the New York Times that Chinese hackers had accessed US telecoms networks and targeted data on Trump and Vance's phones. The FBI declined to say if the hackers had targeted their phones.

Steven Cheung, Trump's campaign spokesperson, blamed the alleged attack on Kamala Harris, the US vice-president and Democratic presidential nominee. But he declined to say if US authorities had informed the campaign about the hacking effort.

Cheung said: "This is the continuation of election interference by Kamala Harris and Democrats who will stop at nothing, including emboldening China and Iran attacking critical American infrastructure, to prevent president Trump from returning to the White House. Their dangerous and violent rhetoric has given permission to those who wish to harm president Trump." Further reading:
Chinese Hackers Targeted Trump and Vance's Phone Data (CNN);

China Sought To Hack Trump, Vance and Campaign Phones, Officials Say (Washington Post);

Chinese Hackers Targeted Phones of Trump, Vance, and Harris Campaign (Wall Street Journal);

US Investigating Breach of Telecoms by China-Linked Hackers (Bloomberg);

Trump, Vance Potential Targets in Broad China-Backed Hacking Operation (CBS News);

Chinese Hackers Attempted To Breach Trump, Vance Cellphone Data: Report (Fox News);

Chinese Hackers Believed To Have Targeted Trump, Vance Cellphones: Sources (ABC News);

Chinese Hackers Targeted Cellphones Used by Trump, Vance (Associated Press).

Climate scientists who were mocked and gaslighted after speaking up about their fears for the future have said acknowledging strong emotions is vital to their work. From a report: The researchers said these feelings should not be suppressed in an attempt to reach supposed objectivity. Seeing climate experts' fears and opinions about the climate crisis as irrelevant suggests science is separate from society and ultimately weakens it, they said.

The researchers said they had been subject to ridicule by some scientists after taking part in a large Guardian survey of experts in May, during which they and many others expressed their feelings of extreme fear about future temperature rises and the world's failure to take sufficient action. They said they had been told they were not qualified to take part in this broad discussion of the climate crisis, were spreading doom and were not impartial.

However, the researchers said that embracing their emotions was necessary to do good science and was a spur to working towards better ways of tackling the climate crisis and the rapidly increasing damage being done to the world. They also said that those dismissing their fears as doom-laden and alarmist were speaking frequently from a position of privilege in western countries, with little direct experience of the effects of the climate crisis.

The top U.S. consumer finance watchdog warned businesses about potential legal problems they could face from using new technology such as artificial intelligence or algorithmic scores to snoop on and evaluate their employees. From a report: The Consumer Financial Protection Bureau on Thursday said "invasive" new tools to monitor workers are governed by a law designed to ensure fairness in credit reporting, giving employees specific rights. Employees have the right to consent to the collection of personal information, to receive detailed information and to dispute inaccurate information, the CFPB said in the newly released guidance.

"Workers shouldn't be subject to unchecked surveillance or have their careers determined by opaque third-party reports without basic protections," CFPB Director Rohit Chopra said. More companies are leaning on AI and other powerful tools throughout the employment process, using software that can, for example, interview candidates and surveillance tools that can look for unsafe behavior. Americans have expressed concerns about Big Brother-style surveillance while they are on the job.

An anonymous reader shares a report: Drivers passing through San Francisco have a new roadside distraction to consider: billboards calling out businesses that don't cough up for the open source code that they use. The signs are the work of the Open Source Pledge -- a group that launched earlier this month. It asks businesses that make use of open source code to pledge $2,000 per developer to support projects that develop the code. So far, 25 companies have signed up -- but project co-founder Chad Whitacre wants bigger firms to pay their dues, too.

Whitacre, whose day job is head of open source at app-monitoring biz Sentry, told The Register his employer has for three years operated a scheme to pay developers who maintain and upgrade open source code. "We do dollars per developer, the thinking being it's the developers and software engineers on the staff at a company who benefit the most from open source, who become more productive because of open source," he said. "I had one conversation with a representative from a larger firm and he's like: 'Chad, you're asking me to spend ten million on maintainers.'" Whitacre affirmed that request, and pointed out the firm "spends ten million on something anyway."

Seven Spirals writes: A working paper [PDF], published by the National Bureau of Economic Research, studies the employment effects of a guaranteed income by providing $1,000 per month to 1,000 low-income participants for three years, compared to a control group receiving $50 per month. The results show a decrease in labor market participation by 2 percentage points and a reduction of 1.3-1.4 hours in weekly work hours. Most of the additional free time was spent on leisure, and there were no significant improvements in job quality or human capital investments. Overall, the guaranteed income led to a moderate reduction in labor supply without other substantial productive benefits.

Scientists from 15 countries warned in an open letter that the potential collapse of the Atlantic Ocean's main circulation system (AMOC) has been "greatly underestimated" and could have devastating global impacts, according to oceanographer Stefan Rahmstorf who spoke to The Guardian. The AMOC system, which moves heat through the northern Atlantic and influences weather patterns across Europe, has shown signs of weakening over the past 60-70 years due to global warming, with indicators including a persistent cold spot in the northern Atlantic and record-low salt levels in seawater.

Rahmstorf, who heads the Earth system analysis department at Germany's Potsdam Institute for Climate Impact Research, estimates a 50% chance of the system reaching a critical tipping point this century, which could trigger severe consequences including regional cooling in northwestern Europe, shifting rainfall patterns, and rising sea levels.

An anonymous reader quotes a report from New Scientist: As the world emerged from the lockdowns of the covid-19 pandemic, many countries promised to rebuild their economies in a climate-friendly fashion, amid hopes the recovery effort could accelerate the global journey to net-zero emissions. In reality, the opposite has happened. Instead of a "green recovery," global greenhouse gas emissions are rising much faster now than they did in the decade preceding the global pandemic. Emissions rose 1.3 percent to 57.1 gigatons of carbon dioxide equivalent in 2023. That is a far faster annual rate of growth than during the decade 2010-2019, when emissions grew on average 0.8 percent per year. In fact, global greenhouse gas emissions are now just below the 59.1 gigatons peak recorded in 2019.

All sources of greenhouse gas emissions except land use are rising, according to a report from the United Nations Global Environment Program (UNEP), as economies continued to rebound from covid-19. Emissions from road transport, leaks from oil and gas infrastructure such as pipelines and industrial emissions all grew rapidly in 2023, UNEP said, while aviation emissions grew 19.5 percent. Rising emissions means the world's opportunity to avert catastrophic climate change is shrinking, Inger Anderson at UNEP said in a statement. "Climate crunch time is here," she said. "I urge every nation: no more hot air, please."

Ahead of Georgia's parliamentary elections, Georgian authorities raided the homes of disinformation researchers Eto Buziashvili and Sopo Gelava, seizing personal devices. The Record: Eto Buziashvili and Sopo Gelava, both employees of the Atlantic Council think tank, had their homes searched and their own and their family members' personal devices seized by investigators working for the country's Ministry of Finance, according to friends of the pair who spoke to Recorded Future News. Both women are said to be safe, although there are concerns about the security of their devices and online accounts. The searches come a day after Buziashvili published an article detailing how the Kremlin was influencing Georgian politics by supporting the incumbent government and interfering in the upcoming elections.

Local media reported that the offices of outsourcing company Concentrix and other Georgian citizens were also subject to searches. The Ministry of Finance claimed on Facebook it launched searches of "specific facilities" related to "call centers" alleged to be engaged in illegal activity. The investigations come ahead of an election that is being seen as a bellwether of the country's future direction, either pursuing closer ties to Russia under the current prime minister Irakli Kobakhidze or moving towards the West through opposition figures. Graham Brookie, the Atlantic Council's vice president for technology programs and strategy, said the organization "is deeply concerned about this development and its impact on our staff's work shortly before Georgian elections. [Gelava and Buziashvili] are engaged in independent, non-partisan work aimed at defending and strengthening democracy from those who would undermine it in online spaces, including research related to foreign influence efforts, the targeting of marginalized communities, and other online harms."

"We trust that Georgian authorities will provide more clarity on their actions, ensure the safety and security of our staff, return their property, and allow them to continue their contributions to Georgian democracy."

An anonymous reader quotes a report from Ars Technica: Back in May, Google augmented its Gemini AI model with SynthID, a toolkit that embeds AI-generated content with watermarks it says are "imperceptible to humans" but can be easily and reliably detected via an algorithm. Today, Google took that SynthID system open source, offering the same basic watermarking toolkit for free to developers and businesses. The move gives the entire AI industry an easy, seemingly robust way to silently mark content as artificially generated, which could be useful for detecting deepfakes and other damaging AI content before it goes out in the wild. But there are still some important limitations that may prevent AI watermarking from becoming a de facto standard across the AI industry any time soon.

Google uses a version of SynthID to watermark audio, video, and images generated by its multimodal AI systems, with differing techniques that are explained briefly in this video. But in a new paper published in Nature, Google researchers go into detail on how the SynthID process embeds an unseen watermark in the text-based output of its Gemini model. The core of the text watermarking process is a sampling algorithm inserted into an LLM's usual token-generation loop (the loop picks the next word in a sequence based on the model's complex set of weighted links to the words that came before it). Using a random seed generated from a key provided by Google, that sampling algorithm increases the correlational likelihood that certain tokens will be chosen in the generative process. A scoring function can then measure that average correlation across any text to determine the likelihood that the text was generated by the watermarked LLM (a threshold value can be used to give a binary yes/no answer).

Cable companies, advertising firms, and newspapers are asking courts to block a federal "click-to-cancel" rule that would force businesses to make it easier for consumers to cancel services. From a report: Lawsuits were filed yesterday, about a week after the Federal Trade Commission approved a rule that "requires sellers to provide consumers with simple cancellation mechanisms to immediately halt all recurring charges."

Cable lobby group NCTA-The Internet & Television Association and the Interactive Advertising Bureau trade group sued the FTC in the conservative US Court of Appeals for the 5th Circuit. The lawsuit claims the 5th Circuit is a proper venue because a third plaintiff, the Electronic Security Association, has its principal offices in Dallas. That group represents security companies such as ADT.

whitroth writes: People here and elsewhere have been yelling for more nuclear power, and that renewables can't meet demand. Surprise -- the corporations are betting on them, and massive numbers of batteries can be produced a lot faster than nuclear plants can be built. The Guardian adds: Faced with worsening climate-driven disasters and an electricity grid increasingly supplied by intermittent renewables, the US is rapidly installing huge batteries that are already starting to help prevent power blackouts. From barely anything just a few years ago, the US is now adding utility-scale batteries at a dizzying pace, having installed more than 20 gigawatts of battery capacity to the electric grid, with 5GW of this occurring just in the first seven months of this year, according to the federal Energy Information Administration (EIA). This means that battery storage equivalent to the output of 20 nuclear reactors has been bolted on to America's electric grids in barely four years, with the EIA predicting this capacity could double again to 40GW by 2025 if further planned expansions occur.

California and Texas, which both saw all-time highs in battery-discharged grid power this month, are leading the way in this growth, with hulking batteries helping manage the large amount of clean yet intermittent solar and wind energy these states have added in recent years.

theodp writes: "Computer science education is a necessity for all students," argues tech-backed nonprofit Code.org in its newly-published 2024 State of Computer Science Education (Understanding Our National Imperative) report. "Students of all identities and chosen career paths need quality computer science education to become informed citizens and confident creators of content and digital tools."

In the 200-page report, Code.org pays special attention to participation in "foundational computer science courses" in high school. "Across the country, 60% of public high schools offer at least one foundational computer science course," laments Code.org (curiously promoting a metric that ignores school size which nonetheless was embraced by Education Week and others).

"A course that teaches foundational computer science includes a minimum amount of time applying learned concepts through programming (at least 20 hours of programming/coding for grades 9-12 high schools)," Code.org explains in a separate 13-page Defining Foundational Computer Science document. Interestingly, Code.org argues that Data and Informatics courses -- in which "students may use Oracle WebDB, SQL, PL/SQL, SPSS, and SAS" to learn "the K-12 CS Framework concepts about data and analytics" -- do not count, because "the course content focuses on querying using a scripting language rather than creating programs [the IEEE's Top Programming Languages 2024 begs to differ]." Code.org similarly dissed the use of the Wolfram Language for broad educational use back in 2016.

With its insistence on the importance of kids taking Code.org-defined 'programming' courses in K-12 to promote computational thinking, it's probably no surprise to see that the data behind the 2024 State of Computer Science Education report was prepared using Python (the IEEE's top programming language) and presented to the public in a Jupyter notebook. Just kidding. Ironically, the data behind the 2024 State of Computer Science Education analysis is prepared and presented by Code.org in a no-code Tableau workbook.

An anonymous reader quotes a report from Wired: As November 5 draws closer, the Microsoft Threat Analysis Center (MTAC) warned on Wednesday that malicious foreign influence operations launched by Russia, China, and Iran against the US presidential election are continuing to evolve and should not be ignored even though they have come to feel inevitable. In the group's fifth report, researchers emphasize the range of ongoing activities (source may be paywalled; alternative source) as well as the inevitability that attackers will work to stoke doubts about the integrity of the election in its aftermath.

In spite of escalating conflict in the Middle East, Microsoft says that Iran has been able to keep up its operations targeting the US election, particularly targeting the Trump campaign and attempting to foment anti-Israel sentiment. Russian actors, meanwhile, have been focused on targeting the Harris campaign with character attacks and AI-generated content, including deepfakes. And China has shifted its focus in recent weeks, researchers say, to target down-ballot Republican candidates as well as sitting members of Congress who promote policies adversarial to China or in conflict with its interests.

Crucially, MTAC says it is all but certain that these actors will attempt to stoke division and mistrust in vote security on Election Day and in its immediate aftermath. "As MTAC observed during the 2020 presidential cycle, foreign adversaries will amplify claims of election rigging, voter fraud, or other election integrity issues to sow chaos among the US electorate and undermine international confidence in US political stability," the researchers wrote in their report. As the 2024 campaign season enters its final phase, the researchers say that they expect to see AI-generated media continuing to show up in new campaigns, particularly because content can spread so rapidly in the charged period immediately around Election Day. The report also notes that Microsoft has detected Iranian actors probing election-related websites and media outlets, "suggesting preparations for more direct influence operations as Election Day nears." "History has shown that the ability of foreign actors to rapidly distribute deceptive content can significantly impact public perception and electoral outcomes," wrote MTAC general manager Clint Watts. "With a particular focus on the 48 hours before and after Election Day, voters, government institutions, candidates and parties must remain vigilant to deceptive and suspicious activity online."

An anonymous reader quotes a report from SecurityWeek.com: White hat hackers taking part in the Pwn2Own Ireland 2024 contest organized by Trend Micro's Zero Day Initiative (ZDI) have earned half a million dollars on the first day of the event, for exploits targeting NAS devices, cameras, printers and smart speakers. The highest single reward, $100,000, was earned by Sina Kheirkhah of Summoning Team, who chained a total of nine vulnerabilities for an attack that went from a QNAP QHora-322 router to a TrueNAS Mini X storage device. Another exploit chain involving the QNAP QHora-322 and TrueNAS Mini X products was demonstrated by Viettel Cyber Security, but this team earned only $50,000.

A significant reward was also earned by Jack Dates of RET2 Systems, who received $60,000 for hacking a Sonos Era 300 smart speaker. QNAP TS-464 and Synology DiskStation DS1823XS+ NAS device exploits earned $40,000 each for two different teams. Participants also successfully demonstrated exploits against the Lorex 2K WiFi, Ubiquity AI Bullet, and Synology TC500 cameras, and HP Color LaserJet Pro MFP 3301fdw and Canon imageCLASS MF656Cdw printers. These attempts earned the hackers between $11,000 and $30,000. According to ZDI, a total of $516,250 was paid out on the first day of Pwn2Own Ireland for over 50 unique vulnerabilities.

Living in a pollution-free environment is a fundamental right, India's Supreme Court said on Wednesday as it urged authorities to address deteriorating air quality in the north of the country. From a report: India's capital Delhi recorded a "very poor" air quality index of 364 on Wednesday, according to the Central Pollution Control Board, which considers readings below 50 to be good. Swiss group IQAir rated Delhi the world's most polluted city in its live rankings. The city battles toxic air every winter and authorities say much of the smoke comes from farmers illegally burning paddy stubble to clear their fields in the neighbouring breadbasket states of Punjab and Haryana. The Supreme Court pulled up the governments of both states for taking "selective action" against stubble burning, saying penal provisions were not being properly implemented.

Water companies in England could be banned from making a profit under plans for a complete overhaul of the system. The Guardian: The idea is one of the options being considered by a new commission set up by the Department for Environment, Food and Rural Affairs (Defra) amid public fury over the way firms have prioritised profit over the environment. Sources at the department said they would consider forcing the sale of water companies in England to firms that would run them as not-for-profits. Unlike under nationalisation, the company would not be run by the government but by a private company, run for public benefit. The nonprofit model, which is widely used in other European countries, allows staff to be paid substantial salaries and bonuses but any profits on top of that are returned to the company.

If you want to sign up for a subscription to Hulu or Disney+, don't bother taking out your iPhone. Disney is now telling would-be customers to pay for subscriptions on Disney's own site, instead of on Apple's App Store -- though people who've already started paying for either service via Apple can keep doing that. From a report: The two companies are still working together on some projects. But the App Store split does represent a rift between two longtime partners, so it's definitely worth noting.

Disney's rationale is clear here: When customers sign up for Disney subscription services via Apple, Apple takes up to 15% of the monthly fees those services generate. And Disney CEO Bob Iger has made it clear that he doesn't want to pay that anymore. "We have to look at the way we're distributing," Iger said at an investor conference in May. "Unlike Netflix, we distribute largely through third-party app stores. There's obviously an advantage to that to some extent, but there's a cost to that, too. And we're looking at that."

Applications to MBA programs jumped 12% in 2024, with full-time programs surging 32% to decade-high levels, WSJ is reporting, citing the Graduate Management Admission Council's latest survey. Top-tier U.S. schools reported significant gains, with Columbia Business School seeing a 27% rise and Harvard Business School applications climbing 21%. So what's behind the surge? The story adds: Today, the U.S. job market is strong, and unemployment remains low. But lower wage positions in retail and dining, as well as healthcare and government, have fueled much of the labor market's growth over the past two years.

A white-collar job market downturn that began with tech workers in 2022 has spread to other sectors. Major employers including Goldman Sachs, Lyft, Microsoft and PricewaterhouseCoopers have laid off a combined tens of thousands of workers this year. Hiring for roles that usually require a bachelor's degree dropped below 2019 levels in recent months, according to payroll provider ADP. That slump has been steeper for 20-somethings, who are running into a bottleneck on the lower rungs of the corporate ladder as more established professionals stay put.