What is the most underrated James Bond movie? That is a question that might have as much to do with when you ask it as it does the films themselves. Take On Her Majestys Secret Service for example. Over years and decades, it was generally treated as the black sheep of the Eon Productions canon; the one that was rejected by audiences in 1969 because Sean Connery isnt there, and the one that would get slipped in very late at night on TBS marathons in the 90s because it starred the one-and-done George Lazenby.Yet today the films bittersweet tone and outright tragic endingwith Bond crying over the body of his wife on their wedding day while Louis Armstrongs All the Time in the World is turned into an instrumental weepylingers so strongly that Eon more or less remade its elegiac quality, right down to the Louis Armstrong number, in No Time to Die. The brief Timothy Dalton era of 007 movies has undergone similar reappraisal on the internet where fans appreciated his tough, no-nonsense gruffness when juxtaposed with Roger Moores silliness. And so it goes. The stock of Bond is always rising and falling.So, with all that in mind, if you asked me today in 2024 what is the most underrated Bond adventure I would say the one that just turned 25 years old earlier this month.It has indeed been a quarter-century since The World Is Not Enough, the third Bond movie starring Pierce Brosnan and the first co-written by Neal Purvis and Robert Wade (scribes whod have a hand in every James Bond movie since). Generally well received upon release, if not riotously celebrated, The World Is Not Enough was reviewed by critics and fans as a serviceable nother one. This time with Denise Richards as a nuclear physicist, which might have conjured more howls from Gen-X and elder Millennial audiences than the older critics who grew up used to Eon Productions casting standards.Still, as the years passed, TWINE stands largely forgotten by anyone except diehards. And to be fair, no one should (or could) mistake The World Is Not Enough as the gold standard of its series. Nonetheless, there is actually a fairly solid and oft-overlooked soul to this installment. Its the film where Brosnan felt most confident and in command of his version of 007; the one which brought a graceful end to the 90s and post-Cold War era of James Bond; and the movie that burrowed so deeply into Bond and Ms psychologies that Eon covertly remade it during the Daniel Craig era.There is a case to be made that it is time to recognize The World Is Not Enough as one of the more underappreciated Bond flicks.A Setup So Good Eon Did It TwiceWhen producers Barbara Broccoli and Michael G. Wilson broke the story of The World Is Not Enough with their writers, as well as director Michael Apted, the film was going to originally feature one of the subtler pre-title sequences, particularly in the Brosnan era where they were almost all over-the-top. We would be introduced to Bond mid-mission where he interrogates a corrupt banker in Bilbao, Spain and then his life is saved by a mysterious third party as he quietly escapes from the office. The subsequent chase sequence along the Thames River would have then been saved for the very next scene after the opening credits.Thank Her Majesty for the change, because instead of being a forgettable intro, TWINE features one of the best. It was also the longest ever up to that point with its 14-minute runtime (a record No Time to Die finally broke in 2021). Obviously, this allowed the opening to have more bang for its buck. The opening is now the action highlight of the movie given it culminates with Bond highjacking Qs tricked out speedboat and pursuing an assassin along Londons Thames. They even wind up, appropriately enough, atop Londons Millennium Dome, a tourist attraction so new and of the moment that it wouldnt even be open to the public during the movies release.By itself this is just a terrific table-setter, right down to Garbages grooving 90s alt-rock title song. However, it also introduced one of the most intriguing, and prescient, setups in a Bond film. Rather than just introduce us to 007 wrapping up another case, we see the literal fallout of that mission when the money Bond retrieved from the aforementioned bank is discovered to have a bomb hidden inside its paper: it is used to execute a terrorist attack on MI6 headquarters that leaves one of Ms closest friends dead, and British intelligenceincluding Bond as an unwitting and physically injured patsyhumiliated.Its a prelude to a mission of intensely personal stakes for the wounded Bond, his employer, and MI6 itself, and it rather unintentionally picks up on geopolitical anxieties that would erupt into a bitter, horrifying reality a few years later when massive terrorist attacks on the West became more than just the work of fiction. Perhaps that is one reason Eon more or less remade this exact same setup in one of the production companys best films, Skyfall. Right down to the terrorist being someone from the past life of Judi Denchs M, Skyfall feels like a redo of The World Is Not Enoughs themes, remixed for a post-9/11 world (and with the villain being a riff on GoldenEyes 006 to boot).Skyfall does it better overall, but the naivet of The World Is Not Enoughs simple sense of escapism makes it a bit more charming to return to, plus the shots of Bond getting to wreak havoc in 90s London without any of the gloom and doom of the Craig era remains an absolute blast.Brosnan and Dench at Their BestA movie marking a personal vendetta for both Bond and M has became common place during the Craig era, but it was a novelty in 1999. And in some regards, The World Is Not Enough remains one of the more unique renditions of this growing clich. Whereas Craigs Bond had a deep emotional attachment to Denchs M, with the suggestion of her having groomed him as a troubled, bordering on sociopathic youth like a mother would a child, Brosnans Bond enjoyed a relationship with Denchs M more approaching that of equals and colleagueswhich made how they played off each other in this film uniquely interesting.With exception to Ralph Fiennes Mallory in the last couple of Craig entries, the Brosnan era is the only time in the Bond oeuvre where 007 is the old seasoned hand with a foot in the past, and M is the face of the future. The irony of a misogynistic relic of the Cold War like Bond having a woman as his boss practically writes itself, hence how she addresses him with those exact words in GoldenEye. Yet from that frosty introduction Brosnans Bond has somewhere to grow with M as the two reach a grudging and, eventually, admiring respect.That element comes to fruition in The World Is Not Enough, a movie where instead of treating M as just a bean-counter, or as a mother in need of protecting, Bond comes to see her as a real person and confidant. He recognizes she is taking it personal that her school chum (and ex-lover?) from Oxford was killed due to their mutual negligence. But from that recognition the two develop an unspoken trust and camaraderie. They have a mutual interest in redemption.But then, much of the movie is a showcase for Brosnans Bond. In the 90s, he was celebrated as a bit of the platonic ideal between Connerys aggressive swagger and Moores dapper silliness. Brosnan walked the line. After Craig entirely reinvented the character as brooding bruiser who grew out of his blunt instrument youth, Brosnans goldilocks approach was dismissed, particularly by online fandom who typically prefer the seriousness of Craig, or for that matter Dalton. Yet perhaps because I grew up in the 90s, Ive always had affection for Brosnans lighter touch, which was often more nuanced than detractors would suggest. And that styling was never so bespoke as in TWINE. While GoldenEye easily remains the one great Brosnan Bond movie, as with most 007 actors he was still finding his interpretation of the character in the first outing.By the time TWINE came around, though, the actor and producers knew exactly who this version of Bond was. He still has the charm and humorousness of both Connery and Moore, but there is also a wearied sadness and melancholy there. He is not a brooder like Craig (and probably like how Brosnan would have preferred to see the character written), but this Bond has lived through the Cold War, betrayals, and long empty nights. The charisma feels like a defense mechanism, and perhaps his weapon of last resort.And we see what happens when those defenses are circumvented after he meets the next great love of his life, as well as one of the more under-appreciated baddies in the seriesRead more One of the Better VillainsMany internet pixels have been spilled about Denise Richards as Dr. Christmas Jones. The former American model is spectacularly miscast as a nuclear scientist. Still, I would point out that not much more so than many of the other Bond movie casting choices in previous decades. Think of the Bond Girls who were later dubbed because of wooden line deliveriesor the ones who were introduced as fellow espionage professionals and then asked to just blankly run around in a bikini by the producers. The backlash to Richards casting says perhaps more about how audience expectations for womens leading roles had changed in the 40 or so years between Dr. No and TWINE while Eons had not.However, it should be noted that Christmas is not a lead in The World Is Not Enough. She is a character who sadly only exists so Bond has a love interest at the end of the film. And even in that pretext, she is at least written as competent in her expertise, even as the producers dubiously dress her up like 90s era Lara Croft for half the movie. Even so, she is tertiary to the central dynamic of the film: a romance between James and a woman named Elektra (Sophie Marceau).While On Her Majestys Secret Service has been reevaluated as a Bond classic, in 1999 it was still largely a black sheep. Which makes the choice to essentially subvert it bold. And the twist where the woman Bond falls in love with this time turns out to also be the real villain is bolder still.It is indeed one of the cleverer plot contours in the series when Bond and the audience discover at roughly the same time that the terrorist were introduced into believing is the mastermind villain, Robert Carlyles adequate Renard, is actually a patsy. He is a dupe as easily manipulated by Elektra King as as 007. She is the films surprise femme fatale who intentionally echoes Diana Riggs beloved Teresa di Vicenzo. For like Tracy, Elektra comes from a wealthy family (Bond always loves refined things, no?) but is damaged from that privileged lifestyle. Quite literally, as we learn she was tortured and maimed when she was kidnapped for an extended period by Renard.Initially, Bond and the audience is led to suspect that she was manipulated or seduced, much like the dubious and disputed pop culture image surrounding the Patty Hearst abduction. However, even that proves a red herring. As the film unfolds, we learn Elektra has manipulated Bond and M, as well as the viewers. In truth, Elektra seduces Bond by representing everything he loves, even as she also embodies everything he usually despises in a man: intensely privileged breeding, a sense of entitlement, and, finally, megalomania. She considers her familys oil holdings in Russia as her birthright, and will kill anyone who keeps her from it. Beginning with her father.As misjudged as casting Richards as Christmas Jones was (especially since rumors suggest Monica Bellucci was also in the running for the role), the film ultimately lives or dies based on the dynamic between Bond and Elektra, and casting an actress as adept as Marceau works wonders for the film. She and Brosnan kindle a sincere chemistry, just as the erudite French actress has enough playfulness to imbue Elektras later villainy with a fanged cruelty.It makes the actual climax of the film one of the best moments in Brosnans tenure. Thirty-seven years after Connerys Bond coldly assassinated Professor Dent in Dr. No, Brosnans 007 is forced to shoot Elektra King in cold blood. It feels uglier than how were used to seeing the Brosnan version of the character. Earlier in the movie, the character went so far as to acknowledge that cold-blooded murder is a filthy business. But doing it to a woman he loved for at least one night is a kind of self-abnegation. You can see it on Brosnans face as he holds the gun and begs for her to call off Renard and their scheme.You buy Elektras misplaced confidence when she smirks, You wouldnt kill me. Youd miss me. It sets up a typical Brosnan one-liner, though this one with venomous irony after he executes her: I never miss. But in the same breath, Denchs M arrives on the scene to witness a perverse tableau. Bond is visibly mourning the woman he murdered by brushing her hair. The moment is melodramatic but also faintly disturbing, including to M. It also gestures toward a quality of the character that would become dominant in the Craig era.Its also such a striking moment that it wreaks havoc on the rest of TWINEs finale, which has no more oxygen as Bond obligatorily kills Renard in a crashed submarine and saves Christmas.The End of an EraUltimately, The World Is Not Enough has a number of good moments like the Thames chase sequence or the death of Elektra King. The shootout between Bond and Renard in a nuclear missle silo is also 90s cheese, but of an entertaining flavor as Brosnan hops on chains designed to transport atomic weapons and uses them as a carnival ride while outrunning a fireball. There is also a touching sendoff to Desmond Llewelyn as Q and a surprisingly taut action sequence about navigating oil pipelines.But it is easy to admit the sum is lesser than the parts. There are a couple of action sequences that feel quite rote and strangely lacking for a Bond flick, such as the worst ski set-piece in the series and the aforementioned submarine fistfight. As good as Elektra is, the choice to keep Renard as the final heavy, presumably because he is a man, disservices the movie.Yet one cannot wonder if the film, and perhaps Brosnans whole tenure, might be better remembered if this had been the final entry of his run. While I am of the camp who thinks it is a shame that Brosnan didnt get a fifth film in the early 2000s to close out his era on a better note than Die Another Day, the flip side might have also been true. Brosnans interpretation of the character feels incredibly, inescapably rooted in the 90s. It is of that moment where the Cold War was over but the 20th century still had life left in it. During roughly that decade before terrorist attacks in 2001 changed the world for the worst, shortsighted optimists believed they were living at the end of history. They might have even argued the world had no more use for characters like James Bond.The three films Brosnan made between 1995 and 1999 absolutely tap into the anxieties of that moment, complete with TWINEs still timely narrative about Europeans willing to kill over getting oil out of Russia (or Tomorrow Never Dies satire of conservative media propaganda). In this context, TWINE acts as a bookend on elements introduced in GoldenEye. Robbie Coltrane as the best 007 contact in the series since Kerim Bey returns in the role of Valentin Zukovsky, a former KGB spymaster turned gangster. In GoldenEye, he wanted to permanently maim Bond for a Cold War injury Zukovsky sustained, but by the end of TWINE, he utilizes his last breath to save James life, confident Bond will avenge them both.The film also sees Denchs M and the audience finally recognize an implicit question she had for Bond in GoldenEye. Can you still be useful? The answer is yes, even if it rots away at another level of Bonds soul with one more dead lover in his arms.The World Is Not Enough is not top shelf Bond, but it might be at the top of the mid-tier pack. And just as it took about 20 years for even Daltons most uneven Bond film, Licence to Kill, to get its due, now seems apt for The World Is Not Enough to receive a couple of flowers of its own. If only for Elektras funeral.

Today DoorDash announced a variety of new features and improvements timed for the holiday season. One such change: a new integration with Apples Reminders app.Import Reminders lists into DoorDash, or copy/paste a listThe Reminders app is used in a variety of ways by different users, but one of the most common use cases is grocery lists. Apple has even added grocery-specific features in the last couple years.Now, as DoorDash tries to make a bigger push into being used not just for restaurant deliveries but also groceries, the company is rolling out a new Reminders integration.DoorDash is adding the ability to import a Reminders list to get a quicker start on your grocery order.You can choose which list to import, and each item on the list will trigger a search so you can find the exact products youre looking for from DoorDashs various partners.If you keep your grocery lists in Apple Notes or some other app instead, the same functionality is extended to lists you paste into the DoorDash app.All of this makes it quicker to get your shopping done within DoorDash.Do you plan to use this new Reminders integration? Let us know in the comments.Best iPhone accessoriesAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

A new report today suggests that porch pirates thieves who steal packages left on doorsteps shortly after delivery have accessed tracking data from AT&T systems to follow iPhone deliveries.There has been a marked uptick in iPhones being stolen from doorsteps after being ordered from AT&T and delivered by Fedex, apparently with the help of real-time delivery updates CNET reports.A new rash of 2024 package thefts has uncovered a disturbing technique with thieves seizing private tracking data so they know exactly when packages are delivered, particularly iPhones. That allows these prescient porch pirates to jump in and steal the phones right when theyre delivered []Thieves are somehow getting tracking numbers or similar tracking information for iPhone deliveries, so they get real-time updates about when and where packages are delivered, allowing them to swoop in the moment the package status changes.AT&T is one of the few telecom companies that in many cases doesnt require signatures for high-value deliveries like iPhones. That allows thieves to steal packages when they are left unattended.Neither company has commented, and law enforcement is still investigating, but one theory is that the data is being accessed internally by rogue AT&T employees and then sold to thieves.The site recommends buying from companies and carriers who require a signature for high-value deliveries, as this should ensure packages are not left unattended on doorsteps.Photo byDan DennisonUnsplashAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Suck it, Shakespeare.Dead PoetsScientists have found that readers have a lot of trouble telling apart AI-generated and human-written poetry even works by the likes of William Shakespeare and Emily Dickinson.Even more surprisingly, the researchers found that humans generally prefer the former over the latter, which could bode poorly for the role of human creativity in the age of generative AI.As detailed in a new paper published in the journal Scientific Reports, University of Pittsburgh researchers Brian Porter and Edouard Machery conducted two experiments involving "non-expert poetry readers."They found that "participants performed below chance levels in identifying AI-generated poems. Notably, participants were more likely to judge AI-generated poems as human-authored than actual human-authored poems."AI-generated poems got higher scores from participants in qualities including rhythm and beauty, something that appeared to lead them astray in picking out which poem was the product of a language model and which was the creative output of a human artist.The team believes their difficulties may be due to the "simplicity of AI-generated poems" that "may be easier for non-experts to understand."In simple terms, AI-generated poetry is appealingly straightforward, and less convoluted, for the palate of the average Joe.Doing LinesIn their first experiment, participants were shown ten poems in a random order. Five were from renowned wordsmiths, including William Shakespeare, Emily Dickinson, and T.S. Eliot. The other five were generated by OpenAI's already out-of-date GPT 3.5 large language model, which was tasked to imitate the style of the aforementioned poets.In a second experiment, participants were told to rate the poems based on 14 different characteristics including quality, emotion, rhythm, and ironically, perhaps originality. The participants were split into three groups who were then told that the poems were AI-generated, human-written, or given no information about their origin.Interestingly, the group told that the poems were AI-generated tended to give the poems a lower score than those who were told that the poems were human-written.And the third group, who received no information about the poems' origins, actually favored the AI-generated poems over the human-written ones."Contrary to what earlier studies reported, people now appear unable to reliably distinguish human-out-of-the-loop AI-generated poetry from human-authored poetry written by well-known poets," the two researchers concluded in their paper."In fact, the 'more human than human' phenomenon discovered in other domains of generative AI is also present in the domain of poetry: non-expert participants are more likely to judge an AI-generated poem to be human-authored than a poem that actually is human-authored," they wrote.More on generative AI: The Wall Street Journal Is Testing AI-Generated Summaries of Its ArticlesShare This Article

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid secrets found and reported remained valid for more than 5 days. According to the same research, on average, it takes organizations 27 days to remediate leaked credentials. Combine that with the fact that non-human identities outnumber human identities by at least 45:1, and it is easy to see why many organizations are realizing stopping secrets sprawl means finding a way to deal with this machine identity crisis. Unfortunately, the research also shows that many teams are confused about who owns the security of these identities. It is a perfect storm of risk. Why Does Rotation Take So LongSo, why are we taking so long to rotate credentials if we know they are one of the easiest attack paths for adversaries? One major contributing factor is a lack of clarity on how our credentials are permissioned. Permissions are what authorize what specific things one entity, such as a Kubernetes workload or a microservice, can successfully request from another service or data source. Let's remember what remediation of a secrets sprawl incident means: you need to safely replace a secret without breaking anything or granting new, too-wide permissions, which would potentially introduce more security risks to your company. If you already have full insight into the lifecycle of your non-human identities and their associated secrets, this is a fairly straightforward process of replacing them with new secrets with the same permissions. This can take considerable time if you don't already have that insight, as you need to hope the developer who originally created it is still there and has documented what was done. Let's look at why permissions management is especially challenging in environments dominated by NHIs, examine the challenges developers and security teams face in balancing access control and productivity, and discuss how a shared responsibility model might help.Who Really Owns Secrets Sprawl?Secrets sprawl generally refers to the proliferation of access keys, passwords, and other sensitive credentials across development environments, repositories, and services like Slack or Jira. GitGuardian's latest Voice of the Practitioners report highlights that 65% of respondents place the responsibility for remediation squarely on the IT security teams. At the same time, 44% of IT leaders reported developers are not following best practices for secrets management. Secrets sprawl and the underlying issues of over-permissioned long-lived credentials will continue to fall in this gap until we figure out how to better work together in a shared responsibility model.The Developer's Perspective On PermissionsDevelopers face enormous pressure to build and deploy features quickly. However, managing permissions carefully, with security best practices, can be labor-intensive. Each project or application often has its own unique access requirements, which take time to research and properly set, almost feeling like a full-time job on top of the work making and deploying their applications. Best practices for creating and managing permissions too commonly do not get applied evenly across teams, are seldom documented appropriately, or are forgotten altogether after the developer gets the application working. Compounding the issue, in too many cases, developers are simply granting too wide of permissions to these machine identities. One report found that only 2% of granted permissions are actually used. If we take a closer look at what they are up against, it is easy to see why.For instance, think about managing permissions within Amazon Web Services. AWS's Identity and Access Management (IAM) policies are known for their flexibility but are also complex and confusing to navigate. IAM supports various policy typesidentity-based, resource-based, and permission boundariesall of which require precise configurations. AWS also offers multiple access paths for credentials, including IAM roles and KMS (Key Management Service) grants, which each come with its own unique access configurations. Learning this system is no small feat.Another common example of a service where permissions can become difficult to manage is GitHub. API keys can grant permissions to repositories across various organizations, making it challenging to ensure appropriate access boundaries. A single key can unintentionally provide excessive access across environments when developers are members of multiple organizations. The pressure is on to get it right, while the clock is always ticking and the backlog keeps getting bigger. Why Security Teams Alone Can't Fix ThisIt may seem logical to assign security teams responsibility for monitoring and rotating secrets; after all, this is a security concern. The reality is that these teams often lack the granular project-level knowledge needed to make changes safely. Security teams don't always have the context to understand what specific permissions are essential for keeping applications running. For instance, a seemingly minor permission change could break a CI/CD pipeline, disrupt production, or even cause a company-wide cascading failure if the wrong service disappears.The dispersed nature of secrets management across teams and environments also increases the attack surface. With no one really in charge, it becomes much harder to maintain consistency in access controls and audit trails. This fragmentation often results in excessive or outdated credentials and their associated permissions remaining active for far too long, possibly forever. It can make it difficult to know who has legitimate or illegitimate access to which secrets at any given time.A Shared Responsibility Model For Faster RotationDevelopers and security teams could help address these issues by meeting in the middle and building a shared responsibility model. In such a model, developers are more responsible for consistently managing their permissions through proper tooling, such as CyberArk's Conjur Secrets Manager or Vault by HashiCorp, while also better documenting the permissions and scope of the necessary permissions at the project level. Security teams should be helping developers by working to automate secrets rotation, investing in the proper observability tooling to gain clarity into the state of secrets, and working with IT to eliminate long-lived credentials altogether. If developers clearly document which permissions are needed in their requirements, it could help security teams conduct faster and more precise audits and speed remediation. If security teams work to ensure that the easiest and fastest overall path toward implementing a new non-human identity secret is also the safest and most scalable route, then there are going to be far fewer incidents that require emergency rotation, and everyone wins. The goal for developers should be to ensure that the security team can rotate or update credentials in their applications with confidence, on their own, knowing they're not jeopardizing production.Key Questions to Address around PermissioningWhen thinking through what needs to be documented, here are a few specific data points to help this cross-team effort flow more smoothly: Who Created the Credential? - Many organizations find it difficult to track credential ownership, especially when a key is shared or rotated. This knowledge is essential to understanding who is responsible for rotating or revoking credentials.What Resources Does It Access? - API keys can often access a range of services, from databases to third-party integrations, making it essential to limit permissions to the absolute minimum necessary.What Permissions Does It Grant? - Permissions vary widely depending on roles, resource-based policies, and policy conditions. For instance, in Jenkins, a user with `Overall/Read` permission can view general information, while `Overall/Administer` grants full control over the system.How Do We Revoke or Rotate It? - The ease of revocation varies by platform, and in many cases, teams must manually track down keys and permissions across systems, complicating remediation and prolonging exposure to threats.Is the Credential Active? - Knowing whether a credential is still in use is critical. When NHIs use long-lived API keys, these credentials may remain active indefinitely unless managed properly, creating persistent access risks.Permissions Are Challenging, But We Can Manage Them Together As One TeamAccording to the GitGuardian report, while 75% of respondents expressed confidence in their secrets management capabilities, the reality is often much different. The average remediation time of 27 days reflects this gap between confidence and practice. It is time to rethink how we implement and communicate secrets and their permissions as an organization.While developers work diligently to balance security and functionality, the lack of streamlined permissions processes and uncentralized or unstandardized documentation paths only amplify the risks. Security teams alone can't resolve these issues effectively due to their limited insight into project-specific needs. They need to work hand-in-hand with developers every step of the way. GitGuardian is building the next generation of secrets security tooling, helping security and IT teams get a handle on secrets sprawl. Knowing what plaintext, long-lived credentials are exposed in your code and other environments is a needed first step to eliminating this threat. Start today with GitGuardian.Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They're proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people.This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creativeusing everything from human trust to hidden flaws in technology. The real question is: are you ready? Every attack holds a lesson, and every lesson is an opportunity to strengthen your defenses. This isn't just newsit's your guide to staying safe in a world where cyber threats are everywhere. Let's dive in. Threat of the WeekPalo Alto Networks Warns of Zero-Day: A remote code execution flaw in the Palo Alto Networks PAN-OS firewall management interface is the newest zero-day to be actively exploited in the wild. The company began warning about potential exploitation concerns on November 8, 2024. It has since been confirmed that it has been weaponized in limited attacks to deploy a web shell. The critical vulnerability has no patches as yet, which makes it all the more crucial that organizations limit management interface access to trusted IP addresses. The development comes as three different critical flaws in Palo Alto Networks Expedition (CVE-2024-5910, CVE-2024-9463, and CVE-2024-9465) have also seen active exploitation attempts. Details are sparse on who is exploiting them and the scale of the attacks. Top NewsBrazenBamboo Exploits Unpatched Fortinet Flaw: A threat-actor known as BrazenBamboo has exploited an unresolved security flaw in Fortinet's FortiClient for Windows to extract VPN credentials as part of a modular framework called DEEPDATA. Volexity described BrazenBamboo as the developer of three distinct malware families DEEPDATA, DEEPPOST, and LightSpy, and not necessarily one of the operators using them. BlackBerry, which also detailed DEEPDATA, said it has been put to use by the China-linked APT41 actor.About 70,000 Domains Hijacked by Sitting Ducks Attack: Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. Sitting Ducks exploits misconfigurations in a web domain's domain name system (DNS) settings to take control of it. Of the nearly 800,000 vulnerable registered domains over the past three months, approximately 9% (70,000) have been subsequently hijacked.Got a Dream Job Offer on LinkedIn? It May Be Iranian Hackers: The Iranian threat actor known as TA455 is targeting LinkedIn users with enticing job offers intended to trick them into running a Windows-based malware named SnailResin. The attacks have been observed targeting the aerospace, aviation, and defense industries since at least September 2023. Interestingly, the tactics overlap with that of the notorious North Korea-based Lazarus Group.WIRTE Targets Israel With SameCoin Wiper: WIRTE, a Middle Eastern threat actor affiliated with Hamas, has orchestrated cyber espionage operations against the Palestinian Authority, Jordan, Iraq, Saudi Arabia, and Egypt, as well as carried out disruptive attacks that exclusively target Israeli entities using SameCoin wiper. The destructive operations were first flagged at the start of the year.ShrinkLocker Decryptor Released: Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. First identified earlier this year, ShrinkLocker is notable for its abuse of Microsoft's BitLocker utility for encrypting files as part of extortion attacks targeting entities in Mexico, Indonesia, and Jordan. Trending CVEsRecent cybersecurity developments have highlighted several critical vulnerabilities, including: CVE-2024-10924, CVE-2024-10470, CVE-2024-10979, CVE-2024-9463, CVE-2024-9465, CVE-2024-43451, CVE-2024-49039, CVE-2024-8068, CVE-2024-8069, CVE-2023-28649, CVE-2023-31241, CVE-2023-28386, CVE-2024-50381, CVE-2024-7340, and CVE-2024-47574. These security flaws are serious and could put both companies and regular people at risk. To stay safe, everyone needs to keep their software updated, upgrade their systems, and constantly watch out for threats. Around the Cyber WorldThe Top Routinely Exploited Vulnerabilities of 2023 Revealed: Cybersecurity agencies from the Five Eyes nations, Australia, Canada, New Zealand, the U.K., and the U.S., have released the list of top 15 vulnerabilities threat actors have been observed routinely exploiting in 2023. This includes security flaws from Citrix NetScaler (CVE-2023-3519, CVE-2023-4966), Cisco (CVE-2023-20198, CVE-2023-20273), Fortinet (CVE-2023-27997), Progress MOVEit Transfer (CVE-2023-34362), Atlassian (CVE-2023-22515), Apache Log4j (CVE-2021-44228), Barracuda Networks ESG (CVE-2023-2868), Zoho ManageEngine (CVE-2022-47966), PaperCut MF/NG (CVE-2023-27350), Microsoft Netlogon (CVE-2020-1472), JetBrains TeamCity (CVE-2023-42793), Microsoft Outlook (CVE-2023-23397), and ownCloud (CVE-2023-49103). "More routine initial exploitation of zero-day vulnerabilities represents the new normal which should concern end-user organizations and vendors alike as malicious actors seek to infiltrate networks," the U.K. NCSC said. The disclosure coincided with Google's announcement that it will begin issuing "CVEs for critical Google Cloud vulnerabilities, even when we do not require customer action or patching" to boost vulnerability transparency. It also came as the CVE Program recently turned 25, with over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers assigned as of October 2024. The U.S. National Institute of Standards and Technology (NIST), for its part, said it now has a "full team of analysts on board, and we are addressing all incoming CVEs as they are uploaded into our system" to address the backlog of CVEs that built up earlier this calendar year.GeoVision Zero-Day Under Attack: A new zero-day flaw in end-of-life GeoVision devices (CVE-2024-11120, CVSS score: 9.8), a pre-auth command injection vulnerability, is being exploited to compromise and enlist them into a Mirai botnet for likely DDoS or cryptomining attacks. "We observed a 0day exploit in the wild used by a botnet targeting GeoVision EOL devices," the Shadowserver Foundation said. Users of GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, and GVLX 4 V3 are recommended to replace them.New Banking Trojan Silver Shifting Yak Targets Latin America: A new Windows-based banking trojan named Silver Shifting Yak has been observed targeting Latin American users with the goal of stealing information from financial institutions such as Banco Ita, Banco do Brasil, Banco Bandresco, Foxbit, and Mercado Pago Brasil, among others, as well as credentials used to access Microsoft portals such as Outlook, Azure, and Xbox. The initial attack stages of the malware are believed to be initiated by phishing emails that lead the victims to malicious .ZIP archives hosted on fake websites. The development comes as the threat actor known as Hive0147 has begun to use a new malicious downloader called Picanha to deploy the Mekotio banking trojan. "Hive0147 also distributes other banking trojans, such as Banker.FN also known as Coyote, and is likely affiliated with several other Latin American cyber crime groups operating different downloaders and banking trojans to enable banking fraud," IBM X-Force said.Tor Network Faces IP Spoofing Attack: The Tor Project said the Tor anonymity network was the target of a "coordinated IP spoofing attack" starting October 20, 2024. The attacker "spoofed non-exit relays and other Tor-related IPs to trigger abuse reports aimed at disrupting the Tor Project and the Tor network," the project said. "The origin of these spoofed packets was identified and shut down on November 7, 2024." The Tor Project said the incident had no impact on its users, but said it did take a few relays offline temporarily. It's unclear who is behind the attack.FBI Warns About Criminals Sending Fraudulent Police Data Requests: The FBI is warning that hackers are obtaining private user information from U.S.-based tech companies by compromising U.S. and foreign government/police email addresses to submit "emergency" data requests. The abuse of emergency data requests by malicious actors such as LAPSUS$ has been reported in the past, but this is the first time the FBI has formally admitted that the legal process is being exploited for criminal purposes. "Cybercriminals understand the need for exigency, and use it to their advantage to shortcut the necessary analysis of the emergency data request," the agency said.New Trends in Ransomware: A financially-motivated threat actor known as Lunar Spider has been linked to a malvertising campaign targeting financial services that employs SEO poisoning to deliver the Latrodectus malware, which, in turn, is used to deploy the Brute Ratel C4 (BRc4) post-exploitation framework. In this campaign detected in October 2024, users searching for tax-related content on Bing are lured into downloading an obfuscated JavaScript. Upon execution, this script retrieves a Windows Installer (MSI) from a remote server, which installs Brute Ratel. The toolkit then connects to command-and-control (C2) servers for further instructions, allowing the attacker to control the infected system. It's believed that the end goal of the attacks is to deploy ransomware on compromised hosts. Lunar Spider is also the developer behind IcedID, suggesting that the threat actor is continuing to evolve their malware deployment approach to counter law enforcement efforts. It's not just Lunar Spider. Another infamous cybercrime gang called Scattered Spider has been acting as an initial access broker for the RansomHub ransomware operation, employing advanced social engineering tactics to obtain privileged access and deploy the encryptor to impact a critical ESXi environment in just six hours." The disclosure comes as ransomware attacks, including those aimed at cloud services, continue to be a persistent threat, even as the volume of the incidents is beginning to witness a drop and there is a steady decline in the ransom payment rates. The appearance of new ransomware families like Frag, Interlock, and Ymir notwithstanding, one of the noteworthy trends in 2024 has been the rise of unaffiliated ransomware actors, the so-called "lone wolves" who operate independently. Resources, Guides & Insights Expert WebinarHow to be Ready for Rapid Certificate Replacement Is certificate revocation a nightmare for your business? Join our free webinar and learn how to replace certificates with lightning speed. We'll share secrets to minimize downtime, automate replacements, master crypto agility, and implement best practices for ultimate resilience.Building Tomorrow, SecurelyAI Security in App Development AI is revolutionizing the world, but are you prepared for the risks? Learn how to build secure AI applications from the ground up, protect against data breaches and operational nightmares, and integrate robust security into your development process. Reserve your spot now and discover the essential tools to safeguard your AI initiatives. Cybersecurity ToolsGrafana Grafana is an open-source monitoring and observability platform that enables cybersecurity teams to query, visualize, and alert on security metrics from any data source. It offers customizable dashboards with flexible visualizations and template variables, allowing for real-time threat monitoring, intrusion detection, and incident response. Features such as ad-hoc queries and dynamic drill-downs facilitate the exploration of metrics related to network traffic, user behavior, and system logs. Seamless log exploration with preserved filters supports forensic investigations, while visual alert definitions ensure timely notifications to security operations centers through integrations with tools like Slack and PagerDuty. Additionally, Grafana's ability to mix different data sourcesincluding custom onesprovides comprehensive security monitoring across diverse environments, enhancing the organization's ability to maintain a robust cybersecurity posture.URLCrazy is an OSINT tool designed for cybersecurity professionals to generate and test domain typos or variations, effectively detecting and preventing typo squatting, URL hijacking, phishing, and corporate espionage. By creating 15 types of domain variants and leveraging over 8,000 common misspellings across more than 1,500 top-level domains, URLCrazy helps organizations protect their brand by registering popular typos, identifying domains diverting traffic intended for their legitimate sites, and conducting phishing simulations during penetration tests. Tip of the WeekUse Canary Tokens to Detect Intrusions Hackers rely on staying hidden, but canary tokens help you catch them early. These are fake files, links, or credentials, like "Confidential_Report_2024.xlsx" or a fake AWS key, placed in spots hackers love to snoopshared drives, admin folders, or cloud storage. If someone tries to access them, you get an instant alert with details like their IP address and time of access.They're easy to set up using free tools like Canarytokens.org and don't need any advanced skills. Just keep them realistic, put them in key places, and check for alerts. Make sure you test your tokens after setup to ensure they work and avoid overusing them to prevent unnecessary noise. Place them strategically in high-value areas, and monitor alerts closely to act quickly if triggered. It's a smart, low-effort way to spot hackers before they can do damage.ConclusionThat's it for this week's cybersecurity updates. The threats might seem complicated, but protecting yourself doesn't have to be. Start simple: keep your systems updated, train your team to spot risks, and always double-check anything that seems off.Cybersecurity isn't just something you doit's how you think. Stay curious, stay cautious, and stay protected. We'll be back next week with more tips and updates to keep you ahead of the threats.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Lisa Morgan, Freelance WriterNovember 18, 20247 Min ReadYAY Media AS via Alamy StockBusiness competitiveness is driving organizations deeper into the cloud where they can take advantage of more services. Leading organizations are realizing economic benefits ranging from cost savings and deeper insights to successful innovations. Artificial intelligence is driving an increase in cloud usage.We anticipate a continued growth of a few significant cloud trends for 2025, with the rise of GenAI being a major driver, says John Samuel, global CIO and EVP at CGS (Computer Generated Solutions), a global IT and outsourcing provider. Cloud providers are heavily investing in GenAI technologies, collaborating with chip manufacturers to enhance performance and scalability. This partnership enables cloud platforms to power a growing ecosystem of downstream SaaS providers that are building solutions to allow easier adoption of AI-based solutions. As a result, GenAI is becoming a key enabler for adopting advanced AI capabilities across industries, with cloud acting as the backbone.Mike Stawchansky, chief technology officer at financial services software applications provider Finastra, warns that privacy concerns and contractual ambiguity around the rights to utilize customer data for GenAI will become more of an issue. Customers want the insights and efficiencies GenAI can deliver but may not be willing to grant more extensive access to their data.Related:Capacity issues are becoming more frequent as organizations grapple with the resource-heavy workloads that AI-powered technologies bring. Further, expansion into other cloud regions may hold businesses back as different regions present their own unique compliance and data residency challenges, says Stawchansky in an email interview. GenAI is going to continue to put pressure on businesses to be better, faster, and more efficient. Early adopters are seeing gains, so those who have not yet begun to experiment with the technology risk falling behind.Cloud security will also become more of an issue, however. Security teams will begin to harness AI assistance to automate response processes for cloud-based exposure and threat detection.The volume of exposures and threats, combined with varying experience levels in SecOps teams, means that effective remediation relies on the ability to guide team members with prescriptive remediation procedures using AI. This will see mainstream adoption in 25, says Or Shoshani, co-founder and chief executive officer at real-time cloud security company Stream.Security. Enterprises have done little to evolve their detection and response capabilities to meet the unique aspects of the cloud environment. They are relying on processes and technology designed for securing on-prem infrastructures and its insufficient. Its a combination of lack of awareness of the problem, in addition to inertia.Related:Following are some more cloud trends to watch in 2025:1. Multi- and hybrid clouds will become more commonCloud providers recognize that customers prefer to leverage multiple cloud platforms for flexibility, risk mitigation, and performance optimization. In response, they are enabling inter-cloud operability, which enables users to perform analytics and utilize data across cloud providers without moving their data, according to CGS Samuel.Enterprises [and] small- to medium-sized businesses appear well-prepared for upcoming cloud trends like GenAI adoption and multi-cloud strategies. Cloud providers are responding by enabling technologies that reduce on-premises infrastructure needs, making it easier for companies to offload workloads to the cloud, Samuel says.Faiz Khan, founder & CEO at multi-cloud SaaS and managed service provider Wanclouds, says the major public cloud providers eliminated data transfer fees over the last year, making it easier to migrate data from one public cloud provider to another.Related:"By adopting a multi-cloud approach, you can train your distributed AI workloads and models across multiple environments. For instance, there could be a benefit to using Azure's computing power to train one AI model and AWS for another. Or you could keep your legacy cloud workloads on one public cloud and then your AI workloads on a separate public cloud, says Khan in an email interview. This approach enables enterprises to tailor their cloud environment to the needs of each AI application. It's also become a lot cheaper to migrate these applications across public clouds if the environment or needs change.However, time and cost can slow adoption. Businesses need sufficient time to research and implement new cloud solutions, and the confidence that the shift will deliver the cost optimization they expect. Balancing immediate costs with long-term cloud benefits is an important consideration.2. CISOs will need better cloud monitoringSOC and the SecOps teams will need to integrate cloud context into their day-to-day detection and response operations in 2025 to effectively detect and respond to exposures and threats in real time.Most SecOps teams are still relying on alert-based tools designed for on prem environments that are missing information related to exposure and attack path across all elements of the cloud infrastructure, saysStream.SecuritysShoshani. This results in an inability to identify real threats and massive amounts of time [to investigate] false positives.3. Cloud spending will increaseWanclouds Khan says most organizations will increase their cloud spending substantially in 2025.Like other aspects of IT, AI will be the force behind most of the trends occurring in the cloud in 2025. AI is going to drive a big spending boom in the cloud next year. Organizations need to increase the amount of cloud resources they have to be able to handle the compute GenAI model training requires, says Khan. Furthermore, we're also seeing IT teams now spending on new AI tools and features that can be utilized to improve and automate cloud management."4. Landing zones will gain more tractionLanding zones provide a standardized framework for cloud adoption. They are becoming more prominent as they address scalability and security concerns.Cloud providers are putting together templates for various industry verticals, such as finance and healthcare, that will allow customers to build solutions for regulatory environments much faster, saysFinastrasStawchansky. Most enterprises will be some way along their cloud-adoption and migration roadmaps today. Its just a question of how well-equipped they are for scaling their capabilities, especially as they seek to operationalize resource-heavy technologies, such as LLMs and GenAI. Having structured ways to approach scaling resources, while efficiently harnessing this technology will be crucial for ensuring ROI.5. Cybersecurity resilience will use digital twins for ransomware war gamesCyber recovery rehearsals will reach a new level of sophistication as organizations aim for ever faster recovery times in todays hybrid and multi-cloud environments.Cyber criminals are now using AI to increase the frequency, speed and scale of their attacks. In response, organizations will also use AI -- but this time, to fight back, says Matt Waxman, SVP and GM of data protection at secure multi-cloud data management company Veritas Technologies. As we know, the key to success is all in the preparation, so much of this work is going to be done in advance, using AI to predict the best response when ransomware inevitably hits.Organizations will play out ransomware wargames using cloud-based digital twins in AI-powered simulations of every possible attack scenario across entire infrastructures -- from edge to core to cloud.Plans are one thing, but an organization cant claim resilience without proving that those plans have been pressure tested. More than a nice-to-have, these advanced rehearsals will soon become mandated by regulation, says Waxman.6. Cyberspace will extend to outer spaceSatellite connectivity is growing, though Waxman says space-based computing may get a nudge in 2025.As humans return to the moon for the first time in more than 50 years aboard NASAs Artemis II, technology visionaries will be re-inspired to explore the possibilities of space-based computing, says Waxman. Datacenters in space present many benefits. For example, the unique environmental conditions mean that much less energy is required to spin disks or cool racks. However, there are also obvious challenges, such as transmission latency, which makes storage in space more effective for data that only needs accessed occasionally, like backup data.Spurred by the promise of datacenters freed from atmospheric constraints, in 2025, visionaries will begin to set their minds to overcoming the barriers to computing in space, he says.About the AuthorLisa MorganFreelance WriterLisa Morgan is a freelance writer who covers business and IT strategy and emergingtechnology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.See more from Lisa MorganNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

Matt Herpich, CEO, Conduit PowerNovember 18, 20243 Min ReadAleksia via Alamy StockWe operate as a lean technology startup in the traditionally conservative energy industry. We have to. Going up against $100 billion behemoths requires agility and operational efficiency so we can make smart, quick decisions in the moment and move at the speed of the market. Technology -- specifically digital transformation in the cloud -- has enabled this bold business model, allowing us to bridge the budget gap and compete against much larger competitors that have been in business for decades.But simply declaring youre going to operate in the cloud isnt likely to lead to success. What we set out to do hadnt been done before, but we were lucky enough to be working with two industry leaders that helped us make the right technology decisions during a relatively fast implementation cycle -- the impact of which proved valuable to operations, employee productivity, and morale, especially in a market as competitive as the energy sector.Pioneering Cloud SolutionOur core mission is to build power plants for companies that want to co-locate power generation near where they need it -- for data centers, new industry, and other places that have rapidly growing electricity needs. The ability to remotely operate modern control room systems is mission critical, allowing us to meet resilience, compliance and security requirements of our customers without having to deploy people on-site at every customer plant. Data fuels our remote management capabilities, providing operators fingertip access to all kinds of information about our customers on-site grids, including generation, usage and asset health data, which is fed to a central control center near Houston, Texas.Related:Building a vast wide-area network with high-performance fiber would cost tens of millions of dollars. Some of our well-funded competitors have done this, building massive IT infrastructures across customer sites at a scale that rivals the worlds biggest tech companies. We took a different path, working with Hitachi Energy and Amazon Web Services (AWS) to create a cloud-based network management solution. Moving to the cloud led to a six-month deployment timeline and cost a third of the budget required to build a similar on-premises deployment.Our cloud strategy allows our operators to monitor and control grid assets distributed across the state from a central location and provides fast response, redundancy, disaster recovery, and security services -- all the capabilities youd expect from one of the major players in our field. By working closely with our partners, we can do this without the big budget of our competitors nor hiring or training additional personnelRelated:Keeping Families Together During a DisasterMoving to the cloud provided immediate value. Only months after migrating to the cloud, Hurricane Beryl struck the Texas coastline and disrupted power throughout the state. Our customers needed their power plants up and running at optimal capacity to mitigate the outages.Normally, we would have had to send our operators hundreds of miles on site to oversee plant recoveries -- a costly and time-consuming prospect. However, our cloud-native strategy allowed our operators to simply log on from home where they could maintain operators from a web-based dashboard. Not only did we keep our customers up and running, but we also didnt have to disrupt our workers families during the federally declared disaster.The Cloud Delivers Operational FlexibilityOperating in the energy industry as a lean startup is much easier when you leverage the power of cloud technology to create operational efficiencies, provide stellar experiences to customers and make fast, data-informed decisions that put us one step ahead of larger competitors. Through the cloud, we are able to grow our IT capabilities in line with business growth objectives. While we currently operate plants that generate less than 100 megawatts (MW) of power, well be able to scale our SCADA and network management operations to meet the needs of any sized plant in the future. Well be able to meet this demand without having to over-provision resources in advance or invest millions of dollars in an on-premises data center. And that flexibility is worth its weight in gold.Related:About the AuthorMatt HerpichCEO, Conduit PowerMatt Herpich is CEO of Conduit Power. He previously served as head of finance and operations for Arcadia Powers Texas Energy Services business unit. He came to Arcadia through the acquisition of Real Simple Energy, a Texas-based retail power brokerage, of which he was co-founder. Matt earned a BS in Electrical Engineering from Yale and an MS in Information Technology (big data focus) from Carnegie Mellon.See more from Matt HerpichNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also LikeWebinarsMore WebinarsReportsMore Reports

This is today's edition ofThe Download,our weekday newsletter that provides a daily dose of what's going on in the world of technology. The rise of Bluesky, and the splintering of social You may have read that it was a big week for Bluesky. If youre not familiar, Bluesky is, essentially, a Twitter clone that publishes short-form status updates. Last Wednesday, The Verge reported it had crossed 15 million users. Its just ticked over 19 million now, and is the number one app in Apples app store. Meanwhile, Threads, Metas answer to Twitter, reportedly signed up 15 million people in November alone. Both apps are surging in usage. Many of these new users were seemingly fleeing X, the platform formerly known as Twitter, in reaction to Elon Musks support of Donald Trump, and his moves to elevate right-leaning content on the platform. But theres a deeper trend at play here. Were seeing a long-term shift away from massive centralized social networks. Read the full story. Mat Honan This story is from The Debrief, our newly-launched newsletter written by our editor-in-chief Mat Honan. Its his weekly take on the real stories behind the biggest news in techwith some links to stories we love and the occasional recommendation thrown in for good measure. Sign up to get it every Friday! Why the term women of childbearing age is problematic Jessica Hamzelou Every journalist has favorite topics. Mine include the quest to delay or reverse human aging, and new technologies for reproductive health and fertility. So when I saw trailers for The Substance, a film centered on one middle-aged womans attempt to reexperience youth, I had to watch it. I wont spoil the movie for anyone who hasnt seen it yet (although I should warn that it is not for the squeamish). But a key premise of the film involves harmful attitudes toward female aging. Hey, did you know that a womans fertility starts to decrease by the age of 25? a powerful male character asks early in the film. At 50, it just stops, he later adds. He never explains what stops, exactly, but to the viewer the message is pretty clear: If youre a woman, your worth is tied to your fertility. Once your fertile window is over, so are you. The insidious idea that womens bodies are, above all else, vessels for growing children has plenty of negative consequences for us all. But it also sets back scientific research and health policy. Read Jesss story to learn how. This story is from The Checkup, MIT Technology Reviews weekly biotech newsletter. Sign up to receive it in your inbox every Thursday. The must-reads Ive combed the internet to find you todays most fun/important/scary/fascinating stories about technology. 1 Trump plans to loosen US rules for self-driving cars No prizes for guessing who might be behind that idea. (Bloomberg$)+Elon Musk is ramping up his legal fight against OpenAI and Microsoft.(WSJ$)+Trump has appointed the FCCs Brendan Carr to lead the agency.(NPR)+Robotaxis are here. Its time to decide what to do about them. (MIT Technology Review)2 How Bluesky is handling its explosive growthIt has just 20 employees, and theyre working round the clock to deal with bugs, outages and moderation issues. (NYT$)+Just joined Bluesky? Heres how to use it.(The Verge)+How to fix the internet.(MIT Technology Review) 3 Biden agreed to some small but significant AI limits with Xi Jinping I think we can all get behind the idea that nuclear weapons should be exclusively controlled by humans. (Politico)+Biden has lifted a ban on Ukraine using long-raise missiles to strike inside Russia.(BBC)4 Big Tech is trying to sink the US online child safety billAnd, as it stands, its lobbying efforts look very likely to succeed. (WSJ$)5 Amazon has launched a rival to Temu and Shein Nothing on Haul costs more than $20. (BBC)+Welcome to the slop era of online shopping. (The Atlantic$)6 The Mike Tyson-Jake Paul fight on Netflix was plagued by glitchesDespite that, 60 million households still tuned in. (Deadline)7 AI models can work together faster in their own languageLinking different models together could help tackle thorny problems individual ones cant solve. (New Scientist$)8 Tech companies are training their AI on movie subtitlesA database called OpenSubtitles provides a rare glimpse into what goes into these systems. (The Atlantic$)9 McDonalds is trying to bring back NFTsRemember those? (Gizmodo)10 A lot of people are confusing Starlink satellites with UFOs Guess itll take us a while for us to get used to seeing them. (Ars Technica)Quote of the day F*** you, Elon Musk. Brazils first lady, Janja Lula da Silva, makes her views clear during a speech calling for tougher social media regulation ahead of the G20 summit in Rio de Janeiro,Reutersreports.The big story Alina Chan tweeted life into the idea that the virus came from a lab COURTESY PHOTO June 2021 Alina Chan started asking questions in March 2020. She was chatting with friends on Facebook about the virus then spreading out of China. She thought it was strange that no one had found any infected animal. She wondered why no one was admitting another possibility, which to her seemed very obvious: the outbreak might have been due to a lab accident.Chan is a postdoc in a gene therapy lab at the Broad Institute, a prestigious research institute affiliated with both Harvard and MIT. Throughout 2020, Chan relentlessly stoked scientific argument, and wasnt afraid to pit her brain against the best virologists in the world. Her persistence even helped change some researchers minds.Read the full story.Antonio Regalado We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or tweet 'em at me.) + WhyQuincy Joneswas the best of the best. + Thesehandy appsare a great way to save articles to read later on (Pocket is my own personal favorite.)+ How to resurrect aghost riverin the Bronx.+ Look after yourstainless steel pans, and your stainless steel pans will look after you.

You may have read thatit was a big week for Bluesky. If youre not familiar, Bluesky is, essentially, a Twitter clone that publishes short-form status updates. It gained more than 2 million users this week. On Wednesday,The Vergereportedit had crossed 15 million users. By Thursday, it was at 16 million. By Friday?17 million and counting. It was thenumber one appin Apples app store. Meanwhile, Threads, Metas answer to Twitter, put up even bigger numbers. The companys Adam Mosserireported that 15 million peoplehad signed up in November alone. Both apps are surging in usage. Many of these new users were seemingly fleeing X, the platform formerly known as Twitter. On the day after the election, more than115,000 people deactivated their X accounts, according to Similarweb data. Thats a step far past not logging on. It means giving up your username and social graph. Its nuking your account versus just ignoring it. Much of that migration is likely a reaction to Elon Musks support of Donald Trump, and his moves to elevate right-leaning content on the platform. Since Musk took over, X has reinstated a lot of previously banned accounts, very many of which are on the far right. It also tweaked its algorithm to make sure Musks own posts, which are often pro-Trump, get an extra level of promotion and prominence,according toKate Conger and Ryan Macs new bookCharacter Limit. There are two points I want to make here. The first is that tech and politics are just entirely enmeshed at this point. Thats due to the extreme extent to which tech has captured culture and the economy. Everything is a tech story now, including and especially politics. The second point is about what I see as a more long-term shift away from centralization. Whats more interesting to me than people fleeing a service because they dont like its politics is the emergence of unique experiences and cultures across all three of these services, as well as other, smaller competitors. Last year,we put Twitter killers on our list of 10 breakthrough technologies. But the breakthrough technology wasnt the rise of one service or the decline of another. It was decentralization. At the time, I wrote: Decentralized, or federated, social media allows for communication across independently hosted servers or platforms, using networking protocols such as ActivityPub, AT Protocol, or Nostr. It offers more granular moderation, more security against the whims of a corporate master or government censor, and the opportunity to control your social graph. Its even possible to move from one server to another and follow the same people. In the long run, massive, centralized social networks will prove to be an aberration. We are going to use different networks for different things. For example, Bluesky is great for breaking news because it does not deprioritize links and defaults to a social graph that shows updates from the people you follow in chronological order. (It also has a Discover feed and you can set up others for algorithmic discoverymore on that in a momentbut the default is the classic Twitter-esque timeline.) Threads, which has a more algorithmically defined experience, is great for surfacing interesting conversations from the past few days. I routinely find interesting comments and posts from two or three days before I logged on. At the same time, this makes it pretty lousy at any kind of real time experienceseemingly intentionallyand essentially hides that standard timeline of updates from people you follow in favor of an algorithmically-generated for you feed. Im going to go out on a limb here and say that while these are quite different, neither is inherently better. They offer distinct takes on product direction. And that ability to offer different experiences is a good thing. I think this is one area where Bluesky has a real advantage. Bluesky lets people bend the experience to their own will. You arent locked into the default following and discover experiences. You canroll your own custom feed, and follow custom feeds created by other people. (And Threads isnow testing something similar.) That customization means my experience on Bluesky may look nothing like yours. This is possible because Bluesky is a service running on top of the AT Protocol, an open protocol thats accessible to anyone and everyone. The entire idea is that social networking is too important for any one company or person to control it. So it is set up to allow anyone to run their own network using that protocol. And thats going to lead to a wide range of outcomes. Take moderation, as an example. The moderation philosophy of the AT Protocol is essentially that everyone is entitled to speech but not to reach. That means it isnt banning content at the protocol level, but that individual services can set up their own rules. Bluesky hasits own community guidelines. But those guidelines would not necessarily apply to other services running on the protocol. Furthermore, individuals can also moderate what types of posts they want to see. It lets peopleset up and choose different levels of what they want to allow. That, combined with the ability to roll your own feeds, combined with the ability of different services to run on top of the same protocol, sets up a very fragmented future. And thats just Bluesky. Theres also Nostr, which leans toward the crypto and tech crowds, at least for now. And Mastodon, which tends to have clusters of communities on various servers. All of them are growing. The era of the centralized, canonical feed is coming to an end. Whats coming next is going to be more dispersed, more fractured, more specialized. It will take place across these decentralized services, and also WhatsApp channels, Discord servers, and other smaller slices of Big Social. Thats going to be challenging. It will cause entirely new problems. But its also an incredible opportunity for individuals to take more control of their own experiences. If someone forwarded you this edition of The Debrief, you cansubscribe here. I appreciate your feedback on this newsletter. Drop me a line atmat.honan@technologyreview.comwith any and all thoughts. And of course, I love tips. Now read the rest of The Debrief The News TSMC halts advanced chip shipments for Chinese clients. It comes after some of its chips were found inside a Huawei AI processor. Google DeepMind has come up with a new way to peer inside AIs thought process. An AI lab out of Chicago is building tools to help creators prevent their work from being used in training data. Lina Khan may be on the way out, but shes going out with a bang: The FTC is preparing to investigate Microsofts cloud business. The Chat Every week Ill talk to one of MIT Technology Reviews reporters or editors to find out more about what theyve been working on. For today, I spoke with Casey Crownhart, senior climate reporter, about her coverage of the COP29 UN climate conference. Mat: COP29 is happening right now in Azerbaijan, do you have a sense of the mood? Casey: The vibes are weird in Baku this week, in part because of the US election. The US has been a strong leader in international climate talks in recent years, and an incoming Trump administration will certainly mean a big change. And the main goal of these talksreaching a climate finance agreementis a little daunting. Developing countries need something like $1 trillion dollars annually to cope with climate change. Thats a huge jump from the current target, so there are questions about how this agreement will shake out. Mat: Azerbaijan seems like a weird choice to host. I read one account from the conference saying you could smell the oil in the air. Why there? Casey: Azerbaijans economy is super reliant on fossil fuels, which definitely makes it an ironic spot for international climate negotiations. Theres a whole complicated process of picking the COP host each yearfive regions rotate hosting, and the countries in that region have to all agree on a pick when its their turn. Russia apparently vetoed most of the other choices in the Eastern European group this year, and the region settled on Azerbaijan as one of the only viable options. Mat: You write that if Trump pulls out of the UN Framework Convention on Climate Change, it would be like riding away on a rocket. Why would that be so much worse than dropping out of Paris? Casey: Trump withdrew from the Paris Agreement once already, and it was relatively easy for Biden to rejoin when he came into office. If, during his second term, Trump were to go a step further and pull out of the UNFCCC, its not just an agreement hes walking away from, its the whole negotiating framework. So the statement would be much bigger. Theres also the question of reversibility. Its not clear if Trump can actually withdraw from the UNFCCC on his own, and its also not clear what it would take to rejoin it. When the US joined in the 90s, the Senate had to agree, so getting back in might not be as simple as a future president signing something. Mat: What from COP29 are you optimistic about? Casey: Tough to find a glimmer of hope in all this, but if there is one, Id say Im optimistic that well see some countries step up, including the UK and China. The UK announced a new emissions target at the talks already, and itll be really interesting to see what role China plays at COP29 and moving forward. The Recommendation Once upon a time I was a gadget blogger. Its fun writing about gadgets! I miss it! Especially because at some point your phone became the only device you need. But! My beloved wife bought me a Whoop fitness tracker for my birthday. Its an always-on device that you wear around your wrist. Ive been Oura-curious for some time, but frankly I am a little bit terrified of rings. I spent a number of months going to a hand rehab clinic after a bike accident, and while I was there first learned about degloving and how commonly it happens to people because a ring gets caught on something. Just thought Id put that in your head too. Anyway! The whoop is a fabric bracelet with a little monitor on it. It tracks your movement, your heart rate, your sleep, and a lot more. Theres no screen, so its very low profile and unobtrusive. It is, however, pretty spendy: The device is free but the plan costs $239 annually.