An anonymous reader shared this report from SFGate about a lawsuit alleging a "warrantless drone surveillance program" that's "trampling residents' right to privacy": Sonoma County has been accused of deploying hundreds of drone flights over residents in a "runaway spying operation"... according to a lawsuit filed Wednesday by the American Civil Liberties Union. The North Bay county of Sonoma initially started the 6-year-old drone program to track illegal cannabis cultivation, but the lawsuit alleges that officials have since turned it into a widespread program to catch unrelated code violations at residential properties and levy millions of dollars in fines. The program has captured 5,600 images during more than 700 flights, the lawsuit said...

Matt Cagle, a senior staff attorney with the ACLU Foundation of Northern California, said in a Wednesday news release that the county "has hidden these unlawful searches from the people they have spied on, the community, and the media...." The lawsuit says the county employees used the drones to spy on private homes without first receiving a warrant, including photographing private areas like hot tubs and outdoor baths, and through curtainless windows.
One plaintiff "said the county secretly used the drone program to photograph her Sonoma County horse stable and issue code violations," according to the article. She only discovered the use of the drones after a county employee mentioned they had photos of her property, according to the lawsuit. She then filed a public records request for the images, which left her "stunned" after seeing that the county employees were monitoring her private property including photographing her outdoor bathtub and shower, the lawsuit said.

AppleInsider reports: The engineer behind much of the Mac's early graphical user interfaces, QuickDraw, MacPaint, Hypercard and much more, William D. "Bill" Atkinson, died on June 5 of complications from pancreatic cancer...

Atkinson, who built a post-Apple career as a noted nature photographer, worked at Apple from 1978 to 1990. Among his lasting contributions to Apple's computers were the invention of the menubar, the selection lasso, the "marching ants" item selection animation, and the discovery of a midpoint circle algorithm that enabled the rapid drawing of circles on-screen.

He was Apple Employee No. 51, recruited by Steve Jobs. Atkinson was one of the 30 team members to develop the first Macintosh, but also was principle designer of the Lisa's graphical user interface (GUI), a novelty in computers at the time. He was fascinated by the concept of dithering, by which computers using dots could create nearly photographic images similar to the way newspapers printed photos. He is also credited (alongside Jobs) for the invention of RoundRects, the rounded rectangles still used in Apple's system messages, application windows, and other graphical elements on Apple products.

Hypercard was Atkinson's main claim to fame. He built the a hypermedia approach to building applications that he once described as a "software erector set." The Hypercard technology debuted in 1987, and greatly opened up Macintosh software development.
In 2012 some video clips of Atkinson appeared in some rediscovered archival footage. (Original Macintosh team developer Andy Hertzfeld uploaded "snippets from interviews with members of the original Macintosh design team, recorded in October 1983 for projected TV commercials that were never used.")

Blogger John Gruber calls Atkinson "One of the great heroes in not just Apple history, but computer history." If you want to cheer yourself up, go to Andy Hertzfeld's Folklore.org site and (re-)read all the entries about Atkinson. Here's just one, with Steve Jobs inspiring Atkinson to invent the roundrect. Here's another (surely near and dear to my friend Brent Simmons's heart) with this kicker of a closing line: "I'm not sure how the managers reacted to that, but I do know that after a couple more weeks, they stopped asking Bill to fill out the form, and he gladly complied."

Some of his code and algorithms are among the most efficient and elegant ever devised. The original Macintosh team was chock full of geniuses, but Atkinson might have been the most essential to making the impossible possible under the extraordinary technical limitations of that hardware... In addition to his low-level contributions like QuickDraw, Atkinson was also the creator of MacPaint (which to this day stands as the model for bitmap image editorsâ — âPhotoshop, I would argue, was conceptually derived directly from MacPaint) and HyperCard ("inspired by a mind-expanding LSD journey in 1985"), the influence of which cannot be overstated.

I say this with no hyperbole: Bill Atkinson may well have been the best computer programmer who ever lived. Without question, he's on the short list. What a man, what a mind, what gifts to the world he left us.

California law prohibits "operating" a mobile phone while driving. And that makes it illegal for a driver to hold a cellphone in order to look at a map, a state appeals court ruled this week. From a report: In a 2016 law intended to strengthen previous restrictions, "the Legislature intended to prohibit all handheld functions of wireless telephones while driving" and "to encourage drivers to keep their eyes on the road," said the 6th District Court of Appeal.

A Superior Court panel had reversed a driver's conviction for a traffic infraction and $158 fine in San Jose, ruling that the law prohibited only "actively using or manipulating" a hand-held phone for actions such as talking or listening, browsing the internet or playing video games while driving. The appeals court reinstated the conviction and the fine, in a ruling that could set a statewide standard unless it is narrowed or overturned on appeal.

An anonymous reader quotes a report from Ars Technica: On Tuesday, classic computer collector Joe Strosnider announced the availability of a new 3D-printer filament that replicates the iconic "Platinum" color scheme used in classic Macintosh computers from the late 1980s through the 1990s. The PLA filament (PLA is short for polylactic acid) allows hobbyists to 3D-print nostalgic novelties, replacement parts, and accessories that match the original color of vintage Apple computers. Hobbyists commonly feed this type of filament into commercial desktop 3D printers, which heat the plastic and extrude it in a computer-controlled way to fabricate new plastic parts.

The Platinum color, which Apple used in its desktop and portable computer lines starting with the Apple IIgs in 1986, has become synonymous with a distinctive era of classic Macintosh aesthetic. Over time, original Macintosh plastics have become brittle and discolored with age, so matching the "original" color can be a somewhat challenging and subjective experience. Strosnider said he paid approximately $900 to develop the color. "Rather than keeping the formulation proprietary, he arranged for Polar Filament to make the color publicly available [for $21.99 per kilogram]," adds Ars.

Longtime Slashdot reader theodp writes: In what reads a bit like a Sopranos plot, The Information suggests some of those in the recent batch of terminated Microsoft engineers may have in effect been forced to dig their own AI graves.

The (paywalled) story begins: "Jeff Hulse, a Microsoft vice president who oversees roughly 400 software engineers, told the team in recent months to use the company's artificial intelligence chatbot, powered by OpenAI, to generate half the computer code they write, according to a person who heard the remarks. That would represent an increase from the 20% to 30% of code AI currently produces at the company, and shows how rapidly Microsoft is moving to incorporate such technology. Then on Tuesday, Microsoft laid off more than a dozen engineers on Hulse 's team as part of a broader layoff of 6,000 people across the company that appeared to hit engineers harder than other types of roles, this person said."

The report comes as tech company CEOs have taken to boasting in earnings calls, tech conferences, and public statements that their AI is responsible for an ever-increasing share of the code written at their organizations. Microsoft's recent job cuts hit coders the hardest. So how much credence should one place on CEOs' claims of AI programming productivity gains -- which researchers have struggled to measure for 50+ years -- if engineers are forced to increase their use of AI, boosting the numbers their far-removed-from-programming CEOs are presenting to Wall Street?

An anonymous reader quotes a report from SFGATE: When the pandemic upended the world of higher education, Robin Pugh, a professor at City College of San Francisco, began to see one puzzling problem in her online courses: Not everyone was a real student. Of the 40 students enrolled in her popular introduction to real estate course, Pugh said she'd normally drop three to five from her roster who don't start the course or make contact with her at the start of the semester. But during the current spring semester, Pugh said that number more than doubled when she had to cut 11 students. It's a strange new reality that has left her baffled. "It's really unclear to me, and beyond the scope of my knowledge, how this is really happening," she said. "Is it organized crime? Is it something else? Everybody has lots of theories."

Some of the disengaged students in Pugh's courses are what administrators and cybersecurity experts say are "ghost students," and they've been a growing problem for community colleges, particularly since the shift to online instruction during the pandemic. These "ghost students" are artificially intelligent agents or bots that pose as real students in order to steal millions of dollars of financial aid that could otherwise go to actual humans. And as colleges grapple with the problem, Pugh and her colleagues have been tasked with a new and "frustrating" task of weeding out these bots and trying to decide who's a real person.

The process, she said, takes her focus off teaching the real students. "I am very intentional about having individualized interaction with all of my students as early as possible," Pugh said. "That included making phone calls to people, sending email messages, just a lot of reaching out individually to find out 'Are you just overwhelmed at work and haven't gotten around to starting the class yet? Or are you not a real person?'" Financial aid fraud is not new, but it's been on the rise in California's community colleges, Cal Matters reported, with scammers stealing more than $10 million in 2024, more than double the amount in 2023. Wendy Brill-Wynkoop, the president of the Faculty Association of California Community Colleges and a professor at College of the Canyons in Santa Clarita, said the bots have been enrolling in courses since around early 2021.

"It's been going on for quite some time," she said. "I think the reason that you're hearing more about it is that it's getting harder and harder to combat or to deal with." A spokesperson for the California Community Colleges Chancellor's Office estimates that 0.21% of the system's financial aid was fraudulently disbursed. However, the office was unable to estimate the percentage of fraudulent attempts attributed to bots.

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it's possible that the true number is double that, researchers from security firm Sansec said. Among the compromised customers was a $40 billion multinational company, which Sansec didn't name. In an email Monday, a Sansec representative said that "global remediation [on the infected customers] remains limited."

"Since the backdoor allows uploading and executing arbitrary PHP code, the attackers have full remote code execution (RCE) and can do essentially anything they want," the representative wrote. "In nearly all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software that runs in the user's browser and steals payment information (Magecart)." The three software suppliers identified by Sansec were Tigren, Magesolution (MGS), and Meetanshi. All three supply software that's based on Magento, an open source e-commerce platform used by thousands of online stores. A software version sold by a fourth provider named Weltpixel has been infected with similar code on some of its customers' stores, but Sansec so far has been unable to confirm whether it was the stores or Weltpixel that were hacked. Adobe has owned Megento since 2018.

An anonymous reader shared this report from the Washington Post: Facebook's loosening of its content moderation standards early this year got lots of attention and criticism. But a new study suggests that it might matter less what is taken down than when. The research finds that Facebook posts removed for violating standards or other reasons have already been seen by at least three-quarters of the people who would be predicted to ever see them.

"Content takedowns on Facebook just don't matter all that much, because of how long they take to happen," said Laura Edelson, an assistant professor of computer science at Northeastern University and the lead author of the paper in the Journal of Online Trust and Safety. Social media platforms generally measure how many bad posts they have taken down as an indication of their efforts to suppress harmful or illegal material. The researchers advocate a new metric: How many people were prevented from seeing a bad post by Facebook taking it down...?

"Removed content we saw was mostly garden-variety spam — ads for financial scams, [multilevel marketing] schemes, that kind of thing," Edelson said... The new research is a reminder that platforms inadvertently host lots of posts that everyone agrees are bad.

4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.

Several crosswalk buttons in Palo Alto and nearby cities were hacked over the weekend to play deepfake-style satirical audio clips mimicking Elon Musk and Mark Zuckerberg. Authorities have disabled the altered systems, but the identity of the prankster remains unknown. SFGATE reports: Videos of the altered crosswalks began circulating on social media throughout Saturday and Sunday. [...] A city employee was the first to report an issue with one of the signals at University Avenue and High Street in downtown Palo Alto, Horrigan-Taylor told SFGATE via email. Officials later discovered that as many as 12 intersections in downtown Palo Alto had been affected.

"The impact is isolated," Horrigan-Taylor said. "Signal operations are otherwise unaffected, and motorists are reminded to always exercise caution around pedestrians." Officials told the outlet they've removed any devices that were tampered with and the compromised voice-over systems have since been disabled, with footage obtained by SFGATE showing several were covered in caution tape, blinking constantly and unpressable.

"It is somewhat remarkable that work on AmigaOS 3.X continues in 2025," notes Tom's Hardware, "given that Commodore International released AmigaOS 3.0 in 1992..."

AmigaOS 3.1 came in 1993. And now... Work continues on AmigaOS 3.2 with the stewards of this classic Motorola 680x0 friendly operating system, Hyperion Entertainment, releasing version 3.2.3 a few days ago.

In a news bulletin on the official site, Hyperion highlighted that the third update for AmigaOS 3.2 includes two years of (more than 50) fixes and enhancements... Hyperion began its quest to modernize and improve this classic version of AmigaOS for Motorola 680x0 platforms in 2018 when it released version 3.1.4. The AmigaOS 3.2 lineage began in 2021...

This release is provided as a free update to owners of AmigaOS 3.2. If you don't already have this OS, you can get it now at official resellers like RetroPassion UK... Nowadays, Arm-based accelerators seem to be the path forward for modern Amiga, as opposed to retro Amiga, enthusiasts. AmigaOS 3.2.3 has a feather in its cap as it also supports classic 68K Amigas boosted by Arm accelerators such as the PiStorm.

An anonymous reader quotes a report from 404 Media: A "vibe coded" AI app developed by entrepreneur and Y Combinator group partner Tom Blomfield has generated recipes that gave users instruction on how to make "Cyanide Ice Cream," "Thick White Cum Soup," and "Uranium Bomb," using those actual substances as ingredients. Vibe coding, in case you are unfamiliar, is the new practice where people, some with limited coding experience, rapidly develop software with AI assisted coding tools without overthinking how efficient the code is as long as it's functional. This is how Blomfield said he made RecipeNinja.AI. [...] The recipe for Cyanide Ice Cream was still live on RecipeNinja.AI at the time of writing, as are recipes for Platypus Milk Cream Soup, Werewolf Cream Glazing, Cholera-Inspired Chocolate Cake, and other nonsense. Other recipes for things people shouldn't eat have been removed.

It also appears that Blomfield has introduced content moderation since users discovered they could generate dangerous or extremely stupid recipes. I wasn't able to generate recipes for asbestos cake, bullet tacos, or glue pizza. I was able to generate a recipe for "very dry tacos," which looks not very good but not dangerous. In a March 20 blog on his personal site, Blomfield explained that he's a startup founder turned investor, and while he has experience with PHP and Ruby on Rails, he has not written a line of code professionally since 2015. "In my day job at Y Combinator, I'm around founders who are building amazing stuff with AI every day and I kept hearing about the advances in tools like Lovable, Cursor and Windsurf," he wrote, referring to AI-assisted coding tools. "I love building stuff and I've always got a list of little apps I want to build if I had more free time."

After playing around with them, he wrote, he decided to build RecipeNinja.AI, which can take a prompt as simple as "Lasagna," and generate an image of the finished dish along with a step-by-stape recipe which can use ElevenLabs's AI generated voice to narrate the instruction so the user doesn't have to interact with a device with his tomato sauce-covered fingers. "I was pretty astonished that Windsurf managed to integrate both the OpenAI and Elevenlabs APIs without me doing very much at all," Blomfield wrote. "After we had a couple of problems with the open AI Ruby library, it quickly fell back to a raw ruby HTTP client implementation, but I honestly didn't care. As long as it worked, I didn't really mind if it used 20 lines of code or two lines of code." Having some kind of voice controlled recipe app sounds like a pretty good idea to me, and it's impressive that Blomfield was able to get something up and running so fast given his limited coding experience. But the problem is that he also allowed users to generate their own recipes with seemingly very few guardrails on what kind of recipes are and are not allowed, and that the site kept those results and showed them to other users.

Long-time Slashdot reader BenFenner writes: For the third time in recent memory, CloudFlare has blocked large swaths of niche browsers and their users from accessing web sites that CloudFlare gate-keeps. In the past these issues have been resolved quickly (within a week) and apologies issued with promises to do better. (See 2024-03-11, 2024-07-08, and 2025-01-30.)

This time around it has been over six weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs.
That last link is an update posted today by Pale Moon's main developer: Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare.

I wish I had better news.
In a comment, Slashdot reader BenFenner shares a list posted by Pale Moon's developer of reportedly affected browsers:

• Pale Moon
• Basilisk
• Waterfox
• Falkon
• SeaMonkey
• Various Firefox ESR flavors
• Thorium (on some systems)
• Ungoogled Chromium
• K-Meleon
• LibreWolf
• MyPal 68
• Otter browser

Slashdot reader Z00L00K speculates that "this is some kind of anti-bot measure that fails. I suspect that the reason for them wanting a NDA to be signed is to prevent ways to circumvent the anti-bot measures..."

An anonymous reader quotes a report from 404 Media: Something very strange is happening inside Super Nintendo (SNES) consoles as they age: a component you've probably never heard of is running ever so slightly faster as we get further and further away from the time the consoles first hit the market in the early '90s. The discovery started a mild panic in the speedrunning community in late February since one theoretical consequence of a faster-running console is that it could impact how fast games are running and therefore how long they take to complete. This could potentially wreak havoc on decades of speedrunning leaderboards and make tracking the fastest times in the speedrunning scene much more difficult, but that outcome now seems very unlikely. However, the obscure discovery does highlight the fact that old consoles' performance is not frozen at the time of their release date, and that they are made of sensitive components that can age and degrade, or even 'upgrade', over time. The idea that SNESs are running faster in a way that could impact speedrunning started with a Bluesky post from Alan Cecil, known online as dwangoAC and the administrator of TASBot (short for tool-assisted speedrun robot), a robot that's programmed to play games faster and better than a human ever could.

[...] So what's going on here? The SNES has an audio processing unit (APU) called the SPC700, a coprocessor made by Sony for Nintendo. Documentation given to game developers at the time the SNES was released says that the SPC700 should have a digital signal processing (DSP) rate of 32,000hz, which is set by a ceramic resonator that runs 24.576Mhz on that coprocessor. We're getting pretty technical here as you can see, but basically the composition of this ceramic component and how it resonates when connected to an electronic circuit generates the frequency for the audio processing unit, or how much data it processes in a second. It's well documented that these types of ceramic resonators are sensitive and can run at higher frequencies when subject to heat and other external conditions. For example, the chart [here], taken from an application manual for Murata ceramic resonators, shows changes in the resonators' oscillation under different physical conditions.

As Cecil told me, as early as 2007 people making SNES emulators noticed that, despite documentation by Nintendo that the SPC700 should run at 32,000Hz, some SNESs ran faster. Emulators generally now emulate at the slightly higher frequency of 32,040Hz in order to emulate games more faithfully. Digging through forum posts in the SNES homebrew and emulation communities, Cecil started to put a pattern together: the SPC700 ran faster whenever it was measured further away from the SNES's release. Data Cecil collected since his Bluesky post, which now includes more than 140 responses, also shows that the SPC700 is running faster. There is still a lot of variation, in theory depending on how much an SNES was used, but overall the trend is clear: SNESs are running faster as they age, and the fastest SPC700 ran at 32,182Hz. More research shared by another user in the TASBot Discord has even more detailed technical analysis which appears to support those findings. "We don't yet know how much of an impact it will have on a long speedrun," Cecil told 404 Media. "We only know it has at least some impact on how quickly data can be transferred between the CPU and the APU."

Cecil said minor differences in SNES hardware may not affect human speedrunners but could impact TASBot's frame-precise runs, where inputs need to be precise down to the frame, or "deterministic."

Remember that battery plant fire last month in Moss Landing, California? Tuesday night local firefighters "determined that a group of lithium batteries in an area that had previously burned during the January 16 fire had smoldered and reignited," reports SFGate.

Fire Chief Joel Mendoza said the flames burned at varying intensities throughout Tuesday night before the fire burned itself out at about 8 a.m. on Wednesday. Additional flare-ups at the site are expected due to weather exposure and damage to the remaining batteries. "Rekindling is very, very likely — almost a certainty," said EPA onsite coordinator Eric Sandusky, adding that rain and humidity can interact with the damaged batteries, leading to short circuits and reignition. To further reduce fire risk, Sandusky said the EPA is working with Vistra to begin "de-linking the batteries," a process that disconnects them to lower the risk of propagation and prevent a large-scale fire...
"Vistra said that since the January 16 fire, they have brought in a private fire crew that is on-site at all times to monitor the Moss 300 building," according to a local news site.

Fire Chief Joel Mendoza shared more details with the digital newspaper Lookout Santa Cruz. "We've been saying all along that batteries exposed to heat that didn't burn can ignite. We were hoping that it wouldn't happen, but it did."

California is considering officially recognizing Bigfoot as its state cryptid through Assembly Bill 666, introduced last week by North Coast Assemblymember Chris Rogers. "Rogers' district spans Del Norte, Humboldt, Mendocino, Sonoma and Trinity counties, a region known as the epicenter of Bigfoot lore," reports SFGATE. From the report: Assemblyman Rogers' Assembly Bill 666 is still in its early stages. According to the California Legislative Information website, the bill's title has been read aloud in the state Assembly and is now being printed and distributed to committee members for review. If it clears committee, it must then pass the Assembly and Senate before reaching the governor's desk to be signed into law.

[Matt Moneymaker, a longtime Bigfoot researcher and former star of the Animal Planet series 'Finding Bigfoot], is eager to witness history. "If there's going to be a date, an occasion when they're voting on whether or not to make it the official cryptid, I would love to be up there in Sacramento," he said. "I would gladly pay my way to be there when that happens." "Mankind has always had a fascination with monsters, and mythologies from around the world include stories of strange and terrifying creatures," writes Slashdot reader Pickens in a story published in 2008. "Examples include the half-bull, half-human Minotaur of Greek myths, the living clay Golem of Jewish traditions, British elves and Chinese dragons..." What's your favorite monster?

Valve has made Team Fortress 2's full client and server code public, allowing fans to modify, extend, or rewrite the game as long as their projects remain non-commercial. Game Rant reports: Valve has made Team Fortress 2's server and client code fully public, with the studio encouraging fans to explore the game's files and make it what they want. The game's code is now available thanks to a new update to the Source SDK, which dropped earlier this week. Fans have already been creating TF2 mods for years, but what this essentially means is that fans can make brand-new games. However, there's one catch: any and all TF2 mods must be released for free. "The majority of items in the game now are thanks to the hard work of the TF2 community." Valve wrote. "To respect that, we're asking TF2 mod makers to continue to respect that connection and not to make mods that have the purpose of trying to profit off Workshop contributors' efforts."

"TF2 mods may be published on the Steam Store, and after publication will appear as new games in the Steam game list," Valve continued. The new SDK update also includes new 64-bit binary support and fixes for multiplayer Source games like Half-Life 2: Deathmatch, Counter-Strike: Source, and Day of Defeat: Source. Time will only tell what fans come up with as they dig deep into the inner workings of the game, but given how passionate and talented the Team Fortress 2 community has proven to be, players can expect to see some incredible creations.

A recently patched Palo Alto Networks vulnerability (CVE-2025-0108) is being actively exploited alongside two older flaws (CVE-2024-9474 and CVE-2025-0111), allowing attackers to gain root access to unpatched firewalls. The Register reports: This story starts with CVE-2024-9474, a 6.9-rated privilege escalation vulnerability in Palo Alto Networks PAN-OS software that allowed an OS administrator with access to the management web interface to perform actions on the firewall with root privileges. The company patched it in November 2024. Dark web intelligence services vendor Searchlight Cyber's Assetnote team investigated the patch for CVE-2024-9474 and found another authentication bypass.

Palo Alto (PAN) last week fixed that problem, CVE-2025-0108, and rated it a highest urgency patch as the 8.8/10 flaw addressed an access control issue in PAN-OS's web management interface that allowed an unauthenticated attacker with network access to the management web interface to bypass authentication "and invoke certain PHP scripts." Those scripts could "negatively impact integrity and confidentiality of PAN-OS."

The third flaw is CVE-2025-0111 a 7.1-rated mess also patched last week to stop authenticated attackers with network access to PAN-OS machines using their web interface to read files accessible to the "nobody" user. On Tuesday, US time, Palo A lot updated its advisory for CVE-2025-0108 with news that it's observed exploit attempts chaining CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces. The vendor's not explained how the three flaws are chained but we understand doing so allows an attacker to gain more powerful privileges and gain full root access to the firewall. PAN is urging users to upgrade their PAN-OS operating systems to versions 10.1, 10.2, 11.0, 11.1, and 11.2. A general hotfix is expected by Thursday or sooner, notes the Register.

In January the TIOBE Index (estimating programming language popularity) declared Python their language of the year. (Though it was already #1 in their rankings, it had showed a 9.3% increase in their ranking system, notes InfoWorld.) TIOBE CEO Paul Jansen says this reflects how easy Python is to learn, adding that "The demand for new programmers is still very high" (and that "developing applications completely in AI is not possible yet.")

In fact on February's version of the index, the top ten looks mostly static. The only languages dropping appear to be very old languages. Over the last 12 months C and PHP have both fallen on the index — C from the #2 to the #4 spot, and PHP from #10 all the way to #14. (Also dropping is Visual Basic, which fell from #9 to #10.)

But TechRepublican cites another factor that seems to be affecting the rankings: language speed. Fast programming languages are gaining popularity, TIOBE CEO Paul Jansen said in the TIOBE Programming Community Index in February. Fast programming languages he called out include C++ [#2], Go [#8], and Rust [#13 — up from #18 a year ago].

Also, according to the updated TIOBE rankings...

- C++ held onto its place at second from the top of the leaderboard.
- Mojo and Zig are following trajectories likely to bring them into the top 50, and reached #51 and #56 respectively in February.

"Now that the world needs to crunch more and more numbers per second, and hardware is not evolving fast enough, speed of programs is getting important. Having said this, it is not surprising that the fast programming languages are gaining ground in the TIOBE index," Jansen wrote. The need for speed helped Mojo [#51] and Zig [#56] rise...

Rust reached its all-time high in the proprietary points system (1.47%.), and Jansen expects Go to be a common sight in the top 10 going forward.

SFGate shares the latest data on America's office-occupancy rates: According to Placer.ai's January 2025 Office Index, office visits nationwide were 40.2% lower in January 2025 compared with pre-pandemic numbers from January 2019.

But San Francisco is dragging down the average, with a staggering 51.8% decline in office visits since January 2019 — the weakest recovery of any major metro. Kastle's 10-City Daily Analysis paints an equally grim picture. From Jan. 23, 2025, to Jan. 28, 2025, even on its busiest day (Tuesday), San Francisco's office occupancy rate was just 53.7%, significantly lower than Houston's (74.8%) and Chicago's (70.4%). And on Friday, Jan. 24, office attendance in [San Francisco] was at a meager 28.5%, the worst of any major metro tracked...

Meanwhile, other cities are seeing much stronger rebounds. New York City is leading the return-to-office trend, with visits in January down just 19% from 2019 levels, while Miami saw a 23.5% decline, per Placer.ai data.
"Placer.ai uses cellphone location data to estimate foot traffic, while Kastle Systems measures badge swipes at office buildings with its security systems..."